mirror of
https://github.com/samba-team/samba.git
synced 2025-02-23 09:57:40 +03:00
r17945: Store the server and client sitenames in the ADS
struct so we can see when they match - only create the ugly krb5 hack when they do. Jeremy. (This used to be commit 9be4ecf24b6b5dacf4c2891bddb072fa7543753f)
This commit is contained in:
Jeremy Allison
Gerald (Jerry) Carter
parent
cceb492250
commit
2fcd113f55
@ -46,6 +46,8 @@ typedef struct {
|
||||
char *realm;
|
||||
char *bind_path;
|
||||
char *ldap_server_name;
|
||||
char *server_site_name;
|
||||
char *client_site_name;
|
||||
time_t current_time;
|
||||
} config;
|
||||
|
||||
|
||||
@ -43,6 +43,8 @@ struct cldap_netlogon_reply {
|
||||
uint16 lm20_token;
|
||||
};
|
||||
|
||||
#define DEFAULT_SITE_NAME "Default-First-Site-Name"
|
||||
|
||||
/* Mailslot or cldap getdcname response flags */
|
||||
#define ADS_PDC 0x00000001 /* DC is PDC */
|
||||
#define ADS_GC 0x00000004 /* DC is a GC of forest */
|
||||
|
||||
@ -136,6 +136,8 @@ void ads_destroy(ADS_STRUCT **ads)
|
||||
SAFE_FREE((*ads)->config.realm);
|
||||
SAFE_FREE((*ads)->config.bind_path);
|
||||
SAFE_FREE((*ads)->config.ldap_server_name);
|
||||
SAFE_FREE((*ads)->config.server_site_name);
|
||||
SAFE_FREE((*ads)->config.client_site_name);
|
||||
|
||||
SAFE_FREE((*ads)->schema.posix_uidnumber_attr);
|
||||
SAFE_FREE((*ads)->schema.posix_gidnumber_attr);
|
||||
|
||||
@ -590,8 +590,9 @@ BOOL sitename_store(const char *sitename)
|
||||
if (!sitename || (sitename && !*sitename)) {
|
||||
DEBUG(5,("sitename_store: deleting empty sitename!\n"));
|
||||
return gencache_del(SITENAME_KEY);
|
||||
} else if (sitename && strequal(sitename, "Default-First-Site-Name")) {
|
||||
DEBUG(5,("sitename_store: delete default sitename Default-First-Site-Name\n"));
|
||||
} else if (sitename && strequal(sitename, DEFAULT_SITE_NAME)) {
|
||||
DEBUG(5,("sitename_store: delete default sitename %s\n",
|
||||
DEFAULT_SITE_NAME));
|
||||
return gencache_del(SITENAME_KEY);
|
||||
}
|
||||
|
||||
@ -633,11 +634,16 @@ char *sitename_fetch(void)
|
||||
Did the sitename change ?
|
||||
****************************************************************************/
|
||||
|
||||
BOOL sitename_changed(const char *sitename)
|
||||
BOOL stored_sitename_changed(const char *sitename)
|
||||
{
|
||||
BOOL ret = False;
|
||||
char *new_sitename = sitename_fetch();
|
||||
|
||||
/* Treat default site as no name. */
|
||||
if (strequal(sitename, DEFAULT_SITE_NAME)) {
|
||||
sitename = NULL;
|
||||
}
|
||||
|
||||
if (sitename && new_sitename && !strequal(sitename, new_sitename)) {
|
||||
ret = True;
|
||||
} else if ((sitename && !new_sitename) ||
|
||||
|
||||
@ -477,16 +477,20 @@ BOOL create_local_private_krb5_conf_for_domain(const char *realm, const char *do
|
||||
char *fname = talloc_asprintf(NULL, "%s/smb_krb5.conf.%s", lp_private_dir(), domain);
|
||||
char *file_contents = NULL;
|
||||
size_t flen = 0;
|
||||
char *realm_upper = NULL;
|
||||
int loopcount = 0;
|
||||
|
||||
if (!fname) {
|
||||
return False;
|
||||
}
|
||||
|
||||
realm_upper = talloc_strdup(fname, realm);
|
||||
strupper_m(realm_upper);
|
||||
|
||||
file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n"
|
||||
"[realms]\n\t%s = {\n"
|
||||
"\t\tkdc = %s\n]\n",
|
||||
realm, realm, inet_ntoa(ip));
|
||||
realm_upper, realm_upper, inet_ntoa(ip));
|
||||
|
||||
if (!file_contents) {
|
||||
TALLOC_FREE(fname);
|
||||
@ -541,6 +545,11 @@ BOOL create_local_private_krb5_conf_for_domain(const char *realm, const char *do
|
||||
/* Set the environment variable to this file. */
|
||||
setenv("KRB5_CONFIG", fname, 1);
|
||||
TALLOC_FREE(fname);
|
||||
|
||||
DEBUG(5,("create_local_private_krb5_conf_for_domain: wrote "
|
||||
"file %s with realm %s KDC = %s\n",
|
||||
realm_upper, inet_ntoa(ip));
|
||||
|
||||
return True;
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -115,6 +115,27 @@ static int ldap_search_with_timeout(LDAP *ld,
|
||||
return result;
|
||||
}
|
||||
|
||||
#ifdef HAVE_KRB5
|
||||
/**********************************************
|
||||
Do client and server sitename match ?
