The branch, master has been updated
via 2ee3cca... s4:winbind - use "unsigned" variables where possible
via 1310eba... s4:winbind/wb_cmd_getgroups.c - fix up warnings
via 98bc10d... s4:unittest Fix unittest to reflect that wbinfo -r no
longer fail
via bc766a9... s4:winbind: stub implementation of WINBINDD_PAM_LOGOFF
via 238ff24... s4:winbind: Fix a misplaced returned info
via 42b5b38... s4:winbind Implement logic for getgroups to work
via 30baf31... s4:winbind: implement calls for allowing getent groups
via 74166c3... s4:torture/rpc/netlogon.c - "LogonGetDomainInfo" test -
make it compatible against Windows Server 2008
via 9995a37... s4:netlogon RPC - "LogonGetDomainInfo" - make the call
compatible with >= Windows 2008
via 1deefca... libcli/auth/schannel_state_tdb.c - fix an obviously
wrong error handling
from 48cdca0... s4-smbtorture: fix uninitialized variable in winreg
QueryValue call.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2ee3cca4ffd60d091ca5fe8035f90969f6b91cc4
Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
Date: Tue Mar 9 17:54:12 2010 +0100
s4:winbind - use "unsigned" variables where possible
commit 1310eba9705d6c49ec36555f546c4b99174ee695
Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
Date: Tue Mar 9 17:52:10 2010 +0100
s4:winbind/wb_cmd_getgroups.c - fix up warnings
Also fix some indentations.
commit 98bc10d0a8284387789fafc32a1a1e54a7e31824
Author: Matthieu Patou <m...@matws.net>
Date: Tue Mar 9 15:35:54 2010 +0300
s4:unittest Fix unittest to reflect that wbinfo -r no longer fail
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
commit bc766a9a8475344eb4556da91f68874523d1fe52
Author: Matthieu Patou <m...@matws.net>
Date: Wed Mar 3 23:29:15 2010 +0300
s4:winbind: stub implementation of WINBINDD_PAM_LOGOFF
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
commit 238ff24341767230614a3931646df59c1cf87a52
Author: Matthieu Patou <m...@matws.net>
Date: Wed Mar 3 23:29:32 2010 +0300
s4:winbind: Fix a misplaced returned info
libwbclient expect to have in auth.exra_data the INFO3_TXT and in
auth.unix_username the username
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
commit 42b5b381871dd935aeda34669a2c03a05a63f5f0
Author: Matthieu Patou <m...@matws.net>
Date: Thu Mar 4 03:05:06 2010 +0300
s4:winbind Implement logic for getgroups to work
This function is called by the system everytime we do a id user or when we
do wbinfo -r
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
commit 30baf31411363ebd79a6366caf4a792850c40192
Author: Matthieu Patou <m...@matws.net>
Date: Thu Mar 4 02:46:36 2010 +0300
s4:winbind: implement calls for allowing getent groups
This is to say getgrent and setgrent, and the associated technical objects
(states, build directives,...) needed.
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
commit 74166c380c5ad110d93c4e7141eaa7b1d069ced8
Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
Date: Wed Feb 17 09:51:41 2010 +0100
s4:torture/rpc/netlogon.c - "LogonGetDomainInfo" test - make it compatible
against Windows Server 2008
This is a reworked version of the mentioned test which passes against
Windows
Server 2008. The previous version, also mainly written by me passed only
against
Windows Server <= 2003.
commit 9995a37a8cffb5e20e2b0ef5abfee602673d362d
Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
Date: Fri Mar 5 11:09:57 2010 +0100
s4:netlogon RPC - "LogonGetDomainInfo" - make the call compatible with >=
Windows 2008
Add more security checks and other corrections to imitate Windows Server >=
2008.
