svn commit: samba r19222 - in branches/tmp/vl-messaging/source:
include nsswitch rpc_server smbd utils
ab at samba.org
ab at samba.org
Tue Oct 10 07:57:02 GMT 2006
Author: ab
Date: 2006-10-10 07:57:01 +0000 (Tue, 10 Oct 2006)
New Revision: 19222
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19222
Log:
merge -r 19196:19220 with SAMBA_3_0
Modified:
branches/tmp/vl-messaging/source/include/ntdomain.h
branches/tmp/vl-messaging/source/nsswitch/winbindd_cache.c
branches/tmp/vl-messaging/source/nsswitch/winbindd_ccache_access.c
branches/tmp/vl-messaging/source/nsswitch/winbindd_cm.c
branches/tmp/vl-messaging/source/nsswitch/winbindd_dual.c
branches/tmp/vl-messaging/source/nsswitch/winbindd_pam.c
branches/tmp/vl-messaging/source/nsswitch/winbindd_util.c
branches/tmp/vl-messaging/source/rpc_server/srv_pipe.c
branches/tmp/vl-messaging/source/smbd/lanman.c
branches/tmp/vl-messaging/source/utils/smbcontrol.c
Changeset:
Modified: branches/tmp/vl-messaging/source/include/ntdomain.h
===================================================================
--- branches/tmp/vl-messaging/source/include/ntdomain.h 2006-10-10 07:55:46 UTC (rev 19221)
+++ branches/tmp/vl-messaging/source/include/ntdomain.h 2006-10-10 07:57:01 UTC (rev 19222)
@@ -257,6 +257,12 @@
*/
BOOL bad_handle_fault_state;
+
+ /*
+ * Set to true when the backend does not support a call.
+ */
+
+ BOOL rng_fault_state;
/*
* Set to RPC_BIG_ENDIAN when dealing with big-endian PDU's
Modified: branches/tmp/vl-messaging/source/nsswitch/winbindd_cache.c
===================================================================
--- branches/tmp/vl-messaging/source/nsswitch/winbindd_cache.c 2006-10-10 07:55:46 UTC (rev 19221)
+++ branches/tmp/vl-messaging/source/nsswitch/winbindd_cache.c 2006-10-10 07:57:01 UTC (rev 19222)
@@ -2523,7 +2523,6 @@
BOOL set_global_winbindd_state_offline(void)
{
TDB_DATA data;
- int err;
DEBUG(10,("set_global_winbindd_state_offline: offline requested.\n"));
@@ -2545,21 +2544,16 @@
return True;
}
-/* wcache->tdb->ecode = 0; */
-
data = tdb_fetch_bystring( wcache->tdb, "WINBINDD_OFFLINE" );
- /* As this is a key with no data we don't need to free, we
- check for existence by looking at tdb_err. */
-
- err = tdb_error(wcache->tdb);
-
- if (err == TDB_ERR_NOEXIST) {
+ if (!data.dptr || data.dsize != 4) {
DEBUG(10,("set_global_winbindd_state_offline: offline state not set.\n"));
+ SAFE_FREE(data.dptr);
return False;
} else {
DEBUG(10,("set_global_winbindd_state_offline: offline state set.\n"));
global_winbindd_offline_state = True;
+ SAFE_FREE(data.dptr);
return True;
}
}
Modified: branches/tmp/vl-messaging/source/nsswitch/winbindd_ccache_access.c
===================================================================
--- branches/tmp/vl-messaging/source/nsswitch/winbindd_ccache_access.c 2006-10-10 07:55:46 UTC (rev 19221)
+++ branches/tmp/vl-messaging/source/nsswitch/winbindd_ccache_access.c 2006-10-10 07:57:01 UTC (rev 19222)
@@ -161,7 +161,7 @@
/* Parse domain and username */
- if (!parse_domain_user(state->request.data.ccache_ntlm_auth.user,
+ if (!canonicalize_username(state->request.data.ccache_ntlm_auth.user,
name_domain, name_user)) {
DEBUG(5,("winbindd_ccache_ntlm_auth: cannot parse domain and user from name [%s]\n",
state->request.data.ccache_ntlm_auth.user));
Modified: branches/tmp/vl-messaging/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/tmp/vl-messaging/source/nsswitch/winbindd_cm.c 2006-10-10 07:55:46 UTC (rev 19221)
