svn commit: samba r17086 - in branches/SAMBA_3_0/source/utils: .
gd at samba.org
gd at samba.org
Mon Jul 17 11:04:48 GMT 2006
Author: gd
Date: 2006-07-17 11:04:47 +0000 (Mon, 17 Jul 2006)
New Revision: 17086
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17086
Log:
Re-add ability to contact remote domain controllers with the "net ads"
toolset.
In 3.0.23 all those commands have been limited to the DC of our primary
domain. Also distinguish calls that may go to remote DCs (search, info,
lookup, etc.) from those that should only go to our primary domain
(join, leave, etc.).
Guenther
Modified:
branches/SAMBA_3_0/source/utils/net.c
branches/SAMBA_3_0/source/utils/net_ads.c
Changeset:
Modified: branches/SAMBA_3_0/source/utils/net.c
===================================================================
--- branches/SAMBA_3_0/source/utils/net.c 2006-07-17 09:48:06 UTC (rev 17085)
+++ branches/SAMBA_3_0/source/utils/net.c 2006-07-17 11:04:47 UTC (rev 17086)
@@ -481,7 +481,7 @@
static int net_join(int argc, const char **argv)
{
- if (net_ads_check() == 0) {
+ if (net_ads_check_our_domain() == 0) {
if (net_ads_join(argc, argv) == 0)
return 0;
else
@@ -492,7 +492,7 @@
static int net_changetrustpw(int argc, const char **argv)
{
- if (net_ads_check() == 0)
+ if (net_ads_check_our_domain() == 0)
return net_ads_changetrustpw(argc, argv);
return net_rpc_changetrustpw(argc, argv);
Modified: branches/SAMBA_3_0/source/utils/net_ads.c
===================================================================
--- branches/SAMBA_3_0/source/utils/net_ads.c 2006-07-17 09:48:06 UTC (rev 17085)
+++ branches/SAMBA_3_0/source/utils/net_ads.c 2006-07-17 11:04:47 UTC (rev 17086)
@@ -80,7 +80,18 @@
return -1;
}
+/* when we do not have sufficient input parameters to contact a remote domain
+ * we always fall back to our own realm - Guenther*/
+static const char *assume_own_realm(void)
+{
+ if (!opt_host && strequal(lp_workgroup(), opt_target_workgroup)) {
+ return lp_realm();
+ }
+
+ return NULL;
+}
+
/*
do a cldap netlogon query
*/
@@ -161,11 +172,8 @@
{
ADS_STRUCT *ads;
ADS_STATUS status;
- const char *realm = NULL;
+ const char *realm = assume_own_realm();
- if ( strequal(lp_workgroup(), opt_target_workgroup ) )
- realm = lp_realm();
-
ads = ads_init(realm, opt_target_workgroup, opt_host);
if (ads) {
ads->auth.flags |= ADS_AUTH_NO_BIND;
@@ -190,8 +198,9 @@
static int net_ads_info(int argc, const char **argv)
{
ADS_STRUCT *ads;
+ const char *realm = assume_own_realm();
- if ( (ads = ads_init(lp_realm(), opt_target_workgroup, opt_host)) != NULL ) {
+ if ( (ads = ads_init(realm, opt_target_workgroup, opt_host)) != NULL ) {
ads->auth.flags |= ADS_AUTH_NO_BIND;
}
@@ -228,21 +237,26 @@
setenv(KRB5_ENV_CCNAME, "MEMORY:net_ads", 1);
}
-static ADS_STRUCT *ads_startup(void)
+static ADS_STRUCT *ads_startup(BOOL only_own_domain)
{
ADS_STRUCT *ads;
ADS_STATUS status;
BOOL need_password = False;
BOOL second_time = False;
char *cp;
+ const char *realm = NULL;
/* lp_realm() should be handled by a command line param,
However, the join requires that realm be set in smb.conf
and compares our realm with the remote server's so this is
ok until someone needs more flexibility */
-
- ads = ads_init(lp_realm(), opt_target_workgroup, opt_host);
+ if (only_own_domain) {
+ realm = lp_realm();
+ }
+
+ ads = ads_init(realm, opt_target_workgroup, opt_host);
+
if (!opt_user_name) {
opt_user_name = "administrator";
}
@@ -299,12 +313,12 @@
ads_startup() stores the password in opt_password if it needs to so
that rpc or rap can use it without re-prompting.