commit 1deefcaee1f3de97c0377b513a6f9c3d1181e2b0
Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
Date: Tue Mar 9 17:12:02 2010 +0100
libcli/auth/schannel_state_tdb.c - fix an obviously wrong error handling
-----------------------------------------------------------------------
Summary of changes:
libcli/auth/schannel_state_tdb.c | 1 -
nsswitch/tests/test_wbinfo.sh | 3 +-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 85 +++++++---
source4/torture/rpc/netlogon.c | 118 +++++++++++--
source4/winbind/config.mk | 3 +
source4/winbind/wb_async_helpers.c | 20 +-
source4/winbind/wb_cmd_getgrent.c | 124 ++++++++++++++
source4/winbind/wb_cmd_getgroups.c | 223 +++++++++++++++++++++++++
source4/winbind/wb_cmd_list_trustdom.c | 8 +-
source4/winbind/wb_cmd_setgrent.c | 171 +++++++++++++++++++
source4/winbind/wb_cmd_userdomgroups.c | 8 +-
source4/winbind/wb_cmd_usersids.c | 12 +-
source4/winbind/wb_samba3_cmd.c | 151 ++++++++++++++++-
source4/winbind/wb_samba3_protocol.c | 5 +-
source4/winbind/wb_server.h | 13 ++
15 files changed, 866 insertions(+), 79 deletions(-)
create mode 100644 source4/winbind/wb_cmd_getgrent.c
create mode 100644 source4/winbind/wb_cmd_getgroups.c
create mode 100644 source4/winbind/wb_cmd_setgrent.c
Changeset truncated at 500 lines:
diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c
index 0ec928f..d1e5ed0 100644
--- a/libcli/auth/schannel_state_tdb.c
+++ b/libcli/auth/schannel_state_tdb.c
@@ -340,7 +340,6 @@ NTSTATUS schannel_check_creds_state(TALLOC_CTX *mem_ctx,
ret = tdb_transaction_start(tdb_sc->tdb);
if (ret != 0) {
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
status = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
diff --git a/nsswitch/tests/test_wbinfo.sh b/nsswitch/tests/test_wbinfo.sh
index 8d8f116..b92b8f0 100755
--- a/nsswitch/tests/test_wbinfo.sh
+++ b/nsswitch/tests/test_wbinfo.sh
@@ -178,7 +178,8 @@ testit "wbinfo --uid-info against $TARGET" $wbinfo
--uid-info $admin_uid
# this does not work
knownfail "wbinfo --group-info against $TARGET" $wbinfo --group-info
"S-1-22-2-0"
knownfail "wbinfo --gid-info against $TARGET" $wbinfo --gid-info 30001
-knownfail "wbinfo -r against $TARGET" $wbinfo -r "$DOMAIN/$USERNAME"
+
+testit "wbinfo -r against $TARGET" $wbinfo -r "$DOMAIN/$USERNAME" ||
failed=`expr $failed + 1`
testit "wbinfo --user-domgroups against $TARGET" $wbinfo --user-domgroups
$admin_sid || failed=`expr $failed + 1`
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c
b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 563ed5e..e82158f 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1148,16 +1148,18 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct
dcesrv_call_state *dce_cal
"securityIdentifier", "trustPartner", NULL };
const char * const attrs2[] = { "dNSHostName",
"msDS-SupportedEncryptionTypes", NULL };
- const char *temp_str;
+ const char * const attrs3[] = { NULL };
+ const char *temp_str, *temp_str2;
const char *old_dns_hostname;
struct ldb_context *sam_ctx;
- struct ldb_message **res1, **res2, **res3, *new_msg;
+ struct ldb_message **res0, **res1, **res2, **res3, *new_msg;
struct ldb_dn *workstation_dn;
struct netr_DomainInformation *domain_info;
struct netr_LsaPolicyInformation *lsa_policy_info;
struct netr_OsVersionInfoEx *os_version;
uint32_t default_supported_enc_types = 0xFFFFFFFF;
- int ret1, ret2, ret3, i;
+ bool update_dns_hostname = true;
+ int ret, ret3, i;
NTSTATUS status;
status = dcesrv_netr_creds_server_step_check(dce_call,
@@ -1181,27 +1183,59 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct
dcesrv_call_state *dce_cal
switch (r->in.level) {
case 1: /* Domain information */
- /* TODO: check NTSTATUS results - and fail also on SAMDB
- * errors (needs some testing against Windows Server 2008) */
+ /*
+ * Updates the DNS hostname when the client wishes that the
+ * server should handle this for him
+ * ("NETR_WS_FLAG_HANDLES_SPN_UPDATE" not set).
+ * See MS-NRPC section 3.5.4.3.9
+ */
+ if ((r->in.query->workstation_info->workstation_flags
+ & NETR_WS_FLAG_HANDLES_SPN_UPDATE) != 0) {
+ update_dns_hostname = false;
+ }
/*
- * Check that the computer name parameter matches as prefix with
- * the DNS hostname in the workstation info structure.
+ * Checks that the computer name parameter without possible "$"
+ * matches as prefix with the DNS hostname in the workstation
+ * info structure.