+++ branches/tmp/vl-messaging/source/nsswitch/winbindd_cm.c 2006-10-10 07:57:01 UTC (rev 19222)
@@ -122,6 +122,12 @@
TALLOC_FREE(domain->check_online_event);
}
+ if (domain->internal) {
+ DEBUG(3,("set_domain_offline: domain %s is internal - logic error.\n",
+ domain->name ));
+ return;
+ }
+
domain->online = False;
/* We only add the timeout handler that checks and
@@ -166,6 +172,12 @@
DEBUG(10,("set_domain_online: called for domain %s\n",
domain->name ));
+ if (domain->internal) {
+ DEBUG(3,("set_domain_offline: domain %s is internal - logic error.\n",
+ domain->name ));
+ return;
+ }
+
if (get_global_winbindd_state_offline()) {
DEBUG(10,("set_domain_online: domain %s remaining globally offline\n",
domain->name ));
@@ -1197,6 +1209,12 @@
{
NTSTATUS result;
+ /* Internal connections never use the network. */
+ if (domain->internal) {
+ domain->initialized = True;
+ return NT_STATUS_OK;
+ }
+
if (connection_ok(domain)) {
if (!domain->initialized) {
set_dc_type_and_flags(domain);
@@ -1237,11 +1255,6 @@
ZERO_STRUCT( ctr );
- if (domain->internal) {
- domain->initialized = True;
- return;
- }
-
if (!connection_ok(domain)) {
return;
}
Modified: branches/tmp/vl-messaging/source/nsswitch/winbindd_dual.c
===================================================================
--- branches/tmp/vl-messaging/source/nsswitch/winbindd_dual.c 2006-10-10 07:55:46 UTC (rev 19221)
+++ branches/tmp/vl-messaging/source/nsswitch/winbindd_dual.c 2006-10-10 07:57:01 UTC (rev 19222)
@@ -454,10 +454,22 @@
schedule_async_request(child);
}
-/* Forward the online/offline messages to our children. */
+/* Ensure any negative cache entries with the netbios or realm names are removed. */
+
+void winbindd_flush_negative_conn_cache(struct winbindd_domain *domain)
+{
+ flush_negative_conn_cache_for_domain(domain->name);
+ if (*domain->alt_name) {
+ flush_negative_conn_cache_for_domain(domain->alt_name);
+ }
+}
+
+/* Set our domains as offline and forward the offline message to our children. */
+
void winbind_msg_offline(int msg_type, struct process_id src, void *buf, size_t len)
{
struct winbindd_child *child;
+ struct winbindd_domain *domain;
DEBUG(10,("winbind_msg_offline: got offline message.\n"));
@@ -472,17 +484,43 @@
return;
}
+ /* Set all our domains as offline. */
+ for (domain = domain_list(); domain; domain = domain->next) {
+ if (domain->internal) {
+ continue;
+ }
+ DEBUG(5,("winbind_msg_offline: marking %s offline.\n", domain->name));
+ set_domain_offline(domain);
+ }
+
for (child = children; child != NULL; child = child->next) {
- DEBUG(10,("winbind_msg_offline: sending message to pid %u.\n",
- (unsigned int)child->pid ));
- message_send_pid(pid_to_procid(child->pid), MSG_WINBIND_OFFLINE, NULL, 0, False);
+ /* Don't send message to idmap child. */
+ if (!child->domain || (child == idmap_child())) {
+ continue;
+ }
+
+ /* Or internal domains (this should not be possible....) */
+ if (child->domain->internal) {
+ continue;
+ }
+
+ /* Each winbindd child should only process requests for one domain - make sure
+ we only set it online / offline for that domain. */
+
+ DEBUG(10,("winbind_msg_offline: sending message to pid %u for domain %s.\n",
+ (unsigned int)child->pid, domain->name ));
+
+ message_send_pid(pid_to_procid(child->pid), MSG_WINBIND_OFFLINE, domain->name,
