diff options
author | Gerald Carter <jerry@samba.org> | 2006-11-16 23:48:46 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:15:53 -0500 |
commit | 8fa0a80b498f2681fc9a4f5e6ab5522ee599f224 (patch) | |
tree | 4932ab53aa43676ab858d9b4b15199557890c146 | |
parent | f5a1ec74070edb5579c2d44fbbcd993531c7eda7 (diff) | |
download | samba-8fa0a80b498f2681fc9a4f5e6ab5522ee599f224.tar.gz samba-8fa0a80b498f2681fc9a4f5e6ab5522ee599f224.tar.bz2 samba-8fa0a80b498f2681fc9a4f5e6ab5522ee599f224.zip |
r19754: * When using a krb5 session setup, we don't fill in the server_name
string the clis_state struct. So call saf_store() after we
have the short domain name in the lsa_query_inof_policy code.
* Remove unused server string in saf_delete()
(This used to be commit 3eddae2f2080f8dafec883cb9ffa2e578c242607)
-rw-r--r-- | source3/include/includes.h | 3 | ||||
-rw-r--r-- | source3/libsmb/namequery.c | 15 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_cm.c | 4 | ||||
-rw-r--r-- | source3/utils/net_ads.c | 49 | ||||
-rw-r--r-- | source3/utils/net_domain.c | 6 |
5 files changed, 37 insertions, 40 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h index 2e87b25edd..f21033b61f 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -178,6 +178,9 @@ #ifndef LDAP_OPT_SUCCESS #define LDAP_OPT_SUCCESS 0 #endif +#ifndef LDAP_SCOPE_ONELEVEL +#define LDAP_SCOPE_ONELEVEL 1 +#endif /* Solaris 8 and maybe other LDAP implementations spell this "..._INPROGRESS": */ #if defined(LDAP_SASL_BIND_INPROGRESS) && !defined(LDAP_SASL_BIND_IN_PROGRESS) #define LDAP_SASL_BIND_IN_PROGRESS LDAP_SASL_BIND_INPROGRESS diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index 555d88fdc8..c232ad4938 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -15,8 +15,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "includes.h" @@ -24,7 +23,6 @@ /* nmbd.c sets this to True. */ BOOL global_in_nmbd = False; - /**************************** * SERVER AFFINITY ROUTINES * ****************************/ @@ -82,13 +80,13 @@ BOOL saf_store( const char *domain, const char *servername ) return ret; } -BOOL saf_delete( const char *domain, const char *servername ) +BOOL saf_delete( const char *domain ) { char *key; BOOL ret = False; - if ( !domain || !servername ) { - DEBUG(2,("saf_delete: Refusing to store empty domain or servername!\n")); + if ( !domain ) { + DEBUG(2,("saf_delete: Refusing to delete empty domain\n")); return False; } @@ -99,10 +97,11 @@ BOOL saf_delete( const char *domain, const char *servername ) ret = gencache_del(key); if (ret) { - DEBUG(10,("saf_delete: domain = [%s], server = [%s]\n", - domain, servername)); + DEBUG(10,("saf_delete: domain = [%s]\n", domain )); } + SAFE_FREE( key ); + return ret; } diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index bf23af5b33..3f392c4825 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -258,10 +258,10 @@ void winbind_add_failed_connection_entry(const struct winbindd_domain *domain, add_failed_connection_entry(domain->name, server, result); /* If this was the saf name for the last thing we talked to, remove it. */ - saf_delete(domain->name, server); + saf_delete(domain->name); if (*domain->alt_name) { add_failed_connection_entry(domain->alt_name, server, result); - saf_delete(domain->alt_name, server); + saf_delete(domain->alt_name); } } diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index e1762da2f7..0f189f9c6f 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -819,6 +819,7 @@ static int net_ads_leave(int argc, const char **argv) struct cli_state *cli = NULL; TALLOC_CTX *ctx; DOM_SID *dom_sid = NULL; + char *short_domain_name = NULL; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); @@ -845,15 +846,15 @@ static int net_ads_leave(int argc, const char **argv) goto done; } - saf_store( cli->server_domain, cli->desthost ); - - if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &dom_sid )) ) { + if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &short_domain_name, &dom_sid )) ) { goto done; } + saf_delete( short_domain_name ); + status = netdom_leave_domain(ctx, cli, dom_sid); - /* Ty and delete it via LDAP - the old way we used to. */ + /* Try and delete