*/
- temp_str = strndup(r->in.query->workstation_info->dns_hostname,
- strcspn(r->in.query->workstation_info->dns_hostname,
- "."));
- if (strcasecmp(r->in.computer_name, temp_str) != 0)
- return NT_STATUS_INVALID_PARAMETER;
+ temp_str = talloc_strndup(mem_ctx,
+ r->in.computer_name,
+ strcspn(r->in.computer_name, "$"));
+ NT_STATUS_HAVE_NO_MEMORY(temp_str);
+ temp_str2 = talloc_strndup(mem_ctx,
+
r->in.query->workstation_info->dns_hostname,
+
strcspn(r->in.query->workstation_info->dns_hostname, "."));
+ NT_STATUS_HAVE_NO_MEMORY(temp_str2);
+ if (strcasecmp(temp_str, temp_str2) != 0) {
+ update_dns_hostname = false;
+ }
+
+ /*
+ * Check that the DNS hostname when it should be updated
+ * will be used only by maximum one host.
+ */
+ ret = gendb_search(sam_ctx, mem_ctx, samdb_base_dn(sam_ctx),
+ &res0, attrs3, "(dNSHostName=%s)",
+ r->in.query->workstation_info->dns_hostname);
+ if (ret < 0) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ if (ret >= 1) {
+ update_dns_hostname = false;
+ }
+
+ talloc_free(res0);
+ /* Prepare the workstation DN */
workstation_dn = ldb_dn_new_fmt(mem_ctx, sam_ctx, "<SID=%s>",
dom_sid_string(mem_ctx, creds->sid));
NT_STATUS_HAVE_NO_MEMORY(workstation_dn);
/* Lookup for attributes in workstation object */
- ret1 = gendb_search_dn(sam_ctx, mem_ctx, workstation_dn,
+ ret = gendb_search_dn(sam_ctx, mem_ctx, workstation_dn,
&res1, attrs2);
- if (ret1 != 1) {
+ if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1260,13 +1294,10 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct
dcesrv_call_state *dce_cal
}
/*
- * Updates the "dNSHostname" and the "servicePrincipalName"s
- * since the client wishes that the server should handle this
- * for him ("NETR_WS_FLAG_HANDLES_SPN_UPDATE" not set).
- * See MS-NRPC section 3.5.4.3.9
+ * If the boolean "update_dns_hostname" remained true, then we
+ * are fine to start the update.
*/
- if ((r->in.query->workstation_info->workstation_flags
- & NETR_WS_FLAG_HANDLES_SPN_UPDATE) == 0) {
+ if (update_dns_hostname) {
samdb_msg_set_string(sam_ctx, mem_ctx, new_msg,
"dNSHostname",
r->in.query->workstation_info->dns_hostname);
@@ -1297,9 +1328,9 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct
dcesrv_call_state *dce_cal
primary domain is also a "trusted" domain, so we need to
put the primary domain into the lists of returned trusts as
well. */
- ret2 = gendb_search_dn(sam_ctx, mem_ctx, samdb_base_dn(sam_ctx),
+ ret = gendb_search_dn(sam_ctx, mem_ctx, samdb_base_dn(sam_ctx),
&res2, attrs);
- if (ret2 != 1) {
+ if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1356,7 +1387,15 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct
dcesrv_call_state *dce_cal
domain_info->lsa_policy = *lsa_policy_info;
- domain_info->dns_hostname.string = old_dns_hostname;
+ /* The DNS hostname is only returned back when there is a chance
+ * for a change. */
+ if ((r->in.query->workstation_info->workstation_flags
+ & NETR_WS_FLAG_HANDLES_SPN_UPDATE) != 0) {
+ domain_info->dns_hostname.string = old_dns_hostname;
+ } else {
+ domain_info->dns_hostname.string = NULL;
+ }
+
domain_info->workstation_flags =
r->in.query->workstation_info->workstation_flags;
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index c7bfb94..c2ff86d 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -6,7 +6,7 @@
Copyright (C) Andrew Tridgell 2003
Copyright (C) Andrew Bartlett <abart...@samba.org> 2003-2004
Copyright (C) Tim Potter 2003
- Copyright (C) Matthias Dieter Wallnöfer 2009
+ Copyright (C) Matthias Dieter Wallnöfer 2009-2010
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -37,7 +37,6 @@
#include "lib/ldb_wrap.h"
#define TEST_MACHINE_NAME "torturetest"
-#define TEST_MACHINE_DNS_SUFFIX "torturedomain"
static bool test_LogonUasLogon(struct torture_context *tctx,
struct dcerpc_pipe *p)
@@ -2394,7 +2393,7 @@ static bool test_GetDomainInfo(struct torture_context
