[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1122-gfced9df
Volker Lendecke
vlendec at samba.org
Sun Aug 23 02:19:50 MDT 2009
The branch, master has been updated
via fced9dfc1ea45f902e9281679f479ae18d229c17 (commit)
via 1603c608c9c8c6b42a18dd5545c5d15fc2f0af48 (commit)
via a0bf0cb0fb1d2f98311449949aa9e15f6523cb3b (commit)
via 963419be1bdc7e4ae97e8739da305691109a13a7 (commit)
via fc3d427af8bba3b6d11ba6f66b48533ae918d675 (commit)
via a09b9ed9e2d4ce02dffa156049f266ba5bb59c49 (commit)
from da9356711b14d7475bcfe4cf0bb1874c018db276 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fced9dfc1ea45f902e9281679f479ae18d229c17
Author: Volker Lendecke <vl at samba.org>
Date: Sat Aug 22 15:29:03 2009 +0200
s3:winbind: Fallback to the forest root for lookupname
Thanks to Steven Danneman for watching me closely :-)
commit 1603c608c9c8c6b42a18dd5545c5d15fc2f0af48
Author: Volker Lendecke <vl at samba.org>
Date: Sat Aug 22 17:10:16 2009 +0200
s3:winbind: Even on a domain controller, "our" domain is internal
It happens to be what we also share out via NETLOGON/SAMR, but winbind has
direct access to it via the passdb domain methods
commit a0bf0cb0fb1d2f98311449949aa9e15f6523cb3b
Author: Volker Lendecke <vl at samba.org>
Date: Sat Aug 22 17:12:28 2009 +0200
s3:winbind: Do not drop the first user in sam_query_user_list
commit 963419be1bdc7e4ae97e8739da305691109a13a7
Author: Volker Lendecke <vl at samba.org>
Date: Sat Aug 22 17:13:09 2009 +0200
s3:winbind: For internal domains it is pointless to connect to a DC
commit fc3d427af8bba3b6d11ba6f66b48533ae918d675
Author: Volker Lendecke <vl at samba.org>
Date: Sat Aug 22 17:14:32 2009 +0200
s3:winbind: winbindd_dual_ndrcmd should output what it's doing
commit a09b9ed9e2d4ce02dffa156049f266ba5bb59c49
Author: Volker Lendecke <vl at samba.org>
Date: Sat Aug 22 18:35:52 2009 +0200
s3:winbind: Fix the talloc hierarchy in wb_queryuser_done
We need to return state->userinfo beyond the end of wb_queryuser_recv, so the
unmarshalled strings are children of that, not the state that is lost sooner.
Metze, this scheme works fine as long as we only have a single malloc'ed
entity that is returned. I think we need a different scheme in the future
when we might have more than one independent object to be returned.
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/wb_lookupname.c | 49 ++++++++++++++++++++++++++++++++++
source3/winbindd/wb_queryuser.c | 2 +-
source3/winbindd/winbindd_cm.c | 6 ++++
source3/winbindd/winbindd_dual_ndr.c | 4 +++
source3/winbindd/winbindd_passdb.c | 7 +++--
source3/winbindd/winbindd_util.c | 12 +++-----
6 files changed, 69 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/wb_lookupname.c b/source3/winbindd/wb_lookupname.c
index d4e9b9a..12e1bab 100644
--- a/source3/winbindd/wb_lookupname.c
+++ b/source3/winbindd/wb_lookupname.c
@@ -22,11 +22,16 @@
#include "librpc/gen_ndr/cli_wbint.h"
struct wb_lookupname_state {
+ struct tevent_context *ev;
+ const char *dom_name;
+ const char *name;
+ uint32_t flags;
struct dom_sid sid;
enum lsa_SidType type;
};
static void wb_lookupname_done(struct tevent_req *subreq);
+static void wb_lookupname_root_done(struct tevent_req *subreq);
struct tevent_req *wb_lookupname_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -42,6 +47,10 @@ struct tevent_req *wb_lookupname_send(TALLOC_CTX *mem_ctx,
if (req == NULL) {
return NULL;
}
+ state->ev = ev;
+ state->dom_name = dom_name;
+ state->name = name;
+ state->flags = flags;
domain = find_lookup_domain_from_name(dom_name);
if (domain == NULL) {
@@ -73,6 +82,46 @@ static void wb_lookupname_done(struct tevent_req *subreq)
subreq, struct tevent_req);
struct wb_lookupname_state *state = tevent_req_data(
req, struct wb_lookupname_state);
+ struct winbindd_domain *root_domain;
+ NTSTATUS status, result;
+
+ status = rpccli_wbint_LookupName_recv(subreq, state, &result);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ if (NT_STATUS_IS_OK(result)) {
