summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/ads.h2
-rw-r--r--source3/include/ads_cldap.h2
-rw-r--r--source3/libads/ads_struct.c2
-rw-r--r--source3/libads/dns.c12
-rw-r--r--source3/libads/kerberos.c11
-rw-r--r--source3/libads/ldap.c32
-rw-r--r--source3/libsmb/namequery_dc.c4
-rw-r--r--source3/nsswitch/winbindd_cm.c2
8 files changed, 60 insertions, 7 deletions
diff --git a/source3/include/ads.h b/source3/include/ads.h
index 365ac3e852..f200df5d22 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -46,6 +46,8 @@ typedef struct {
char *realm;
char *bind_path;
char *ldap_server_name;
+ char *server_site_name;
+ char *client_site_name;
time_t current_time;
} config;
diff --git a/source3/include/ads_cldap.h b/source3/include/ads_cldap.h
index e5df892a40..0108363c1b 100644
--- a/source3/include/ads_cldap.h
+++ b/source3/include/ads_cldap.h
@@ -43,6 +43,8 @@ struct cldap_netlogon_reply {
uint16 lm20_token;
};
+#define DEFAULT_SITE_NAME "Default-First-Site-Name"
+
/* Mailslot or cldap getdcname response flags */
#define ADS_PDC 0x00000001 /* DC is PDC */
#define ADS_GC 0x00000004 /* DC is a GC of forest */
diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c
index 372f72fe06..130d86b8dc 100644
--- a/source3/libads/ads_struct.c
+++ b/source3/libads/ads_struct.c
@@ -136,6 +136,8 @@ void ads_destroy(ADS_STRUCT **ads)
SAFE_FREE((*ads)->config.realm);
SAFE_FREE((*ads)->config.bind_path);
SAFE_FREE((*ads)->config.ldap_server_name);
+ SAFE_FREE((*ads)->config.server_site_name);
+ SAFE_FREE((*ads)->config.client_site_name);
SAFE_FREE((*ads)->schema.posix_uidnumber_attr);
SAFE_FREE((*ads)->schema.posix_gidnumber_attr);
diff --git a/source3/libads/dns.c b/source3/libads/dns.c
index 4d935c1b6e..3f99a73a33 100644
--- a/source3/libads/dns.c
+++ b/source3/libads/dns.c
@@ -590,8 +590,9 @@ BOOL sitename_store(const char *sitename)
if (!sitename || (sitename && !*sitename)) {
DEBUG(5,("sitename_store: deleting empty sitename!\n"));
return gencache_del(SITENAME_KEY);
- } else if (sitename && strequal(sitename, "Default-First-Site-Name")) {
- DEBUG(5,("sitename_store: delete default sitename Default-First-Site-Name\n"));
+ } else if (sitename && strequal(sitename, DEFAULT_SITE_NAME)) {
+ DEBUG(5,("sitename_store: delete default sitename %s\n",
+ DEFAULT_SITE_NAME));
return gencache_del(SITENAME_KEY);
}
@@ -633,11 +634,16 @@ char *sitename_fetch(void)
Did the sitename change ?
****************************************************************************/
-BOOL sitename_changed(const char *sitename)
+BOOL stored_sitename_changed(const char *sitename)
{
BOOL ret = False;
char *new_sitename = sitename_fetch();
+ /* Treat default site as no name. */
+ if (strequal(sitename, DEFAULT_SITE_NAME)) {
+ sitename = NULL;
+ }
+
if (sitename && new_sitename && !strequal(sitename, new_sitename)) {
ret = True;
} else if ((sitename && !new_sitename) ||
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 46b64ca22d..dc85a77304 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -477,16 +477,20 @@ BOOL create_local_private_krb5_conf_for_domain(const char *realm, const char *do
char *fname = talloc_asprintf(NULL, "%s/smb_krb5.conf.%s", lp_private_dir(), domain);
char *file_contents = NULL;
size_t flen = 0;
+ char *realm_upper = NULL;
int loopcount = 0;
if (!fname) {
return False;
}
+ realm_upper = talloc_strdup(fname, realm);
+ strupper_m(realm_upper);
+
file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n"
"[realms]\n\t%s = {\n"
"\t\tkdc = %s\n]\n",
- realm, realm, inet_ntoa(ip));
+ realm_upper, realm_upper, inet_ntoa(ip));
if (!file_contents) {
TALLOC_FREE(fname);
@@ -541,6 +545,11 @@ BOOL create_local_private_krb5_conf_for_domain(const char *realm, const char *do
/* Set the environment variable to this file. */
setenv("KRB5_CONFIG", fname, 1);
TALLOC_FREE(fname);
+
+ DEBUG(5,("create_local_private_krb5_conf_for_domain: wrote "
+ "file %s with realm %s KDC = %s\n",
+ realm_upper, inet_ntoa(ip));
+
return True;
}
#endif
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 1d192895d9..60e4c9f5b7 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -115,6 +115,27 @@ static int ldap_search_with_timeout(LDAP *ld,
return result;
}
+#ifdef HAVE_KRB5
+/**********************************************
+ Do client and server sitename match ?
