summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2003-08-02 20:06:57 +0000
committerSimo Sorce <idra@samba.org>2003-08-02 20:06:57 +0000
commit04bf12b176d5abe06b7f1401810369bcafe0b611 (patch)
tree8bb6627c3ffa4cab902787b874206f8012a33e3a /source3/nsswitch
parent7efce478976e2ac71bcaf4e4d1049bb263634711 (diff)
downloadsamba-04bf12b176d5abe06b7f1401810369bcafe0b611.tar.gz
samba-04bf12b176d5abe06b7f1401810369bcafe0b611.tar.bz2
samba-04bf12b176d5abe06b7f1401810369bcafe0b611.zip
port latest changes from SAMBA_3_0 tree
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/wb_common.c2
-rw-r--r--source3/nsswitch/wbinfo.c2
-rw-r--r--source3/nsswitch/winbindd.c34
-rw-r--r--source3/nsswitch/winbindd.h2
-rw-r--r--source3/nsswitch/winbindd_acct.c63
-rw-r--r--source3/nsswitch/winbindd_ads.c85
-rw-r--r--source3/nsswitch/winbindd_cache.c8
-rw-r--r--source3/nsswitch/winbindd_cm.c39
-rw-r--r--source3/nsswitch/winbindd_group.c26
-rw-r--r--source3/nsswitch/winbindd_misc.c18
-rw-r--r--source3/nsswitch/winbindd_pam.c55
-rw-r--r--source3/nsswitch/winbindd_sid.c24
-rw-r--r--source3/nsswitch/winbindd_user.c24
-rw-r--r--source3/nsswitch/winbindd_util.c85
-rw-r--r--source3/nsswitch/winbindd_wins.c4
-rw-r--r--source3/nsswitch/wins.c48
16 files changed, 313 insertions, 206 deletions
diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c
index acaf0ed17c..79553e9e4f 100644
--- a/source3/nsswitch/wb_common.c
+++ b/source3/nsswitch/wb_common.c
@@ -239,6 +239,8 @@ int winbind_open_pipe_sock(void)
}
}
+ SAFE_FREE(response.extra_data);
+
return winbindd_fd;
#else
return -1;
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index f533799370..fcd7d2d508 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -1074,7 +1074,7 @@ int main(int argc, char **argv)
goto done;
}
break;
- case 'P':
+ case 'p':
if (!wbinfo_ping()) {
d_printf("could not ping winbindd!\n");
goto done;
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index 0860d701d8..8345fa11d0 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -27,20 +27,6 @@
BOOL opt_nocache = False;
BOOL opt_dual_daemon = True;
-/*****************************************************************************
- stubb functions
-****************************************************************************/
-
-void become_root( void )
-{
- return;
-}
-
-void unbecome_root( void )
-{
- return;
-}
-
/* Reload configuration */
static BOOL reload_services_file(BOOL test)
@@ -131,8 +117,8 @@ static void winbindd_status(void)
if (DEBUGLEVEL >= 2 && winbindd_num_clients()) {
DEBUG(2, ("\tclient list:\n"));
for(tmp = winbindd_client_list(); tmp; tmp = tmp->next) {
- DEBUG(2, ("\t\tpid %d, sock %d, rbl %d, wbl %d\n",
- tmp->pid, tmp->sock, tmp->read_buf_len,
+ DEBUG(2, ("\t\tpid %lu, sock %d, rbl %d, wbl %d\n",
+ (unsigned long)tmp->pid, tmp->sock, tmp->read_buf_len,
tmp->write_buf_len));
}
}
@@ -172,7 +158,7 @@ static void terminate(void)
idmap_close();
/* Remove socket file */
- snprintf(path, sizeof(path), "%s/%s",
+ pstr_sprintf(path, "%s/%s",
WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME);
unlink(path);
exit(0);
@@ -471,8 +457,8 @@ void winbind_client_read(struct winbindd_cli_state *state)
/* Read failed, kill client */
if (n == -1 || n == 0) {
- DEBUG(5,("read failed on sock %d, pid %d: %s\n",
- state->sock, state->pid,
+ DEBUG(5,("read failed on sock %d, pid %lu: %s\n",
+ state->sock, (unsigned long)state->pid,
(n == -1) ? strerror(errno) : "EOF"));
state->finished = True;
@@ -519,8 +505,8 @@ static void client_write(struct winbindd_cli_state *state)
if (num_written == -1 || num_written == 0) {
- DEBUG(3,("write failed on sock %d, pid %d: %s\n",
- state->sock, state->pid,
+ DEBUG(3,("write failed on sock %d, pid %lu: %s\n",
+ state->sock, (unsigned long)state->pid,
(num_written == -1) ? strerror(errno) : "EOF"));
state->finished = True;
@@ -726,8 +712,8 @@ static void process_loop(void)
if (state->read_buf_len >= sizeof(uint32)
&& *(uint32 *) &state->request != sizeof(state->request)) {
- DEBUG(0,("process_loop: Invalid request size from pid %d: %d bytes sent, should be %d\n",
- state->request.pid, *(uint32 *) &state->request, sizeof(state->request)));
+ DEBUG(0,("process_loop: Invalid request size from pid %lu: %d bytes sent, should be %d\n",
+ (unsigned long)state->request.pid, *(uint32 *) &state->request, sizeof(state->request)));
remove_client(state);
break;
@@ -838,7 +824,7 @@ int main(int argc, char **argv)
exit(1);
}
- snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE);
+ pstr_sprintf(logfile, "%s/log.winbindd", dyn_LOGFILEBASE);
lp_set_logfile(logfile);
setup_logging("winbindd", log_stdout);
reopen_logs();
diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h
index 2acb89b24b..677afa1849 100644