|
||||
**********************************************/
|
||||
|
||||
BOOL ads_sitename_match(ADS_STRUCT *ads)
|
||||
{
|
||||
if (ads->config.server_site_name == NULL &&
|
||||
ads->config.client_site_name == NULL ) {
|
||||
return True;
|
||||
}
|
||||
if (ads->config.server_site_name &&
|
||||
ads->config.client_site_name &&
|
||||
strequal(ads->config.server_site_name,
|
||||
ads->config.client_site_name)) {
|
||||
return True;
|
||||
}
|
||||
return False;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
try a connection to a given ldap server, returning True and setting the servers IP
|
||||
in the ads struct if successful
|
||||
@ -157,6 +178,8 @@ BOOL ads_try_connect(ADS_STRUCT *ads, const char *server )
|
||||
SAFE_FREE(ads->config.realm);
|
||||
SAFE_FREE(ads->config.bind_path);
|
||||
SAFE_FREE(ads->config.ldap_server_name);
|
||||
SAFE_FREE(ads->config.server_site);
|
||||
SAFE_FREE(ads->config.client_site);
|
||||
SAFE_FREE(ads->server.workgroup);
|
||||
|
||||
ads->config.flags = cldap_reply.flags;
|
||||
@ -164,6 +187,15 @@ BOOL ads_try_connect(ADS_STRUCT *ads, const char *server )
|
||||
strupper_m(cldap_reply.domain);
|
||||
ads->config.realm = SMB_STRDUP(cldap_reply.domain);
|
||||
ads->config.bind_path = ads_build_dn(ads->config.realm);
|
||||
if (*cldap_reply.server_site_name) {
|
||||
ads->config.server_site_name =
|
||||
SMB_STRDUP(cldap_reply.server_site_name);
|
||||
}
|
||||
if (*cldap_reply.client_site_name) {
|
||||
ads->config.server_site_name =
|
||||
SMB_STRDUP(cldap_reply.server_site_name);
|
||||
}
|
||||
|
||||
ads->server.workgroup = SMB_STRDUP(cldap_reply.netbios_domain);
|
||||
|
||||
ads->ldap_port = LDAP_PORT;
|
||||
|
||||
@ -68,7 +68,7 @@ static BOOL ads_dc_name(const char *domain,
|
||||
has changed. If so, we need to re-do the DNS query
|
||||
to ensure we only find servers in our site. */
|
||||
|
||||
if (sitename_changed(sitename)) {
|
||||
if (stored_sitename_changed(sitename)) {
|
||||
SAFE_FREE(sitename);
|
||||
sitename = sitename_fetch();
|
||||
ads_destroy(&ads);
|
||||
@ -76,7 +76,7 @@ static BOOL ads_dc_name(const char *domain,
|
||||
}
|
||||
|
||||
#ifdef HAVE_KRB5
|
||||
if ((ads->config.flags & ADS_KDC) && sitename) {
|
||||
if ((ads->config.flags & ADS_KDC) && ads_sitename_match(ads)) {
|
||||
/* We're going to use this KDC for this realm/domain.
|
||||
If we are using sites, then force the krb5 libs
|
||||
to use this KDC. */
|
||||
|
||||
@ -607,7 +607,7 @@ static BOOL dcip_to_name( const char *domainname, const char *realm,
|
||||
namecache_store(name, 0x20, 1, &ip_list);
|
||||
|
||||
#ifdef HAVE_KRB5
|
||||
if ((ads->config.flags & ADS_KDC) && sitename) {
|
||||
if ((ads->config.flags & ADS_KDC) && ads_sitename_match(ads)) {
|
||||
/* We're going to use this KDC for this realm/domain.
|
||||
If we are using sites, then force the krb5 libs
|
||||
to use this KDC. */
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user