+ strlen(domain->name)+1, False);
}
}
-/* Forward the online/offline messages to our children. */
+/* Set our domains as online and forward the online message to our children. */
+
void winbind_msg_online(int msg_type, struct process_id src, void *buf, size_t len)
{
struct winbindd_child *child;
+ struct winbindd_domain *domain;
DEBUG(10,("winbind_msg_online: got online message.\n"));
@@ -497,10 +535,36 @@
smb_nscd_flush_user_cache();
smb_nscd_flush_group_cache();
+ /* Set all our domains as online. */
+ for (domain = domain_list(); domain; domain = domain->next) {
+ if (domain->internal) {
+ continue;
+ }
+ DEBUG(5,("winbind_msg_online: requesting %s to go online.\n", domain->name));
+
+ winbindd_flush_negative_conn_cache(domain);
+ set_domain_online_request(domain);
+ }
+
for (child = children; child != NULL; child = child->next) {
- DEBUG(10,("winbind_msg_online: sending message to pid %u.\n",
- (unsigned int)child->pid ));
- message_send_pid(pid_to_procid(child->pid), MSG_WINBIND_ONLINE, NULL, 0, False);
+ /* Don't send message to idmap child. */
+ if (!child->domain || (child == idmap_child())) {
+ continue;
+ }
+
+ /* Or internal domains (this should not be possible....) */
+ if (child->domain->internal) {
+ continue;
+ }
+
+ /* Each winbindd child should only process requests for one domain - make sure
+ we only set it online / offline for that domain. */
+
+ DEBUG(10,("winbind_msg_online: sending message to pid %u for domain %s.\n",
+ (unsigned int)child->pid, domain->name ));
+
+ message_send_pid(pid_to_procid(child->pid), MSG_WINBIND_ONLINE, domain->name,
+ strlen(domain->name)+1, False);
}
}
@@ -561,9 +625,14 @@
static void child_msg_offline(int msg_type, struct process_id src, void *buf, size_t len)
{
struct winbindd_domain *domain;
+ const char *domainname = (const char *)buf;
- DEBUG(5,("child_msg_offline received.\n"));
+ if (buf == NULL || len == 0) {
+ return;
+ }
+ DEBUG(5,("child_msg_offline received for domain %s.\n", domainname));
+
if (!lp_winbind_offline_logon()) {
DEBUG(10,("child_msg_offline: rejecting offline message.\n"));
return;
@@ -575,32 +644,32 @@
return;
}
- /* Mark all our domains as offline. */
+ /* Mark the requested domain offline. */
for (domain = domain_list(); domain; domain = domain->next) {
- DEBUG(5,("child_msg_offline: marking %s offline.\n", domain->name));
- set_domain_offline(domain);
+ if (domain->internal) {
+ continue;
+ }
+ if (strequal(domain->name, domainname)) {
+ DEBUG(5,("child_msg_offline: marking %s offline.\n", domain->name));
+ set_domain_offline(domain);
+ }
}
}
-/* Ensure any negative cache entries with the netbios or realm names are removed. */
-
-void winbindd_flush_negative_conn_cache(struct winbindd_domain *domain)
-{
- flush_negative_conn_cache_for_domain(domain->name);
- if (*domain->alt_name) {
- flush_negative_conn_cache_for_domain(domain->alt_name);
- }
-}
-
/* Deal with a request to go online. */
static void child_msg_online(int msg_type, struct process_id src, void *buf, size_t len)
{
struct winbindd_domain *domain;
+ const char *domainname = (const char *)buf;
- DEBUG(5,("child_msg_online received.\n"));
+ if (buf == NULL || len == 0) {
+ return;
+ }
+ DEBUG(5,("child_msg_online received for domain %s.\n", domainname));
+
if (!lp_winbind_offline_logon()) {
DEBUG(10,("child_msg_online: rejecting online message.\n"));
return;
@@ -613,9 +682,14 @@
to force a reconnect now. */
