The branch, master has been updated
via 837f47d s3-winbindd: Adjust error code loop logic in
rpc_trusted_domains().
via e792a44 s3-lsa: Flesh out the returned info in
_lsa_EnumTrustedDomainsEx().
via 8e53b9d s3-winbindd: Allow DNS resolution of trusted domains if DNS
name is avaliable
from 0d7a2af vfs: check full_audit enum->str mapping on startup
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 837f47d630618fb382cfd49f5fb14e9af35e82fa
Author: Günther Deschner <g...@samba.org>
Date: Fri Sep 28 18:04:07 2012 +0200
s3-winbindd: Adjust error code loop logic in rpc_trusted_domains().
Guenther
Autobuild-User(master): Günther Deschner <g...@samba.org>
Autobuild-Date(master): Sat Sep 29 00:34:04 CEST 2012 on sn-devel-104
commit e792a44c34e7767f21f8a3dbcdf41e8416349da7
Author: Günther Deschner <g...@samba.org>
Date: Fri Sep 28 18:03:25 2012 +0200
s3-lsa: Flesh out the returned info in _lsa_EnumTrustedDomainsEx().
Guenther
commit 8e53b9dd51b25c9830799e162f7b98286d844c96
Author: Sumit Bose <sb...@redhat.com>
Date: Tue Sep 11 13:28:35 2012 +0200
s3-winbindd: Allow DNS resolution of trusted domains if DNS name is
avaliable
Signed-off-by: Günther Deschner <g...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/lsa/srv_lsa_nt.c | 5 +++
source3/winbindd/winbindd_cm.c | 11 +++++-
source3/winbindd/winbindd_rpc.c | 68 ++++++++++++++++++++++++-----------
source3/winbindd/winbindd_util.c | 4 +-
4 files changed, 63 insertions(+), 25 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c
b/source3/rpc_server/lsa/srv_lsa_nt.c
index fc403df..f4dc4af 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -3940,9 +3940,14 @@ NTSTATUS _lsa_EnumTrustedDomainsEx(struct pipes_struct
*p,
}
for (i=0; i<count; i++) {
+ init_lsa_StringLarge(&entries[i].domain_name,
+ domains[i]->domain_name);
init_lsa_StringLarge(&entries[i].netbios_name,
domains[i]->netbios_name);
entries[i].sid = &domains[i]->security_identifier;
+ entries[i].trust_direction = domains[i]->trust_direction;
+ entries[i].trust_type = domains[i]->trust_type;
+ entries[i].trust_attributes = domains[i]->trust_attributes;
}
if (*r->in.resume_handle >= count) {
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index c08530e..0639be1 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1286,10 +1286,17 @@ static bool get_dcs(TALLOC_CTX *mem_ctx, struct
winbindd_domain *domain,
iplist_size = 0;
}
- /* Try standard netbios queries if no ADS */
+ /* Try standard netbios queries if no ADS and fall back to DNS queries
+ * if alt_name is available */
if (*num_dcs == 0) {
get_sorted_dc_list(domain->name, NULL, &ip_list, &iplist_size,
- False);
+ false);
+ if (iplist_size == 0) {
+ if (domain->alt_name != NULL) {
+ get_sorted_dc_list(domain->alt_name, NULL,
&ip_list,
+ &iplist_size, true);
+ }
+ }
for ( i=0; i<iplist_size; i++ ) {
char addr[INET6_ADDRSTRLEN];
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 8a11cb2..a3faf42 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -972,29 +972,44 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx,
do {
struct lsa_DomainList dom_list;
+ struct lsa_DomainListEx dom_list_ex;
+ bool has_ex = false;
uint32_t i;
/*
* We don't run into deadlocks here, cause winbind_off() is
* called in the main function.
*/
- status = dcerpc_lsa_EnumTrustDom(b,
- mem_ctx,
- lsa_policy,
- &enum_ctx,
- &dom_list,
- (uint32_t) -1,
- &result);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- if (!NT_STATUS_IS_OK(result)) {
- if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
- return result;
+ status = dcerpc_lsa_EnumTrustedDomainsEx(b,
+ mem_ctx,
+ lsa_policy,
+ &enum_ctx,
+ &dom_list_ex,
+ (uint32_t) -1,
+ &result);
+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_ERR(result) &&
+ dom_list_ex.count > 0) {
+ count += dom_list_ex.count;
+ has_ex = true;
+ } else {
+ status = dcerpc_lsa_EnumTrustDom(b,
+ mem_ctx,
+ lsa_policy,
+ &enum_ctx,
+ &dom_list,
+ (uint32_t) -1,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ if (!NT_STATUS_EQUAL(result,
STATUS_MORE_ENTRIES)) {
+ return result;
+ }
}
- }
- count += dom_list.count;
+ count += dom_list.count;
+ }
array = talloc_realloc(mem_ctx,
array,
@@ -1004,21 +1019,32 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- for (i = 0; i < dom_list.count; i++) {
+ for (i = 0; i < count; i++) {
struct netr_DomainTrust *trust = &array[i];
struct dom_sid *sid;
ZERO_STRUCTP(trust);
- trust->netbios_name = talloc_move(array,
-
&dom_list.domains[i].name.string);
- trust->dns_name = NULL;
-
sid = talloc(array, struct dom_sid);
if (sid == NULL) {
return NT_STATUS_NO_MEMORY;
}
- sid_copy(sid, dom_list.domains[i].sid);
+
+ if (has_ex) {
+ trust->netbios_name = talloc_move(array,
+
&dom_list_ex.domains[i].netbios_name.string);
+ trust->dns_name = talloc_move(array,
+
&dom_list_ex.domains[i].domain_name.string);
+
+ sid_copy(sid, dom_list_ex.domains[i].sid);
+ } else {
+ trust->netbios_name = talloc_move(array,
+
&dom_list.domains[i].name.string);
+ trust->dns_name = NULL;
+
+ sid_copy(sid, dom_list.domains[i].sid);
+ }
+
trust->sid = sid;
}
} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index c36ae0b..25ef750 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -108,9 +108,9 @@ static struct winbindd_domain *add_trusted_domain(const
char *domain_name, const
}
}
- /* ignore alt_name if we are not in an AD domain */
+ /* use alt_name if available to allow DNS lookups */
- if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) {
+ if (alt_name && *alt_name) {
alternative_name = alt_name;
}
--
Samba Shared Repository
