svn commit: samba r13164 - in trunk/source/nsswitch: .

gd at samba.org gd at samba.org
Thu Jan 26 13:41:53 GMT 2006 

Author: gd
Date: 2006-01-26 13:41:52 +0000 (Thu, 26 Jan 2006)
New Revision: 13164

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13164

Log:
Fix wbinfo --trusted-domains (-m) and add wbinfo --all-domains.

We were not quite following our own documentation when wbinfo -m with
winbind running in security=ads always returned our own primary domain
in the list of trusted domains. When running against non-AD DCs we don't
have it in the list.

Since we now have clients that expect wbinfo to provide them with a full
list of trusted domains including our own primary domain (kdm, gdm,
etc.) to mimic XP logon optics, I've added 'wbinfo --all-domains'.

Especially the removal of the DS_DOMAIN_DIRECT_OUTBOUND bit needs
testing.

Guenther

Modified:
   trunk/source/nsswitch/wbinfo.c
   trunk/source/nsswitch/winbindd_ads.c
   trunk/source/nsswitch/winbindd_misc.c
   trunk/source/nsswitch/winbindd_nss.h


Changeset:
Modified: trunk/source/nsswitch/wbinfo.c
===================================================================
--- trunk/source/nsswitch/wbinfo.c	2006-01-26 12:59:55 UTC (rev 13163)
+++ trunk/source/nsswitch/wbinfo.c	2006-01-26 13:41:52 UTC (rev 13164)
@@ -260,15 +260,19 @@
 
 /* List trusted domains */
 
-static BOOL wbinfo_list_domains(void)
+static BOOL wbinfo_list_domains(BOOL list_all_domains)
 {
+	struct winbindd_request request;
 	struct winbindd_response response;
 
+	ZERO_STRUCT(request);
 	ZERO_STRUCT(response);
 
 	/* Send request */
 
-	if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, NULL, &response) !=
+	request.data.list_all_domains = list_all_domains;
+
+	if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
 		return False;
 
@@ -1043,7 +1047,8 @@
 	OPT_USERSIDS,
 	OPT_ALLOCATE_UID,
 	OPT_ALLOCATE_GID,
-	OPT_SEPARATOR
+	OPT_SEPARATOR,
+	OPT_LIST_ALL_DOMAINS
 };
 
 int main(int argc, char **argv)
@@ -1078,6 +1083,7 @@
 		  "Get a new GID out of idmap" },
 		{ "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
 		{ "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
+		{ "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
 		{ "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
 		{ "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
 		{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
@@ -1222,7 +1228,7 @@
 			}
 			break;
 		case 'm':
-			if (!wbinfo_list_domains()) {
+			if (!wbinfo_list_domains(False)) {
 				d_fprintf(stderr, "Could not list trusted domains\n");
 				goto done;
 			}
@@ -1344,6 +1350,10 @@
 			d_printf("%c\n", sep);
 			break;
 		}
+		case OPT_LIST_ALL_DOMAINS:
+			if (!wbinfo_list_domains(True)) {
+				goto done;
+			}
 		/* generic configuration options */
 		case OPT_DOMAIN_NAME:
 			break;

Modified: trunk/source/nsswitch/winbindd_ads.c
===================================================================
--- trunk/source/nsswitch/winbindd_ads.c	2006-01-26 12:59:55 UTC (rev 13163)
+++ trunk/source/nsswitch/winbindd_ads.c	2006-01-26 13:41:52 UTC (rev 13164)
@@ -878,8 +878,7 @@
 	struct ds_domain_trust	*domains = NULL;
 	int			count = 0;
 	int			i;
-				/* i think we only need our forest and downlevel trusted domains */
-	uint32			flags = DS_DOMAIN_IN_FOREST | DS_DOMAIN_DIRECT_OUTBOUND;
+	uint32			flags = DS_DOMAIN_DIRECT_OUTBOUND;
 	struct rpc_pipe_client *cli;
 
 	DEBUG(3,("ads: trusted_domains\n"));

Modified: trunk/source/nsswitch/winbindd_misc.c
===================================================================
--- trunk/source/nsswitch/winbindd_misc.c	2006-01-26 12:59:55 UTC (rev 13163)
+++ trunk/source/nsswitch/winbindd_misc.c	2006-01-26 13:41:52 UTC (rev 13164)
@@ -115,6 +115,7 @@
 	int extra_data_len = 0;
 	char *extra_data;
 	NTSTATUS result;
+	BOOL have_own_domain = False;
 
 	DEBUG(3, ("[%5lu]: list trusted domains\n",
 		  (unsigned long)state->pid));
@@ -137,7 +138,23 @@
 					     names[i],
 					     alt_names[i] ? alt_names[i] : names[i],
 					     sid_string_static(&sids[i]));
+	/* add our primary domain */
+	
+	for (i=0; i<num_domains; i++) {
+		if (strequal(names[i], domain->name)) {
+			have_own_domain = True;
+			break;
+		}
+	}
 
+	if (state->request.data.list_all_domains && !have_own_domain) {
+		extra_data = talloc_asprintf(state->mem_ctx, "%s\n%s\\%s\\%s",
+					     extra_data,
+					     domain->name,
+					     domain->alt_name ? domain->alt_name : domain->name,
+					     sid_string_static(&domain->sid));
+	}
+
 	/* This is a bit excessive, but the extra data sooner or later will be
 	   talloc'ed */
 

Modified: trunk/source/nsswitch/winbindd_nss.h
===================================================================
--- trunk/source/nsswitch/winbindd_nss.h	2006-01-26 12:59:55 UTC (rev 13163)
+++ trunk/source/nsswitch/winbindd_nss.h	2006-01-26 13:41:52 UTC (rev 13164)
@@ -254,6 +254,7 @@
 			gid_t gid;
 			fstring sid;
 		} dual_idmapset;
+		BOOL list_all_domains;
 	} data;
 	char *extra_data;
 	size_t extra_len;

More information about the samba-cvs mailing list