diff options
author | Gerald Carter <jerry@samba.org> | 2004-06-03 18:00:22 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:51:53 -0500 |
commit | 9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad (patch) | |
tree | 7b126d923a8a0ee8b02ab43bf54a43ce3344f051 /source3/rpc_server | |
parent | 4e1b26db3490c6063bf0ea05b8ae7e34a96ca8a9 (diff) | |
download | samba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.tar.gz samba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.tar.bz2 samba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.zip |
r991: Allow winbindd to use the domain trust account password
for setting up an schannel connection. This solves the problem
of a Samba DC running winbind, trusting a native mode AD domain,
and needing to enumerate AD users via wbinfo -u.
(This used to be commit e9f109d1b38e0b0adec9b7e9a907f90a79d297ea)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_netlog.c | 11 | ||||
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 69 |
2 files changed, 56 insertions, 24 deletions
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index f06a2002e3..705b629732 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -227,8 +227,6 @@ static BOOL api_net_trust_dom_list(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - DEBUG(6,("api_net_trust_dom_list: %d\n", __LINE__)); - /* grab the lsa trusted domain list query... */ if(!net_io_q_trust_dom("", &q_u, data, 0)) { DEBUG(0,("api_net_trust_dom_list: Failed to unmarshall NET_Q_TRUST_DOM_LIST.\n")); @@ -244,8 +242,6 @@ static BOOL api_net_trust_dom_list(pipes_struct *p) return False; } - DEBUG(6,("api_net_trust_dom_list: %d\n", __LINE__)); - return True; } @@ -263,7 +259,6 @@ static BOOL api_net_logon_ctrl2(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__)); /* grab the lsa netlogon ctrl2 query... */ if(!net_io_q_logon_ctrl2("", &q_u, data, 0)) { @@ -278,8 +273,6 @@ static BOOL api_net_logon_ctrl2(pipes_struct *p) return False; } - DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__)); - return True; } @@ -297,8 +290,6 @@ static BOOL api_net_logon_ctrl(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - DEBUG(6,("api_net_logon_ctrl: %d\n", __LINE__)); - /* grab the lsa netlogon ctrl query... */ if(!net_io_q_logon_ctrl("", &q_u, data, 0)) { DEBUG(0,("api_net_logon_ctrl: Failed to unmarshall NET_Q_LOGON_CTRL.\n")); @@ -312,8 +303,6 @@ static BOOL api_net_logon_ctrl(pipes_struct *p) return False; } - DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__)); - return True; } diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index be8eda82c9..264b7a74a7 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -47,6 +47,7 @@ static void init_net_r_req_chal(NET_R_REQ_CHAL *r_c, #define ERROR_NO_SUCH_DOMAIN 0x54b #define ERROR_NO_LOGON_SERVERS 0x51f +#define NO_ERROR 0x0 /************************************************************************* net_reply_logon_ctrl: @@ -104,25 +105,67 @@ NTSTATUS _net_logon_ctrl2(pipes_struct *p, NET_Q_LOGON_CTRL2 *q_u, NET_R_LOGON_C uint32 flags = 0x0; uint32 pdc_connection_status = 0x0; uint32 logon_attempts = 0x0; - uint32 tc_status = ERROR_NO_LOGON_SERVERS; - const char *trusted_domain = "test_domain"; + uint32 tc_status; + fstring servername, domain, dc_name, dc_name2; + struct in_addr dc_ip; - DEBUG(0, ("*** net long ctrl2 %d, %d, %d\n", - q_u->function_code, q_u->query_level, q_u->switch_value)); + /* this should be \\global_myname() */ + unistr2_to_ascii(servername, &q_u->uni_server_name, sizeof(servername)); - DEBUG(6,("_net_logon_ctrl2: %d\n", __LINE__)); - - - /* set up the Logon Control2 response */ - init_net_r_logon_ctrl2(r_u, q_u->query_level, - flags, pdc_connection_status, logon_attempts, - tc_status, trusted_domain); + r_u->status = NT_STATUS_OK; + + tc_status = ERROR_NO_SUCH_DOMAIN; + fstrcpy( dc_name, "" ); + + switch ( q_u->function_code ) { + case NETLOGON_CONTROL_TC_QUERY: + unistr2_to_ascii(domain, &q_u->info.info6.domain, sizeof(domain)); + + if ( !is_trusted_domain( domain ) ) + break; + + if ( !get_dc_name( domain, NULL, dc_name2, &dc_ip ) ) { + tc_status = ERROR_NO_LOGON_SERVERS; + break; + } + + fstr_sprintf( dc_name, "\\\\%s", dc_name2 ); + + tc_status = NO_ERROR; + + break; + + case NETLOGON_CONTROL_REDISCOVER: + unistr2_to_ascii(domain, &q_u->info.info6.domain, sizeof(domain)); + + if ( !is_trusted_domain( domain ) ) + break; + + if ( !get_dc_name( domain, NULL, dc_name2, &dc_ip ) ) { + tc_status = ERROR_NO_LOGON_SERVERS; + break; + } + + fstr_sprintf( dc_name, "\\\\%s", dc_name2 ); + + tc_status = NO_ERROR; + + break; + + default: + /* no idea what this should be */ + DEBUG(0,("_net_logon_ctrl2: unimplemented function level [%d]\n", + q_u->function_code)); + } + + /* prepare the response */ + + init_net_r_logon_ctrl2( r_u, q_u->query_level, flags, + pdc_connection_status, logon_attempts, tc_status, dc_name ); if (lp_server_role() == ROLE_DOMAIN_BDC) send_sync_message(); - DEBUG(6,("_net_logon_ctrl2: %d\n", __LINE__)); - return r_u->status; } |