--- a/source3/nsswitch/winbindd.h
+++ b/source3/nsswitch/winbindd.h
@@ -4,7 +4,7 @@
Winbind daemon for ntdom nss module
Copyright (C) Tim Potter 2000
- Copyright (C) Anthony Liguori 2003
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
diff --git a/source3/nsswitch/winbindd_acct.c b/source3/nsswitch/winbindd_acct.c
index a1cd1d5f19..8abfd17110 100644
--- a/source3/nsswitch/winbindd_acct.c
+++ b/source3/nsswitch/winbindd_acct.c
@@ -136,8 +136,8 @@ static WINBINDD_PW* string2passwd( char *string )
/* last minute sanity checks */
if ( pw.pw_uid==0 || pw.pw_gid==0 ) {
- DEBUG(0,("string2passwd: Failure! uid==%d, gid==%d\n",
- pw.pw_uid, pw.pw_gid));
+ DEBUG(0,("string2passwd: Failure! uid==%lu, gid==%lu\n",
+ (unsigned long)pw.pw_uid, (unsigned long)pw.pw_gid));
return NULL;
}
@@ -161,17 +161,17 @@ static char* passwd2string( const WINBINDD_PW *pw )
DEBUG(10,("passwd2string: converting passwd struct for %s\n",
pw->pw_name));
- ret = snprintf( string, sizeof(string), "%s:%s:%d:%d:%s:%s:%s",
+ ret = pstr_sprintf( string, "%s:%s:%lu:%lu:%s:%s:%s",
pw->pw_name,
pw->pw_passwd ? pw->pw_passwd : "x",
- pw->pw_uid,
- pw->pw_gid,
+ (unsigned long)pw->pw_uid,
+ (unsigned long)pw->pw_gid,
pw->pw_gecos,
pw->pw_dir,
pw->pw_shell );
if ( ret < 0 ) {
- DEBUG(0,("passwd2string: snprintf() failed!\n"));
+ DEBUG(0,("passwd2string: pstr_sprintf() failed!\n"));
return NULL;
}
@@ -247,7 +247,7 @@ static WINBINDD_GR* string2group( char *string )
/* last minute sanity checks */
if ( grp.gr_gid == 0 ) {
- DEBUG(0,("string2group: Failure! gid==%d\n", grp.gr_gid));
+ DEBUG(0,("string2group: Failure! gid==%lu\n", (unsigned long)grp.gr_gid));
SAFE_FREE( gr_members );
return NULL;
}
@@ -303,16 +303,16 @@ static char* group2string( const WINBINDD_GR *grp )
fstrcpy( gr_mem_str, "" );
}
- ret = snprintf( string, sizeof(string)-1, "%s:%s:%d:%s",
+ ret = pstr_sprintf( string, "%s:%s:%lu:%s",
grp->gr_name,
grp->gr_passwd ? grp->gr_passwd : "*",
- grp->gr_gid,
+ (unsigned long)grp->gr_gid,
gr_mem_str );
SAFE_FREE( gr_mem_str );
if ( ret < 0 ) {
- DEBUG(0,("group2string: snprintf() failed!\n"));
+ DEBUG(0,("group2string: pstr_sprintf() failed!\n"));
return NULL;
}
@@ -326,7 +326,7 @@ static char* acct_userkey_byname( const char *name )
{
static fstring key;
- snprintf( key, sizeof(key), "%s/NAME/%s", WBKEY_PASSWD, name );
+ fstr_sprintf( key, "%s/NAME/%s", WBKEY_PASSWD, name );
return key;
}
@@ -338,7 +338,7 @@ static char* acct_userkey_byuid( uid_t uid )
{
static fstring key;
- snprintf( key, sizeof(key), "%s/UID/%d", WBKEY_PASSWD, uid );
+ fstr_sprintf( key, "%s/UID/%lu", WBKEY_PASSWD, (unsigned long)uid );
return key;
}
@@ -350,7 +350,7 @@ static char* acct_groupkey_byname( const char *name )
{
static fstring key;
- snprintf( key, sizeof(key), "%s/NAME/%s", WBKEY_GROUP, name );
+ fstr_sprintf( key, "%s/NAME/%s", WBKEY_GROUP, name );
return key;
}
@@ -362,7 +362,7 @@ static char* acct_groupkey_bygid( gid_t gid )
{
static fstring key;
- snprintf( key, sizeof(key), "%s/GID/%d", WBKEY_GROUP, gid );
+ fstr_sprintf( key, "%s/GID/%lu", WBKEY_GROUP, (unsigned long)gid );
return key;
}
@@ -415,7 +415,7 @@ WINBINDD_PW* wb_getpwuid( const uid_t uid )
data = tdb_fetch_bystring( account_tdb, acct_userkey_byuid(uid) );
if ( !data.dptr ) {
- DEBUG(4,("wb_getpwuid: failed to locate uid == %d\n", uid));
+ DEBUG(4,("wb_getpwuid: failed to locate uid == %lu\n", (unsigned long)uid));
return NULL;
}
keystr = acct_userkey_byname( data.dptr );
@@ -431,8 +431,8 @@ WINBINDD_PW* wb_getpwuid( const uid_t uid )
SAFE_FREE( data.dptr );
}
- DEBUG(5,("wb_getpwuid: %s user (uid == %d)\n",
- (pw ? "Found" : "Did not find"), uid ));
+ DEBUG(5,("wb_getpwuid: %s user (uid == %lu)\n",
+ (pw ? "Found" : "Did not find"), (unsigned long)uid ));
return pw;
}
@@ -544,7 +544,8 @@ WINBINDD_GR* wb_getgrgid( gid_t gid )
data = tdb_fetch_bystring( account_tdb, acct_groupkey_bygid(gid) );
if ( !data.dptr ) {
- DEBUG(4,("wb_getgrgid: failed to locate gid == %d\n", gid));
+ DEBUG(4,("wb_getgrgid: failed to locate gid == %lu\n",
+ (unsigned long)gid));
return NULL;
}
keystr = acct_groupkey_byname( data.dptr );
@@ -560,8 +561,8 @@ WINBINDD_GR* wb_getgrgid( gid_t gid )
SAFE_FREE( data.dptr );
}
- DEBUG(5,("wb_getgrgid: %s group (gid == %d)\n",
- (grp ? "Found" : "Did not find"), gid ));
+ DEBUG(5,("wb_getgrgid: %s group (gid == %lu)\n",
+ (grp ? "Found" : "Did not find"), (unsigned long)gid ));
return grp;
}
@@ -697,7 +698,7 @@ static int cleangroups_traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA
fstring key;
char *name = (char*)state;
- snprintf( key, sizeof(key), "%s/NAME", WBKEY_GROUP );
+ fstr_sprintf( key, "%s/NAME", WBKEY_GROUP );
len = strlen(key);
/* if this is a group entry then, check the members */
