svn commit: samba r13164 - in trunk/source/nsswitch: .
gd at samba.org
gd at samba.org
Thu Jan 26 13:41:53 GMT 2006
Author: gd
Date: 2006-01-26 13:41:52 +0000 (Thu, 26 Jan 2006)
New Revision: 13164
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13164
Log:
Fix wbinfo --trusted-domains (-m) and add wbinfo --all-domains.
We were not quite following our own documentation when wbinfo -m with
winbind running in security=ads always returned our own primary domain
in the list of trusted domains. When running against non-AD DCs we don't
have it in the list.
Since we now have clients that expect wbinfo to provide them with a full
list of trusted domains including our own primary domain (kdm, gdm,
etc.) to mimic XP logon optics, I've added 'wbinfo --all-domains'.
Especially the removal of the DS_DOMAIN_DIRECT_OUTBOUND bit needs
testing.
Guenther
Modified:
trunk/source/nsswitch/wbinfo.c
trunk/source/nsswitch/winbindd_ads.c
trunk/source/nsswitch/winbindd_misc.c
trunk/source/nsswitch/winbindd_nss.h
Changeset:
Modified: trunk/source/nsswitch/wbinfo.c
===================================================================
--- trunk/source/nsswitch/wbinfo.c 2006-01-26 12:59:55 UTC (rev 13163)
+++ trunk/source/nsswitch/wbinfo.c 2006-01-26 13:41:52 UTC (rev 13164)
@@ -260,15 +260,19 @@
/* List trusted domains */
-static BOOL wbinfo_list_domains(void)
+static BOOL wbinfo_list_domains(BOOL list_all_domains)
{
+ struct winbindd_request request;
struct winbindd_response response;
+ ZERO_STRUCT(request);
ZERO_STRUCT(response);
/* Send request */
- if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, NULL, &response) !=
+ request.data.list_all_domains = list_all_domains;
+
+ if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, &request, &response) !=
NSS_STATUS_SUCCESS)
return False;
@@ -1043,7 +1047,8 @@
OPT_USERSIDS,
OPT_ALLOCATE_UID,
OPT_ALLOCATE_GID,
- OPT_SEPARATOR
+ OPT_SEPARATOR,
+ OPT_LIST_ALL_DOMAINS
};
int main(int argc, char **argv)
@@ -1078,6 +1083,7 @@
"Get a new GID out of idmap" },
{ "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
{ "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
+ { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
{ "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
{ "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
@@ -1222,7 +1228,7 @@
}
break;
case 'm':
- if (!wbinfo_list_domains()) {
+ if (!wbinfo_list_domains(False)) {
d_fprintf(stderr, "Could not list trusted domains\n");
goto done;
}
@@ -1344,6 +1350,10 @@
d_printf("%c\n", sep);
break;
}
+ case OPT_LIST_ALL_DOMAINS:
+ if (!wbinfo_list_domains(True)) {
+ goto done;
+ }
/* generic configuration options */
case OPT_DOMAIN_NAME:
break;
Modified: trunk/source/nsswitch/winbindd_ads.c
===================================================================
--- trunk/source/nsswitch/winbindd_ads.c 2006-01-26 12:59:55 UTC (rev 13163)
+++ trunk/source/nsswitch/winbindd_ads.c 2006-01-26 13:41:52 UTC (rev 13164)
@@ -878,8 +878,7 @@
struct ds_domain_trust *domains = NULL;
int count = 0;
int i;
- /* i think we only need our forest and downlevel trusted domains */
- uint32 flags = DS_DOMAIN_IN_FOREST | DS_DOMAIN_DIRECT_OUTBOUND;
+ uint32 flags = DS_DOMAIN_DIRECT_OUTBOUND;
struct rpc_pipe_client *cli;
DEBUG(3,("ads: trusted_domains\n"));
Modified: trunk/source/nsswitch/winbindd_misc.c
===================================================================
--- trunk/source/nsswitch/winbindd_misc.c 2006-01-26 12:59:55 UTC (rev 13163)
+++ trunk/source/nsswitch/winbindd_misc.c 2006-01-26 13:41:52 UTC (rev 13164)
@@ -115,6 +115,7 @@
int extra_data_len = 0;
char *extra_data;
NTSTATUS result;
+ BOOL have_own_domain = False;
DEBUG(3, ("[%5lu]: list trusted domains\n",
(unsigned long)state->pid));
@@ -137,7 +138,23 @@
names[i],
alt_names[i] ? alt_names[i] : names[i],
sid_string_static(&sids[i]));
+ /* add our primary domain */
+
+ for (i=0; i<num_domains; i++) {
+ if (strequal(names[i], domain->name)) {
+ have_own_domain = True;
+ break;
+ }
+ }
+ if (state->request.data.list_all_domains && !have_own_domain) {
+ extra_data = talloc_asprintf(state->mem_ctx, "%s\n%s\\%s\\%s",
+ extra_data,
+ domain->name,
+ domain->alt_name ? domain->alt_name : domain->name,
+ sid_string_static(&domain->sid));
+ }
+
/* This is a bit excessive, but the extra data sooner or later will be
talloc'ed */
Modified: trunk/source/nsswitch/winbindd_nss.h
===================================================================
--- trunk/source/nsswitch/winbindd_nss.h 2006-01-26 12:59:55 UTC (rev 13163)
+++ trunk/source/nsswitch/winbindd_nss.h 2006-01-26 13:41:52 UTC (rev 13164)
@@ -254,6 +254,7 @@
gid_t gid;
fstring sid;
} dual_idmapset;
+ BOOL list_all_domains;
} data;
char *extra_data;
size_t extra_len;
More information about the samba-cvs
mailing list