summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2006-11-16 23:48:46 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:15:53 -0500
commit8fa0a80b498f2681fc9a4f5e6ab5522ee599f224 (patch)
tree4932ab53aa43676ab858d9b4b15199557890c146
parentf5a1ec74070edb5579c2d44fbbcd993531c7eda7 (diff)
downloadsamba-8fa0a80b498f2681fc9a4f5e6ab5522ee599f224.tar.gz
samba-8fa0a80b498f2681fc9a4f5e6ab5522ee599f224.tar.bz2
samba-8fa0a80b498f2681fc9a4f5e6ab5522ee599f224.zip
r19754: * When using a krb5 session setup, we don't fill in the server_name
string the clis_state struct. So call saf_store() after we have the short domain name in the lsa_query_inof_policy code. * Remove unused server string in saf_delete() (This used to be commit 3eddae2f2080f8dafec883cb9ffa2e578c242607)
-rw-r--r--source3/include/includes.h3
-rw-r--r--source3/libsmb/namequery.c15
-rw-r--r--source3/nsswitch/winbindd_cm.c4
-rw-r--r--source3/utils/net_ads.c49
-rw-r--r--source3/utils/net_domain.c6
5 files changed, 37 insertions, 40 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 2e87b25edd..f21033b61f 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -178,6 +178,9 @@
#ifndef LDAP_OPT_SUCCESS
#define LDAP_OPT_SUCCESS 0
#endif
+#ifndef LDAP_SCOPE_ONELEVEL
+#define LDAP_SCOPE_ONELEVEL 1
+#endif
/* Solaris 8 and maybe other LDAP implementations spell this "..._INPROGRESS": */
#if defined(LDAP_SASL_BIND_INPROGRESS) && !defined(LDAP_SASL_BIND_IN_PROGRESS)
#define LDAP_SASL_BIND_IN_PROGRESS LDAP_SASL_BIND_INPROGRESS
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index 555d88fdc8..c232ad4938 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -15,8 +15,7 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
@@ -24,7 +23,6 @@
/* nmbd.c sets this to True. */
BOOL global_in_nmbd = False;
-
/****************************
* SERVER AFFINITY ROUTINES *
****************************/
@@ -82,13 +80,13 @@ BOOL saf_store( const char *domain, const char *servername )
return ret;
}
-BOOL saf_delete( const char *domain, const char *servername )
+BOOL saf_delete( const char *domain )
{
char *key;
BOOL ret = False;
- if ( !domain || !servername ) {
- DEBUG(2,("saf_delete: Refusing to store empty domain or servername!\n"));
+ if ( !domain ) {
+ DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
return False;
}
@@ -99,10 +97,11 @@ BOOL saf_delete( const char *domain, const char *servername )
ret = gencache_del(key);
if (ret) {
- DEBUG(10,("saf_delete: domain = [%s], server = [%s]\n",
- domain, servername));
+ DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
}
+
SAFE_FREE( key );
+
return ret;
}
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index bf23af5b33..3f392c4825 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -258,10 +258,10 @@ void winbind_add_failed_connection_entry(const struct winbindd_domain *domain,
add_failed_connection_entry(domain->name, server, result);
/* If this was the saf name for the last thing we talked to,
remove it. */
- saf_delete(domain->name, server);
+ saf_delete(domain->name);
if (*domain->alt_name) {
add_failed_connection_entry(domain->alt_name, server, result);
- saf_delete(domain->alt_name, server);
+ saf_delete(domain->alt_name);
}
}
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index e1762da2f7..0f189f9c6f 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -819,6 +819,7 @@ static int net_ads_leave(int argc, const char **argv)
struct cli_state *cli = NULL;
TALLOC_CTX *ctx;
DOM_SID *dom_sid = NULL;
+ char *short_domain_name = NULL;
if (!secrets_init()) {
DEBUG(1,("Failed to initialise secrets database\n"));
@@ -845,15 +846,15 @@ static int net_ads_leave(int argc, const char **argv)
goto done;
}
- saf_store( cli->server_domain, cli->desthost );
-
- if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &dom_sid )) ) {
+ if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &short_domain_name, &dom_sid )) ) {
goto done;
}
+ saf_delete( short_domain_name );
+
status = netdom_leave_domain(ctx, cli, dom_sid);
- /* Ty and delete it via LDAP - the old way we used to. */
+ /* Try and delete it via LDAP - the old way we used to. */