@@ -776,7 +777,7 @@ static int isprimarygroup_traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf,
fstring key;
struct _check_primary_grp *check = (struct _check_primary_grp*)params;
- snprintf( key, sizeof(key), "%s/NAME", WBKEY_PASSWD );
+ fstr_sprintf( key, "%s/NAME", WBKEY_PASSWD );
len = strlen(key);
/* if this is a group entry then, check the members */
@@ -875,8 +876,8 @@ enum winbindd_result winbindd_create_user(struct winbindd_cli_state *state)
user = state->request.data.acct_mgt.username;
group = state->request.data.acct_mgt.groupname;
- DEBUG(3, ("[%5d]: create_user: user=>(%s), group=>(%s)\n",
- state->pid, user, group));
+ DEBUG(3, ("[%5lu]: create_user: user=>(%s), group=>(%s)\n",
+ (unsigned long)state->pid, user, group));
if ( !*group )
group = lp_template_primary_group();
@@ -965,7 +966,7 @@ enum winbindd_result winbindd_create_group(struct winbindd_cli_state *state)
state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0';
group = state->request.data.acct_mgt.groupname;
- DEBUG(3, ("[%5d]: create_group: (%s)\n", state->pid, group));
+ DEBUG(3, ("[%5lu]: create_group: (%s)\n", (unsigned long)state->pid, group));
/* get a new uid */
@@ -1025,7 +1026,7 @@ enum winbindd_result winbindd_add_user_to_group(struct winbindd_cli_state *state
group = state->request.data.acct_mgt.groupname;
user = state->request.data.acct_mgt.username;
- DEBUG(3, ("[%5d]: add_user_to_group: add %s to %s\n", state->pid,
+ DEBUG(3, ("[%5lu]: add_user_to_group: add %s to %s\n", (unsigned long)state->pid,
user, group));
/* make sure it is a valid user */
@@ -1073,7 +1074,7 @@ enum winbindd_result winbindd_remove_user_from_group(struct winbindd_cli_state *
group = state->request.data.acct_mgt.groupname;
user = state->request.data.acct_mgt.username;
- DEBUG(3, ("[%5d]: remove_user_to_group: delete %s from %s\n", state->pid,
+ DEBUG(3, ("[%5lu]: remove_user_to_group: delete %s from %s\n", (unsigned long)state->pid,
user, group));
/* don't worry about checking the username since we're removing it anyways */
@@ -1116,8 +1117,8 @@ enum winbindd_result winbindd_set_user_primary_group(struct winbindd_cli_state *
group = state->request.data.acct_mgt.groupname;
user = state->request.data.acct_mgt.username;
- DEBUG(3, ("[%5d]: set_user_primary_grou:p group %s for user %s\n", state->pid,
- group, user));
+ DEBUG(3, ("[%5lu]: set_user_primary_group: group %s for user %s\n",
+ (unsigned long)state->pid, group, user));
/* make sure it is a valid user */
@@ -1158,7 +1159,7 @@ enum winbindd_result winbindd_delete_user(struct winbindd_cli_state *state)
state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0';
user = state->request.data.acct_mgt.username;
- DEBUG(3, ("[%5d]: delete_user: %s\n", state->pid, user));
+ DEBUG(3, ("[%5lu]: delete_user: %s\n", (unsigned long)state->pid, user));
/* make sure it is a valid user */
@@ -1189,7 +1190,7 @@ enum winbindd_result winbindd_delete_group(struct winbindd_cli_state *state)
state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.groupname)-1]='\0';
group = state->request.data.acct_mgt.groupname;
- DEBUG(3, ("[%5d]: delete_group: %s\n", state->pid, group));
+ DEBUG(3, ("[%5lu]: delete_group: %s\n", (unsigned long)state->pid, group));
/* make sure it is a valid group */
diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c
index 462dd21531..7140dc35a0 100644
--- a/source3/nsswitch/winbindd_ads.c
+++ b/source3/nsswitch/winbindd_ads.c
@@ -801,24 +801,91 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
char ***alt_names,
DOM_SID **dom_sids)
{
- ADS_STRUCT *ads;
- ADS_STATUS rc;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ DS_DOMAIN_TRUSTS *domains = NULL;
+ int count = 0;
+ int i;
+ struct cli_state *cli = NULL;
+ /* i think we only need our forest and downlevel trusted domains */
+ uint32 flags = DS_DOMAIN_IN_FOREST | DS_DOMAIN_DIRECT_OUTBOUND;
DEBUG(3,("ads: trusted_domains\n"));
*num_domains = 0;
- *names = NULL;
+ *alt_names = NULL;
+ *names = NULL;
+ *dom_sids = NULL;
+
+ if ( !NT_STATUS_IS_OK(result = cm_fresh_connection(domain->name, PI_NETLOGON, &cli)) ) {
+ DEBUG(5, ("trusted_domains: Could not open a connection to %s for PIPE_NETLOGON (%s)\n",
+ domain->name, nt_errstr(result)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if ( NT_STATUS_IS_OK(result) )
+ result = cli_ds_enum_domain_trusts( cli, mem_ctx, cli->desthost, flags, &domains, &count );
+
+ if ( NT_STATUS_IS_OK(result) && count) {
+
+ /* Allocate memory for trusted domain names and sids */
- ads = ads_cached_connection(domain);
+ if ( !(*names = (char **)talloc(mem_ctx, sizeof(char *) * count)) ) {
+ DEBUG(0, ("trusted_domains: out of memory\n"));
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
- if (!ads) {
