svn commit: samba r17945 - in branches/SAMBA_3_0/source: include libads libsmb nsswitch

jra at samba.org jra at samba.org
Thu Aug 31 04:14:10 GMT 2006


Author: jra
Date: 2006-08-31 04:14:08 +0000 (Thu, 31 Aug 2006)
New Revision: 17945

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17945

Log:
Store the server and client sitenames in the ADS
struct so we can see when they match - only create
the ugly krb5 hack when they do.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/include/ads.h
   branches/SAMBA_3_0/source/include/ads_cldap.h
   branches/SAMBA_3_0/source/libads/ads_struct.c
   branches/SAMBA_3_0/source/libads/dns.c
   branches/SAMBA_3_0/source/libads/kerberos.c
   branches/SAMBA_3_0/source/libads/ldap.c
   branches/SAMBA_3_0/source/libsmb/namequery_dc.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c


Changeset:
Modified: branches/SAMBA_3_0/source/include/ads.h
===================================================================
--- branches/SAMBA_3_0/source/include/ads.h	2006-08-31 01:27:51 UTC (rev 17944)
+++ branches/SAMBA_3_0/source/include/ads.h	2006-08-31 04:14:08 UTC (rev 17945)
@@ -46,6 +46,8 @@
 		char *realm;
 		char *bind_path;
 		char *ldap_server_name;
+		char *server_site_name;
+		char *client_site_name;
 		time_t current_time;
 	} config;
 

Modified: branches/SAMBA_3_0/source/include/ads_cldap.h
===================================================================
--- branches/SAMBA_3_0/source/include/ads_cldap.h	2006-08-31 01:27:51 UTC (rev 17944)
+++ branches/SAMBA_3_0/source/include/ads_cldap.h	2006-08-31 04:14:08 UTC (rev 17945)
@@ -43,6 +43,8 @@
 	uint16 lm20_token;
 };
 
+#define DEFAULT_SITE_NAME "Default-First-Site-Name"
+
 /* Mailslot or cldap getdcname response flags */
 #define ADS_PDC            0x00000001  /* DC is PDC */
 #define ADS_GC             0x00000004  /* DC is a GC of forest */

Modified: branches/SAMBA_3_0/source/libads/ads_struct.c
===================================================================
--- branches/SAMBA_3_0/source/libads/ads_struct.c	2006-08-31 01:27:51 UTC (rev 17944)
+++ branches/SAMBA_3_0/source/libads/ads_struct.c	2006-08-31 04:14:08 UTC (rev 17945)
@@ -136,6 +136,8 @@
 		SAFE_FREE((*ads)->config.realm);
 		SAFE_FREE((*ads)->config.bind_path);
 		SAFE_FREE((*ads)->config.ldap_server_name);
+		SAFE_FREE((*ads)->config.server_site_name);
+		SAFE_FREE((*ads)->config.client_site_name);
 		
 		SAFE_FREE((*ads)->schema.posix_uidnumber_attr);
 		SAFE_FREE((*ads)->schema.posix_gidnumber_attr);

Modified: branches/SAMBA_3_0/source/libads/dns.c
===================================================================
--- branches/SAMBA_3_0/source/libads/dns.c	2006-08-31 01:27:51 UTC (rev 17944)
+++ branches/SAMBA_3_0/source/libads/dns.c	2006-08-31 04:14:08 UTC (rev 17945)
@@ -590,8 +590,9 @@
 	if (!sitename || (sitename && !*sitename)) {
 		DEBUG(5,("sitename_store: deleting empty sitename!\n"));
 		return gencache_del(SITENAME_KEY);
-	} else if (sitename && strequal(sitename, "Default-First-Site-Name")) {
-		DEBUG(5,("sitename_store: delete default sitename Default-First-Site-Name\n"));
+	} else if (sitename && strequal(sitename, DEFAULT_SITE_NAME)) {
+		DEBUG(5,("sitename_store: delete default sitename %s\n",
+			DEFAULT_SITE_NAME));
 		return gencache_del(SITENAME_KEY);
 	}
 
@@ -633,11 +634,16 @@
  Did the sitename change ?
 ****************************************************************************/
 
-BOOL sitename_changed(const char *sitename)
+BOOL stored_sitename_changed(const char *sitename)
 {
 	BOOL ret = False;
 	char *new_sitename = sitename_fetch();
 
+	/* Treat default site as no name. */
+	if (strequal(sitename, DEFAULT_SITE_NAME)) {
+		sitename = NULL;
+	}
+
 	if (sitename && new_sitename && !strequal(sitename, new_sitename)) {
 		ret = True;
 	} else if ((sitename && !new_sitename) ||