+ tevent_req_done(req);
+ return;
+ }
+
+ /*
+ * "our" DC did not find it, lets retry with the forest root
+ * domain
+ */
+
+ root_domain = find_root_domain();
+ if (root_domain == NULL) {
+ tevent_req_nterror(req, result);
+ return;
+ }
+
+ subreq = rpccli_wbint_LookupName_send(
+ state, state->ev, root_domain->child.rpccli, state->dom_name,
+ state->name, state->flags, &state->type, &state->sid);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, wb_lookupname_root_done, req);
+}
+
+static void wb_lookupname_root_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct wb_lookupname_state *state = tevent_req_data(
+ req, struct wb_lookupname_state);
NTSTATUS status, result;
status = rpccli_wbint_LookupName_recv(subreq, state, &result);
diff --git a/source3/winbindd/wb_queryuser.c b/source3/winbindd/wb_queryuser.c
index 1af4400..7a2f1de 100644
--- a/source3/winbindd/wb_queryuser.c
+++ b/source3/winbindd/wb_queryuser.c
@@ -77,7 +77,7 @@ static void wb_queryuser_done(struct tevent_req *subreq)
req, struct wb_queryuser_state);
NTSTATUS status, result;
- status = rpccli_wbint_QueryUser_recv(subreq, state, &result);
+ status = rpccli_wbint_QueryUser_recv(subreq, state->info, &result);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
tevent_req_nterror(req, status);
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 460c773..44924a6 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -485,6 +485,12 @@ void set_domain_online_request(struct winbindd_domain *domain)
return;
}
+ if (domain->internal) {
+ DEBUG(10, ("set_domain_online_request: Internal domains are "
+ "always online\n"));
+ return;
+ }
+
/* We've been told it's safe to go online and
try and connect to a DC. But I don't believe it
because network manager seems to lie.
diff --git a/source3/winbindd/winbindd_dual_ndr.c b/source3/winbindd/winbindd_dual_ndr.c
index f72d661..e6f3265 100644
--- a/source3/winbindd/winbindd_dual_ndr.c
+++ b/source3/winbindd/winbindd_dual_ndr.c
@@ -239,6 +239,10 @@ enum winbindd_result winbindd_dual_ndrcmd(struct winbindd_domain *domain,
return WINBINDD_ERROR;
}
+ DEBUG(10, ("winbindd_dual_ndrcmd: Running command %s (%s)\n",
+ fns[state->request->data.ndrcmd].name,
+ domain ? domain->name : "no domain"));
+
ZERO_STRUCT(p);
p.mem_ctx = talloc_stackframe();
p.in_data.data.buffer_size = state->request->extra_len;
diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c
index 4b3095a..5a2c31f 100644
--- a/source3/winbindd/winbindd_passdb.c
+++ b/source3/winbindd/winbindd_passdb.c
@@ -460,9 +460,10 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
return NT_STATUS_NO_MEMORY;
}
- *num_entries = pdb_search_entries(ps,
- 1, 0xffffffff,
- &entries);
+ *num_entries = pdb_search_entries(ps, 0, 0xffffffff, &entries);
+
+ DEBUG(10, ("sam_query_user_list: found %d users\n",
+ (int)*num_entries));
*info = TALLOC_ZERO_ARRAY(mem_ctx, struct wbint_userinfo, *num_entries);
if (!(*info)) {
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 993ef54..5c2ebab 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -76,9 +76,6 @@ static bool is_internal_domain(const DOM_SID *sid)
if (sid == NULL)
return False;
- if ( IS_DC )
- return sid_check_is_builtin(sid);
-
return (sid_check_is_domain(sid) || sid_check_is_builtin(sid));
}
@@ -87,9 +84,6 @@ static bool is_in_internal_domain(const DOM_SID *sid)
if (sid == NULL)
return False;
- if ( IS_DC )
- return sid_check_is_in_builtin(sid);
-
return (sid_check_is_in_our_domain(sid) || sid_check_is_in_builtin(sid));
}
@@ -569,7 +563,11 @@ enum winbindd_result winbindd_dual_init_connection(struct winbindd_domain *domai
fstrcpy(domain->dcname, state->request->data.init_conn.dcname);
}
- init_dc_connection(domain);
+ if (domain->internal) {
+ domain->initialized = true;
+ } else {
+ init_dc_connection(domain);
+ }
if (!domain->initialized) {
/* If we return error here we can't do any cached authentication,
--
Samba Shared Repository
More information about the samba-cvs
mailing list