- domain->last_status = NT_STATUS_SERVER_DISABLED;
- return NT_STATUS_UNSUCCESSFUL;
+ if ( !(*alt_names = (char **)talloc(mem_ctx, sizeof(char *) * count)) ) {
+ DEBUG(0, ("trusted_domains: out of memory\n"));
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ if ( !(*dom_sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * count)) ) {
+ DEBUG(0, ("trusted_domains: out of memory\n"));
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ /* Copy across names and sids */
+
+ for (i = 0; i < count; i++) {
+ fstring tmp;
+ fstring tmp2;
+
+ (*names)[i] = NULL;
+ (*alt_names)[i] = NULL;
+ ZERO_STRUCT( (*dom_sids)[i] );
+
+ if ( domains[i].netbios_ptr ) {
+ unistr2_to_ascii(tmp, &domains[i].netbios_domain, sizeof(tmp) - 1);
+ (*names)[i] = talloc_strdup(mem_ctx, tmp);
+ }
+
+ if ( domains[i].dns_ptr ) {
+ unistr2_to_ascii(tmp2, &domains[i].dns_domain, sizeof(tmp2) - 1);
+ (*alt_names)[i] = talloc_strdup(mem_ctx, tmp2);
+ }
+
+ /* sometimes we will get back a NULL SID from this call */
+
+ if ( domains[i].sid_ptr )
+ sid_copy(&(*dom_sids)[i], &domains[i].sid.sid);
+ }
+
+ *num_domains = count;
}
- rc = ads_trusted_domains(ads, mem_ctx, num_domains, names, alt_names, dom_sids);
+done:
+
+ SAFE_FREE( domains );
+
+ /* remove connection; This is a special case to the \NETLOGON pipe */
+
+ if ( cli )
+ cli_shutdown( cli );
- return ads_ntstatus(rc);
+ return result;
}
/* find the domain sid for a domain */
diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c
index 2da2a9e641..2891a4fa68 100644
--- a/source3/nsswitch/winbindd_cache.c
+++ b/source3/nsswitch/winbindd_cache.c
@@ -106,7 +106,7 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain)
case SEC_ADS: {
extern struct winbindd_methods ads_methods;
/* always obey the lp_security parameter for our domain */
- if ( strequal(lp_realm(), domain->alt_name) ) {
+ if ( strequal(lp_realm(), domain->alt_name) || strequal(lp_workgroup(), domain->name) ) {
domain->backend = &ads_methods;
break;
}
@@ -256,7 +256,7 @@ static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
return NT_STATUS_UNSUCCESSFUL;
}
- snprintf( key, sizeof(key), "SEQNUM/%s", domain->name );
+ fstr_sprintf( key, "SEQNUM/%s", domain->name );
data = tdb_fetch_bystring( wcache->tdb, key );
if ( !data.dptr || data.dsize!=8 ) {
@@ -295,7 +295,7 @@ static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
return NT_STATUS_UNSUCCESSFUL;
}
- snprintf( key_str, sizeof(key_str), "SEQNUM/%s", domain->name );
+ fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
key.dptr = key_str;
key.dsize = strlen(key_str)+1;
@@ -328,6 +328,8 @@ static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
time_t t = time(NULL);
unsigned cache_time = lp_winbind_cache_time();
+ get_cache( domain );
+
/* trying to reconnect is expensive, don't do it too often */
if (domain->sequence_number == DOM_SEQUENCE_NONE) {
cache_time *= 8;
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 7f35167778..f07117b5ab 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -152,7 +152,8 @@ static NTSTATUS cm_open_connection(const char *domain, const int pipe_index,
result = cli_full_connection(&new_conn->cli, global_myname(), new_conn->controller,
&dc_ip, 0, "IPC$", "IPC", ipc_username, ipc_domain,
- ipc_password, CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK, &retry);
+ ipc_password, CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK,
+ Undefined, &retry);
secrets_named_mutex_release(new_conn->controller);
@@ -169,6 +170,11 @@ static NTSTATUS cm_open_connection(const char *domain, const int pipe_index,
return result;
}
+ /* set the domain if empty; needed for schannel connections */
+ if ( !*new_conn->cli->domain )
+ fstrcpy( new_conn->cli->domain, domain );
+
+
if ( !cli_nt_session_open (new_conn->cli, pipe_index) ) {
result = NT_STATUS_PIPE_NOT_AVAILABLE;
/*
@@ -188,6 +194,25 @@ static NTSTATUS cm_open_connection(const char *domain, const int pipe_index,
return NT_STATUS_OK;
}
+/************************************************************************
+ Wrapper around statuc cm_open_connection to retreive a freshly
+ setup cli_state struct
+************************************************************************/
+
+NTSTATUS cm_fresh_connection(const char *domain, const int pipe_index,
+ struct cli_state **cli)
+{
+ NTSTATUS result;
+ struct winbindd_cm_conn conn;
+
+ result = cm_open_connection( domain, pipe_index, &conn );
+
+ if ( NT_STATUS_IS_OK(result) )
+ *cli = conn.cli;
+
+ return result;
+}
+
/* Return true if a connection is still alive */
static BOOL connection_ok(struct winbindd_cm_conn *conn)
@@ -320,13 +345,11 @@ BOOL cm_check_for_native_mode_win2k( const char *domain )
done:
-#if 0
- /*
- * I don't think we need to shutdown here ? JRA.
