The branch, master has been updated
via 1c72d3b s3-waf: convert libcli_netlogon3 into a private library.
via f143c24 s3-lsa: Let passdb backend handle the DOMAIN$ user
via 54f7667 s3-waf: move trusts_util.c code into a private library.
via 16627ca s3-trustdomcache: make enumerate_domain_trusts() static.
via 973e047 s3-waf: convert libnet_keytab into a private library.
via 13ff228 s3-libnet: add ads forward declaration in libnet keytab
code.
via 1926114 s3-waf: fix libgpo.so library name.
from 2107ba5 ldb: fix compiler warning
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1c72d3b513e9d422e4a8497277e26e334cd05fb3
Author: Günther Deschner <g...@samba.org>
Date: Wed Nov 2 16:58:53 2011 +0100
s3-waf: convert libcli_netlogon3 into a private library.
Guenther
Autobuild-User: Günther Deschner <g...@samba.org>
Autobuild-Date: Wed Nov 2 18:34:55 CET 2011 on sn-devel-104
commit f143c24fd038a285867870fe2f2d5278883bd169
Author: Sumit Bose <sb...@redhat.com>
Date: Wed Nov 2 12:06:07 2011 +0100
s3-lsa: Let passdb backend handle the DOMAIN$ user
Signed-off-by: Günther Deschner <g...@samba.org>
commit 54f7667f49088c68a927674ff869f42d4ca949a2
Author: Günther Deschner <g...@samba.org>
Date: Wed Nov 2 13:06:45 2011 +0100
s3-waf: move trusts_util.c code into a private library.
Guenther
commit 16627ca3139463a2a3ecf02481e20776522393cb
Author: Günther Deschner <g...@samba.org>
Date: Wed Nov 2 12:50:34 2011 +0100
s3-trustdomcache: make enumerate_domain_trusts() static.
Guenther
commit 973e047a941fbfd5f37f788674dd9680827df33f
Author: Günther Deschner <g...@samba.org>
Date: Wed Nov 2 12:04:46 2011 +0100
s3-waf: convert libnet_keytab into a private library.
Guenther
commit 13ff228b7b4d6e96341bc9c126edd0df1d20e7e4
Author: Günther Deschner <g...@samba.org>
Date: Wed Nov 2 12:03:53 2011 +0100
s3-libnet: add ads forward declaration in libnet keytab code.
Guenther
commit 19261143580140f246a984bc281d8f81b27b2792
Author: Günther Deschner <g...@samba.org>
Date: Wed Nov 2 10:45:33 2011 +0100
s3-waf: fix libgpo.so library name.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/auth/wscript_build | 4 +-
source3/include/proto.h | 3 -
source3/libgpo/gpext/wscript_build | 2 +-
source3/libnet/libnet_dssync_keytab.c | 1 -
source3/libnet/libnet_keytab.h | 4 +-
source3/libsmb/trustdom_cache.c | 103 +++++++++++++++++++++++++++++++++
source3/libsmb/trusts_util.c | 101 --------------------------------
source3/rpc_server/lsa/srv_lsa_nt.c | 101 --------------------------------
source3/wscript_build | 58 +++++++++++-------
9 files changed, 145 insertions(+), 232 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/wscript_build b/source3/auth/wscript_build
index 2c94242..9fdc27d 100644
--- a/source3/auth/wscript_build
+++ b/source3/auth/wscript_build
@@ -34,7 +34,7 @@ bld.SAMBA3_SUBSYSTEM('AUTH_COMMON',
bld.SAMBA3_LIBRARY('auth',
source=AUTH_SRC,
- deps='''PLAINTEXT_AUTH SLCACHE DCUTIL TOKEN_UTIL
AUTH_COMMON samba-hostconfig''',
+ deps='''PLAINTEXT_AUTH SLCACHE DCUTIL TOKEN_UTIL
AUTH_COMMON libcli_netlogon3 samba-hostconfig''',
private_library=True)
bld.SAMBA3_MODULE('auth_sam',
@@ -80,7 +80,7 @@ bld.SAMBA3_MODULE('auth_server',
bld.SAMBA3_MODULE('auth_domain',
subsystem='auth',
source=AUTH_DOMAIN_SRC,
- deps='RPC_CLIENT_SCHANNEL',
+ deps='RPC_CLIENT_SCHANNEL trusts_util',
init_function='',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('auth_domain'),
