The branch, master has been updated
via 7b4dfd9 winbindd: return trust parameters when listing trusts
via d0aa5d0 winbindd: initialize foreign domain as AD based on trust
via c65841a winbindd: introduce add_trusted_domain_from_tdc()
from a42dc86 s3/winbindd: Add missing space in debug message.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7b4dfd939f417c7d8c4c2c1e8c77f4af9bcd28d7
Author: Uri Simchoni <u...@samba.org>
Date: Wed Feb 10 00:38:11 2016 +0200
winbindd: return trust parameters when listing trusts
When asking a child domain process to list trusts on that domain,
return (along with trust domain names and SID) the trust properties -
flags, type, and attributes.
Use those attributes to initialize domain object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691
Signed-off-by: Uri Simchoni <u...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Autobuild-User(master): Ralph Böhme <s...@samba.org>
Autobuild-Date(master): Tue Feb 23 22:02:16 CET 2016 on sn-devel-144
commit d0aa5d057497022aeefffa9882d3ac2b7e18a682
Author: Uri Simchoni <u...@samba.org>
Date: Wed Feb 10 00:32:23 2016 +0200
winbindd: initialize foreign domain as AD based on trust
Based on trust parameters, initialize the active_directory
member of domain object to true.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691
Signed-off-by: Uri Simchoni <u...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit c65841a3bd737b61251603a916a315043703c832
Author: Uri Simchoni <u...@samba.org>
Date: Wed Feb 10 00:26:45 2016 +0200
winbindd: introduce add_trusted_domain_from_tdc()
This is purely a refactoring patch -
Add a routine that adds a winbindd domain object based on
domain trust cache entry. add_trusted_domain() becomes
a wrapper for this new routine.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691
Signed-off-by: Uri Simchoni <u...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_misc.c | 11 +--
source3/winbindd/winbindd_util.c | 153 +++++++++++++++++++++++++++------------
2 files changed, 114 insertions(+), 50 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c
index 3e024c9..560f197 100644
--- a/source3/winbindd/winbindd_misc.c
+++ b/source3/winbindd/winbindd_misc.c
@@ -181,11 +181,12 @@ enum winbindd_result
winbindd_dual_list_trusted_domains(struct winbindd_domain *
}
extra_data = talloc_asprintf_append_buffer(
- extra_data, "%s\\%s\\%s\n",
- trusts.array[i].netbios_name,
- trusts.array[i].dns_name,
- sid_string_talloc(state->mem_ctx,
- trusts.array[i].sid));
+ extra_data, "%s\\%s\\%s\\%u\\%u\\%u\n",
+ trusts.array[i].netbios_name, trusts.array[i].dns_name,
+ sid_string_talloc(state->mem_ctx, trusts.array[i].sid),
+ trusts.array[i].trust_flags,
+ (uint32_t)trusts.array[i].trust_type,
+ trusts.array[i].trust_attributes);
}
/* add our primary domain */
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 0cd77f7..c323520 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -34,6 +34,10 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
+static struct winbindd_domain *
+add_trusted_domain_from_tdc(const struct winbindd_tdc_domain *tdc,
+ struct winbindd_methods *methods);
+
extern struct winbindd_methods cache_methods;
/**
@@ -119,14 +123,40 @@ static bool is_in_internal_domain(const struct dom_sid
*sid)
If the domain already exists in the list,
return it and don't re-initialize. */
-static struct winbindd_domain *add_trusted_domain(const char *domain_name,
const char *alt_name,
- struct winbindd_methods