- */
+ /* close the connection; no other cals use this pipe and it is called only
+ on reestablishing the domain list --jerry */
+
if ( conn.cli )
cli_shutdown( conn.cli );
-#endif
return ret;
}
@@ -488,14 +511,14 @@ NTSTATUS cm_get_netlogon_cli(const char *domain,
if (!NT_STATUS_IS_OK(result))
return result;
- snprintf(lock_name, sizeof(lock_name), "NETLOGON\\%s", conn->controller);
+ fstr_sprintf(lock_name, "NETLOGON\\%s", conn->controller);
if (!(got_mutex = secrets_named_mutex(lock_name, WINBIND_SERVER_MUTEX_WAIT_TIME))) {
DEBUG(0,("cm_get_netlogon_cli: mutex grab failed for %s\n", conn->controller));
}
if ( sec_channel_type == SEC_CHAN_DOMAIN )
- snprintf(conn->cli->mach_acct, sizeof(conn->cli->mach_acct) - 1, "%s$", lp_workgroup());
+ fstr_sprintf(conn->cli->mach_acct, "%s$", lp_workgroup());
result = cli_nt_establish_netlogon(conn->cli, sec_channel_type, trust_passwd);
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index d67d48d506..96c121685a 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -232,7 +232,7 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
/* Ensure null termination */
state->request.data.groupname[sizeof(state->request.data.groupname)-1]='\0';
- DEBUG(3, ("[%5d]: getgrnam %s\n", state->pid,
+ DEBUG(3, ("[%5lu]: getgrnam %s\n", (unsigned long)state->pid,
state->request.data.groupname));
/* Parse domain and groupname */
@@ -334,8 +334,8 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state)
int gr_mem_len;
char *gr_mem;
- DEBUG(3, ("[%5d]: getgrgid %d\n", state->pid,
- state->request.data.gid));
+ DEBUG(3, ("[%5lu]: getgrgid %lu\n", (unsigned long)state->pid,
+ (unsigned long)state->request.data.gid));
/* Bug out if the gid isn't in the winbind range */
@@ -360,8 +360,8 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state)
/* Get rid from gid */
if (!NT_STATUS_IS_OK(idmap_gid_to_sid(&group_sid, state->request.data.gid))) {
- DEBUG(1, ("could not convert gid %d to rid\n",
- state->request.data.gid));
+ DEBUG(1, ("could not convert gid %lu to rid\n",
+ (unsigned long)state->request.data.gid));
return WINBINDD_ERROR;
}
@@ -416,7 +416,7 @@ enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
- DEBUG(3, ("[%5d]: setgrent\n", state->pid));
+ DEBUG(3, ("[%5lu]: setgrent\n", (unsigned long)state->pid));
/* Check user has enabled this */
@@ -469,7 +469,7 @@ enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state)
enum winbindd_result winbindd_endgrent(struct winbindd_cli_state *state)
{
- DEBUG(3, ("[%5d]: endgrent\n", state->pid));
+ DEBUG(3, ("[%5lu]: endgrent\n", (unsigned long)state->pid));
free_getent_state(state->getgrent_state);
state->getgrent_state = NULL;
@@ -605,7 +605,7 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state)
int num_groups, group_list_ndx = 0, i, gr_mem_list_len = 0;
char *new_extra_data, *gr_mem_list = NULL;
- DEBUG(3, ("[%5d]: getgrent\n", state->pid));
+ DEBUG(3, ("[%5lu]: getgrent\n", (unsigned long)state->pid));
/* Check user has enabled this */
@@ -691,7 +691,7 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state)
goto tryagain;
}
- DEBUG(10, ("got gid %d for group %x\n", group_gid,
+ DEBUG(10, ("got gid %lu for group %x\n", (unsigned long)group_gid,
name_list[ent->sam_entry_index].rid));
/* Fill in group entry */
@@ -825,7 +825,7 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state)
char *ted = NULL;
unsigned int extra_data_len = 0, i;
- DEBUG(3, ("[%5d]: list groups\n", state->pid));
+ DEBUG(3, ("[%5lu]: list groups\n", (unsigned long)state->pid));
/* Enumerate over trusted domains */
@@ -915,7 +915,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
/* Ensure null termination */
state->request.data.username[sizeof(state->request.data.username)-1]='\0';
- DEBUG(3, ("[%5d]: getgroups %s\n", state->pid,
+ DEBUG(3, ("[%5lu]: getgroups %s\n", (unsigned long)state->pid,
state->request.data.username));
if (!(mem_ctx = talloc_init("winbindd_getgroups(%s)",
@@ -1009,9 +1009,9 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
/* We've jumped through a lot of hoops to get here */
DEBUG(10, ("winbindd_getgroups: mapped other sid %s to "
- "gid %d\n", sid_string_static(
+ "gid %lu\n", sid_string_static(
&info3->other_sids[i].sid),
- gid_list[num_gids]));
+ (unsigned long)gid_list[num_gids]));
num_gids++;
}
diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c
index 8d7cdc4731..740b760b93 100644
--- a/source3/nsswitch/winbindd_misc.c
+++ b/source3/nsswitch/winbindd_misc.c
@@ -35,7 +35,7 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat
int num_retries = 0;
struct cli_state *cli;
uint32 sec_channel_type;
- DEBUG(3, ("[%5d]: check machine account\n", state->pid));
+ DEBUG(3, ("[%5lu]: check machine account\n", (unsigned long)state->pid));
/* Get trust account password */
@@ -95,7 +95,7 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state
int total_entries = 0, extra_data_len = 0;
char *ted, *extra_data = NULL;
- DEBUG(3, ("[%5d]: list trusted domains\n", state->pid));
+ DEBUG(3, ("[%5lu]: list trusted domains\n", (unsigned long)state->pid));
/* We need to refresh the trusted domain list as the domains may
have changed since we last looked. There may be a sequence
@@ -149,7 +149,7 @@ enum winbindd_result winbindd_show_sequence(struct winbindd_cli_state *state)
struct winbindd_domain *domain;
char *extra_data = NULL;
- DEBUG(3, ("[%5d]: show sequence\n", state->pid));
+ DEBUG(3, ("[%5lu]: show sequence\n", (unsigned long)state->pid));
extra_data = strdup("");
@@ -181,7 +181,7 @@ enum winbindd_result winbindd_show_sequence(struct winbindd_cli_state *state)
enum winbindd_result winbindd_ping(struct winbindd_cli_state