for (domain = domain_list(); domain; domain = domain->next) {
- DEBUG(5,("child_msg_online: requesting %s to go online.\n", domain->name));
- winbindd_flush_negative_conn_cache(domain);
- set_domain_online_request(domain);
+ if (domain->internal) {
+ continue;
+ }
+ if (strequal(domain->name, domainname)) {
+ DEBUG(5,("child_msg_online: requesting %s to go online.\n", domain->name));
+ winbindd_flush_negative_conn_cache(domain);
+ set_domain_online_request(domain);
+ }
}
}
Modified: branches/tmp/vl-messaging/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/tmp/vl-messaging/source/nsswitch/winbindd_pam.c 2006-10-10 07:55:46 UTC (rev 19221)
+++ branches/tmp/vl-messaging/source/nsswitch/winbindd_pam.c 2006-10-10 07:57:01 UTC (rev 19222)
@@ -677,7 +677,7 @@
/* Parse domain and username */
- if (!parse_domain_user(state->request.data.auth.user,
+ if (!canonicalize_username(state->request.data.auth.user,
name_domain, name_user)) {
set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
DEBUG(5, ("Plain text authentication for %s returned %s "
@@ -1806,7 +1806,16 @@
/* Setup crap */
- parse_domain_user(state->request.data.chauthtok.user, domain, user);
+ if (!canonicalize_username(state->request.data.chauthtok.user, domain, user)) {
+ set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
+ DEBUG(5, ("winbindd_pam_chauthtok: canonicalize_username %s failed with %s"
+ "(PAM: %d)\n",
+ state->request.data.auth.user,
+ state->response.data.auth.nt_status_string,
+ state->response.data.auth.pam_error));
+ request_error(state);
+ return;
+ }
contact_domain = find_domain_from_name(domain);
if (!contact_domain) {
@@ -1941,7 +1950,7 @@
state->request.data.logoff.krb5ccname
[sizeof(state->request.data.logoff.krb5ccname)-1]='\0';
- if (!parse_domain_user(state->request.data.logoff.user, name_domain, user)) {
+ if (!canonicalize_username(state->request.data.logoff.user, name_domain, user)) {
goto failed;
}
Modified: branches/tmp/vl-messaging/source/nsswitch/winbindd_util.c
===================================================================
--- branches/tmp/vl-messaging/source/nsswitch/winbindd_util.c 2006-10-10 07:55:46 UTC (rev 19221)
+++ branches/tmp/vl-messaging/source/nsswitch/winbindd_util.c 2006-10-10 07:57:01 UTC (rev 19222)
@@ -462,16 +462,18 @@
fstrcpy(domain->dcname, state->request.data.init_conn.dcname);
}
- if (strlen(domain->dcname) > 0) {
- if (!resolve_name(domain->dcname, &ipaddr, 0x20)) {
- DEBUG(2, ("Could not resolve DC name %s for domain %s\n",
- domain->dcname, domain->name));
- return WINBINDD_ERROR;
+ if (!domain->internal) {
+ if (strlen(domain->dcname) > 0) {
+ if (!resolve_name(domain->dcname, &ipaddr, 0x20)) {
+ DEBUG(2, ("Could not resolve DC name %s for domain %s\n",
+ domain->dcname, domain->name));
+ return WINBINDD_ERROR;
+ }
+
+ domain->dcaddr.sin_family = PF_INET;
+ putip((char *)&(domain->dcaddr.sin_addr), (char *)&ipaddr);
+ domain->dcaddr.sin_port = 0;
}
-
- domain->dcaddr.sin_family = PF_INET;
- putip((char *)&(domain->dcaddr.sin_addr), (char *)&ipaddr);
- domain->dcaddr.sin_port = 0;
}
init_dc_connection(domain);
@@ -888,6 +890,26 @@
return ((*domain != NULL) && (*user != NULL));
}
+/* Ensure an incoming username from NSS is fully qualified. Replace the
+ incoming fstring with DOMAIN <separator> user. Returns the same
+ values as parse_domain_user() but also replaces the incoming username.