*tctx,
ZERO_STRUCT(q1);
q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
- TEST_MACHINE_DNS_SUFFIX);
+ lp_dnsdomain(tctx->lp_ctx));
q1.sitename = "Default-First-Site-Name";
q1.os_version.os = &os;
q1.os_name.string = talloc_asprintf(tctx,
@@ -2497,19 +2496,20 @@ static bool test_GetDomainInfo(struct torture_context
*tctx,
"Out 'workstation flags' don't match!");
- torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call
(variation of DNS hostname)\n");
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call
(variation of DNS hostname doesn't work)\n");
netlogon_creds_client_authenticator(creds, &a);
/* Wipe out the osVersion, and prove which values still 'stick' */
q1.os_version.os = NULL;
/* Change also the DNS hostname to test differences in behaviour */
- q1.dns_hostname = talloc_asprintf(tctx, "%s.newdomain",
- TEST_MACHINE_NAME);
+ talloc_free(discard_const_p(char, q1.dns_hostname));
+ q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
+ lp_dnsdomain(tctx->lp_ctx));
- /* Let the DC handle the "servicePrincipalName" and DNS hostname
+ /* The workstation handles the "servicePrincipalName" and DNS hostname
updates */
- q1.workstation_flags = 0;
+ q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
@@ -2522,6 +2522,7 @@ static bool test_GetDomainInfo(struct torture_context
*tctx,
ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
"(sAMAccountName=%s$)", TEST_MACHINE_NAME);
torture_assert(tctx, ret == 1, "Test machine account not found
in SAMDB on DC! Has the workstation been joined?");
+
torture_assert_str_equal(tctx,
ldb_msg_find_attr_as_string(res[0],
"operatingSystem", NULL),
q1.os_name.string, "'operatingSystem'
should stick!");
@@ -2531,13 +2532,14 @@ static bool test_GetDomainInfo(struct torture_context
*tctx,
torture_assert(tctx,
ldb_msg_find_attr_as_string(res[0],
"operatingSystemVersion", NULL) == NULL,
"'operatingSystemVersion' shouldn't stick!");
-
- /* The DNS host name should have been updated now by the server
*/
+
+ /* The DNS host name shouldn't have been updated by the server
*/
+
torture_assert_str_equal(tctx,
ldb_msg_find_attr_as_string(res[0],
"dNSHostName", NULL),
- q1.dns_hostname, "'DNS host name'
didn't change!");
+ old_dnsname, "'DNS host name' did
change!");
- /* Find the two "servicePrincipalName"s which the DC should
have been
+ /* Find the two "servicePrincipalName"s which the DC shouldn't
have been
updated (HOST/<Netbios name> and HOST/<FQDN name>) - see
MS-NRPC
3.5.4.3.9 */
spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
@@ -2545,13 +2547,13 @@ static bool test_GetDomainInfo(struct torture_context
*tctx,
"There should exist 'servicePrincipalName's in
AD!");
temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
for (i=0; i < spn_el->num_values; i++)
- if (strcmp((char *) spn_el->values[i].data, temp_str)
== 0)
+ if (strcasecmp((char *) spn_el->values[i].data,
temp_str) == 0)
break;
torture_assert(tctx, i != spn_el->num_values,
"'servicePrincipalName' HOST/<Netbios name> not
found!");
- temp_str = talloc_asprintf(tctx, "HOST/%s", q1.dns_hostname);
+ temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
for (i=0; i < spn_el->num_values; i++)
- if (strcmp((char *) spn_el->values[i].data, temp_str)
== 0)
+ if (strcasecmp((char *) spn_el->values[i].data,
temp_str) == 0)
break;
torture_assert(tctx, i != spn_el->num_values,
"'servicePrincipalName' HOST/<FQDN name> not
found!");
@@ -2563,13 +2565,93 @@ static bool test_GetDomainInfo(struct torture_context
*tctx,
/* Checks "workstation flags" */
torture_assert(tctx,
+ info.domain_info->workstation_flags ==
NETR_WS_FLAG_HANDLES_SPN_UPDATE,
+ "Out 'workstation flags' don't match!");
+
+
+ /* Now try the same but the workstation flags set to 0 */
+
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo 3rd call
(variation of DNS hostname doesn't work)\n");