*methods,
- const struct dom_sid *sid)
+static struct winbindd_domain *
+add_trusted_domain(const char *domain_name, const char *alt_name,
+ struct winbindd_methods *methods, const struct dom_sid *sid)
+{
+ struct winbindd_tdc_domain tdc;
+
+ ZERO_STRUCT(tdc);
+
+ tdc.domain_name = domain_name;
+ tdc.dns_name = alt_name;
+ if (sid) {
+ sid_copy(&tdc.sid, sid);
+ }
+
+ return add_trusted_domain_from_tdc(&tdc, methods);
+}
+
+/* Add a trusted domain out of a trusted domain cache
+ entry
+*/
+static struct winbindd_domain *
+add_trusted_domain_from_tdc(const struct winbindd_tdc_domain *tdc,
+ struct winbindd_methods *methods)
{
struct winbindd_domain *domain;
const char *alternative_name = NULL;
const char **ignored_domains, **dom;
int role = lp_server_role();
+ const char *domain_name = tdc->domain_name;
+ const struct dom_sid *sid = &tdc->sid;
+
+ if (is_null_sid(sid)) {
+ sid = NULL;
+ }
ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains",
NULL);
for (dom=ignored_domains; dom && *dom; dom++) {
@@ -138,8 +168,8 @@ static struct winbindd_domain *add_trusted_domain(const
char *domain_name, const
/* use alt_name if available to allow DNS lookups */
- if (alt_name && *alt_name) {
- alternative_name = alt_name;
+ if (tdc->dns_name && *tdc->dns_name) {
+ alternative_name = tdc->dns_name;
}
/* We can't call domain_list() as this function is called from
@@ -151,8 +181,7 @@ static struct winbindd_domain *add_trusted_domain(const
char *domain_name, const
break;
}
- if (alternative_name && *alternative_name)
- {
+ if (alternative_name) {
if (strequal(alternative_name, domain->name) ||
strequal(alternative_name, domain->alt_name))
{
@@ -160,12 +189,7 @@ static struct winbindd_domain *add_trusted_domain(const
char *domain_name, const
}
}
- if (sid)
- {
- if (is_null_sid(sid)) {
- continue;
- }
-
+ if (sid != NULL) {
if (dom_sid_equal(sid, &domain->sid)) {
break;
}
@@ -219,13 +243,16 @@ static struct winbindd_domain *add_trusted_domain(const
char *domain_name, const
domain->internal = is_internal_domain(sid);
domain->sequence_number = DOM_SEQUENCE_NONE;
domain->last_seq_check = 0;
- domain->initialized = False;
+ domain->initialized = false;
domain->online = is_internal_domain(sid);
domain->check_online_timeout = 0;
domain->dc_probe_pid = (pid_t)-1;
- if (sid) {
+ if (sid != NULL) {
sid_copy(&domain->sid, sid);
}
+ domain->domain_flags = tdc->trust_flags;
+ domain->domain_type = tdc->trust_type;
+ domain->domain_trust_attribs = tdc->trust_attribs;
/* Is this our primary domain ? */
if (strequal(domain_name, get_global_sam_name()) &&
@@ -243,6 +270,10 @@ static struct winbindd_domain *add_trusted_domain(const
char *domain_name, const
if (lp_security() == SEC_ADS) {
domain->active_directory = true;
}
+ } else if (!domain->internal) {
+ if (domain->domain_type == LSA_TRUST_TYPE_UPLEVEL) {
+ domain->active_directory = true;
+ }
}
/* Link to domain list */
@@ -252,9 +283,9 @@ static struct winbindd_domain *add_trusted_domain(const
char *domain_name, const
setup_domain_child(domain);
- DEBUG(2,("Added domain %s %s %s\n",
- domain->name, domain->alt_name,
- &domain->sid?sid_string_dbg(&domain->sid):""));
+ DEBUG(2,
+ ("Added domain %s %s %s\n", domain->name, domain->alt_name,
+ !is_null_sid(&domain->sid) ? sid_string_dbg(&domain->sid) : ""));
return domain;
}
@@ -312,24 +343,37 @@ static void trustdom_list_done(struct tevent_req *req)
struct winbindd_response *response;
int res, err;
char *p;
