The branch, master has been updated via 837f47d s3-winbindd: Adjust error code loop logic in rpc_trusted_domains(). via e792a44 s3-lsa: Flesh out the returned info in _lsa_EnumTrustedDomainsEx(). via 8e53b9d s3-winbindd: Allow DNS resolution of trusted domains if DNS name is avaliable from 0d7a2af vfs: check full_audit enum->str mapping on startup
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 837f47d630618fb382cfd49f5fb14e9af35e82fa Author: Günther Deschner <g...@samba.org> Date: Fri Sep 28 18:04:07 2012 +0200 s3-winbindd: Adjust error code loop logic in rpc_trusted_domains(). Guenther Autobuild-User(master): Günther Deschner <g...@samba.org> Autobuild-Date(master): Sat Sep 29 00:34:04 CEST 2012 on sn-devel-104 commit e792a44c34e7767f21f8a3dbcdf41e8416349da7 Author: Günther Deschner <g...@samba.org> Date: Fri Sep 28 18:03:25 2012 +0200 s3-lsa: Flesh out the returned info in _lsa_EnumTrustedDomainsEx(). Guenther commit 8e53b9dd51b25c9830799e162f7b98286d844c96 Author: Sumit Bose <sb...@redhat.com> Date: Tue Sep 11 13:28:35 2012 +0200 s3-winbindd: Allow DNS resolution of trusted domains if DNS name is avaliable Signed-off-by: Günther Deschner <g...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/rpc_server/lsa/srv_lsa_nt.c | 5 +++ source3/winbindd/winbindd_cm.c | 11 +++++- source3/winbindd/winbindd_rpc.c | 68 ++++++++++++++++++++++++----------- source3/winbindd/winbindd_util.c | 4 +- 4 files changed, 63 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index fc403df..f4dc4af 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -3940,9 +3940,14 @@ NTSTATUS _lsa_EnumTrustedDomainsEx(struct pipes_struct *p, } for (i=0; i<count; i++) { + init_lsa_StringLarge(&entries[i].domain_name, + domains[i]->domain_name); init_lsa_StringLarge(&entries[i].netbios_name, domains[i]->netbios_name); entries[i].sid = &domains[i]->security_identifier; + entries[i].trust_direction = domains[i]->trust_direction; + entries[i].trust_type = domains[i]->trust_type; + entries[i].trust_attributes = domains[i]->trust_attributes; } if (*r->in.resume_handle >= count) { diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index c08530e..0639be1 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1286,10 +1286,17 @@ static bool get_dcs(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, iplist_size = 0; } - /* Try standard netbios queries if no ADS */ + /* Try standard netbios queries if no ADS and fall back to DNS queries + * if alt_name is available */ if (*num_dcs == 0) { get_sorted_dc_list(domain->name, NULL, &ip_list, &iplist_size, - False); + false); + if (iplist_size == 0) { + if (domain->alt_name != NULL) { + get_sorted_dc_list(domain->alt_name, NULL, &ip_list, + &iplist_size, true); + } + } for ( i=0; i<iplist_size; i++ ) { char addr[INET6_ADDRSTRLEN]; diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 8a11cb2..a3faf42 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -972,29 +972,44 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, do { struct lsa_DomainList dom_list; + struct lsa_DomainListEx dom_list_ex; + bool has_ex = false; uint32_t i; /* * We don't run into deadlocks here, cause winbind_off() is * called in the main function. */ - status = dcerpc_lsa_EnumTrustDom(b, - mem_ctx, - lsa_policy, - &enum_ctx, - &dom_list, - (uint32_t) -1, - &result); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - if (!NT_STATUS_IS_OK(result)) { - if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - return result; + status = dcerpc_lsa_EnumTrustedDomainsEx(b, + mem_ctx, + lsa_policy, + &enum_ctx, + &dom_list_ex, + (uint32_t) -1, + &result); + if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_ERR(result) && + dom_list_ex.count > 0) { + count += dom_list_ex.count; + has_ex = true; + } else { + status = dcerpc_lsa_EnumTrustDom(b, + mem_ctx, + lsa_policy, + &enum_ctx, + &dom_list, + (uint32_t) -1, + &result); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { + return result; + } } - } - count += dom_list.count; + count += dom_list.count; + } array = talloc_realloc(mem_ctx, array, @@ -1004,21 +1019,32 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - for (i = 0; i < dom_list.count; i++) { + for (i = 0; i < count; i++) { struct netr_DomainTrust *trust = &array[i]; struct dom_sid *sid; ZERO_STRUCTP(trust); - trust->netbios_name = talloc_move(array, - &dom_list.domains[i].name.string); - trust->dns_name = NULL; - sid = talloc(array, struct dom_sid); if (sid == NULL) { return NT_STATUS_NO_MEMORY; } - sid_copy(sid, dom_list.domains[i].sid); + + if (has_ex) { + trust->netbios_name = talloc_move(array, + &dom_list_ex.domains[i].netbios_name.string); + trust->dns_name = talloc_move(array, + &dom_list_ex.domains[i].domain_name.string); + + sid_copy(sid, dom_list_ex.domains[i].sid); + } else { + trust->netbios_name = talloc_move(array, + &dom_list.domains[i].name.string); + trust->dns_name = NULL; + + sid_copy(sid, dom_list.domains[i].sid); + } + trust->sid = sid; } } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index c36ae0b..25ef750 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -108,9 +108,9 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const } } - /* ignore alt_name if we are not in an AD domain */ + /* use alt_name if available to allow DNS lookups */ - if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) { + if (alt_name && *alt_name) { alternative_name = alt_name; } -- Samba Shared Repository