adsret = ads_leave_realm(ads, global_myname());
if (ADS_ERR_OK(adsret)) {
@@ -962,7 +963,8 @@ static NTSTATUS check_ads_config( void )
********************************************************************/
static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername,
- struct in_addr *ip, DOM_SID **dom_sid,
+ struct in_addr *ip, char **domain,
+ DOM_SID **dom_sid,
const char *password)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
@@ -973,13 +975,16 @@ static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername,
goto done;
}
- saf_store( cli->server_domain, cli->desthost );
-
- ret = netdom_get_domain_sid( ctx, cli, dom_sid );
+ ret = netdom_get_domain_sid( ctx, cli, domain, dom_sid );
if ( !NT_STATUS_IS_OK(ret) ) {
goto done;
}
+ /* cli->server_domain is not filled in when using krb5
+ session setups */
+
+ saf_store( *domain, cli->desthost );
+
ret = netdom_join_domain( ctx, cli, *dom_sid, password, ND_TYPE_AD );
done:
@@ -1331,9 +1336,8 @@ int net_ads_join(int argc, const char **argv)
ADS_STATUS status;
NTSTATUS nt_status;
char *machine_account = NULL;
- const char *short_domain_name = NULL;
+ char *short_domain_name = NULL;
char *tmp_password, *password;
- struct cldap_netlogon_reply cldap_reply;
TALLOC_CTX *ctx = NULL;
DOM_SID *domain_sid = NULL;
BOOL createupn = False;
@@ -1410,29 +1414,20 @@ int net_ads_join(int argc, const char **argv)
password = talloc_strdup(ctx, tmp_password);
nt_status = net_join_domain(ctx, ads->config.ldap_server_name,
- &ads->ldap_ip, &domain_sid, password);
+ &ads->ldap_ip, &short_domain_name, &domain_sid, password);
if ( !NT_STATUS_IS_OK(nt_status) ) {
DEBUG(1, ("call of net_join_domain failed: %s\n",
get_friendly_nt_error_msg(nt_status)));
goto fail;
}
-
+
/* Check the short name of the domain */
- ZERO_STRUCT( cldap_reply );
-
- if ( ads_cldap_netlogon( ads->config.ldap_server_name,
- ads->server.realm, &cldap_reply ) )
- {
- short_domain_name = talloc_strdup( ctx, cldap_reply.netbios_domain );
- if ( !strequal(lp_workgroup(), short_domain_name) ) {
- d_printf("The workgroup in smb.conf does not match the short\n");
- d_printf("domain name obtained from the server.\n");
- d_printf("Using the name [%s] from the server.\n", short_domain_name);
- d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name);
- }
- } else {
- short_domain_name = lp_workgroup();
+ if ( !strequal(lp_workgroup(), short_domain_name) ) {
+ d_printf("The workgroup in smb.conf does not match the short\n");
+ d_printf("domain name obtained from the server.\n");
+ d_printf("Using the name [%s] from the server.\n", short_domain_name);
+ d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name);
}
d_printf("Using short domain name -- %s\n", short_domain_name);
@@ -1519,7 +1514,7 @@ int net_ads_join(int argc, const char **argv)
/* exit from this block using machine creds */
#endif
- d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm);
+ d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->server.realm);
SAFE_FREE(machine_account);
TALLOC_FREE( ctx );
diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c
index ab71d35fde..4f7bc8ddec 100644
--- a/source3/utils/net_domain.c
+++ b/source3/utils/net_domain.c
@@ -157,12 +157,12 @@ int netdom_store_machine_account( const char *domain, DOM_SID *sid, const char *
/*******************************************************************
********************************************************************/
-NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, DOM_SID **sid )
+NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli,
+ char **domain, DOM_SID **sid )
{
struct rpc_pipe_client *pipe_hnd = NULL;
POLICY_HND lsa_pol;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- char *domain = NULL;
if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status)) == NULL ) {
DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n",
@@ -176,7 +176,7 @@ NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, DOM_
return status;
status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx,
- &lsa_pol, 5, &domain, sid);
+ &lsa_pol, 5, domain, sid);
if ( !NT_STATUS_IS_OK(status) )
return status;