The branch, master has been updated
via f8ec0f9 s3-winbindd: Document parameters in
ads_cached_connection_reuse
via b20fce8 s3-winbindd: Use more descriptive parameter names in
ads_cached_connection_connect
via c203c72 s3-winbindd: Use correct realm for trusted domains in idmap
child
from 934b452 torture: Also run raw.read against the aio share
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f8ec0f98072e6646e204b4c90f5f6ad250b5dd5d
Author: Christof Schmitt <[email protected]>
Date: Thu Aug 28 14:50:39 2014 -0700
s3-winbindd: Document parameters in ads_cached_connection_reuse
Signed-off-by: Christof Schmitt <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Sat Aug 30 06:10:36 CEST 2014 on sn-devel-104
commit b20fce84fa12de899616726d238a85e21a58aa0b
Author: Christof Schmitt <[email protected]>
Date: Thu Aug 28 14:44:59 2014 -0700
s3-winbindd: Use more descriptive parameter names in
ads_cached_connection_connect
Signed-off-by: Christof Schmitt <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit c203c722e7e22f9146f2ecf6f42452c0e82042e4
Author: Christof Schmitt <[email protected]>
Date: Fri Aug 22 09:15:59 2014 -0700
s3-winbindd: Use correct realm for trusted domains in idmap child
When authenticating users in a trusted domain, the idmap_ad module
always connects to a local DC instead of one in the trusted domain.
Fix this by passing the correct realm to connect to.
Also Comment parameters passed to ads_cached_connection_connect
Signed-off-by: Christof Schmitt <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_ads.c | 40 +++++++++++++++++++++++++++++---------
1 files changed, 30 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index a869ff5..cfda82c 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -73,12 +73,25 @@ static void ads_cached_connection_reuse(ADS_STRUCT **adsp)
}
}
+/**
+ * @brief Establish a connection to a DC
+ *
+ * @param[out] adsp ADS_STRUCT that will be created
+ * @param[in] target_realm Realm of domain to connect to
+ * @param[in] target_dom_name 'workgroup' name of domain to connect to
+ * @param[in] ldap_server DNS name of server to connect to
+ * @param[in] password Our machine acount secret
+ * @param[in] auth_realm Realm of local domain for creating krb token
+ * @param[in] renewable Renewable ticket time
+ *
+ * @return ADS_STATUS
+ */
static ADS_STATUS ads_cached_connection_connect(ADS_STRUCT **adsp,
- const char *dom_name_alt,
- const char *dom_name,
+ const char *target_realm,
+ const char *target_dom_name,
const char *ldap_server,
char *password,
- char *realm,
+ char *auth_realm,
time_t renewable)
{
ADS_STRUCT *ads;
@@ -86,16 +99,16 @@ static ADS_STATUS ads_cached_connection_connect(ADS_STRUCT
**adsp,
struct sockaddr_storage dc_ss;
fstring dc_name;
- if (realm == NULL) {
+ if (auth_realm == NULL) {
return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
}
/* we don't want this to affect the users ccache */
setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1);
- ads = ads_init(dom_name_alt, dom_name, ldap_server);
+ ads = ads_init(target_realm, target_dom_name, ldap_server);
if (!ads) {
- DEBUG(1,("ads_init for domain %s failed\n", dom_name));
+ DEBUG(1,("ads_init for domain %s failed\n", target_dom_name));
return ADS_ERROR(LDAP_NO_MEMORY);
}
@@ -105,7 +118,7 @@ static ADS_STATUS ads_cached_connection_connect(ADS_STRUCT
**adsp,
ads->auth.renewable = renewable;
ads->auth.password = password;
- ads->auth.realm = SMB_STRDUP(realm);
+ ads->auth.realm = SMB_STRDUP(auth_realm);
if (!strupper_m(ads->auth.realm)) {
ads_destroy(&ads);
return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
@@ -119,7 +132,7 @@ static ADS_STATUS ads_cached_connection_connect(ADS_STRUCT
**adsp,
status = ads_connect(ads);
if (!ADS_ERR_OK(status)) {
DEBUG(1,("ads_connect for domain %s failed: %s\n",
- dom_name, ads_errstr(status)));
+ target_dom_name, ads_errstr(status)));
ads_destroy(&ads);
return status;
}
@@ -188,8 +201,15 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp,
const char *dom_name)
}
}
- status = ads_cached_connection_connect(adsp, realm, dom_name,
ldap_server,
- password, realm, 0);
+ status = ads_cached_connection_connect(
+ adsp, /* Returns ads struct. */
+ wb_dom->alt_name, /* realm to connect to. */
+ dom_name, /* 'workgroup' name for ads_init */
+ ldap_server, /* DNS name to connect to. */
+ password, /* password for auth realm. */
+ realm, /* realm used for krb5 ticket. */
+ 0); /* renewable ticket time. */
+
SAFE_FREE(realm);
TALLOC_FREE(ldap_server);
--
Samba Shared Repository