+ netlogon_creds_client_authenticator(creds, &a);
+
+ /* Change also the DNS hostname to test differences in behaviour */
+ talloc_free(discard_const_p(char, q1.dns_hostname));
+ q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
+ lp_dnsdomain(tctx->lp_ctx));
+
+ /* Wipe out the osVersion, and prove which values still 'stick' */
+ q1.os_version.os = NULL;
+
+ /* Let the DC handle the "servicePrincipalName" and DNS hostname
+ updates */
+ q1.workstation_flags = 0;
+
+ status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred),
"Credential chaining failed");
+
+ msleep(250);
+
+ if (sam_ctx) {
+ /* AD workstation infos entry check */
+ ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
+ "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
+ torture_assert(tctx, ret == 1, "Test machine account not found
in SAMDB on DC! Has the workstation been joined?");
+
+ torture_assert_str_equal(tctx,
+ ldb_msg_find_attr_as_string(res[0],
"operatingSystem", NULL),
+ q1.os_name.string, "'operatingSystem'
should stick!");
+ torture_assert(tctx,
+ ldb_msg_find_attr_as_string(res[0],
"operatingSystemServicePack", NULL) == NULL,
+ "'operatingSystemServicePack' shouldn't stick!");
+ torture_assert(tctx,
+ ldb_msg_find_attr_as_string(res[0],
"operatingSystemVersion", NULL) == NULL,
+ "'operatingSystemVersion' shouldn't stick!");
+
+ /* The DNS host name shouldn't have been updated by the server
*/
+
+ torture_assert_str_equal(tctx,
+ ldb_msg_find_attr_as_string(res[0],
"dNSHostName", NULL),
+ old_dnsname, "'DNS host name' did
change!");
+
+ /* Find the two "servicePrincipalName"s which the DC shouldn't
have been
+ updated (HOST/<Netbios name> and HOST/<FQDN name>) - see
MS-NRPC
+ 3.5.4.3.9 */
+ spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
+ torture_assert(tctx, spn_el != NULL,
+ "There should exist 'servicePrincipalName's in
AD!");
+ temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
+ for (i=0; i < spn_el->num_values; i++)
+ if (strcasecmp((char *) spn_el->values[i].data,
temp_str) == 0)
+ break;
+ torture_assert(tctx, i != spn_el->num_values,
+ "'servicePrincipalName' HOST/<Netbios name> not
found!");
+ temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
+ for (i=0; i < spn_el->num_values; i++)
+ if (strcasecmp((char *) spn_el->values[i].data,
temp_str) == 0)
+ break;
+ torture_assert(tctx, i != spn_el->num_values,
+ "'servicePrincipalName' HOST/<FQDN name> not
found!");
+
+ /* Here the server gives us NULL as the out DNS hostname */
+ torture_assert(tctx, info.domain_info->dns_hostname.string ==
NULL,
+ "Out 'DNS hostname' should be NULL!");
+ }
+
+ /* Checks "workstation flags" */
+ torture_assert(tctx,
info.domain_info->workstation_flags == 0,
"Out 'workstation flags' don't match!");
- torture_comment(tctx, "Testing netr_LogonGetDomainInfo 3rd call
(verification of DNS hostname and check for trusted domains)\n");
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo 4th call
(verification of DNS hostname and check for trusted domains)\n");
netlogon_creds_client_authenticator(creds, &a);
+ /* Put the DNS hostname back */
+ talloc_free(discard_const_p(char, q1.dns_hostname));
+ q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
+ lp_dnsdomain(tctx->lp_ctx));
+
/* The workstation handles the "servicePrincipalName" and DNS hostname
updates */
q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
@@ -2599,7 +2681,7 @@ static bool test_GetDomainInfo(struct torture_context
*tctx,
"Trusted domains have been requested!");
- torture_comment(tctx, "Testing netr_LogonGetDomainInfo 4th call (check
for trusted domains)\n");
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo 5th call (check
for trusted domains)\n");
netlogon_creds_client_authenticator(creds, &a);
/* The workstation handles the "servicePrincipalName" and DNS hostname
@@ -2664,7 +2746,7 @@ static bool test_GetDomainInfo_async(struct
