[SCM] Samba Shared Repository - branch master updated

Mon, 05 Jan 2015 10:25:05 -0800 

The branch, master has been updated
       via  8a2a598 s3:winbindd: improve logic to use CLDAP for a given domain.
       via  3c99260 s3:winbindd: mark our primary as active_directory if 
possible
       via  0c9ee5b libcli/netlogon: We need to handle a bug in FreeIPA (at 
least <= 4.1.2).
      from  c594804 s3:passdb: fix logic in pdb_set_pw_history()

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8a2a5986b687a393d31cfa0e662d2d70212879a2
Author: Stefan Metzmacher <[email protected]>
Date:   Tue Dec 23 09:43:19 2014 +0000

    s3:winbindd: improve logic to use CLDAP for a given domain.
    
    As an AC Domain Controller we should try CLDAP for active directory domains.
    E.g. FreeIPA domains doesn't provide NBT at all...
    
    Signed-off-by: Stefan Metzmacher <[email protected]>
    Reviewed-by: Guenther Deschner <[email protected]>
    
    Autobuild-User(master): Günther Deschner <[email protected]>
    Autobuild-Date(master): Mon Jan  5 19:23:40 CET 2015 on sn-devel-104

commit 3c9926055139beee0fcdf532df08fab02cdb298c
Author: Stefan Metzmacher <[email protected]>
Date:   Tue Dec 23 09:43:03 2014 +0000

    s3:winbindd: mark our primary as active_directory if possible
    
    Signed-off-by: Stefan Metzmacher <[email protected]>
    Reviewed-by: Guenther Deschner <[email protected]>

commit 0c9ee5b82f84182fe7c0182257bd8b67cc93ca37
Author: Stefan Metzmacher <[email protected]>
Date:   Tue Dec 23 11:09:04 2014 +0000

    libcli/netlogon: We need to handle a bug in FreeIPA (at least <= 4.1.2).
    
    They include the ip address information without setting
    NETLOGON_NT_VERSION_5EX_WITH_IP, while using
    ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX instead of
    ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags.
    
    Signed-off-by: Stefan Metzmacher <[email protected]>
    Reviewed-by: Guenther Deschner <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 libcli/netlogon/netlogon.c       | 15 ++++++++++++---
 source3/winbindd/winbindd_cm.c   | 10 +++++++++-
 source3/winbindd/winbindd_util.c |  9 +++++++++
 3 files changed, 30 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/netlogon/netlogon.c b/libcli/netlogon/netlogon.c
index d82a201..58a331d 100644
--- a/libcli/netlogon/netlogon.c
+++ b/libcli/netlogon/netlogon.c
@@ -91,9 +91,18 @@ NTSTATUS pull_netlogon_samlogon_response(DATA_BLOB *data, 
TALLOC_CTX *mem_ctx,
                        ndr, NDR_SCALARS|NDR_BUFFERS, &response->data.nt5_ex,
                        ntver);
                if (ndr->offset < ndr->data_size) {
-                       ndr_err = ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES,
-                                                "not all bytes consumed 
ofs[%u] size[%u]",
-                                                ndr->offset, ndr->data_size);
+                       TALLOC_FREE(ndr);
+                       /*
+                        * We need to handle a bug in FreeIPA (at least <= 
4.1.2).
+                        *
+                        * They include the ip address information without 
setting
+                        * NETLOGON_NT_VERSION_5EX_WITH_IP, while using
+                        * ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX instead of
+                        * ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags.
+                        */
+                       ndr_err = ndr_pull_struct_blob_all(data, mem_ctx,
+                                                  &response->data.nt5,
+                                                  
(ndr_pull_flags_fn_t)ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX);
                }
                response->ntver = NETLOGON_NT_VERSION_5EX;
                if (NDR_ERR_CODE_IS_SUCCESS(ndr_err) && DEBUGLEVEL >= 10) {
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 0a63369..59c0b86 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1381,7 +1381,9 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
        NTSTATUS status;
        const char *dc_name;
        fstring nbtname;
-
+#ifdef HAVE_ADS
+       bool is_ad_domain = false;
+#endif
        ip_list.ss = *pss;
        ip_list.port = 0;
 
@@ -1390,6 +1392,12 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
           None of these failures should be considered critical for now */
 
        if ((lp_security() == SEC_ADS) && (domain->alt_name != NULL)) {
+               is_ad_domain = true;
+       } else if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
+               is_ad_domain = domain->active_directory;
+       }
+
+       if (is_ad_domain) {
                ADS_STRUCT *ads;
                ADS_STATUS ads_status;
                char addr[INET6_ADDRSTRLEN];
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 0b7e234..8dab36e 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -213,6 +213,15 @@ static struct winbindd_domain *add_trusted_domain(const 
char *domain_name, const
                domain->primary = true;
        }
 
+       if (domain->primary) {
+               if (role == ROLE_ACTIVE_DIRECTORY_DC) {
+                       domain->active_directory = true;
+               }
+               if (lp_security() == SEC_ADS) {
+                       domain->active_directory = true;
+               }
+       }
+
        /* Link to domain list */
        DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *);
 


-- 
Samba Shared Repository

Reply via email to