enabled=bld.SAMBA3_IS_ENABLED_MODULE('auth_domain'))
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 39a5d03..6793111 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1145,9 +1145,6 @@ NTSTATUS trust_pw_change_and_store_it(struct
rpc_pipe_client *cli, TALLOC_CTX *m
NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *domain) ;
-bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
- char ***domain_names, uint32 *num_domains,
- struct dom_sid **sids );
NTSTATUS change_trust_account_password( const char *domain, const char
*remote_machine);
/* The following definitions come from param/loadparm.c */
diff --git a/source3/libgpo/gpext/wscript_build
b/source3/libgpo/gpext/wscript_build
index fc44eb8..7595fff 100644
--- a/source3/libgpo/gpext/wscript_build
+++ b/source3/libgpo/gpext/wscript_build
@@ -8,7 +8,7 @@ GPEXT_SRC = '''../../../libgpo/gpext/gpext.c'''
bld.SAMBA3_SUBSYSTEM('gpext',
source=GPEXT_SRC,
- deps='samba-util samba3core libgpo',
+ deps='samba-util samba3core gpo',
vars=locals())
bld.SAMBA3_MODULE('gpext_registry',
diff --git a/source3/libnet/libnet_dssync_keytab.c
b/source3/libnet/libnet_dssync_keytab.c
index 763f8ba..66e7562 100644
--- a/source3/libnet/libnet_dssync_keytab.c
+++ b/source3/libnet/libnet_dssync_keytab.c
@@ -20,7 +20,6 @@
#include "includes.h"
#include "smb_krb5.h"
-#include "ads.h"
#include "libnet/libnet_dssync.h"
#include "libnet/libnet_keytab.h"
#include "librpc/gen_ndr/ndr_drsblobs.h"
diff --git a/source3/libnet/libnet_keytab.h b/source3/libnet/libnet_keytab.h
index b82e543..43071ce 100644
--- a/source3/libnet/libnet_keytab.h
+++ b/source3/libnet/libnet_keytab.h
@@ -27,11 +27,13 @@ struct libnet_keytab_entry {
krb5_enctype enctype;
};
+struct ads_struct;
+
struct libnet_keytab_context {
krb5_context context;
krb5_keytab keytab;
const char *keytab_name;
- ADS_STRUCT *ads;
+ struct ads_struct *ads;
const char *dns_domain_name;
uint8_t zero_buf[16];
uint32_t count;
diff --git a/source3/libsmb/trustdom_cache.c b/source3/libsmb/trustdom_cache.c
index 56f6011..95ea3da 100644
--- a/source3/libsmb/trustdom_cache.c
+++ b/source3/libsmb/trustdom_cache.c
@@ -21,6 +21,10 @@
#include "includes.h"
#include "../libcli/security/security.h"
+#include "../librpc/gen_ndr/ndr_lsa_c.h"
+#include "libsmb/libsmb.h"
+#include "rpc_client/cli_pipe.h"
+#include "rpc_client/cli_lsarpc.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_ALL /* there's no proper class yet */
@@ -245,6 +249,105 @@ void trustdom_cache_flush(void)
DEBUG(5, ("Trusted domains cache flushed\n"));
}
+/*********************************************************************
+ Enumerate the list of trusted domains from a DC
+*********************************************************************/
+
+static bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
+ char ***domain_names, uint32 *num_domains,
+ struct dom_sid **sids )
+{
+ struct policy_handle pol;
+ NTSTATUS status, result;
+ fstring dc_name;
+ struct sockaddr_storage dc_ss;
+ uint32 enum_ctx = 0;
+ struct cli_state *cli = NULL;
+ struct rpc_pipe_client *lsa_pipe = NULL;
+ struct lsa_DomainList dom_list;
+ int i;
+ struct dcerpc_binding_handle *b = NULL;
+
+ *domain_names = NULL;
+ *num_domains = 0;
+ *sids = NULL;
+
+ /* lookup a DC first */
+
+ if ( !get_dc_name(domain, NULL, dc_name, &dc_ss) ) {
+ DEBUG(3,("enumerate_domain_trusts: can't locate a DC for domain