torture_context *tctx,
ZERO_STRUCT(q1);
q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
- TEST_MACHINE_DNS_SUFFIX);
+ lp_dnsdomain(tctx->lp_ctx));
q1.sitename = "Default-First-Site-Name";
q1.os_name.string = "UNIX/Linux or similar";
diff --git a/source4/winbind/config.mk b/source4/winbind/config.mk
index 17cbd95..0bee89c 100644
--- a/source4/winbind/config.mk
+++ b/source4/winbind/config.mk
@@ -50,6 +50,9 @@ WINBIND_OBJ_FILES = $(addprefix $(winbindsrcdir)/, \
wb_cmd_list_users.o \
wb_cmd_setpwent.o \
wb_cmd_getpwent.o \
+ wb_cmd_getgrent.o \
+ wb_cmd_setgrent.o \
+ wb_cmd_getgroups.o \
wb_pam_auth.o \
wb_sam_logon.o)
diff --git a/source4/winbind/wb_async_helpers.c
b/source4/winbind/wb_async_helpers.c
index f23e05d..6eced45 100644
--- a/source4/winbind/wb_async_helpers.c
+++ b/source4/winbind/wb_async_helpers.c
@@ -31,7 +31,7 @@
struct lsa_lookupsids_state {
struct composite_context *ctx;
- int num_sids;
+ uint32_t num_sids;
struct lsa_LookupSids r;
struct lsa_SidArray sids;
struct lsa_TransNameArray names;
@@ -45,13 +45,13 @@ static void lsa_lookupsids_recv_names(struct rpc_request
*req);
struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx,
struct dcerpc_pipe *lsa_pipe,
struct policy_handle *handle,
- int num_sids,
+ uint32_t num_sids,
const struct dom_sid **sids)
{
struct composite_context *result;
struct rpc_request *req;
struct lsa_lookupsids_state *state;
- int i;
+ uint32_t i;
result = composite_create(mem_ctx, lsa_pipe->conn->event_ctx);
if (result == NULL) goto failed;
@@ -105,7 +105,7 @@ static void lsa_lookupsids_recv_names(struct rpc_request
*req)
struct lsa_lookupsids_state *state =
talloc_get_type(req->async.private_data,
struct lsa_lookupsids_state);
- int i;
+ uint32_t i;
state->ctx->status = dcerpc_lsa_LookupSids_recv(req);
if (!composite_is_ok(state->ctx)) return;
@@ -194,7 +194,7 @@ static void lsa_lookupnames_recv_sids(struct rpc_request
*req);
struct composite_context *wb_lsa_lookupnames_send(TALLOC_CTX *mem_ctx,
struct dcerpc_pipe *lsa_pipe,
struct policy_handle *handle,
- int num_names,
+ uint32_t num_names,
const char **names)
{
struct composite_context *result;
@@ -202,7 +202,7 @@ struct composite_context
*wb_lsa_lookupnames_send(TALLOC_CTX *mem_ctx,
struct lsa_lookupnames_state *state;
struct lsa_String *lsa_names;
- int i;
+ uint32_t i;
result = composite_create(mem_ctx, lsa_pipe->conn->event_ctx);
if (result == NULL) goto failed;
@@ -254,7 +254,7 @@ static void lsa_lookupnames_recv_sids(struct rpc_request
*req)
struct lsa_lookupnames_state *state =
talloc_get_type(req->async.private_data,
struct lsa_lookupnames_state);
- int i;
+ uint32_t i;
state->ctx->status = dcerpc_lsa_LookupNames_recv(req);
if (!composite_is_ok(state->ctx)) return;
@@ -316,7 +316,7 @@ struct samr_getuserdomgroups_state {
struct composite_context *ctx;
struct dcerpc_pipe *samr_pipe;
- int num_rids;
+ uint32_t num_rids;
uint32_t *rids;
struct samr_RidWithAttributeArray *rid_array;
@@ -425,13 +425,13 @@ static void samr_usergroups_recv_close(struct rpc_request
*req)
NTSTATUS wb_samr_userdomgroups_recv(struct composite_context *ctx,
TALLOC_CTX *mem_ctx,
- int *num_rids, uint32_t **rids)
+ uint32_t *num_rids, uint32_t **rids)
{
struct samr_getuserdomgroups_state *state =
talloc_get_type(ctx->private_data,
struct samr_getuserdomgroups_state);
- int i;
+ uint32_t i;
NTSTATUS status = composite_wait(ctx);
if (!NT_STATUS_IS_OK(status)) goto done;
diff --git a/source4/winbind/wb_cmd_getgrent.c
b/source4/winbind/wb_cmd_getgrent.c
new file mode 100644
index 0000000..79a3aff
--- /dev/null
+++ b/source4/winbind/wb_cmd_getgrent.c
@@ -0,0 +1,124 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Command backend for getgrent
+
+ Copyright (C) Matthieu Patou 2010
+
+ This program is free software; you can redistribute it and/or modify
--
Samba Shared Repository
