return NT_STATUS_OK;
}
-#ifdef HAVE_LDAP
-
-#include "ads.h"
-
-static int get_ldap_seq(const char *server, struct sockaddr_storage *ss, int port, uint32_t *seq)
-{
- int ret = -1;
- struct timeval to;
- const char *attrs[] = {"highestCommittedUSN", NULL};
- LDAPMessage *res = NULL;
- char **values = NULL;
- LDAP *ldp = NULL;
-
- *seq = DOM_SEQUENCE_NONE;
-
- /*
- * Parameterised (5) second timeout on open. This is needed as the
- * search timeout doesn't seem to apply to doing an open as well. JRA.
- */
-
- ldp = ldap_open_with_timeout(server, ss, port, lp_ldap_timeout());
- if (ldp == NULL)
- return -1;
-
- /* Timeout if no response within 20 seconds. */
- to.tv_sec = 10;
- to.tv_usec = 0;
-
- if (ldap_search_st(ldp, "", LDAP_SCOPE_BASE, "(objectclass=*)",
- discard_const_p(char *, attrs), 0, &to, &res))
- goto done;
-
- if (ldap_count_entries(ldp, res) != 1)
- goto done;
-
- values = ldap_get_values(ldp, res, "highestCommittedUSN");
- if (!values || !values[0])
- goto done;
-
- *seq = atoi(values[0]);
- ret = 0;
-
- done:
-
- if (values)
- ldap_value_free(values);
- if (res)
- ldap_msgfree(res);
- if (ldp)
- ldap_unbind(ldp);
- return ret;
-}
-
-/**********************************************************************
- Get the sequence number for a Windows AD native mode domain using
- LDAP queries.
-**********************************************************************/
-
-static int get_ldap_sequence_number(struct winbindd_domain *domain, uint32_t *seq)
-{
- int ret = -1;
- char addr[INET6_ADDRSTRLEN];
-
- print_sockaddr(addr, sizeof(addr), &domain->dcaddr);
- if ((ret = get_ldap_seq(addr, &domain->dcaddr, LDAP_PORT, seq)) == 0) {
- DEBUG(3, ("get_ldap_sequence_number: Retrieved sequence "
- "number for Domain (%s) from DC (%s)\n",
- domain->name, addr));
- }
- return ret;
-}
-
-#endif /* HAVE_LDAP */
-
-/* find the sequence number for a domain */
-static NTSTATUS msrpc_sequence_number(struct winbindd_domain *domain,
- uint32_t *pseq)
-{
- struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
- uint32_t seq = DOM_SEQUENCE_NONE;
- TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
-
- DEBUG(3, ("msrpc_sequence_number: fetch sequence_number for %s\n", domain->name));
-
- if (pseq) {
- *pseq = DOM_SEQUENCE_NONE;
- }
-
- tmp_ctx = talloc_stackframe();
- if (tmp_ctx == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- if ( !winbindd_can_contact_domain( domain ) ) {
- DEBUG(10,("sequence_number: No incoming trust for domain %s\n",
- domain->name));
- if (pseq) {
- *pseq = time(NULL);
- }
- status = NT_STATUS_OK;
- goto done;
- }
-
-#ifdef HAVE_LDAP
- if (domain->active_directory) {
- int rc;
-
- DEBUG(8,("using get_ldap_seq() to retrieve the "
- "sequence number\n"));
-
- rc = get_ldap_sequence_number(domain, &seq);
- if (rc == 0) {
- DEBUG(10,("domain_sequence_number: LDAP for "
- "domain %s is %u\n",
- domain->name, seq));
-
- if (pseq) {
- *pseq = seq;
- }
-
- status = NT_STATUS_OK;
- goto done;
- }
-
- DEBUG(10,("domain_sequence_number: failed to get LDAP "
- "sequence number for domain %s\n",
- domain->name ));
- }
-#endif /* HAVE_LDAP */
-
- status = cm_connect_sam(domain, tmp_ctx, false, &samr_pipe, &dom_pol);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- status = rpc_sequence_number(tmp_ctx,
- samr_pipe,
- &dom_pol,
- domain->name,
- &seq);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- if (pseq) {
- *pseq = seq;
- }
-
-done:
- TALLOC_FREE(tmp_ctx);
- return status;
-}
-
/* get a list of trusted domains */
static NTSTATUS msrpc_trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
msrpc_lookup_usergroups,
msrpc_lookup_useraliases,
msrpc_lookup_groupmem,
- msrpc_sequence_number,
+ NULL,
msrpc_lockout_policy,
msrpc_password_policy,
msrpc_trusted_domains,
projects / thirdparty / samba.git / commitdiff