%s\n",
+ domain));
+ return False;
+ }
+
+ /* setup the anonymous connection */
+
+ status = cli_full_connection( &cli, lp_netbios_name(), dc_name, &dc_ss,
0, "IPC$", "IPC",
+ "", "", "", 0, Undefined);
+ if ( !NT_STATUS_IS_OK(status) )
+ goto done;
+
+ /* open the LSARPC_PIPE */
+
+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
+ &lsa_pipe);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ b = lsa_pipe->binding_handle;
+
+ /* get a handle */
+
+ status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True,
+ LSA_POLICY_VIEW_LOCAL_INFORMATION, &pol);
+ if ( !NT_STATUS_IS_OK(status) )
+ goto done;
+
+ /* Lookup list of trusted domains */
+
+ status = dcerpc_lsa_EnumTrustDom(b, mem_ctx,
+ &pol,
+ &enum_ctx,
+ &dom_list,
+ (uint32_t)-1,
+ &result);
+ if ( !NT_STATUS_IS_OK(status) )
+ goto done;
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto done;
+ }
+
+ *num_domains = dom_list.count;
+
+ *domain_names = talloc_zero_array(mem_ctx, char *, *num_domains);
+ if (!*domain_names) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ *sids = talloc_zero_array(mem_ctx, struct dom_sid, *num_domains);
+ if (!*sids) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ for (i=0; i< *num_domains; i++) {
+ (*domain_names)[i] = discard_const_p(char,
dom_list.domains[i].name.string);
+ (*sids)[i] = *dom_list.domains[i].sid;
+ }
+
+done:
+ /* cleanup */
+ if (cli) {
+ DEBUG(10,("enumerate_domain_trusts: shutting down
connection...\n"));
+ cli_shutdown( cli );
+ }
+
+ return NT_STATUS_IS_OK(status);
+}
+
/********************************************************************
update the trustdom_cache if needed
********************************************************************/
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index dc2cf03..8305425 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -20,8 +20,6 @@
#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
-#include "../librpc/gen_ndr/ndr_lsa_c.h"
-#include "rpc_client/cli_lsarpc.h"
#include "rpc_client/cli_netlogon.h"
#include "rpc_client/cli_pipe.h"
#include "../librpc/gen_ndr/ndr_netlogon.h"
@@ -136,105 +134,6 @@ NTSTATUS trust_pw_find_change_and_store_it(struct
rpc_pipe_client *cli,
sec_channel_type);
}
-/*********************************************************************
- Enumerate the list of trusted domains from a DC
-*********************************************************************/
-
-bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
- char ***domain_names, uint32 *num_domains,
- struct dom_sid **sids )
-{
- struct policy_handle pol;
- NTSTATUS status, result;
- fstring dc_name;
- struct sockaddr_storage dc_ss;
- uint32 enum_ctx = 0;
- struct cli_state *cli = NULL;
- struct rpc_pipe_client *lsa_pipe = NULL;
- struct lsa_DomainList dom_list;
- int i;
- struct dcerpc_binding_handle *b = NULL;
-
- *domain_names = NULL;
- *num_domains = 0;
- *sids = NULL;
-
- /* lookup a DC first */
-
- if ( !get_dc_name(domain, NULL, dc_name, &dc_ss) ) {
- DEBUG(3,("enumerate_domain_trusts: can't locate a DC for domain
%s\n",
- domain));
- return False;
- }
-
- /* setup the anonymous connection */
-
- status = cli_full_connection( &cli, lp_netbios_name(), dc_name, &dc_ss,
0, "IPC$", "IPC",
- "", "", "", 0, Undefined);
- if ( !NT_STATUS_IS_OK(status) )
- goto done;
-
- /* open the LSARPC_PIPE */
-
