[SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer
mdw at samba.org
Tue Apr 13 01:32:57 MDT 2010
The branch, master has been updated
via 6661ecb... s4:CLDAP - "fill_netlogon_samlogon_reponse" - check for out of memory
via a894d6c... s4:acl/descriptor LDB module - distinguish between root and default basedn
via 0dffa9c... s4:use "samdb_forest_name" for the forest DNS domainname lookup
via 719a469... s4:dsdb/common/util.c - add a call which determines centrally the forest DNS domainname
from 5fc2801... s3: Cache the username map in gencache
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6661ecbe944567a1813fad46d67554433196aae1
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Tue Apr 13 09:25:26 2010 +0200
s4:CLDAP - "fill_netlogon_samlogon_reponse" - check for out of memory
commit a894d6cc37c3799d478720f4340fcef57a5d0b4b
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Tue Apr 13 09:18:33 2010 +0200
s4:acl/descriptor LDB module - distinguish between root and default basedn
The first is the forest base DN, the second the domain base DN. At the moment
we assume that they are both the same but it hasn't to be so.
Nadia, I would invite you to fix the outstanding parts regarding this (I added
comments).
commit 0dffa9caec8925a081e951579dd696810fc9e857
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Mon Apr 12 15:02:10 2010 +0200
s4:use "samdb_forest_name" for the forest DNS domainname lookup
commit 719a46913bed65932ebe696f441bd88ebd54819c
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Mon Apr 12 14:15:34 2010 +0200
s4:dsdb/common/util.c - add a call which determines centrally the forest DNS domainname
-----------------------------------------------------------------------
Summary of changes:
source4/cldap_server/netlogon.c | 11 ++++++++---
source4/dsdb/common/util.c | 19 +++++++++++++++++++
source4/dsdb/samdb/ldb_modules/acl.c | 6 ++++++
source4/dsdb/samdb/ldb_modules/descriptor.c | 6 ++++++
source4/rpc_server/netlogon/dcerpc_netlogon.c | 21 ++++++++-------------
5 files changed, 47 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index e6a4ab3..86f044a 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -62,6 +62,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
const char *pdc_name;
struct GUID domain_uuid;
const char *dns_domain;
+ const char *forest_domain;
const char *pdc_dns_name;
const char *flatname;
const char *server_site;
@@ -75,6 +76,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
/* the domain has an optional trailing . */
if (domain && domain[strlen(domain)-1] == '.') {
domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1);
+ NT_STATUS_HAVE_NO_MEMORY(domain);
}
if (domain && strcasecmp_m(domain, lp_dnsdomain(lp_ctx)) == 0) {
@@ -239,13 +241,16 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
#endif
pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name(lp_ctx));
+ NT_STATUS_HAVE_NO_MEMORY(pdc_name);
domain_uuid = samdb_result_guid(dom_res->msgs[0], "objectGUID");
dns_domain = lp_dnsdomain(lp_ctx);
+ forest_domain = samdb_forest_name(sam_ctx, mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(forest_domain);
pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s",
strlower_talloc(mem_ctx,
lp_netbios_name(lp_ctx)),
dns_domain);
-
+ NT_STATUS_HAVE_NO_MEMORY(pdc_dns_name);
flatname = lp_sam_name(lp_ctx);
server_site = samdb_server_site_name(sam_ctx, mem_ctx);
/* FIXME: Hardcoded site name */
@@ -268,7 +273,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
}
netlogon->data.nt5_ex.server_type = server_type;
netlogon->data.nt5_ex.domain_uuid = domain_uuid;
- netlogon->data.nt5_ex.forest = dns_domain;
+ netlogon->data.nt5_ex.forest = forest_domain;
netlogon->data.nt5_ex.dns_domain = dns_domain;
netlogon->data.nt5_ex.pdc_dns_name = pdc_dns_name;
netlogon->data.nt5_ex.domain = flatname;
@@ -301,7 +306,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
netlogon->data.nt5.user_name = user;
netlogon->data.nt5.domain_name = flatname;
netlogon->data.nt5.domain_uuid = domain_uuid;
- netlogon->data.nt5.forest = dns_domain;
+ netlogon->data.nt5.forest = forest_domain;
netlogon->data.nt5.dns_domain = dns_domain;
netlogon->data.nt5.pdc_dns_name = pdc_dns_name;
netlogon->data.nt5.pdc_ip = pdc_ip;
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 5625e95..d36e1ec 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -3473,3 +3473,22 @@ int dsdb_search_one(struct ldb_context *ldb,
return LDB_SUCCESS;
}
+
+/* returns back the forest DNS name */
+const char *samdb_forest_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx)
+{
+ const char *forest_name = ldb_dn_canonical_string(mem_ctx,
+ ldb_get_root_basedn(ldb));
+ char *p;
+
+ if (forest_name == NULL) {
+ return NULL;
+ }
+
+ p = strchr(forest_name, '/');
+ if (p) {
+ *p = '\0';
+ }
+
+ return forest_name;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index e022706..5679e11 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -634,8 +634,10 @@ static int acl_add(struct ldb_module *module, struct ldb_request *req)
ldb = ldb_module_get_ctx(module);
/* Creating an NC. There is probably something we should do here,
* but we will establish that later */
