svn commit: samba r7454 - branches/SAMBA_3_0/source/nsswitch
trunk/source/nsswitch
jerry at samba.org
jerry at samba.org
Fri Jun 10 03:26:40 GMT 2005
Author: jerry
Date: 2005-06-10 03:26:39 +0000 (Fri, 10 Jun 2005)
New Revision: 7454
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=7454
Log:
couple of winbindd fixes
* make sure to use our domain as the account name in the net_req_auth2()
request when running on a Samba DC
* make sure to lookup the correct domain (not default to ours) when getting an async
getpwnam() call
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd.c
branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
branches/SAMBA_3_0/source/nsswitch/winbindd_user.c
trunk/source/nsswitch/winbindd.c
trunk/source/nsswitch/winbindd_cm.c
trunk/source/nsswitch/winbindd_pam.c
trunk/source/nsswitch/winbindd_user.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd.c 2005-06-10 00:32:14 UTC (rev 7453)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd.c 2005-06-10 03:26:39 UTC (rev 7454)
@@ -252,7 +252,7 @@
/* PAM auth functions */
{ WINBINDD_PAM_AUTH, winbindd_pam_auth, "PAM_AUTH" },
- { WINBINDD_PAM_AUTH_CRAP, winbindd_crap_auth, "AUTH_CRAP" },
+ { WINBINDD_PAM_AUTH_CRAP, winbindd_pam_auth_crap, "AUTH_CRAP" },
{ WINBINDD_PAM_CHAUTHTOK, winbindd_pam_chauthtok, "CHAUTHTOK" },
/* Enumeration functions */
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c 2005-06-10 00:32:14 UTC (rev 7453)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c 2005-06-10 03:26:39 UTC (rev 7454)
@@ -1158,10 +1158,18 @@
generate_random_buffer(clnt_chal.data, 8);
server_name = talloc_asprintf(mem_ctx, "\\\\%s", domain->dcname);
- account_name = talloc_asprintf(mem_ctx, "%s$",
- domain->primary ?
- global_myname() : domain->name);
+ /* if we are a DC and this is a trusted domain, then we need to use our
+ domain name in the net_req_auth2() request */
+
+ if ( IS_DC ) {
+ account_name = talloc_asprintf( mem_ctx, "%s$", lp_workgroup() );
+ }
+ else {
+ account_name = talloc_asprintf(mem_ctx, "%s$",
+ domain->primary ? global_myname() : domain->name);
+ }
+
if ((server_name == NULL) || (account_name == NULL))
return NT_STATUS_NO_MEMORY;
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2005-06-10 00:32:14 UTC (rev 7453)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2005-06-10 03:26:39 UTC (rev 7454)
@@ -500,7 +500,7 @@
Challenge Response Authentication Protocol
**********************************************************************/
-enum winbindd_result winbindd_crap_auth(struct winbindd_cli_state *state)
+enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain = NULL;
const char *domain_name = NULL;
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_user.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_user.c 2005-06-10 00:32:14 UTC (rev 7453)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_user.c 2005-06-10 03:26:39 UTC (rev 7454)
@@ -324,7 +324,7 @@
/* Get info for the domain */
- domain = find_lookup_domain_from_name(domname);
+ domain = find_domain_from_name(domname);
if (domain == NULL) {
DEBUG(7, ("could not find domain entry for domain %s\n",
@@ -332,9 +332,9 @@
return WINBINDD_ERROR;
}
- if ( domain->primary && lp_winbind_trusted_domains_only()) {
- DEBUG(7,("winbindd_getpwnam: My domain -- rejecting "
- "getgroups() for %s\\%s.\n", domname, username));
+ if ( strequal(domname, lp_workgroup()) && lp_winbind_trusted_domains_only() ) {
+ DEBUG(7,("winbindd_getpwnam: My domain -- rejecting getpwnam() for %s\\%s.\n",
+ domname, username));
return WINBINDD_ERROR;
}
Modified: trunk/source/nsswitch/winbindd.c
===================================================================
--- trunk/source/nsswitch/winbindd.c 2005-06-10 00:32:14 UTC (rev 7453)
+++ trunk/source/nsswitch/winbindd.c 2005-06-10 03:26:39 UTC (rev 7454)
@@ -252,7 +252,7 @@
/* PAM auth functions */
{ WINBINDD_PAM_AUTH, winbindd_pam_auth, "PAM_AUTH" },
- { WINBINDD_PAM_AUTH_CRAP, winbindd_crap_auth, "AUTH_CRAP" },
+ { WINBINDD_PAM_AUTH_CRAP, winbindd_pam_auth_crap, "AUTH_CRAP" },
{ WINBINDD_PAM_CHAUTHTOK, winbindd_pam_chauthtok, "CHAUTHTOK" },
/* Enumeration functions */
Modified: trunk/source/nsswitch/winbindd_cm.c
===================================================================
--- trunk/source/nsswitch/winbindd_cm.c 2005-06-10 00:32:14 UTC (rev 7453)
+++ trunk/source/nsswitch/winbindd_cm.c 2005-06-10 03:26:39 UTC (rev 7454)
@@ -1158,10 +1158,18 @@
generate_random_buffer(clnt_chal.data, 8);
server_name = talloc_asprintf(mem_ctx, "\\\\%s", domain->dcname);
- account_name = talloc_asprintf(mem_ctx, "%s$",
- domain->primary ?
- global_myname() : domain->name);
+ /* if we are a DC and this is a trusted domain, then we need to use our
+ domain name in the net_req_auth2() request */
+
+ if ( IS_DC ) {
+ account_name = talloc_asprintf( mem_ctx, "%s$", lp_workgroup() );
+ }
+ else {
+ account_name = talloc_asprintf(mem_ctx, "%s$",
+ domain->primary ? global_myname() : domain->name);
+ }
+
if ((server_name == NULL) || (account_name == NULL))
return NT_STATUS_NO_MEMORY;
Modified: trunk/source/nsswitch/winbindd_pam.c
===================================================================
--- trunk/source/nsswitch/winbindd_pam.c 2005-06-10 00:32:14 UTC (rev 7453)
+++ trunk/source/nsswitch/winbindd_pam.c 2005-06-10 03:26:39 UTC (rev 7454)
@@ -500,7 +500,7 @@
Challenge Response Authentication Protocol
**********************************************************************/
-enum winbindd_result winbindd_crap_auth(struct winbindd_cli_state *state)
+enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain = NULL;
const char *domain_name = NULL;
Modified: trunk/source/nsswitch/winbindd_user.c
===================================================================
--- trunk/source/nsswitch/winbindd_user.c 2005-06-10 00:32:14 UTC (rev 7453)
+++ trunk/source/nsswitch/winbindd_user.c 2005-06-10 03:26:39 UTC (rev 7454)
@@ -324,7 +324,7 @@
/* Get info for the domain */
- domain = find_lookup_domain_from_name(domname);
+ domain = find_domain_from_name(domname);
if (domain == NULL) {
DEBUG(7, ("could not find domain entry for domain %s\n",
@@ -332,9 +332,9 @@
return WINBINDD_ERROR;
}
- if ( domain->primary && lp_winbind_trusted_domains_only()) {
- DEBUG(7,("winbindd_getpwnam: My domain -- rejecting "
- "getgroups() for %s\\%s.\n", domname, username));
+ if ( strequal(domname, lp_workgroup()) && lp_winbind_trusted_domains_only() ) {
+ DEBUG(7,("winbindd_getpwnam: My domain -- rejecting getpwnam() for %s\\%s.\n",
+ domname, username));
return WINBINDD_ERROR;
}
More information about the samba-cvs
mailing list