- status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
- &lsa_pipe);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- b = lsa_pipe->binding_handle;
-
- /* get a handle */
-
- status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True,
- LSA_POLICY_VIEW_LOCAL_INFORMATION, &pol);
- if ( !NT_STATUS_IS_OK(status) )
- goto done;
-
- /* Lookup list of trusted domains */
-
- status = dcerpc_lsa_EnumTrustDom(b, mem_ctx,
- &pol,
- &enum_ctx,
- &dom_list,
- (uint32_t)-1,
- &result);
- if ( !NT_STATUS_IS_OK(status) )
- goto done;
- if (!NT_STATUS_IS_OK(result)) {
- status = result;
- goto done;
- }
-
- *num_domains = dom_list.count;
-
- *domain_names = talloc_zero_array(mem_ctx, char *, *num_domains);
- if (!*domain_names) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- *sids = talloc_zero_array(mem_ctx, struct dom_sid, *num_domains);
- if (!*sids) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- for (i=0; i< *num_domains; i++) {
- (*domain_names)[i] = discard_const_p(char,
dom_list.domains[i].name.string);
- (*sids)[i] = *dom_list.domains[i].sid;
- }
-
-done:
- /* cleanup */
- if (cli) {
- DEBUG(10,("enumerate_domain_trusts: shutting down
connection...\n"));
- cli_shutdown( cli );
- }
-
- return NT_STATUS_IS_OK(status);
-}
-
NTSTATUS change_trust_account_password( const char *domain, const char
*remote_machine)
{
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c
b/source3/rpc_server/lsa/srv_lsa_nt.c
index c78f238..bd14fb6 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -1660,78 +1660,6 @@ NTSTATUS _lsa_OpenTrustedDomainByName(struct
pipes_struct *p,
r->out.trustdom_handle);
}
-static NTSTATUS add_trusted_domain_user(TALLOC_CTX *mem_ctx,
- const char *netbios_name,
- const char *domain_name,
- const struct trustDomainPasswords
*auth_struct)
-{
- NTSTATUS status;
- struct samu *sam_acct;
- char *acct_name;
- uint32_t rid;
- struct dom_sid user_sid;
- int i;
- char *dummy;
- size_t dummy_size;
-
- sam_acct = samu_new(mem_ctx);
- if (sam_acct == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- acct_name = talloc_asprintf(mem_ctx, "%s$", netbios_name);
- if (acct_name == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- if (!pdb_set_username(sam_acct, acct_name, PDB_SET)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!pdb_set_domain(sam_acct, domain_name, PDB_SET)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!pdb_set_acct_ctrl(sam_acct, ACB_DOMTRUST, PDB_SET)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!pdb_new_rid(&rid)) {
- return NT_STATUS_DS_NO_MORE_RIDS;
- }
- sid_compose(&user_sid, get_global_sam_sid(), rid);
- if (!pdb_set_user_sid(sam_acct, &user_sid, PDB_SET)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- for (i = 0; i < auth_struct->incoming.count; i++) {
- switch (auth_struct->incoming.current.array[i].AuthType) {
- case TRUST_AUTH_TYPE_CLEAR:
- if (!convert_string_talloc(mem_ctx,
- CH_UTF16LE,
- CH_UNIX,
-
auth_struct->incoming.current.array[i].AuthInfo.clear.password,
-
auth_struct->incoming.current.array[i].AuthInfo.clear.size,
- &dummy,
- &dummy_size)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- if (!pdb_set_plaintext_passwd(sam_acct, dummy))
{
- return NT_STATUS_UNSUCCESSFUL;
- }
- break;
- default:
- continue;
- }
- }
-
- status = pdb_add_sam_account(sam_acct);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- return NT_STATUS_OK;
-}
-
