This fixes a number of ADS problems, particularly with netbiosless

setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
author: Andrew Tridgell <tridge@samba.org> 2002-08-05 02:47:46 +0000
committer: Andrew Tridgell <tridge@samba.org> 2002-08-05 02:47:46 +0000
commit: ab9ff0fa73f33c064a39859e39fa79af77cc088f (patch)
tree: d0bc61c7cb39446415e1c1a0f9a04972c251aee8 /source3/utils
parent: dd93ff381dff192f4e790df5078438497e2c36e8 (diff)
download: samba-ab9ff0fa73f33c064a39859e39fa79af77cc088f.tar.gz
samba-ab9ff0fa73f33c064a39859e39fa79af77cc088f.tar.bz2
samba-ab9ff0fa73f33c064a39859e39fa79af77cc088f.zip
3 files changed, 63 insertions, 31 deletions
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index ef4de3d76f..f74f633cf9 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -58,23 +58,23 @@ static int net_ads_info(int argc, const char **argv)
 {
 	ADS_STRUCT *ads;
 
-	ads = ads_init(NULL, NULL, opt_host, NULL, NULL);
+	ads = ads_init(NULL, NULL, opt_host);
 
-	/* we want this servers realm, not our realm */
-	SAFE_FREE(ads->realm);
+	if (ads) {
+		ads->auth.no_bind = 1;
+	}
 
 	ads_connect(ads);
 
-	if (!ads) {
+	if (!ads || !ads->config.realm) {
 		d_printf("Didn't find the ldap server!\n");
 		return -1;
 	}
 
-	d_printf("LDAP server: %s\n", ads->ldap_server);
-	d_printf("LDAP server IP: %s\n", inet_ntoa(ads->ldap_ip));
-	d_printf("LDAP server name: %s\n", ads->ldap_server_name);
-	d_printf("Realm: %s\n", ads->realm);
-	d_printf("Bind Path: %s\n", ads->bind_path);
+	d_printf("LDAP server: %s\n", inet_ntoa(ads->ldap_ip));
+	d_printf("LDAP server name: %s\n", ads->config.ldap_server_name);
+	d_printf("Realm: %s\n", ads->config.realm);
+	d_printf("Bind Path: %s\n", ads->config.bind_path);
 	d_printf("LDAP port: %d\n", ads->ldap_port);
 
 	return 0;
@@ -88,7 +88,7 @@ static ADS_STRUCT *ads_startup(void)
 	BOOL need_password = False;
 	BOOL second_time = False;
 	
-	ads = ads_init(NULL, NULL, opt_host, NULL, NULL);
+	ads = ads_init(NULL, NULL, opt_host);
 
 	if (!opt_user_name) {
 		opt_user_name = "administrator";
@@ -106,9 +106,9 @@ retry:
 	}
 
 	if (opt_password)
-		ads->password = strdup(opt_password);
+		ads->auth.password = strdup(opt_password);
 
-	ads->user_name = strdup(opt_user_name);
+	ads->auth.user_name = strdup(opt_user_name);
 
 	status = ads_connect(ads);
 	if (!ADS_ERR_OK(status)) {
@@ -141,8 +141,38 @@ int net_ads_check(void)
 	return 0;
 }
 
+/* 
+   determine the netbios workgroup name for a domain
+ */
+static int net_ads_workgroup(int argc, const char **argv)
+{
+	ADS_STRUCT *ads;
+	TALLOC_CTX *ctx;
+	char *workgroup;
+
+	if (!(ads = ads_startup())) return -1;
+
+	if (!(ctx = talloc_init_named("net_ads_workgroup"))) {
+		return -1;
+	}
+
+	if (!ADS_ERR_OK(ads_workgroup_name(ads, ctx, &workgroup))) {
+		d_printf("Failed to find workgroup for realm '%s'\n", 
+			 ads->config.realm);
+		talloc_destroy(ctx);
+		return -1;
+	}
+
+	d_printf("Workgroup: %s\n", workgroup);
+
+	talloc_destroy(ctx);
+
+	return 0;
+}
+
+
 