+**********************************************/
+
+BOOL ads_sitename_match(ADS_STRUCT *ads)
+{
+ if (ads->config.server_site_name == NULL &&
+ ads->config.client_site_name == NULL ) {
+ return True;
+ }
+ if (ads->config.server_site_name &&
+ ads->config.client_site_name &&
+ strequal(ads->config.server_site_name,
+ ads->config.client_site_name)) {
+ return True;
+ }
+ return False;
+}
+#endif
+
/*
try a connection to a given ldap server, returning True and setting the servers IP
in the ads struct if successful
@@ -157,6 +178,8 @@ BOOL ads_try_connect(ADS_STRUCT *ads, const char *server )
SAFE_FREE(ads->config.realm);
SAFE_FREE(ads->config.bind_path);
SAFE_FREE(ads->config.ldap_server_name);
+ SAFE_FREE(ads->config.server_site);
+ SAFE_FREE(ads->config.client_site);
SAFE_FREE(ads->server.workgroup);
ads->config.flags = cldap_reply.flags;
@@ -164,6 +187,15 @@ BOOL ads_try_connect(ADS_STRUCT *ads, const char *server )
strupper_m(cldap_reply.domain);
ads->config.realm = SMB_STRDUP(cldap_reply.domain);
ads->config.bind_path = ads_build_dn(ads->config.realm);
+ if (*cldap_reply.server_site_name) {
+ ads->config.server_site_name =
+ SMB_STRDUP(cldap_reply.server_site_name);
+ }
+ if (*cldap_reply.client_site_name) {
+ ads->config.server_site_name =
+ SMB_STRDUP(cldap_reply.server_site_name);
+ }
+
ads->server.workgroup = SMB_STRDUP(cldap_reply.netbios_domain);
ads->ldap_port = LDAP_PORT;
diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
index 4099cc9dd8..cf01fb269e 100644
--- a/source3/libsmb/namequery_dc.c
+++ b/source3/libsmb/namequery_dc.c
@@ -68,7 +68,7 @@ static BOOL ads_dc_name(const char *domain,
has changed. If so, we need to re-do the DNS query
to ensure we only find servers in our site. */
- if (sitename_changed(sitename)) {
+ if (stored_sitename_changed(sitename)) {
SAFE_FREE(sitename);
sitename = sitename_fetch();
ads_destroy(&ads);
@@ -76,7 +76,7 @@ static BOOL ads_dc_name(const char *domain,
}
#ifdef HAVE_KRB5
- if ((ads->config.flags & ADS_KDC) && sitename) {
+ if ((ads->config.flags & ADS_KDC) && ads_sitename_match(ads)) {
/* We're going to use this KDC for this realm/domain.
If we are using sites, then force the krb5 libs
to use this KDC. */
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index a09faaed94..2288f29888 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -607,7 +607,7 @@ static BOOL dcip_to_name( const char *domainname, const char *realm,
namecache_store(name, 0x20, 1, &ip_list);
#ifdef HAVE_KRB5
- if ((ads->config.flags & ADS_KDC) && sitename) {
+ if ((ads->config.flags & ADS_KDC) && ads_sitename_match(ads)) {
/* We're going to use this KDC for this realm/domain.
If we are using sites, then force the krb5 libs
to use this KDC. */