sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-03 04:22:09 +03:00
Code Activity

r19754: * When using a krb5 session setup, we don't fill in the server_name

Browse Source 
string the clis_state struct.  So call saf_store() after we
  have the short domain name in the lsa_query_inof_policy code.

* Remove unused server string in saf_delete()
This commit is contained in:
Gerald Carter
2006-11-16 23:48:46 +00:00
committed by Gerald (Jerry) Carter
parent 85d8c73fbb
commit 3eddae2f20
5 changed files with 37 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
source/include/includes.h
View File

@ -178,6 +178,9 @@
#ifndef LDAP_OPT_SUCCESS
#define LDAP_OPT_SUCCESS 0
#endif
#ifndef LDAP_SCOPE_ONELEVEL
#define LDAP_SCOPE_ONELEVEL 1
#endif
/* Solaris 8 and maybe other LDAP implementations spell this "..._INPROGRESS": */
#if defined(LDAP_SASL_BIND_INPROGRESS) && !defined(LDAP_SASL_BIND_IN_PROGRESS)
#define LDAP_SASL_BIND_IN_PROGRESS LDAP_SASL_BIND_INPROGRESS

15
source/libsmb/namequery.c
View File

@ -15,8 +15,7 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
@ -24,7 +23,6 @@
/* nmbd.c sets this to True. */
BOOL global_in_nmbd = False;
/****************************
* SERVER AFFINITY ROUTINES *
****************************/
@ -82,13 +80,13 @@ BOOL saf_store( const char *domain, const char *servername )
return ret;
}
BOOL saf_delete( const char *domain, const char *servername )
BOOL saf_delete( const char *domain )
{
char *key;
BOOL ret = False;
if ( !domain || !servername ) {
DEBUG(2,("saf_delete: Refusing to store empty domain or servername!\n"));
if ( !domain ) {
DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
return False;
}
@ -99,10 +97,11 @@ BOOL saf_delete( const char *domain, const char *servername )
ret = gencache_del(key);
if (ret) {
DEBUG(10,("saf_delete: domain = [%s], server = [%s]\n",
domain, servername));
DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
}
SAFE_FREE( key );
return ret;
}

4
source/nsswitch/winbindd_cm.c
View File

@ -258,10 +258,10 @@ void winbind_add_failed_connection_entry(const struct winbindd_domain *domain,
add_failed_connection_entry(domain->name, server, result);
/* If this was the saf name for the last thing we talked to,
remove it. */
saf_delete(domain->name, server);
saf_delete(domain->name);
if (*domain->alt_name) {
add_failed_connection_entry(domain->alt_name, server, result);
saf_delete(domain->alt_name, server);
saf_delete(domain->alt_name);
}
}

49
source/utils/net_ads.c
View File

@ -819,6 +819,7 @@ static int net_ads_leave(int argc, const char **argv)
struct cli_state *cli = NULL;
TALLOC_CTX *ctx;
DOM_SID *dom_sid = NULL;
char *short_domain_name = NULL;
if (!secrets_init()) {
DEBUG(1,("Failed to initialise secrets database\n"));
@ -845,15 +846,15 @@ static int net_ads_leave(int argc, const char **argv)
goto done;
}
saf_store( cli->server_domain, cli->desthost );
if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &dom_sid )) ) {
if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &short_domain_name, &dom_sid )) ) {
goto done;
}
saf_delete( short_domain_name );
status = netdom_leave_domain(ctx, cli, dom_sid);
/* Ty and delete it via LDAP - the old way we used to. */
/* Try and delete it via LDAP - the old way we used to. */
adsret = ads_leave_realm(ads, global_myname());
if (ADS_ERR_OK(adsret)) {
@ -962,7 +963,8 @@ static NTSTATUS check_ads_config( void )
********************************************************************/
static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername,
struct in_addr *ip, DOM_SID **dom_sid,
struct in_addr *ip, char **domain,
DOM_SID **dom_sid,
const char *password)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
@ -973,13 +975,16 @@ static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername,
goto done;
}
saf_store( cli->server_domain, cli->desthost );
ret = netdom_get_domain_sid( ctx, cli, dom_sid );
ret = netdom_get_domain_sid( ctx, cli, domain, dom_sid );
if ( !NT_STATUS_IS_OK(ret) ) {
goto done;
}
/* cli->server_domain is not filled in when using krb5
session setups */
saf_store( *domain, cli->desthost );
ret = netdom_join_domain( ctx, cli, *dom_sid, password, ND_TYPE_AD );
done:
@ -1331,9 +1336,8 @@ int net_ads_join(int argc, const char **argv)
ADS_STATUS status;
NTSTATUS nt_status;
char *machine_account = NULL;
const char *short_domain_name = NULL;
char *short_domain_name = NULL;
char *tmp_password, *password;
struct cldap_netlogon_reply cldap_reply;
TALLOC_CTX *ctx = NULL;
DOM_SID *domain_sid = NULL;
BOOL createupn = False;
@ -1410,29 +1414,20 @@ int net_ads_join(int argc, const char **argv)
password = talloc_strdup(ctx, tmp_password);
nt_status = net_join_domain(ctx, ads->config.ldap_server_name,
&ads->ldap_ip, &domain_sid, password);
&ads->ldap_ip, &short_domain_name, &domain_sid, password);
if ( !NT_STATUS_IS_OK(nt_status) ) {
DEBUG(1, ("call of net_join_domain failed: %s\n",
get_friendly_nt_error_msg(nt_status)));
goto fail;
}
/* Check the short name of the domain */
ZERO_STRUCT( cldap_reply );
if ( ads_cldap_netlogon( ads->config.ldap_server_name,
ads->server.realm, &cldap_reply ) )
{
short_domain_name = talloc_strdup( ctx, cldap_reply.netbios_domain );
if ( !strequal(lp_workgroup(), short_domain_name) ) {
d_printf("The workgroup in smb.conf does not match the short\n");
d_printf("domain name obtained from the server.\n");
d_printf("Using the name [%s] from the server.\n", short_domain_name);
d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name);
}
} else {
short_domain_name = lp_workgroup();
if ( !strequal(lp_workgroup(), short_domain_name) ) {
d_printf("The workgroup in smb.conf does not match the short\n");
d_printf("domain name obtained from the server.\n");
d_printf("Using the name [%s] from the server.\n", short_domain_name);
d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name);
}
d_printf("Using short domain name -- %s\n", short_domain_name);
@ -1519,7 +1514,7 @@ int net_ads_join(int argc, const char **argv)
/* exit from this block using machine creds */
#endif
d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm);
d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->server.realm);
SAFE_FREE(machine_account);
TALLOC_FREE( ctx );

6
source/utils/net_domain.c
View File

@ -157,12 +157,12 @@ int netdom_store_machine_account( const char *domain, DOM_SID *sid, const char *
/*******************************************************************
********************************************************************/
NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, DOM_SID **sid )
NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli,
char **domain, DOM_SID **sid )
{
struct rpc_pipe_client *pipe_hnd = NULL;
POLICY_HND lsa_pol;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
char *domain = NULL;
if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status)) == NULL ) {
DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n",
@ -176,7 +176,7 @@ NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, DOM_
return status;
status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx,
&lsa_pol, 5, &domain, sid);
&lsa_pol, 5, domain, sid);
if ( !NT_STATUS_IS_OK(status) )
return status;