[PATCH 4/4] try to add new rpc
Matthieu Patou
mat at matws.net
Tue Mar 2 11:43:49 MST 2010
---
source4/librpc/idl/winbind.idl | 16 ++++-
source4/winbind/wb_irpc.c | 137 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 151 insertions(+), 2 deletions(-)
diff --git a/source4/librpc/idl/winbind.idl b/source4/librpc/idl/winbind.idl
index 73e725b..61dfd5a 100644
--- a/source4/librpc/idl/winbind.idl
+++ b/source4/librpc/idl/winbind.idl
@@ -67,9 +67,21 @@ interface winbind
} winbind_get_idmap_level;
NTSTATUS winbind_get_idmap(
- [in] winbind_get_idmap_level level,
- [in] uint32 count,
+ [in] winbind_get_idmap_level level,
+ [in] uint32 count,
[in,out] [size_is(count)] id_map ids[]
);
+
+ typedef [public] struct {
+ uint32 num_sids;
+ [size_is(num_sids)] dom_sid sids[];
+ } winbind_SidArray;
+
+ NTSTATUS winbind_LookupUserGroups(
+ [in] dom_sid *sid,
+ [out] winbind_SidArray *sids
+ );
+
+
}
diff --git a/source4/winbind/wb_irpc.c b/source4/winbind/wb_irpc.c
index bfb31e6..4023804 100644
--- a/source4/winbind/wb_irpc.c
+++ b/source4/winbind/wb_irpc.c
@@ -138,6 +138,137 @@ static void wb_irpc_get_idmap_callback(struct composite_context *ctx)
irpc_send_reply(s->msg, status);
}
+/*
+static NTSTATUS wb_irpc_lookup_user_groups(struct irpc_message *msg,
+ struct winbind_lookupusergroups *req)
+{
+ ADS_STRUCT *ads = NULL;
+ const char *attrs[] = {"tokenGroups", "primaryGroupID", NULL};
+ ADS_STATUS rc;
+ int count;
+ LDAPMessage *msg = NULL;
+ char *user_dn = NULL;
+ DOM_SID *sids;
+ int i;
+ DOM_SID primary_group;
+ uint32 primary_group_rid;
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ size_t num_groups = 0;
+
+ DEBUG(3,("ads: lookup_usergroups\n"));
+ *p_num_groups = 0;
+
+ status = lookup_usergroups_cached(domain, mem_ctx, sid,
+ p_num_groups, user_sids);
+ if (NT_STATUS_IS_OK(status)) {
+ return NT_STATUS_OK;
+ }
+
+ if ( !winbindd_can_contact_domain( domain ) ) {
+ DEBUG(10,("lookup_usergroups: No incoming trust for domain %s\n",
+ domain->name));
+
+
+ return NT_STATUS_SYNCHRONIZATION_REQUIRED;
+ }
+
+ ads = ads_cached_connection(domain);
+
+ if (!ads) {
+ domain->last_status = NT_STATUS_SERVER_DISABLED;
+ status = NT_STATUS_SERVER_DISABLED;
+ goto done;
+ }
+
+ rc = ads_search_retry_sid(ads, &msg, sid, attrs);
+
+ if (!ADS_ERR_OK(rc)) {
+ status = ads_ntstatus(rc);
+ DEBUG(1, ("lookup_usergroups(sid=%s) ads_search tokenGroups: "
+ "%s\n", sid_string_dbg(sid), ads_errstr(rc)));
+ goto done;
+ }
+
+ count = ads_count_replies(ads, msg);
+ if (count != 1) {
+ status = NT_STATUS_UNSUCCESSFUL;
+ DEBUG(1,("lookup_usergroups(sid=%s) ads_search tokenGroups: "
+ "invalid number of results (count=%d)\n",
+ sid_string_dbg(sid), count));
+ goto done;
+ }
+
+ if (!msg) {
+ DEBUG(1,("lookup_usergroups(sid=%s) ads_search tokenGroups: NULL msg\n",
+ sid_string_dbg(sid)));
+ status = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ user_dn = ads_get_dn(ads, mem_ctx, msg);
+ if (user_dn == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ if (!ads_pull_uint32(ads, msg, "primaryGroupID", &primary_group_rid)) {
+ DEBUG(1,("%s: No primary group for sid=%s !?\n",
+ domain->name, sid_string_dbg(sid)));
+ goto done;
+ }
+
+ sid_compose(&primary_group, &domain->sid, primary_group_rid);
+
+ count = ads_pull_sids(ads, mem_ctx, msg, "tokenGroups", &sids);
+
+
+ if (count == 0) {
+
+
+ status = lookup_usergroups_memberof(domain, mem_ctx, user_dn,
+ &primary_group,
+ &num_groups, user_sids);
+ *p_num_groups = (uint32)num_groups;
+ if (NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+
+ status = lookup_usergroups_member(domain, mem_ctx, user_dn,
+ &primary_group,
+ &num_groups, user_sids);
+ *p_num_groups = (uint32)num_groups;
+ goto done;
+ }
+
+ *user_sids = NULL;
+ num_groups = 0;
+
+ status = add_sid_to_array(mem_ctx, &primary_group, user_sids,
+ &num_groups);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ for (i=0;i<count;i++) {
+
+ if (sid_check_is_in_builtin(&sids[i])) {
+ continue;
+ }
+
+ status = add_sid_to_array_unique(mem_ctx, &sids[i],
+ user_sids, &num_groups);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ }
+
+ *p_num_groups = (uint32)num_groups;
+ status = (*user_sids != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
+
+ DEBUG(3,("ads lookup_usergroups (tokenGroups) succeeded for sid=%s\n",
+ sid_string_dbg(sid)));
+}*/
NTSTATUS wbsrv_init_irpc(struct wbsrv_service *service)
{
@@ -153,5 +284,11 @@ NTSTATUS wbsrv_init_irpc(struct wbsrv_service *service)
wb_irpc_get_idmap, service);
NT_STATUS_NOT_OK_RETURN(status);
+ /*status = IRPC_REGISTER(service->task->msg_ctx, winbind, WINBIND_LOOKUPUSERGROUPS,
+ wb_irpc_lookup_user_groups, service);
+ NT_STATUS_NOT_OK_RETURN(status);*/
+
return NT_STATUS_OK;
}
+
+
--
1.6.3.3
--------------060403090609070601060303--
More information about the samba-technical
mailing list