*state)
{
- DEBUG(3, ("[%5d]: ping\n", state->pid));
+ DEBUG(3, ("[%5lu]: ping\n", (unsigned long)state->pid));
return WINBINDD_OK;
}
@@ -191,7 +191,7 @@ enum winbindd_result winbindd_ping(struct winbindd_cli_state
enum winbindd_result winbindd_info(struct winbindd_cli_state *state)
{
- DEBUG(3, ("[%5d]: request misc info\n", state->pid));
+ DEBUG(3, ("[%5lu]: request misc info\n", (unsigned long)state->pid));
state->response.data.info.winbind_separator = *lp_winbind_separator();
fstrcpy(state->response.data.info.samba_version, VERSION);
@@ -204,7 +204,7 @@ enum winbindd_result winbindd_info(struct winbindd_cli_state *state)
enum winbindd_result winbindd_interface_version(struct winbindd_cli_state *state)
{
- DEBUG(3, ("[%5d]: request interface version\n", state->pid));
+ DEBUG(3, ("[%5lu]: request interface version\n", (unsigned long)state->pid));
state->response.data.interface_version = WINBIND_INTERFACE_VERSION;
@@ -216,7 +216,7 @@ enum winbindd_result winbindd_interface_version(struct winbindd_cli_state *state
enum winbindd_result winbindd_domain_name(struct winbindd_cli_state *state)
{
- DEBUG(3, ("[%5d]: request domain name\n", state->pid));
+ DEBUG(3, ("[%5lu]: request domain name\n", (unsigned long)state->pid));
fstrcpy(state->response.data.domain_name, lp_workgroup());
@@ -228,7 +228,7 @@ enum winbindd_result winbindd_domain_name(struct winbindd_cli_state *state)
enum winbindd_result winbindd_netbios_name(struct winbindd_cli_state *state)
{
- DEBUG(3, ("[%5d]: request netbios name\n", state->pid));
+ DEBUG(3, ("[%5lu]: request netbios name\n", (unsigned long)state->pid));
fstrcpy(state->response.data.netbios_name, global_myname());
@@ -240,7 +240,7 @@ enum winbindd_result winbindd_netbios_name(struct winbindd_cli_state *state)
enum winbindd_result winbindd_priv_pipe_dir(struct winbindd_cli_state *state)
{
- DEBUG(3, ("[%5d]: request location of privileged pipe\n", state->pid));
+ DEBUG(3, ("[%5lu]: request location of privileged pipe\n", (unsigned long)state->pid));
state->response.extra_data = strdup(get_winbind_priv_pipe_dir());
if (!state->response.extra_data)
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index 8df0f621c0..a8908487c1 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -53,55 +53,6 @@ static NTSTATUS append_info3_as_ndr(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-/*******************************************************************
- wrapper around retreiving the trsut account password
-*******************************************************************/
-
-static BOOL get_trust_pw(const char *domain, uint8 ret_pwd[16],
- time_t *pass_last_set_time, uint32 *channel)
-{
- DOM_SID sid;
- char *pwd;
-
- /* if we are a DC and this is not our domain, then lookup an account
- for the domain trust */
-
- if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains() )
- {
- if ( !secrets_fetch_trusted_domain_password(domain, &pwd, &sid,
- pass_last_set_time) )
- {
- DEBUG(0, ("get_trust_pw: could not fetch trust account "
- "password for trusted domain %s\n", domain));
- return False;
- }
-
- *channel = SEC_CHAN_DOMAIN;
- E_md4hash(pwd, ret_pwd);
- SAFE_FREE(pwd);
-
- return True;
- }
- else /* just get the account for our domain (covers
- ROLE_DOMAIN_MEMBER as well */
- {
- /* get the machine trust account for our domain */
-
- if ( !secrets_fetch_trust_account_password (lp_workgroup(), ret_pwd,
- pass_last_set_time, channel) )
- {
- DEBUG(0, ("get_trust_pw: could not fetch trust account "
- "password for my domain %s\n", domain));
- return False;
- }
-
- return True;
- }
-
- /* Failure */
- return False;
-}
-
/**********************************************************************
Authenticate a user with a clear test password
**********************************************************************/
@@ -131,7 +82,7 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
/* Ensure null termination */
state->request.data.auth.pass[sizeof(state->request.data.auth.pass)-1]='\0';
- DEBUG(3, ("[%5d]: pam auth %s\n", state->pid,
+ DEBUG(3, ("[%5lu]: pam auth %s\n", (unsigned long)state->pid,
state->request.data.auth.user));
if (!(mem_ctx = talloc_init("winbind pam auth for %s", state->request.data.auth.user))) {
@@ -305,7 +256,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
goto done;
}
- DEBUG(3, ("[%5d]: pam auth crap domain: %s user: %s\n", state->pid,
+ DEBUG(3, ("[%5lu]: pam auth crap domain: %s user: %s\n", (unsigned long)state->pid,
domain, user));
if ( !get_trust_pw(domain, trust_passwd, &last_change_time, &sec_channel_type) ) {
@@ -436,7 +387,7 @@ enum winbindd_result winbindd_pam_chauthtok(struct winbindd_cli_state *state)
fstring domain, user;
CLI_POLICY_HND *hnd;
- DEBUG(3, ("[%5d]: pam chauthtok %s\n", state->pid,
+ DEBUG(3, ("[%5lu]: pam chauthtok %s\n", (unsigned long)state->pid,
state->request.data.chauthtok.user));
/* Setup crap */
diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c
index 676beae3aa..98a6fce24b 100644
--- a/source3/nsswitch/winbindd_sid.c
+++ b/source3/nsswitch/winbindd_sid.c
@@ -39,7 +39,7 @@ enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state)
/* Ensure null termination */
state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
- DEBUG(3, ("[%5d]: lookupsid %s\n", state->pid,
+ DEBUG(3, ("[%5lu]: lookupsid %s\n", (unsigned long)state->pid,
state->request.data.sid));
/* Lookup sid from PDC using lsa_lookup_sids() */
@@ -90,7 +90,7 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state)
/* Ensure null termination */
state->request.data.sid[sizeof(state->request.data.name.name)-1]='\0';