-static BOOL usergrp_display(char *field, void **values, void *data_area)
+static void usergrp_display(char *field, void **values, void *data_area)
 {
 	char **disp_fields = (char **) data_area;
 
@@ -156,16 +186,15 @@ static BOOL usergrp_display(char *field, void **values, void *data_area)
 		}
 		SAFE_FREE(disp_fields[0]);
 		SAFE_FREE(disp_fields[1]);
-		return True;
+		return;
 	}
 	if (!values) /* must be new field, indicate string field */
-		return True;
+		return;
 	if (StrCaseCmp(field, "sAMAccountName") == 0) {
 		disp_fields[0] = strdup((char *) values[0]);
 	}
 	if (StrCaseCmp(field, "description") == 0)
 		disp_fields[1] = strdup((char *) values[0]);
-	return True; /* always strings here */
 }
 
 static int net_ads_user_usage(int argc, const char **argv)
@@ -213,8 +242,8 @@ static int ads_user_add(int argc, const char **argv)
 	}
 
 	/* try setting the password */
-	asprintf(&upn, "%s@%s", argv[0], ads->realm);
-	status = krb5_set_password(ads->kdc_server, upn, argv[1]);
+	asprintf(&upn, "%s@%s", argv[0], ads->config.realm);
+	status = krb5_set_password(ads->auth.kdc_server, upn, argv[1]);
 	safe_free(upn);
 	if (ADS_ERR_OK(status)) {
 		d_printf("User %s added\n", argv[0]);
@@ -331,7 +360,7 @@ int net_ads_user(int argc, const char **argv)
 			d_printf("\nUser name             Comment"\
 				 "\n-----------------------------\n");
 
-		rc = ads_do_search_all_fn(ads, ads->bind_path, 
+		rc = ads_do_search_all_fn(ads, ads->config.bind_path, 
 					  LDAP_SCOPE_SUBTREE,
 					  "(objectclass=user)", 
 					  opt_long_list_entries ? longattrs :
@@ -438,7 +467,7 @@ int net_ads_group(int argc, const char **argv)
 		if (opt_long_list_entries)
 			d_printf("\nGroup name            Comment"\
 				 "\n-----------------------------\n");
-		rc = ads_do_search_all_fn(ads, ads->bind_path, 
+		rc = ads_do_search_all_fn(ads, ads->config.bind_path, 
 					  LDAP_SCOPE_SUBTREE, 
 					  "(objectclass=group)", 
 					  opt_long_list_entries ? longattrs : 
@@ -499,11 +528,11 @@ static int net_ads_leave(int argc, const char **argv)
 	rc = ads_leave_realm(ads, global_myname);
 	if (!ADS_ERR_OK(rc)) {
 	    d_printf("Failed to delete host '%s' from the '%s' realm.\n", 
-		     global_myname, ads->realm);
+		     global_myname, ads->config.realm);
 	    return -1;
 	}
 
-	d_printf("Removed '%s' from realm '%s'\n", global_myname, ads->realm);
+	d_printf("Removed '%s' from realm '%s'\n", global_myname, ads->config.realm);
 
 	return 0;
 }
@@ -534,7 +563,7 @@ int net_ads_join(int argc, const char **argv)
 	if (!(ads = ads_startup())) return -1;
 
 	ou_str = ads_ou_string(org_unit);
-	asprintf(&dn, "%s,%s", ou_str, ads->bind_path);
+	asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path);
 	free(ou_str);
 
 	rc = ads_search_dn(ads, &res, dn, NULL);
@@ -580,7 +609,7 @@ int net_ads_join(int argc, const char **argv)
 		return -1;
 	}
 
-	d_printf("Joined '%s' to realm '%s'\n", global_myname, ads->realm);
+	d_printf("Joined '%s' to realm '%s'\n", global_myname, ads->config.realm);
 
 	free(password);
 
@@ -675,7 +704,7 @@ static int net_ads_printer_publish(int argc, const char **argv)
 	   get_a_printer, because the server name might be
 	   localhost or an ip address */
 	prt.printerName = argv[0];
-	asprintf(&servername, "%s.%s", global_myname, ads->realm);
+	asprintf(&servername, "%s.%s", global_myname, ads->config.realm);
 	prt.serverName = servername;
 	prt.shortServerName = global_myname;
 	prt.versionNumber = "4";
@@ -779,13 +808,13 @@ static int net_ads_password(int argc, const char **argv)
 