Modified: branches/SAMBA_3_0/source/libads/kerberos.c
===================================================================
--- branches/SAMBA_3_0/source/libads/kerberos.c	2006-08-31 01:27:51 UTC (rev 17944)
+++ branches/SAMBA_3_0/source/libads/kerberos.c	2006-08-31 04:14:08 UTC (rev 17945)
@@ -477,16 +477,20 @@
 	char *fname = talloc_asprintf(NULL, "%s/smb_krb5.conf.%s", lp_private_dir(), domain);
 	char *file_contents = NULL;
 	size_t flen = 0;
+	char *realm_upper = NULL;
 	int loopcount = 0;
 
 	if (!fname) {
 		return False;
 	}
 
+	realm_upper = talloc_strdup(fname, realm);
+	strupper_m(realm_upper);
+
 	file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n"
 				"[realms]\n\t%s = {\n"
 				"\t\tkdc = %s\n]\n",
-				realm, realm, inet_ntoa(ip));
+				realm_upper, realm_upper, inet_ntoa(ip));
 
 	if (!file_contents) {
 		TALLOC_FREE(fname);
@@ -541,6 +545,11 @@
 	/* Set the environment variable to this file. */
 	setenv("KRB5_CONFIG", fname, 1);
 	TALLOC_FREE(fname);
+
+	DEBUG(5,("create_local_private_krb5_conf_for_domain: wrote "
+		"file %s with realm %s KDC = %s\n",
+		realm_upper, inet_ntoa(ip));
+
 	return True;
 }
 #endif

Modified: branches/SAMBA_3_0/source/libads/ldap.c
===================================================================
--- branches/SAMBA_3_0/source/libads/ldap.c	2006-08-31 01:27:51 UTC (rev 17944)
+++ branches/SAMBA_3_0/source/libads/ldap.c	2006-08-31 04:14:08 UTC (rev 17945)
@@ -115,6 +115,27 @@
 	return result;
 }
 
+#ifdef HAVE_KRB5
+/**********************************************
+ Do client and server sitename match ?
+**********************************************/
+
+BOOL ads_sitename_match(ADS_STRUCT *ads)
+{
+	if (ads->config.server_site_name == NULL &&
+	    ads->config.client_site_name == NULL ) {
+		return True;
+	}
+	if (ads->config.server_site_name &&
+	    ads->config.client_site_name &&
+	    strequal(ads->config.server_site_name,
+		     ads->config.client_site_name)) {
+		return True;
+	}
+	return False;
+}
+#endif
+
 /*
   try a connection to a given ldap server, returning True and setting the servers IP
   in the ads struct if successful
@@ -157,6 +178,8 @@
 	SAFE_FREE(ads->config.realm);
 	SAFE_FREE(ads->config.bind_path);
 	SAFE_FREE(ads->config.ldap_server_name);
+	SAFE_FREE(ads->config.server_site);
+	SAFE_FREE(ads->config.client_site);
 	SAFE_FREE(ads->server.workgroup);
 
 	ads->config.flags	       = cldap_reply.flags;
@@ -164,6 +187,15 @@
 	strupper_m(cldap_reply.domain);
 	ads->config.realm              = SMB_STRDUP(cldap_reply.domain);
 	ads->config.bind_path          = ads_build_dn(ads->config.realm);
+	if (*cldap_reply.server_site_name) {
+		ads->config.server_site_name =
+			SMB_STRDUP(cldap_reply.server_site_name);
+	}
+	if (*cldap_reply.client_site_name) {
+		ads->config.server_site_name =
+			SMB_STRDUP(cldap_reply.server_site_name);
+	}
+		
 	ads->server.workgroup          = SMB_STRDUP(cldap_reply.netbios_domain);
 
 	ads->ldap_port = LDAP_PORT;

Modified: branches/SAMBA_3_0/source/libsmb/namequery_dc.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/namequery_dc.c	2006-08-31 01:27:51 UTC (rev 17944)
+++ branches/SAMBA_3_0/source/libsmb/namequery_dc.c	2006-08-31 04:14:08 UTC (rev 17945)
@@ -68,7 +68,7 @@
 		   has changed. If so, we need to re-do the DNS query
 		   to ensure we only find servers in our site. */
 
-		if (sitename_changed(sitename)) {
+		if (stored_sitename_changed(sitename)) {
 			SAFE_FREE(sitename);
 			sitename = sitename_fetch();
 			ads_destroy(&ads);
@@ -76,7 +76,7 @@
 		}
 
 #ifdef HAVE_KRB5
-		if ((ads->config.flags & ADS_KDC) && sitename) {
+		if ((ads->config.flags & ADS_KDC) && ads_sitename_match(ads)) {
 			/* We're going to use this KDC for this realm/domain.
 			   If we are using sites, then force the krb5 libs
 			   to use this KDC. */

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c	2006-08-31 01:27:51 UTC (rev 17944)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c	2006-08-31 04:14:08 UTC (rev 17945)
@@ -607,7 +607,7 @@
 			namecache_store(name, 0x20, 1, &ip_list);
 
 #ifdef HAVE_KRB5
-			if ((ads->config.flags & ADS_KDC) && sitename) {
+			if ((ads->config.flags & ADS_KDC) && ads_sitename_match(ads)) {
 				/* We're going to use this KDC for this realm/domain.
 				   If we are using sites, then force the krb5 libs
 				   to use this KDC. */



More information about the samba-cvs mailing list