From 7f779450cb0b0d9f36665c56c4acd0950daaeab2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 22 Oct 2008 11:14:10 +0200 Subject: s3: libads: use get_dc_name() instead of get_sorted_dc_list() in the LDAP case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We use get_dc_name() for LDAP because it generates the selfwritten krb5.conf with the correct kdc addresses and sets KRB5_CONFIG. For CLDAP we need to use get_sorted_dc_list() to avoid recursion. metze Signed-off-by: Stefan Metzmacher Signed-off-by: Günther Deschner (cherry picked from commit d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f) --- source3/libads/ldap.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 932e42e076..31feea50c7 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -310,11 +310,35 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) realm = c_realm; + /* + * In case of LDAP we use get_dc_name() as that + * creates the custom krb5.conf file + */ + if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) { + fstring srv_name; + struct sockaddr_storage ip_out; + + DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n", + (got_realm ? "realm" : "domain"), realm)); + + if (get_dc_name(realm, realm, srv_name, &ip_out)) { + /* + * we call ads_try_connect() to fill in the + * ads->config details + */ + if (ads_try_connect(ads, srv_name, false)) { + return NT_STATUS_OK; + } + } + + return NT_STATUS_NO_LOGON_SERVERS; + } + sitename = sitename_fetch(realm); again: - DEBUG(6,("ads_find_dc: looking for %s '%s'\n", + DEBUG(6,("ads_find_dc: (cldap) looking for %s '%s'\n", (got_realm ? "realm" : "domain"), realm)); status = get_sorted_dc_list(realm, sitename, &ip_list, &count, got_realm); -- cgit From 2f27ffc4a2ba745341a5961b8f04e62da3fb089a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 27 Oct 2008 19:36:25 +0100 Subject: s3:libads/ldap.c: pass the real workgroup name to get_dc_name() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit metze Signed-off-by: Stefan Metzmacher Signed-off-by: Günther Deschner (cherry picked from commit c2d4a84abe1b6cbf68d6e9f1bb1f8974d0b628fc) --- source3/libads/ldap.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 31feea50c7..61e04d1e7c 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -267,10 +267,12 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) static NTSTATUS ads_find_dc(ADS_STRUCT *ads) { + const char *c_domain; const char *c_realm; int count, i=0; struct ip_service *ip_list; const char *realm; + const char *domain; bool got_realm = False; bool use_own_domain = False; char *sitename; @@ -308,7 +310,14 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */ } + if ( use_own_domain ) { + c_domain = lp_workgroup(); + } else { + c_domain = ads->server.workgroup; + } + realm = c_realm; + domain = c_domain; /* * In case of LDAP we use get_dc_name() as that @@ -321,7 +330,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n", (got_realm ? "realm" : "domain"), realm)); - if (get_dc_name(realm, realm, srv_name, &ip_out)) { + if (get_dc_name(domain, realm, srv_name, &ip_out)) { /* * we call ads_try_connect() to fill in the * ads->config details -- cgit From a8040d59659e58c5cb92c1107a7ff012eff12729 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 27 Oct 2008 19:38:15 +0100 Subject: s3:libads/ldap.c: if the client belongs to no site at all any dc is the closest MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit metze Signed-off-by: Stefan Metzmacher Signed-off-by: Günther Deschner (cherry picked from commit f86ef9b53a903485deba94febf90dd4e657cc02b) --- source3/libads/ldap.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 61e04d1e7c..c0bb9c7e2d 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -162,6 +162,11 @@ bool ads_closest_dc(ADS_STRUCT *ads) return True; } + if (ads->config.client_site_name == NULL) { + DEBUG(10,("ads_closest_dc: client belongs to no site\n")); + return True; + } + DEBUG(10,("ads_closest_dc: %s is not the closest DC\n", ads->config.ldap_server_name)); -- cgit From 17efebde11eafd065c2cac39cdbe55b8d40d40be Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 27 Oct 2008 19:39:30 +0100 Subject: s3:libads/ldap.c: store the dc name in the saf cache as in all other places MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit metze Signed-off-by: Stefan Metzmacher Signed-off-by: Günther Deschner (cherry picked from commit 543fa85a711337e979c7b631bda5db95d109ef59) --- source3/libads/ldap.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index c0bb9c7e2d..cf8a7ebb1b 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -651,9 +651,8 @@ got_connection: /* cache the successful connection for workgroup and realm */ if (ads_closest_dc(ads)) { - print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); - saf_store( ads->server.workgroup, addr); - saf_store( ads->server.realm, addr); + saf_store( ads->server.workgroup, ads->config.ldap_server_name); + saf_store( ads->server.realm, ads->config.ldap_server_name); } ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version); -- cgit