     /* use the realm so we can eventually change passwords for users 
     in realms other than default */
-    if (!(ads = ads_init(realm, NULL, NULL, NULL, NULL))) return -1;
+    if (!(ads = ads_init(realm, NULL, NULL))) return -1;
 
     asprintf(&prompt, "Enter new password for %s:", argv[0]);
 
     new_password = getpass(prompt);
 
-    ret = kerberos_set_password(ads->kdc_server, auth_principal, 
+    ret = kerberos_set_password(ads->auth.kdc_server, auth_principal, 
 				auth_password, argv[0], new_password);
     if (!ADS_ERR_OK(ret)) {
 	d_printf("Password change failed :-( ...\n");
@@ -814,7 +843,7 @@ static int net_ads_change_localhost_pass(int argc, const char **argv)
 
     hostname = strdup(global_myname);
     strlower(hostname);
-    asprintf(&host_principal, "%s@%s", hostname, ads->realm);
+    asprintf(&host_principal, "%s@%s", hostname, ads->config.realm);
     SAFE_FREE(hostname);
     d_printf("Changing password for principal: HOST/%s\n", host_principal);
     
@@ -873,7 +902,7 @@ static int net_ads_search(int argc, const char **argv)
 	exp = argv[0];
 	attrs = (argv + 1);
 
-	rc = ads_do_search_all(ads, ads->bind_path, 
+	rc = ads_do_search_all(ads, ads->config.bind_path, 
 			       LDAP_SCOPE_SUBTREE,
 			       exp, attrs, &res);
 	if (!ADS_ERR_OK(rc)) {
@@ -927,6 +956,7 @@ int net_ads(int argc, const char **argv)
 		{"CHOSTPASS", net_ads_change_localhost_pass},
 		{"PRINTER", net_ads_printer},
 		{"SEARCH", net_ads_search},
+		{"WORKGROUP", net_ads_workgroup},
 		{"HELP", net_ads_help},
 		{NULL, NULL}
 	};
diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c
index a9aa080054..f76b186251 100644
--- a/source3/utils/net_lookup.c
+++ b/source3/utils/net_lookup.c
@@ -215,6 +215,8 @@ static int net_lookup_kdc(int argc, const char **argv)
 	DEBUG(1, ("No kerberos support\n"));
 	return -1;
 }
+
+
 /* lookup hosts or IP addresses using internal samba lookup fns */
 int net_lookup(int argc, const char **argv)
 {
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 9b3248cf63..ae956076d5 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -1824,7 +1824,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
 	POLICY_HND connect_hnd;
 	
 	/* trusted domains listing variables */
-	int enum_ctx = 0, pref_num_domains = 5;
+	int enum_ctx = 0;
 	int num_domains, i, pad_len, col_len = 20;
 	DOM_SID *domain_sids;
 	char **trusted_dom_names;
@@ -1894,7 +1894,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
 
 	do {
 		nt_status = cli_lsa_enum_trust_dom(cli, mem_ctx, &connect_hnd, &enum_ctx,
-						   &pref_num_domains, &num_domains,
+						   &num_domains,
 						   &trusted_dom_names, &domain_sids);
 		
 		if (NT_STATUS_IS_ERR(nt_status)) {
author	Andrew Tridgell <tridge@samba.org>	2002-08-05 02:47:46 +0000
committer	Andrew Tridgell <tridge@samba.org>	2002-08-05 02:47:46 +0000
commit	ab9ff0fa73f33c064a39859e39fa79af77cc088f (patch)
tree	d0bc61c7cb39446415e1c1a0f9a04972c251aee8 /source3/utils
parent	dd93ff381dff192f4e790df5078438497e2c36e8 (diff)
download	samba-ab9ff0fa73f33c064a39859e39fa79af77cc088f.tar.gz samba-ab9ff0fa73f33c064a39859e39fa79af77cc088f.tar.bz2 samba-ab9ff0fa73f33c064a39859e39fa79af77cc088f.zip