- DEBUG(3, ("[%5d]: lookupname %s%s%s\n", state->pid,
+ DEBUG(3, ("[%5lu]: lookupname %s%s%s\n", (unsigned long)state->pid,
state->request.data.name.dom_name,
lp_winbind_separator(),
state->request.data.name.name));
@@ -127,7 +127,7 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
/* Ensure null termination */
state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
- DEBUG(3, ("[%5d]: sid to uid %s\n", state->pid,
+ DEBUG(3, ("[%5lu]: sid to uid %s\n", (unsigned long)state->pid,
state->request.data.sid));
/* Split sid into domain sid and user rid */
@@ -159,7 +159,7 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
/* Ensure null termination */
state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
- DEBUG(3, ("[%5d]: sid to gid %s\n", state->pid,
+ DEBUG(3, ("[%5lu]: sid to gid %s\n", (unsigned long)state->pid,
state->request.data.sid));
if (!string_to_sid(&sid, state->request.data.sid)) {
@@ -192,13 +192,13 @@ enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state)
return WINBINDD_ERROR;
}
- DEBUG(3, ("[%5d]: uid to sid %d\n", state->pid,
- state->request.data.uid));
+ DEBUG(3, ("[%5lu]: uid to sid %lu\n", (unsigned long)state->pid,
+ (unsigned long)state->request.data.uid));
/* Lookup rid for this uid */
if (!NT_STATUS_IS_OK(idmap_uid_to_sid(&sid, state->request.data.uid))) {
- DEBUG(1, ("Could not convert uid %d to rid\n",
- state->request.data.uid));
+ DEBUG(1, ("Could not convert uid %lu to rid\n",
+ (unsigned long)state->request.data.uid));
return WINBINDD_ERROR;
}
@@ -221,13 +221,13 @@ enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state)
return WINBINDD_ERROR;
}
- DEBUG(3, ("[%5d]: gid to sid %d\n", state->pid,
- state->request.data.gid));
+ DEBUG(3, ("[%5lu]: gid to sid %lu\n", (unsigned long)state->pid,
+ (unsigned long)state->request.data.gid));
/* Lookup sid for this uid */
if (!NT_STATUS_IS_OK(idmap_gid_to_sid(&sid, state->request.data.gid))) {
- DEBUG(1, ("Could not convert gid %d to sid\n",
- state->request.data.gid));
+ DEBUG(1, ("Could not convert gid %lu to sid\n",
+ (unsigned long)state->request.data.gid));
return WINBINDD_ERROR;
}
diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c
index c49c41687b..c0b0d94167 100644
--- a/source3/nsswitch/winbindd_user.c
+++ b/source3/nsswitch/winbindd_user.c
@@ -108,7 +108,7 @@ enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state)
/* Ensure null termination */
state->request.data.username[sizeof(state->request.data.username)-1]='\0';
- DEBUG(3, ("[%5d]: getpwnam %s\n", state->pid,
+ DEBUG(3, ("[%5lu]: getpwnam %s\n", (unsigned long)state->pid,
state->request.data.username));
/* Parse domain and username */
@@ -131,7 +131,7 @@ enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state)
/* should we deal with users for our domain? */
if ( lp_winbind_trusted_domains_only() && strequal(name_domain, lp_workgroup())) {
- DEBUG(7,("winbindd_getpenam: My domain -- rejecting getpwnam() for %s\\%s.\n",
+ DEBUG(7,("winbindd_getpwnam: My domain -- rejecting getpwnam() for %s\\%s.\n",
name_domain, name_user));
return WINBINDD_ERROR;
}
@@ -209,8 +209,8 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
(state->request.data.uid > server_state.uid_high))
return WINBINDD_ERROR;
- DEBUG(3, ("[%5d]: getpwuid %d\n", state->pid,
- state->request.data.uid));
+ DEBUG(3, ("[%5lu]: getpwuid %lu\n", (unsigned long)state->pid,
+ (unsigned long)state->request.data.uid));
/* always try local tdb first */
@@ -222,8 +222,8 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
/* Get rid from uid */
if (!NT_STATUS_IS_OK(idmap_uid_to_sid(&user_sid, state->request.data.uid))) {
- DEBUG(1, ("could not convert uid %d to SID\n",
- state->request.data.uid));
+ DEBUG(1, ("could not convert uid %lu to SID\n",
+ (unsigned long)state->request.data.uid));
return WINBINDD_ERROR;
}
@@ -246,8 +246,8 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
/* Get some user info */
- if (!(mem_ctx = talloc_init("winbind_getpwuid(%d)",
- state->request.data.uid))) {
+ if (!(mem_ctx = talloc_init("winbind_getpwuid(%lu)",
+ (unsigned long)state->request.data.uid))) {
DEBUG(1, ("out of memory\n"));
return WINBINDD_ERROR;
@@ -295,7 +295,7 @@ enum winbindd_result winbindd_setpwent(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
- DEBUG(3, ("[%5d]: setpwent\n", state->pid));
+ DEBUG(3, ("[%5lu]: setpwent\n", (unsigned long)state->pid));
/* Check user has enabled this */
@@ -359,7 +359,7 @@ enum winbindd_result winbindd_setpwent(struct winbindd_cli_state *state)
enum winbindd_result winbindd_endpwent(struct winbindd_cli_state *state)
{
- DEBUG(3, ("[%5d]: endpwent\n", state->pid));
+ DEBUG(3, ("[%5lu]: endpwent\n", (unsigned long)state->pid));
free_getent_state(state->getpwent_state);
state->getpwent_state = NULL;
@@ -474,7 +474,7 @@ enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state)
struct winbindd_pw *user_list;
int num_users, user_list_ndx = 0, i;
- DEBUG(3, ("[%5d]: getpwent\n", state->pid));
+ DEBUG(3, ("[%5lu]: getpwent\n", (unsigned long)state->pid));
/* Check user has enabled this */
@@ -581,7 +581,7 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state)
TALLOC_CTX *mem_ctx;
enum winbindd_result rv = WINBINDD_ERROR;
- DEBUG(3, ("[%5d]: list users\n", state->pid));
+ DEBUG(3, ("[%5lu]: list users\n", (unsigned long)state->pid));
if (!(mem_ctx = talloc_init("winbindd_list_users")))
return WINBINDD_ERROR;
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index 6177c46aef..a810e503a0 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -111,7 +111,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
fstrcpy(domain->name, alt_name);
fstrcpy(domain->alt_name, domain_name);