+ /* FIXME: this has to be made dynamic at some point */
if ((ldb_dn_compare(req->op.add.message->dn, (ldb_get_schema_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.add.message->dn, (ldb_get_config_basedn(ldb))) == 0) ||
+ (ldb_dn_compare(req->op.add.message->dn, (ldb_get_default_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.add.message->dn, (ldb_get_root_basedn(ldb))) == 0)) {
return ldb_next_request(module, req);
}
@@ -847,8 +849,10 @@ static int acl_delete(struct ldb_module *module, struct ldb_request *req)
/* Nope, we don't have delete object. Lets check if we have delete child on the parent */
/* No parent, so check fails */
+ /* FIXME: this has to be made dynamic at some point */
if ((ldb_dn_compare(req->op.del.dn, (ldb_get_schema_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.del.dn, (ldb_get_config_basedn(ldb))) == 0) ||
+ (ldb_dn_compare(req->op.del.dn, (ldb_get_default_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.del.dn, (ldb_get_root_basedn(ldb))) == 0)) {
DEBUG(10,("acl:deleting an NC\n"));
return ldb_module_done(req, NULL, NULL, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS);
@@ -975,8 +979,10 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
}
/* What exactly to do in this case? It would fail anyway.. */
+ /* FIXME: this has to be made dynamic at some point */
if ((ldb_dn_compare(req->op.rename.newdn, (ldb_get_schema_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.rename.newdn, (ldb_get_config_basedn(ldb))) == 0) ||
+ (ldb_dn_compare(req->op.rename.newdn, (ldb_get_default_basedn(ldb))) == 0) ||
(ldb_dn_compare(req->op.rename.newdn, (ldb_get_root_basedn(ldb))) == 0)) {
DEBUG(10,("acl:moving as an NC\n"));
return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index efd331b..cdfab3c 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -64,6 +64,7 @@ struct dom_sid *get_default_ag(TALLOC_CTX *mem_ctx,
{
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
struct ldb_dn *root_base_dn = ldb_get_root_basedn(ldb);
+ struct ldb_dn *default_base_dn = ldb_get_default_basedn(ldb);
struct ldb_dn *schema_base_dn = ldb_get_schema_basedn(ldb);
struct ldb_dn *config_base_dn = ldb_get_config_basedn(ldb);
const struct dom_sid *domain_sid = samdb_domain_sid(ldb);
@@ -72,6 +73,9 @@ struct dom_sid *get_default_ag(TALLOC_CTX *mem_ctx,
struct dom_sid *sa_sid = dom_sid_add_rid(tmp_ctx, domain_sid, DOMAIN_RID_SCHEMA_ADMINS);
struct dom_sid *dag_sid;
+ /* FIXME: this has to be fixed regarding the forest DN (root DN) and
+ * the domain DN (default DN) - they aren't always the same. */
+
if (ldb_dn_compare_base(schema_base_dn, dn) == 0){
if (security_token_has_sid(token, sa_sid))
dag_sid = dom_sid_dup(mem_ctx, sa_sid);
@@ -697,8 +701,10 @@ static int descriptor_do_add(struct descriptor_context *ac)
ac->sd_val = talloc_memdup(ac, &sd_element->values[0], sizeof(struct ldb_val));
}
/* NC's have no parent */
+ /* FIXME: this has to be made dynamic at some point */
if ((ldb_dn_compare(msg->dn, (ldb_get_schema_basedn(ldb))) == 0) ||
(ldb_dn_compare(msg->dn, (ldb_get_config_basedn(ldb))) == 0) ||
+ (ldb_dn_compare(msg->dn, (ldb_get_default_basedn(ldb))) == 0) ||
(ldb_dn_compare(msg->dn, (ldb_get_root_basedn(ldb))) == 0)) {
ac->parentsd_val = NULL;
} else if (ac->search_res != NULL) {
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 3fa5c69..698930e 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1122,18 +1122,10 @@ static NTSTATUS fill_one_domain_info(TALLOC_CTX *mem_ctx,
/* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */
info->dns_forestname.string = NULL;
} else {
- char *p;
- /* TODO: we need a common function for pulling the forest */
- info->dns_forestname.string = ldb_dn_canonical_string(info, ldb_get_root_basedn(sam_ctx));
- if (!info->dns_forestname.string) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
- p = strchr(info->dns_forestname.string, '/');
- if (p) {
- *p = '\0';
- }
+ info->dns_forestname.string = samdb_forest_name(sam_ctx, mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(info->dns_forestname.string);
info->dns_forestname.string = talloc_asprintf(mem_ctx, "%s.", info->dns_forestname.string);
-
+ NT_STATUS_HAVE_NO_MEMORY(info->dns_forestname.string);
}
if (is_local) {
@@ -1530,7 +1522,8 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call,
info->dc_address_type = DS_ADDRESS_TYPE_INET;
info->domain_guid = samdb_result_guid(res[0], "objectGUID");
info->domain_name = lp_dnsdomain(lp_ctx);
- info->forest_name = lp_dnsdomain(lp_ctx);
+ info->forest_name = samdb_forest_name(sam_ctx, mem_ctx);
+ W_ERROR_HAVE_NO_MEMORY(info->forest_name);
info->dc_flags = DS_DNS_FOREST_ROOT |
DS_DNS_DOMAIN |
DS_DNS_CONTROLLER |
@@ -1925,7 +1918,9 @@ static WERROR fill_forest_trust_array(TALLOC_CTX *mem_ctx,
e->flags = 0;
e->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME;
e->time = 0; /* so far always 0 in trces. */
- e->forest_trust_data.top_level_name.string = lp_dnsdomain(lp_ctx);
+ e->forest_trust_data.top_level_name.string = samdb_forest_name(sam_ctx,
+ mem_ctx);
+ W_ERROR_HAVE_NO_MEMORY(e->forest_trust_data.top_level_name.string);
info->entries[0] = e;
--
Samba Shared Repository
More information about the samba-cvs
mailing list