Author: gd Date: 2006-01-26 13:41:52 +0000 (Thu, 26 Jan 2006) New Revision: 13164
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13164 Log: Fix wbinfo --trusted-domains (-m) and add wbinfo --all-domains. We were not quite following our own documentation when wbinfo -m with winbind running in security=ads always returned our own primary domain in the list of trusted domains. When running against non-AD DCs we don't have it in the list. Since we now have clients that expect wbinfo to provide them with a full list of trusted domains including our own primary domain (kdm, gdm, etc.) to mimic XP logon optics, I've added 'wbinfo --all-domains'. Especially the removal of the DS_DOMAIN_DIRECT_OUTBOUND bit needs testing. Guenther Modified: trunk/source/nsswitch/wbinfo.c trunk/source/nsswitch/winbindd_ads.c trunk/source/nsswitch/winbindd_misc.c trunk/source/nsswitch/winbindd_nss.h Changeset: Modified: trunk/source/nsswitch/wbinfo.c =================================================================== --- trunk/source/nsswitch/wbinfo.c 2006-01-26 12:59:55 UTC (rev 13163) +++ trunk/source/nsswitch/wbinfo.c 2006-01-26 13:41:52 UTC (rev 13164) @@ -260,15 +260,19 @@ /* List trusted domains */ -static BOOL wbinfo_list_domains(void) +static BOOL wbinfo_list_domains(BOOL list_all_domains) { + struct winbindd_request request; struct winbindd_response response; + ZERO_STRUCT(request); ZERO_STRUCT(response); /* Send request */ - if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, NULL, &response) != + request.data.list_all_domains = list_all_domains; + + if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, &request, &response) != NSS_STATUS_SUCCESS) return False; @@ -1043,7 +1047,8 @@ OPT_USERSIDS, OPT_ALLOCATE_UID, OPT_ALLOCATE_GID, - OPT_SEPARATOR + OPT_SEPARATOR, + OPT_LIST_ALL_DOMAINS }; int main(int argc, char **argv) @@ -1078,6 +1083,7 @@ "Get a new GID out of idmap" }, { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, + { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" }, { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" }, { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" }, { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" }, @@ -1222,7 +1228,7 @@ } break; case 'm': - if (!wbinfo_list_domains()) { + if (!wbinfo_list_domains(False)) { d_fprintf(stderr, "Could not list trusted domains\n"); goto done; } @@ -1344,6 +1350,10 @@ d_printf("%c\n", sep); break; } + case OPT_LIST_ALL_DOMAINS: + if (!wbinfo_list_domains(True)) { + goto done; + } /* generic configuration options */ case OPT_DOMAIN_NAME: break; Modified: trunk/source/nsswitch/winbindd_ads.c =================================================================== --- trunk/source/nsswitch/winbindd_ads.c 2006-01-26 12:59:55 UTC (rev 13163) +++ trunk/source/nsswitch/winbindd_ads.c 2006-01-26 13:41:52 UTC (rev 13164) @@ -878,8 +878,7 @@ struct ds_domain_trust *domains = NULL; int count = 0; int i; - /* i think we only need our forest and downlevel trusted domains */ - uint32 flags = DS_DOMAIN_IN_FOREST | DS_DOMAIN_DIRECT_OUTBOUND; + uint32 flags = DS_DOMAIN_DIRECT_OUTBOUND; struct rpc_pipe_client *cli; DEBUG(3,("ads: trusted_domains\n")); Modified: trunk/source/nsswitch/winbindd_misc.c =================================================================== --- trunk/source/nsswitch/winbindd_misc.c 2006-01-26 12:59:55 UTC (rev 13163) +++ trunk/source/nsswitch/winbindd_misc.c 2006-01-26 13:41:52 UTC (rev 13164) @@ -115,6 +115,7 @@ int extra_data_len = 0; char *extra_data; NTSTATUS result; + BOOL have_own_domain = False; DEBUG(3, ("[%5lu]: list trusted domains\n", (unsigned long)state->pid)); @@ -137,7 +138,23 @@ names[i], alt_names[i] ? alt_names[i] : names[i], sid_string_static(&sids[i])); + /* add our primary domain */ + + for (i=0; i<num_domains; i++) { + if (strequal(names[i], domain->name)) { + have_own_domain = True; + break; + } + } + if (state->request.data.list_all_domains && !have_own_domain) { + extra_data = talloc_asprintf(state->mem_ctx, "%s\n%s\\%s\\%s", + extra_data, + domain->name, + domain->alt_name ? domain->alt_name : domain->name, + sid_string_static(&domain->sid)); + } + /* This is a bit excessive, but the extra data sooner or later will be talloc'ed */ Modified: trunk/source/nsswitch/winbindd_nss.h =================================================================== --- trunk/source/nsswitch/winbindd_nss.h 2006-01-26 12:59:55 UTC (rev 13163) +++ trunk/source/nsswitch/winbindd_nss.h 2006-01-26 13:41:52 UTC (rev 13164) @@ -254,6 +254,7 @@ gid_t gid; fstring sid; } dual_idmapset; + BOOL list_all_domains; } data; char *extra_data; size_t extra_len;