} else {
- fstrcpy(domain->name, domain_name);
+ fstrcpy(domain->name, domain_name);
if (alt_name) {
fstrcpy(domain->alt_name, alt_name);
}
@@ -174,8 +174,11 @@ void rescan_trusted_domains(BOOL force)
char **names;
char **alt_names;
int num_domains = 0;
- DOM_SID *dom_sids;
+ DOM_SID *dom_sids, null_sid;
int i;
+ struct winbindd_domain *new_domain;
+
+ ZERO_STRUCTP(&null_sid);
result = domain->methods->trusted_domains(domain, mem_ctx, &num_domains,
&names, &alt_names, &dom_sids);
@@ -183,12 +186,34 @@ void rescan_trusted_domains(BOOL force)
continue;
}
- /* Add each domain to the trusted domain list. Each domain inherits
- the access methods of its parent */
+ /* Add each domain to the trusted domain list */
+
for(i = 0; i < num_domains; i++) {
DEBUG(10,("Found domain %s\n", names[i]));
add_trusted_domain(names[i], alt_names?alt_names[i]:NULL,
domain->methods, &dom_sids[i]);
+
+ /* if the SID was empty, we better set it now */
+
+ if ( sid_equal(&dom_sids[i], &null_sid) ) {
+
+ new_domain = find_domain_from_name(names[i]);
+
+ /* this should never happen */
+ if ( !new_domain ) {
+ DEBUG(0,("rescan_trust_domains: can't find the domain I just added! [%s]\n",
+ names[i]));
+ break;
+ }
+
+ /* call the cache method; which will operate on the winbindd_domain \
+ passed in and choose either rpc or ads as appropriate */
+
+ result = domain->methods->domain_sid( new_domain, &new_domain->sid );
+
+ if ( NT_STATUS_IS_OK(result) )
+ sid_copy( &dom_sids[i], &domain->sid );
+ }
/* store trusted domain in the cache */
trustdom_cache_store(names[i], alt_names ? alt_names[i] : NULL,
@@ -209,7 +234,7 @@ BOOL init_domain_list(void)
free_domain_list();
/* Add ourselves as the first entry */
- domain = add_trusted_domain(lp_workgroup(), NULL, &cache_methods, NULL);
+ domain = add_trusted_domain( lp_workgroup(), NULL, &cache_methods, NULL);
if (!secrets_fetch_domain_sid(domain->name, &domain->sid)) {
DEBUG(1, ("Could not fetch sid for our domain %s\n",
domain->name));
@@ -782,3 +807,53 @@ BOOL winbindd_upgrade_idmap(void)
return idmap_convert(idmap_name);
}
+
+/*******************************************************************
+ wrapper around retrieving the trust account password
+*******************************************************************/
+
+BOOL get_trust_pw(const char *domain, uint8 ret_pwd[16],
+ time_t *pass_last_set_time, uint32 *channel)
+{
+ DOM_SID sid;
+ char *pwd;
+
+ /* if we are a DC and this is not our domain, then lookup an account
+ for the domain trust */
+
+ if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains() )
+ {
+ if ( !secrets_fetch_trusted_domain_password(domain, &pwd, &sid,
+ pass_last_set_time) )
+ {
+ DEBUG(0, ("get_trust_pw: could not fetch trust account "
+ "password for trusted domain %s\n", domain));
+ return False;
+ }
+
+ *channel = SEC_CHAN_DOMAIN;
+ E_md4hash(pwd, ret_pwd);
+ SAFE_FREE(pwd);
+
+ return True;
+ }
+ else /* just get the account for our domain (covers
+ ROLE_DOMAIN_MEMBER as well */
+ {
+ /* get the machine trust account for our domain */
+
+ if ( !secrets_fetch_trust_account_password (lp_workgroup(), ret_pwd,
+ pass_last_set_time, channel) )
+ {
+ DEBUG(0, ("get_trust_pw: could not fetch trust account "
+ "password for my domain %s\n", domain));
+ return False;
+ }
+
+ return True;
+ }
+
+ /* Failure */
+ return False;
+}
+
diff --git a/source3/nsswitch/winbindd_wins.c b/source3/nsswitch/winbindd_wins.c
index 66903e250d..49bee2dc9f 100644
--- a/source3/nsswitch/winbindd_wins.c
+++ b/source3/nsswitch/winbindd_wins.c
@@ -137,7 +137,7 @@ enum winbindd_result winbindd_wins_byip(struct winbindd_cli_state *state)
/* Ensure null termination */
state->request.data.winsreq[sizeof(state->request.data.winsreq)-1]='\0';
- DEBUG(3, ("[%5d]: wins_byip %s\n", state->pid,
+ DEBUG(3, ("[%5lu]: wins_byip %s\n", (unsigned long)state->pid,
state->request.data.winsreq));
*response = '\0';
@@ -184,7 +184,7 @@ enum winbindd_result winbindd_wins_byname(struct winbindd_cli_state *state)
/* Ensure null termination */
state->request.data.winsreq[sizeof(state->request.data.winsreq)-1]='\0';
- DEBUG(3, ("[%5d]: wins_byname %s\n", state->pid,
+ DEBUG(3, ("[%5lu]: wins_byname %s\n", (unsigned long)state->pid,
state->request.data.winsreq));
*response = '\0';
diff --git a/source3/nsswitch/wins.c b/source3/nsswitch/wins.c
index 62493ef0a9..87dac60192 100644
--- a/source3/nsswitch/wins.c
+++ b/source3/nsswitch/wins.c
@@ -86,29 +86,6 @@ static void nss_wins_init(void)
load_interfaces();
}
-static struct node_status *lookup_byaddr_backend(char *addr, int *count)
-{
- int fd;
- struct in_addr ip;
- struct nmb_name nname;
- struct node_status *status;
-
- if (!initialised) {
- nss_wins_init();
- }
-
- fd = wins_lookup_open_socket_in();
- if (fd == -1)
- return NULL;
-
- make_nmb_name(&nname, "*", 0);
- ip = *interpret_addr2(addr);
- status = node_status_query(fd,&nname,ip, count);
-
- close(fd);
- return status;
-}
-
static struct in_addr *lookup_byname_backend(const char *name, int *count)
{
int fd = -1;
@@ -149,8 +126,31 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count)
return ret;
}
-
#ifdef HAVE_NS_API_H
+
+static struct node_status *lookup_byaddr_backend(char *addr, int *count)
+{
+ int fd;
+ struct in_addr ip;
+ struct nmb_name nname;
+ struct node_status *status;
+
+ if (!initialised) {
+ nss_wins_init();
+ }
+
+ fd = wins_lookup_open_socket_in();
+ if (fd == -1)
+ return NULL;
+
+ make_nmb_name(&nname, "*", 0);
+ ip = *interpret_addr2(addr);
+ status = node_status_query(fd,&nname,ip, count);
+
+ close(fd);
+ return status;
+}
+
/* IRIX version */
int init(void)