+ Used to ensure all names are fully qualified within winbindd.
+ Used by the NSS protocols of auth, chauthtok, logoff and ccache_ntlm_auth.
+ The protocol definitions of auth_crap, chng_pswd_auth_crap
+ really should be changed to use this instead of doing things
+ by hand. JRA. */
+
+BOOL canonicalize_username(fstring username_inout, fstring domain, fstring user)
+{
+ if (!parse_domain_user(username_inout, domain, user)) {
+ return False;
+ }
+ slprintf(username_inout, sizeof(fstring) - 1, "%s%c%s",
+ domain, *lp_winbind_separator(),
+ user);
+ return True;
+}
+
/*
Fill DOMAIN\\USERNAME entry accounting 'winbind use default domain' and
'winbind separator' options.
Modified: branches/tmp/vl-messaging/source/rpc_server/srv_pipe.c
===================================================================
--- branches/tmp/vl-messaging/source/rpc_server/srv_pipe.c 2006-10-10 07:55:46 UTC (rev 19221)
+++ branches/tmp/vl-messaging/source/rpc_server/srv_pipe.c 2006-10-10 07:57:01 UTC (rev 19222)
@@ -2310,6 +2310,13 @@
return True;
}
+ if (p->rng_fault_state) {
+ DEBUG(4, ("api_rpcTNP: rng fault return\n"));
+ p->rng_fault_state = False;
+ setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
+ return True;
+ }
+
slprintf(name, sizeof(name)-1, "out_%s", rpc_name);
offset2 = prs_offset(&p->out_data.rdata);
prs_set_offset(&p->out_data.rdata, offset1);
Modified: branches/tmp/vl-messaging/source/smbd/lanman.c
===================================================================
--- branches/tmp/vl-messaging/source/smbd/lanman.c 2006-10-10 07:55:46 UTC (rev 19221)
+++ branches/tmp/vl-messaging/source/smbd/lanman.c 2006-10-10 07:57:01 UTC (rev 19222)
@@ -2691,7 +2691,7 @@
if ((count=get_server_info(SV_TYPE_ALL,&servers,lp_workgroup()))>0) {
for (i=0;i<count;i++) {
- if (strequal(servers[i].name,get_local_machine_name())) {
+ if (strequal(servers[i].name,global_myname())) {
servertype = servers[i].type;
push_ascii(comment,servers[i].comment,sizeof(pstring),STR_TERMINATE);
}
Modified: branches/tmp/vl-messaging/source/utils/smbcontrol.c
===================================================================
--- branches/tmp/vl-messaging/source/utils/smbcontrol.c 2006-10-10 07:55:46 UTC (rev 19221)
+++ branches/tmp/vl-messaging/source/utils/smbcontrol.c 2006-10-10 07:57:01 UTC (rev 19222)
@@ -883,25 +883,27 @@
5 times. */
for (retry = 0; retry < 5; retry++) {
- int err;
TDB_DATA d;
+ char buf[4];
+
ZERO_STRUCT(d);
+
+ SIVAL(buf, 0, time(NULL));
+ d.dptr = buf;
+ d.dsize = 4;
+
tdb_store_bystring(tdb, "WINBINDD_OFFLINE", d, TDB_INSERT);
ret = send_message(pid, MSG_WINBIND_OFFLINE, NULL, 0, False);
/* Check that the entry "WINBINDD_OFFLINE" still exists. */
- /* tdb->ecode = TDB_SUCCESS; */
d = tdb_fetch_bystring( tdb, "WINBINDD_OFFLINE" );
-
- /* As this is a key with no data we don't need to free, we
- check for existence by looking at tdb_err. */
-
- err = tdb_error(tdb);
-
- if (err == TDB_ERR_NOEXIST) {
+
+ if (!d.dptr || d.dsize != 4) {
+ SAFE_FREE(d.dptr);
DEBUG(10,("do_winbind_offline: offline state not set - retrying.\n"));
} else {
+ SAFE_FREE(d.dptr);
break;
}
}
More information about the samba-cvs
mailing list