+ struct winbindd_tdc_domain trust_params = {0};
+ ptrdiff_t extra_len;
res = wb_domain_request_recv(req, state, &response, &err);
if ((res == -1) || (response->result != WINBINDD_OK)) {
- DEBUG(1, ("Could not receive trustdoms\n"));
+ DBG_WARNING("Could not receive trustdoms\n");
+ TALLOC_FREE(state);
+ return;
+ }
+
+ if (response->length < sizeof(struct winbindd_response)) {
+ DBG_ERR("ill-formed trustdom response - short length\n");
TALLOC_FREE(state);
return;
}
+ extra_len = response->length - sizeof(struct winbindd_response);
+
p = (char *)response->extra_data.data;
- while ((p != NULL) && (*p != '\0')) {
+ while ((p - (char *)response->extra_data.data) < extra_len) {
char *q, *sidstr, *alt_name;
- struct dom_sid sid;
- char *alternate_name = NULL;
+
+ DBG_DEBUG("parsing response line '%s'\n", p);
+
+ ZERO_STRUCT(trust_params);
+ trust_params.domain_name = p;
alt_name = strchr(p, '\\');
if (alt_name == NULL) {
- DEBUG(0, ("Got invalid trustdom response\n"));
+ DBG_ERR("Got invalid trustdom response\n");
break;
}
@@ -338,26 +382,52 @@ static void trustdom_list_done(struct tevent_req *req)
sidstr = strchr(alt_name, '\\');
if (sidstr == NULL) {
- DEBUG(0, ("Got invalid trustdom response\n"));
+ DBG_ERR("Got invalid trustdom response\n");
break;
}
*sidstr = '\0';
sidstr += 1;
- q = strchr(sidstr, '\n');
- if (q != NULL)
- *q = '\0';
+ /* use the real alt_name if we have one, else pass in NULL */
+ if (!strequal(alt_name, "(null)")) {
+ trust_params.dns_name = alt_name;
+ }
+
+ q = strtok(sidstr, "\\");
+ if (q == NULL) {
+ DBG_ERR("Got invalid trustdom response\n");
+ break;
+ }
- if (!string_to_sid(&sid, sidstr)) {
+ if (!string_to_sid(&trust_params.sid, sidstr)) {
DEBUG(0, ("Got invalid trustdom response\n"));
break;
}
- /* use the real alt_name if we have one, else pass in NULL */
+ q = strtok(NULL, "\\");
+ if (q == NULL) {
+ DBG_ERR("Got invalid trustdom response\n");
+ break;
+ }
+
+ trust_params.trust_flags = (uint32_t)strtoul(q, NULL, 10);
+
+ q = strtok(NULL, "\\");
+ if (q == NULL) {
+ DBG_ERR("Got invalid trustdom response\n");
+ break;
+ }
+
+ trust_params.trust_type = (uint32_t)strtoul(q, NULL, 10);
+
+ q = strtok(NULL, "\n");
+ if (q == NULL) {
+ DBG_ERR("Got invalid trustdom response\n");
+ break;
+ }
- if ( !strequal( alt_name, "(null)" ) )
- alternate_name = alt_name;
+ trust_params.trust_attribs = (uint32_t)strtoul(q, NULL, 10);
/*
* We always call add_trusted_domain() cause on an existing
@@ -365,13 +435,10 @@ static void trustdom_list_done(struct tevent_req *req)
* This is important because we need the SID for sibling
* domains.
*/
- (void)add_trusted_domain(p, alternate_name,
- &cache_methods,
- &sid);
+ (void)add_trusted_domain_from_tdc(&trust_params,
+ &cache_methods);
- p=q;
- if (p != NULL)
- p += 1;
+ p = q + strlen(q) + 1;
}
/*
@@ -438,10 +505,8 @@ static void rescan_forest_root_trusts( void )
d = find_domain_from_name_noinit( dom_list[i].domain_name );
if ( !d ) {
- d = add_trusted_domain( dom_list[i].domain_name,
- dom_list[i].dns_name,
- &cache_methods,
- &dom_list[i].sid );
+ d = add_trusted_domain_from_tdc(&dom_list[i],
+ &cache_methods);
}
if (d == NULL) {
@@ -507,10 +572,8 @@ static void rescan_forest_trusts( void )
about it */
if ( !d ) {
- d = add_trusted_domain( dom_list[i].domain_name,
- dom_list[i].dns_name,
- &cache_methods,
- &dom_list[i].sid );
+ d = add_trusted_domain_from_tdc(&dom_list[i],
+ &cache_methods);
}
if (d == NULL) {
--
Samba Shared Repository