*/
-int net_ads_check(void)
+static int net_ads_check_int(const char *realm, const char *workgroup, const char *host)
{
ADS_STRUCT *ads;
ADS_STATUS status;
- if ( (ads = ads_init( lp_realm(), lp_workgroup(), NULL )) == NULL ) {
+ if ( (ads = ads_init( realm, workgroup, host )) == NULL ) {
return -1;
}
@@ -319,6 +333,15 @@
return 0;
}
+int net_ads_check_our_domain(void)
+{
+ return net_ads_check_int(lp_realm(), lp_workgroup(), NULL);
+}
+
+int net_ads_check(void)
+{
+ return net_ads_check_int(NULL, opt_workgroup, opt_host);
+}
/*
determine the netbios workgroup name for a domain
*/
@@ -326,12 +349,9 @@
{
ADS_STRUCT *ads;
ADS_STATUS status;
- const char *realm = NULL;
+ const char *realm = assume_own_realm();
struct cldap_netlogon_reply reply;
- if ( strequal(lp_workgroup(), opt_target_workgroup ) )
- realm = lp_realm();
-
ads = ads_init(realm, opt_target_workgroup, opt_host);
if (ads) {
ads->auth.flags |= ADS_AUTH_NO_BIND;
@@ -405,7 +425,7 @@
if (argc < 1) return net_ads_user_usage(argc, argv);
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -490,7 +510,7 @@
return -1;
}
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
SAFE_FREE(escaped_user);
return -1;
}
@@ -537,7 +557,7 @@
return net_ads_user_usage(argc, argv);
}
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -577,7 +597,7 @@
char *disp_fields[2] = {NULL, NULL};
if (argc == 0) {
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -614,7 +634,7 @@
return net_ads_group_usage(argc, argv);
}
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -663,7 +683,7 @@
return net_ads_group_usage(argc, argv);
}
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -702,7 +722,7 @@
char *disp_fields[2] = {NULL, NULL};
if (argc == 0) {
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -728,7 +748,7 @@
ADS_STATUS rc;
void *res;
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
@@ -777,7 +797,7 @@
/* The finds a DC and takes care of getting the
user creds if necessary */
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
@@ -827,7 +847,7 @@
net_use_machine_password();
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
@@ -1105,7 +1125,7 @@
return -1;
}
- if ( (ads = ads_startup()) == NULL ) {
+ if ( (ads = ads_startup(True)) == NULL ) {
return -1;
}
@@ -1244,7 +1264,7 @@
ADS_STATUS rc;
void *res = NULL;
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -1277,7 +1297,7 @@
const char *servername, *printername;
void *res = NULL;
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -1336,7 +1356,7 @@
char *prt_dn, *srv_dn, **srv_cn;
void *res = NULL;
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
@@ -1419,7 +1439,7 @@
char *prt_dn;
void *res = NULL;
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
@@ -1515,7 +1535,7 @@
/* use the realm so we can eventually change passwords for users
in realms other than default */
- if (!(ads = ads_init(realm, opt_workgroup, NULL))) {
+ if (!(ads = ads_init(realm, opt_workgroup, opt_host))) {
return -1;
}
@@ -1566,7 +1586,7 @@
use_in_memory_ccache();
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
@@ -1631,7 +1651,7 @@
return net_ads_search_usage(argc, argv);
}
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -1691,7 +1711,7 @@
return net_ads_dn_usage(argc, argv);
}
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -1751,7 +1771,7 @@
return net_ads_sid_usage(argc, argv);
}
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(False))) {
return -1;
}
@@ -1808,7 +1828,7 @@
int ret;
ADS_STRUCT *ads;
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
ret = ads_keytab_flush(ads);
@@ -1823,7 +1843,7 @@
ADS_STRUCT *ads;
d_printf("Processing principals to add...\n");
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
for (i = 0; i < argc; i++) {
@@ -1838,7 +1858,7 @@
ADS_STRUCT *ads;
int ret;
- if (!(ads = ads_startup())) {
+ if (!(ads = ads_startup(True))) {
return -1;
}
ret = ads_keytab_create_default(ads);
@@ -1961,6 +1981,11 @@
return -1;
}
+int net_ads_check_our_domain(void)
+{
+ return -1;
+}
+
int net_ads(int argc, const char **argv)
{
return net_ads_usage(argc, argv);
More information about the samba-cvs
mailing list