it via LDAP - the old way we used to. */ adsret = ads_leave_realm(ads, global_myname()); if (ADS_ERR_OK(adsret)) { @@ -962,7 +963,8 @@ static NTSTATUS check_ads_config( void ) ********************************************************************/ static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, - struct in_addr *ip, DOM_SID **dom_sid, + struct in_addr *ip, char **domain, + DOM_SID **dom_sid, const char *password) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; @@ -973,13 +975,16 @@ static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, goto done; } - saf_store( cli->server_domain, cli->desthost ); - - ret = netdom_get_domain_sid( ctx, cli, dom_sid ); + ret = netdom_get_domain_sid( ctx, cli, domain, dom_sid ); if ( !NT_STATUS_IS_OK(ret) ) { goto done; } + /* cli->server_domain is not filled in when using krb5 + session setups */ + + saf_store( *domain, cli->desthost ); + ret = netdom_join_domain( ctx, cli, *dom_sid, password, ND_TYPE_AD ); done: @@ -1331,9 +1336,8 @@ int net_ads_join(int argc, const char **argv) ADS_STATUS status; NTSTATUS nt_status; char *machine_account = NULL; - const char *short_domain_name = NULL; + char *short_domain_name = NULL; char *tmp_password, *password; - struct cldap_netlogon_reply cldap_reply; TALLOC_CTX *ctx = NULL; DOM_SID *domain_sid = NULL; BOOL createupn = False; @@ -1410,29 +1414,20 @@ int net_ads_join(int argc, const char **argv) password = talloc_strdup(ctx, tmp_password); nt_status = net_join_domain(ctx, ads->config.ldap_server_name, - &ads->ldap_ip, &domain_sid, password); + &ads->ldap_ip, &short_domain_name, &domain_sid, password); if ( !NT_STATUS_IS_OK(nt_status) ) { DEBUG(1, ("call of net_join_domain failed: %s\n", get_friendly_nt_error_msg(nt_status))); goto fail; } - + /* Check the short name of the domain */ - ZERO_STRUCT( cldap_reply ); - - if ( ads_cldap_netlogon( ads->config.ldap_server_name, - ads->server.realm, &cldap_reply ) ) - { - short_domain_name = talloc_strdup( ctx, cldap_reply.netbios_domain ); - if ( !strequal(lp_workgroup(), short_domain_name) ) { - d_printf("The workgroup in smb.conf does not match the short\n"); - d_printf("domain name obtained from the server.\n"); - d_printf("Using the name [%s] from the server.\n", short_domain_name); - d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name); - } - } else { - short_domain_name = lp_workgroup(); + if ( !strequal(lp_workgroup(), short_domain_name) ) { + d_printf("The workgroup in smb.conf does not match the short\n"); + d_printf("domain name obtained from the server.\n"); + d_printf("Using the name [%s] from the server.\n", short_domain_name); + d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name); } d_printf("Using short domain name -- %s\n", short_domain_name); @@ -1519,7 +1514,7 @@ int net_ads_join(int argc, const char **argv) /* exit from this block using machine creds */ #endif - d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm); + d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->server.realm); SAFE_FREE(machine_account); TALLOC_FREE( ctx ); diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c index ab71d35fde..4f7bc8ddec 100644 --- a/source3/utils/net_domain.c +++ b/source3/utils/net_domain.c @@ -157,12 +157,12 @@ int netdom_store_machine_account( const char *domain, DOM_SID *sid, const char * /******************************************************************* ********************************************************************/ -NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, DOM_SID **sid ) +NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, + char **domain, DOM_SID **sid ) { struct rpc_pipe_client *pipe_hnd = NULL; POLICY_HND lsa_pol; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - char *domain = NULL; if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status)) == NULL ) { DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n", @@ -176,7 +176,7 @@ NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, DOM_ return status; status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, - &lsa_pol, 5, &domain, sid); + &lsa_pol, 5, domain, sid); if ( !NT_STATUS_IS_OK(status) ) return status; |