/***************************************************************************
_lsa_CreateTrustedDomainEx2
***************************************************************************/
@@ -1845,16 +1773,6 @@ NTSTATUS _lsa_CreateTrustedDomainEx2(struct pipes_struct
*p,
return status;
}
- if (r->in.info->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
- status = add_trusted_domain_user(p->mem_ctx,
-
r->in.info->netbios_name.string,
- r->in.info->domain_name.string,
- &auth_struct);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- }
-
status = create_lsa_policy_handle(p->mem_ctx, p,
LSA_HANDLE_TRUST_TYPE,
acc_granted,
@@ -1957,25 +1875,6 @@ NTSTATUS _lsa_DeleteTrustedDomain(struct pipes_struct *p,
return NT_STATUS_UNSUCCESSFUL;
}
- if (td->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
- sam_acct = samu_new(p->mem_ctx);
- if (sam_acct == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- acct_name = talloc_asprintf(p->mem_ctx, "%s$",
td->netbios_name);
- if (acct_name == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- if (!pdb_set_username(sam_acct, acct_name, PDB_SET)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- status = pdb_delete_sam_account(sam_acct);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- }
-
status = pdb_del_trusted_domain(td->netbios_name);
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source3/wscript_build b/source3/wscript_build
index 095cd07..97fb400 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -36,7 +36,7 @@ LIBCLI_LSA_SRC = '''rpc_client/cli_lsarpc.c
rpc_client/util_lsarpc.c'''
LIBCLI_SAMR_SRC = 'rpc_client/cli_samr.c'
-LIBRPCCLI_NETLOGON_SRC = 'rpc_client/cli_netlogon.c rpc_client/util_netlogon.c'
+LIBCLI_NETLOGON_SRC = 'rpc_client/cli_netlogon.c rpc_client/util_netlogon.c'
# this includes only the low level parse code, not stuff
# that requires knowledge of security contexts
@@ -244,7 +244,7 @@ PLAINTEXT_AUTH_SRC = '''auth/pampass.c auth/pass_check.c'''
SLCACHE_SRC = '''libsmb/samlogon_cache.c'''
-DCUTIL_SRC = '''libsmb/namequery_dc.c libsmb/trustdom_cache.c
libsmb/trusts_util.c libsmb/dsgetdcname.c'''
+DCUTIL_SRC = '''libsmb/namequery_dc.c libsmb/trustdom_cache.c
libsmb/dsgetdcname.c'''
WINBINDD_SRC1 = '''winbindd/winbindd.c
winbindd/winbindd_group.c
@@ -510,7 +510,7 @@ SMBCONFTORT_SRC0 = 'lib/smbconf/testsuite.c'
SMBCONFTORT_SRC = '''${SMBCONFTORT_SRC0}'''
-LIBNET_SRC = 'libnet/libnet_join.c libnet/libnet_keytab.c'
+LIBNET_SRC = 'libnet/libnet_join.c'
LIBNET_DSSYNC_SRC = '''libnet/libnet_dssync.c
@@ -644,9 +644,9 @@ bld.SAMBA3_LIBRARY('netapi',
pdb param samba-util
LIBMSRPC_GEN msrpc3 ads LIBNET DCUTIL NDR_LIBNETAPI
RPC_CLIENT_SCHANNEL smbconf REG_SMBCONF
- LIBCLI_SAMR libcli_lsa3 LIBRPCCLI_NETLOGON
+ LIBCLI_SAMR libcli_lsa3 libcli_netlogon3
RPC_NDR_SRVSVC RPC_NDR_WKSSVC RPC_NDR_INITSHUTDOWN
- INIT_NETLOGON INIT_SAMR popt_samba3''',
+ INIT_SAMR popt_samba3''',
public_headers='../source3/lib/netapi/netapi.h',
pc_files=[],
vnum='0',
@@ -693,7 +693,7 @@ bld.SAMBA3_SUBSYSTEM('LIBMSRPC_GEN',
deps='''ndr-standard NDR_DSSETUP NDR_SPOOLSS''',
vars=locals())
-bld.SAMBA3_LIBRARY('libgpo',
+bld.SAMBA3_LIBRARY('gpo',
source='${LIBGPO_SRC}',
deps='talloc ads TOKEN_UTIL gpext',
vars=locals(),
@@ -892,8 +892,8 @@ bld.SAMBA3_LIBRARY('smbd_base',
vfs vfs_default vfs_posixacl auth rpc LOCKING LIBAFS
LIBAFS_SETTOKEN PROFILE
--
Samba Shared Repository
