The branch, master has been updated via 1c72d3b s3-waf: convert libcli_netlogon3 into a private library. via f143c24 s3-lsa: Let passdb backend handle the DOMAIN$ user via 54f7667 s3-waf: move trusts_util.c code into a private library. via 16627ca s3-trustdomcache: make enumerate_domain_trusts() static. via 973e047 s3-waf: convert libnet_keytab into a private library. via 13ff228 s3-libnet: add ads forward declaration in libnet keytab code. via 1926114 s3-waf: fix libgpo.so library name. from 2107ba5 ldb: fix compiler warning
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 1c72d3b513e9d422e4a8497277e26e334cd05fb3 Author: Günther Deschner <g...@samba.org> Date: Wed Nov 2 16:58:53 2011 +0100 s3-waf: convert libcli_netlogon3 into a private library. Guenther Autobuild-User: Günther Deschner <g...@samba.org> Autobuild-Date: Wed Nov 2 18:34:55 CET 2011 on sn-devel-104 commit f143c24fd038a285867870fe2f2d5278883bd169 Author: Sumit Bose <sb...@redhat.com> Date: Wed Nov 2 12:06:07 2011 +0100 s3-lsa: Let passdb backend handle the DOMAIN$ user Signed-off-by: Günther Deschner <g...@samba.org> commit 54f7667f49088c68a927674ff869f42d4ca949a2 Author: Günther Deschner <g...@samba.org> Date: Wed Nov 2 13:06:45 2011 +0100 s3-waf: move trusts_util.c code into a private library. Guenther commit 16627ca3139463a2a3ecf02481e20776522393cb Author: Günther Deschner <g...@samba.org> Date: Wed Nov 2 12:50:34 2011 +0100 s3-trustdomcache: make enumerate_domain_trusts() static. Guenther commit 973e047a941fbfd5f37f788674dd9680827df33f Author: Günther Deschner <g...@samba.org> Date: Wed Nov 2 12:04:46 2011 +0100 s3-waf: convert libnet_keytab into a private library. Guenther commit 13ff228b7b4d6e96341bc9c126edd0df1d20e7e4 Author: Günther Deschner <g...@samba.org> Date: Wed Nov 2 12:03:53 2011 +0100 s3-libnet: add ads forward declaration in libnet keytab code. Guenther commit 19261143580140f246a984bc281d8f81b27b2792 Author: Günther Deschner <g...@samba.org> Date: Wed Nov 2 10:45:33 2011 +0100 s3-waf: fix libgpo.so library name. Guenther ----------------------------------------------------------------------- Summary of changes: source3/auth/wscript_build | 4 +- source3/include/proto.h | 3 - source3/libgpo/gpext/wscript_build | 2 +- source3/libnet/libnet_dssync_keytab.c | 1 - source3/libnet/libnet_keytab.h | 4 +- source3/libsmb/trustdom_cache.c | 103 +++++++++++++++++++++++++++++++++ source3/libsmb/trusts_util.c | 101 -------------------------------- source3/rpc_server/lsa/srv_lsa_nt.c | 101 -------------------------------- source3/wscript_build | 58 +++++++++++------- 9 files changed, 145 insertions(+), 232 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/wscript_build b/source3/auth/wscript_build index 2c94242..9fdc27d 100644 --- a/source3/auth/wscript_build +++ b/source3/auth/wscript_build @@ -34,7 +34,7 @@ bld.SAMBA3_SUBSYSTEM('AUTH_COMMON', bld.SAMBA3_LIBRARY('auth', source=AUTH_SRC, - deps='''PLAINTEXT_AUTH SLCACHE DCUTIL TOKEN_UTIL AUTH_COMMON samba-hostconfig''', + deps='''PLAINTEXT_AUTH SLCACHE DCUTIL TOKEN_UTIL AUTH_COMMON libcli_netlogon3 samba-hostconfig''', private_library=True) bld.SAMBA3_MODULE('auth_sam', @@ -80,7 +80,7 @@ bld.SAMBA3_MODULE('auth_server', bld.SAMBA3_MODULE('auth_domain', subsystem='auth', source=AUTH_DOMAIN_SRC, - deps='RPC_CLIENT_SCHANNEL', + deps='RPC_CLIENT_SCHANNEL