Author: jerry Date: 2005-06-10 03:26:39 +0000 (Fri, 10 Jun 2005) New Revision: 7454
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=7454 Log: couple of winbindd fixes * make sure to use our domain as the account name in the net_req_auth2() request when running on a Samba DC * make sure to lookup the correct domain (not default to ours) when getting an async getpwnam() call Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.c branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0/source/nsswitch/winbindd_user.c trunk/source/nsswitch/winbindd.c trunk/source/nsswitch/winbindd_cm.c trunk/source/nsswitch/winbindd_pam.c trunk/source/nsswitch/winbindd_user.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.c =================================================================== --- branches/SAMBA_3_0/source/nsswitch/winbindd.c 2005-06-10 00:32:14 UTC (rev 7453) +++ branches/SAMBA_3_0/source/nsswitch/winbindd.c 2005-06-10 03:26:39 UTC (rev 7454) @@ -252,7 +252,7 @@ /* PAM auth functions */ { WINBINDD_PAM_AUTH, winbindd_pam_auth, "PAM_AUTH" }, - { WINBINDD_PAM_AUTH_CRAP, winbindd_crap_auth, "AUTH_CRAP" }, + { WINBINDD_PAM_AUTH_CRAP, winbindd_pam_auth_crap, "AUTH_CRAP" }, { WINBINDD_PAM_CHAUTHTOK, winbindd_pam_chauthtok, "CHAUTHTOK" }, /* Enumeration functions */ Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c =================================================================== --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c 2005-06-10 00:32:14 UTC (rev 7453) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c 2005-06-10 03:26:39 UTC (rev 7454) @@ -1158,10 +1158,18 @@ generate_random_buffer(clnt_chal.data, 8); server_name = talloc_asprintf(mem_ctx, "\\\\%s", domain->dcname); - account_name = talloc_asprintf(mem_ctx, "%s$", - domain->primary ? - global_myname() : domain->name); + /* if we are a DC and this is a trusted domain, then we need to use our + domain name in the net_req_auth2() request */ + + if ( IS_DC ) { + account_name = talloc_asprintf( mem_ctx, "%s$", lp_workgroup() ); + } + else { + account_name = talloc_asprintf(mem_ctx, "%s$", + domain->primary ? global_myname() : domain->name); + } + if ((server_name == NULL) || (account_name == NULL)) return NT_STATUS_NO_MEMORY; Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c =================================================================== --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2005-06-10 00:32:14 UTC (rev 7453) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2005-06-10 03:26:39 UTC (rev 7454) @@ -500,7 +500,7 @@ Challenge Response Authentication Protocol **********************************************************************/ -enum winbindd_result winbindd_crap_auth(struct winbindd_cli_state *state) +enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) { struct winbindd_domain *domain = NULL; const char *domain_name = NULL; Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_user.c =================================================================== --- branches/SAMBA_3_0/source/nsswitch/winbindd_user.c 2005-06-10 00:32:14 UTC (rev 7453) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_user.c 2005-06-10 03:26:39 UTC (rev 7454) @@ -324,7 +324,7 @@ /* Get info for the domain */ - domain = find_lookup_domain_from_name(domname); + domain = find_domain_from_name(domname); if (domain == NULL) { DEBUG(7, ("could not find domain entry for domain %s\n", @@ -332,9 +332,9 @@ return WINBINDD_ERROR; } - if ( domain->primary && lp_winbind_trusted_domains_only()) { - DEBUG(7,("winbindd_getpwnam: My domain -- rejecting " - "getgroups() for %s\\%s.\n", domname, username)); + if ( strequal(domname, lp_workgroup()) && lp_winbind_trusted_domains_only() ) { + DEBUG(7,("winbindd_getpwnam: My domain -- rejecting getpwnam() for %s\\%s.\n", + domname, username)); return WINBINDD_ERROR; } Modified: trunk/source/nsswitch/winbindd.c =================================================================== --- trunk/source/nsswitch/winbindd.c 2005-06-10 00:32:14 UTC (rev 7453) +++ trunk/source/nsswitch/winbindd.c 2005-06-10 03:26:39 UTC (rev 7454) @@ -252,7 +252,7 @@ /* PAM auth functions */ { WINBINDD_PAM_AUTH, winbindd_pam_auth, "PAM_AUTH" }, - { WINBINDD_PAM_AUTH_CRAP, winbindd_crap_auth, "AUTH_CRAP" }, + { WINBINDD_PAM_AUTH_CRAP, winbindd_pam_auth_crap, "AUTH_CRAP" }, { WINBINDD_PAM_CHAUTHTOK, winbindd_pam_chauthtok, "CHAUTHTOK" }, /* Enumeration functions */ Modified: trunk/source/nsswitch/winbindd_cm.c =================================================================== --- trunk/source/nsswitch/winbindd_cm.c 2005-06-10 00:32:14 UTC (rev 7453) +++ trunk/source/nsswitch/winbindd_cm.c 2005-06-10 03:26:39 UTC (rev 7454) @@ -1158,10 +1158,18 @@ generate_random_buffer(clnt_chal.data, 8); server_name = talloc_asprintf(mem_ctx, "\\\\%s", domain->dcname); - account_name = talloc_asprintf(mem_ctx, "%s$", - domain->primary ? - global_myname() : domain->name); + /* if we are a DC and this is a trusted domain, then we need to use our + domain name in the net_req_auth2() request */ + + if ( IS_DC ) { + account_name = talloc_asprintf( mem_ctx, "%s$", lp_workgroup() ); + } + else { + account_name = talloc_asprintf(mem_ctx, "%s$", + domain->primary ? global_myname() : domain->name); + } + if ((server_name == NULL) || (account_name == NULL)) return NT_STATUS_NO_MEMORY; Modified: trunk/source/nsswitch/winbindd_pam.c =================================================================== --- trunk/source/nsswitch/winbindd_pam.c 2005-06-10 00:32:14 UTC (rev 7453) +++ trunk/source/nsswitch/winbindd_pam.c 2005-06-10 03:26:39 UTC (rev 7454) @@ -500,7 +500,7 @@ Challenge Response Authentication Protocol **********************************************************************/ -enum winbindd_result winbindd_crap_auth(struct winbindd_cli_state *state) +enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) { struct winbindd_domain *domain = NULL; const char *domain_name = NULL; Modified: trunk/source/nsswitch/winbindd_user.c =================================================================== --- trunk/source/nsswitch/winbindd_user.c 2005-06-10 00:32:14 UTC (rev 7453) +++ trunk/source/nsswitch/winbindd_user.c 2005-06-10 03:26:39 UTC (rev 7454) @@ -324,7 +324,7 @@ /* Get info for the domain */ - domain = find_lookup_domain_from_name(domname); + domain = find_domain_from_name(domname); if (domain == NULL) { DEBUG(7, ("could not find domain entry for domain %s\n", @@ -332,9 +332,9 @@ return WINBINDD_ERROR; } - if ( domain->primary && lp_winbind_trusted_domains_only()) { - DEBUG(7,("winbindd_getpwnam: My domain -- rejecting " - "getgroups() for %s\\%s.\n", domname, username)); + if ( strequal(domname, lp_workgroup()) && lp_winbind_trusted_domains_only() ) { + DEBUG(7,("winbindd_getpwnam: My domain -- rejecting getpwnam() for %s\\%s.\n", + domname, username)); return WINBINDD_ERROR; }