trusts_util', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('auth_domain'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('auth_domain')) diff --git a/source3/include/proto.h b/source3/include/proto.h index 39a5d03..6793111 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1145,9 +1145,6 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *domain) ; -bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain, - char ***domain_names, uint32 *num_domains, - struct dom_sid **sids ); NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine); /* The following definitions come from param/loadparm.c */ diff --git a/source3/libgpo/gpext/wscript_build b/source3/libgpo/gpext/wscript_build index fc44eb8..7595fff 100644 --- a/source3/libgpo/gpext/wscript_build +++ b/source3/libgpo/gpext/wscript_build @@ -8,7 +8,7 @@ GPEXT_SRC = '''../../../libgpo/gpext/gpext.c''' bld.SAMBA3_SUBSYSTEM('gpext', source=GPEXT_SRC, - deps='samba-util samba3core libgpo', + deps='samba-util samba3core gpo', vars=locals()) bld.SAMBA3_MODULE('gpext_registry', diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 763f8ba..66e7562 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -20,7 +20,6 @@ #include "includes.h" #include "smb_krb5.h" -#include "ads.h" #include "libnet/libnet_dssync.h" #include "libnet/libnet_keytab.h" #include "librpc/gen_ndr/ndr_drsblobs.h" diff --git a/source3/libnet/libnet_keytab.h b/source3/libnet/libnet_keytab.h index b82e543..43071ce 100644 --- a/source3/libnet/libnet_keytab.h +++ b/source3/libnet/libnet_keytab.h @@ -27,11 +27,13 @@ struct libnet_keytab_entry { krb5_enctype enctype; }; +struct ads_struct; + struct libnet_keytab_context { krb5_context context; krb5_keytab keytab; const char *keytab_name; - ADS_STRUCT *ads; + struct ads_struct *ads; const char *dns_domain_name; uint8_t zero_buf[16]; uint32_t count; diff --git a/source3/libsmb/trustdom_cache.c b/source3/libsmb/trustdom_cache.c index 56f6011..95ea3da 100644 --- a/source3/libsmb/trustdom_cache.c +++ b/source3/libsmb/trustdom_cache.c @@ -21,6 +21,10 @@ #include "includes.h" #include "../libcli/security/security.h" +#include "../librpc/gen_ndr/ndr_lsa_c.h" +#include "libsmb/libsmb.h" +#include "rpc_client/cli_pipe.h" +#include "rpc_client/cli_lsarpc.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_ALL /* there's no proper class yet */ @@ -245,6 +249,105 @@ void trustdom_cache_flush(void) DEBUG(5, ("Trusted domains cache flushed\n")); } +/********************************************************************* + Enumerate the list of trusted domains from a DC +*********************************************************************/ + +static bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain, + char ***domain_names, uint32 *num_domains, + struct dom_sid **sids ) +{ + struct policy_handle pol; + NTSTATUS status, result; + fstring dc_name; + struct sockaddr_storage dc_ss; + uint32 enum_ctx = 0; + struct cli_state *cli = NULL; + struct rpc_pipe_client *lsa_pipe = NULL; + struct lsa_DomainList dom_list; + int i; + struct dcerpc_binding_handle *b = NULL; + + *domain_names = NULL; + *num_domains = 0; + *sids = NULL; + + /* lookup a DC first */ + + if ( !get_dc_name(domain, NULL, dc_name, &dc_ss) ) { + DEBUG(3,("enumerate_domain_trusts: can't locate a DC for domain %s\n", + domain)); + return False; + } + + /* setup the anonymous connection */ + + status = cli_full_connection( &cli, lp_netbios_name(), dc_name, &dc_ss, 0, "IPC$", "IPC", + "", "", "", 0, Undefined); + if ( !NT_STATUS_IS_OK(status) ) + goto done; + + /* open the LSARPC_PIPE */ + + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + &lsa_pipe); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + b = lsa_pipe->binding_handle; + + /* get a handle */ + + status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True, + LSA_POLICY_VIEW_LOCAL_INFORMATION, &pol); + if ( !NT_STATUS_IS_OK(status) ) + goto done; + + /* Lookup list of trusted domains */ + + status = dcerpc_lsa_EnumTrustDom(b, mem_ctx, + &pol, + &enum_ctx, + &dom_list, + (uint32_t)-1, + &result); + if ( !NT_STATUS_IS_OK(status) ) + goto done; + if (!NT_STATUS_IS_OK(result)) { + status = result; + goto done; + } + + *num_domains = dom_list.count; + + *domain_names = talloc_zero_array(mem_ctx, char *, *num_domains); + if (!*domain_names) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + *sids = talloc_zero_array(mem_ctx, struct dom_sid, *num_domains); + if (!*sids) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + for (i=0; i< *num_domains; i++) { + (*domain_names)[i] = discard_const_p(char, dom_list.domains[i].name.string); + (*sids)[i] = *dom_list.domains[i].sid; + } + +done: + /* cleanup */ + if (cli) { + DEBUG(10,("enumerate_domain_trusts: shutting down connection...\n")); + cli_shutdown( cli ); + } + + return NT_STATUS_IS_OK(status); +} + /******************************************************************** update the trustdom_cache if needed ********************************************************************/ diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index dc2cf03..8305425 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -20,8 +20,6 @@ #include "includes.h" #include "../libcli/auth/libcli_auth.h" -#include "../librpc/gen_ndr/ndr_lsa_c.h" -#include "rpc_client/cli_lsarpc.h" #include "rpc_client/cli_netlogon.h" #include "rpc_client/cli_pipe.h" #include "../librpc/gen_ndr/ndr_netlogon.h" @@ -136,105 +134,6 @@ NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli, sec_channel_type); } -/********************************************************************* - Enumerate the list of trusted domains from a DC -*********************************************************************/ - -bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain, - char ***domain_names, uint32 *num_domains, - struct dom_sid **sids ) -{ - struct policy_handle pol; - NTSTATUS status, result; - fstring dc_name; - struct sockaddr_storage dc_ss; - uint32 enum_ctx = 0; - struct cli_state *cli = NULL; - struct rpc_pipe_client *lsa_pipe = NULL; - struct lsa_DomainList dom_list; - int i; - struct dcerpc_binding_handle *b = NULL; - - *domain_names = NULL; - *num_domains = 0; - *sids = NULL; - - /* lookup a DC first */ - - if ( !get_dc_name(domain, NULL, dc_name, &dc_ss) ) { - DEBUG(3,("enumerate_domain_trusts: can't locate a DC for domain %s\n", - domain)); - return False; - } - - /* setup the anonymous connection */ - - status = cli_full_connection( &cli, lp_netbios_name(), dc_name, &dc_ss, 0, "IPC$", "IPC", - "", "", "", 0, Undefined); - if ( !NT_STATUS_IS_OK(status) ) - goto done; - - /* open the LSARPC_PIPE */ - - status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, - &lsa_pipe); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - - b = lsa_pipe->binding_handle; - - /* get a handle */ - - status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True, - LSA_POLICY_VIEW_LOCAL_INFORMATION, &pol); - if ( !NT_STATUS_IS_OK(status) ) - goto done; - - /* Lookup list of trusted domains */ - - status = dcerpc_lsa_EnumTrustDom(b, mem_ctx, - &pol, - &enum_ctx, - &dom_list, - (uint32_t)-1, - &result); - if ( !NT_STATUS_IS_OK(status) ) - goto done; - if (!NT_STATUS_IS_OK(result)) { - status = result; - goto done; - } - - *num_domains = dom_list.count; - - *domain_names = talloc_zero_array(mem_ctx, char *, *num_domains); - if (!*domain_names) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - *sids = talloc_zero_array(mem_ctx, struct dom_sid, *num_domains); - if (!*sids) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - for (i=0; i< *num_domains; i++) { - (*domain_names)[i] = discard_const_p(char, dom_list.domains[i].name.string); - (*sids)[i] = *dom_list.domains[i].sid; - } - -done: - /* cleanup */ - if (cli) { - DEBUG(10,("enumerate_domain_trusts: shutting down connection...\n")); - cli_shutdown( cli ); - } - - return NT_STATUS_IS_OK(status); -} - NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index c78f238..bd14fb6 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -1660,78 +1660,6 @@ NTSTATUS _lsa_OpenTrustedDomainByName(struct pipes_struct *p, r->out.trustdom_handle); } -static NTSTATUS add_trusted_domain_user(TALLOC_CTX *mem_ctx, - const char *netbios_name, - const char *domain_name, - const struct trustDomainPasswords *auth_struct) -{ - NTSTATUS status; - struct samu *sam_acct; - char *acct_name; - uint32_t rid; - struct dom_sid user_sid; - int i; - char *dummy; - size_t dummy_size; - - sam_acct = samu_new(mem_ctx); - if (sam_acct == NULL) { - return NT_STATUS_NO_MEMORY; - } - - acct_name = talloc_asprintf(mem_ctx, "%s$", netbios_name); - if (acct_name == NULL) { - return NT_STATUS_NO_MEMORY; - } - if (!pdb_set_username(sam_acct, acct_name, PDB_SET)) { - return NT_STATUS_UNSUCCESSFUL; - } - - if (!pdb_set_domain(sam_acct, domain_name, PDB_SET)) { - return NT_STATUS_UNSUCCESSFUL; - } - - if (!pdb_set_acct_ctrl(sam_acct, ACB_DOMTRUST, PDB_SET)) { - return NT_STATUS_UNSUCCESSFUL; - } - - if (!pdb_new_rid(&rid)) { - return NT_STATUS_DS_NO_MORE_RIDS; - } - sid_compose(&user_sid, get_global_sam_sid(), rid); - if (!pdb_set_user_sid(sam_acct, &user_sid, PDB_SET)) { - return NT_STATUS_UNSUCCESSFUL; - } - - for (i = 0; i < auth_struct->incoming.count; i++) { - switch (auth_struct->incoming.current.array[i].AuthType) { - case TRUST_AUTH_TYPE_CLEAR: - if (!convert_string_talloc(mem_ctx, - CH_UTF16LE, - CH_UNIX, - auth_struct->incoming.current.array[i].AuthInfo.clear.password, - auth_struct->incoming.current.array[i].AuthInfo.clear.size, - &dummy, - &dummy_size)) { - return NT_STATUS_UNSUCCESSFUL; - } - if (!pdb_set_plaintext_passwd(sam_acct, dummy)) { - return NT_STATUS_UNSUCCESSFUL; - } - break; - default: - continue; - } - } - - status = pdb_add_sam_account(sam_acct); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - return NT_STATUS_OK; -} - /*************************************************************************** _lsa_CreateTrustedDomainEx2 ***************************************************************************/ @@ -1845,16 +1773,6 @@ NTSTATUS _lsa_CreateTrustedDomainEx2(struct pipes_struct *p, return status; } - if (r->in.info->trust_direction & LSA_TRUST_DIRECTION_INBOUND) { - status = add_trusted_domain_user(p->mem_ctx, - r->in.info->netbios_name.string, - r->in.info->domain_name.string, - &auth_struct); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - } - status = create_lsa_policy_handle(p->mem_ctx, p, LSA_HANDLE_TRUST_TYPE, acc_granted, @@ -1957,25 +1875,6 @@ NTSTATUS _lsa_DeleteTrustedDomain(struct pipes_struct *p, return NT_STATUS_UNSUCCESSFUL; } - if (td->trust_direction & LSA_TRUST_DIRECTION_INBOUND) { - sam_acct = samu_new(p->mem_ctx); - if (sam_acct == NULL) { - return NT_STATUS_NO_MEMORY; - } - - acct_name = talloc_asprintf(p->mem_ctx, "%s$", td->netbios_name); - if (acct_name == NULL) { - return NT_STATUS_NO_MEMORY; - } - if (!pdb_set_username(sam_acct, acct_name, PDB_SET)) { - return NT_STATUS_UNSUCCESSFUL; - } - status = pdb_delete_sam_account(sam_acct); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - } - status = pdb_del_trusted_domain(td->netbios_name); if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source3/wscript_build b/source3/wscript_build index 095cd07..97fb400 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -36,7 +36,7 @@ LIBCLI_LSA_SRC = '''rpc_client/cli_lsarpc.c rpc_client/util_lsarpc.c''' LIBCLI_SAMR_SRC = 'rpc_client/cli_samr.c' -LIBRPCCLI_NETLOGON_SRC = 'rpc_client/cli_netlogon.c rpc_client/util_netlogon.c' +LIBCLI_NETLOGON_SRC = 'rpc_client/cli_netlogon.c rpc_client/util_netlogon.c' # this includes only the low level parse code, not stuff # that requires knowledge of security contexts @@ -244,7 +244,7 @@ PLAINTEXT_AUTH_SRC = '''auth/pampass.c auth/pass_check.c''' SLCACHE_SRC = '''libsmb/samlogon_cache.c''' -DCUTIL_SRC = '''libsmb/namequery_dc.c libsmb/trustdom_cache.c libsmb/trusts_util.c libsmb/dsgetdcname.c''' +DCUTIL_SRC = '''libsmb/namequery_dc.c libsmb/trustdom_cache.c libsmb/dsgetdcname.c''' WINBINDD_SRC1 = '''winbindd/winbindd.c winbindd/winbindd_group.c @@ -510,7 +510,7 @@ SMBCONFTORT_SRC0 = 'lib/smbconf/testsuite.c' SMBCONFTORT_SRC = '''${SMBCONFTORT_SRC0}''' -LIBNET_SRC = 'libnet/libnet_join.c libnet/libnet_keytab.c' +LIBNET_SRC = 'libnet/libnet_join.c' LIBNET_DSSYNC_SRC = '''libnet/libnet_dssync.c @@ -644,9 +644,9 @@ bld.SAMBA3_LIBRARY('netapi', pdb param samba-util LIBMSRPC_GEN msrpc3 ads LIBNET DCUTIL NDR_LIBNETAPI RPC_CLIENT_SCHANNEL smbconf REG_SMBCONF - LIBCLI_SAMR libcli_lsa3 LIBRPCCLI_NETLOGON + LIBCLI_SAMR libcli_lsa3 libcli_netlogon3 RPC_NDR_SRVSVC RPC_NDR_WKSSVC RPC_NDR_INITSHUTDOWN - INIT_NETLOGON INIT_SAMR popt_samba3''', + INIT_SAMR popt_samba3''', public_headers='../source3/lib/netapi/netapi.h', pc_files=[], vnum='0', @@ -693,7 +693,7 @@ bld.SAMBA3_SUBSYSTEM('LIBMSRPC_GEN', deps='''ndr-standard NDR_DSSETUP NDR_SPOOLSS''', vars=locals()) -bld.SAMBA3_LIBRARY('libgpo', +bld.SAMBA3_LIBRARY('gpo', source='${LIBGPO_SRC}', deps='talloc ads TOKEN_UTIL gpext', vars=locals(), @@ -892,8 +892,8 @@ bld.SAMBA3_LIBRARY('smbd_base', vfs vfs_default vfs_posixacl auth rpc LOCKING LIBAFS LIBAFS_SETTOKEN PROFILE -- Samba Shared Repository