[SCM] Samba Shared Repository - branch master updated

Matthias Dieter Wallnöfer mdw at samba.org
Tue Mar 9 10:45:20 MST 2010


The branch, master has been updated
       via  2ee3cca... s4:winbind - use "unsigned" variables where possible
       via  1310eba... s4:winbind/wb_cmd_getgroups.c - fix up warnings
       via  98bc10d... s4:unittest Fix unittest to reflect that wbinfo -r no longer fail
       via  bc766a9... s4:winbind: stub implementation of WINBINDD_PAM_LOGOFF
       via  238ff24... s4:winbind: Fix a misplaced returned info
       via  42b5b38... s4:winbind Implement logic for getgroups to work
       via  30baf31... s4:winbind: implement calls for allowing getent groups
       via  74166c3... s4:torture/rpc/netlogon.c - "LogonGetDomainInfo" test - make it compatible against Windows Server 2008
       via  9995a37... s4:netlogon RPC - "LogonGetDomainInfo" - make the call compatible with >= Windows 2008
       via  1deefca... libcli/auth/schannel_state_tdb.c - fix an obviously wrong error handling
      from  48cdca0... s4-smbtorture: fix uninitialized variable in winreg QueryValue call.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 2ee3cca4ffd60d091ca5fe8035f90969f6b91cc4
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Tue Mar 9 17:54:12 2010 +0100

    s4:winbind - use "unsigned" variables where possible

commit 1310eba9705d6c49ec36555f546c4b99174ee695
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Tue Mar 9 17:52:10 2010 +0100

    s4:winbind/wb_cmd_getgroups.c - fix up warnings
    
    Also fix some indentations.

commit 98bc10d0a8284387789fafc32a1a1e54a7e31824
Author: Matthieu Patou <mat at matws.net>
Date:   Tue Mar 9 15:35:54 2010 +0300

    s4:unittest Fix unittest to reflect that wbinfo -r no longer fail
    
    Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>

commit bc766a9a8475344eb4556da91f68874523d1fe52
Author: Matthieu Patou <mat at matws.net>
Date:   Wed Mar 3 23:29:15 2010 +0300

    s4:winbind: stub implementation of WINBINDD_PAM_LOGOFF
    
    Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>

commit 238ff24341767230614a3931646df59c1cf87a52
Author: Matthieu Patou <mat at matws.net>
Date:   Wed Mar 3 23:29:32 2010 +0300

    s4:winbind: Fix a misplaced returned info
    
    libwbclient expect to have in auth.exra_data the INFO3_TXT and in auth.unix_username the username
    
    Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>

commit 42b5b381871dd935aeda34669a2c03a05a63f5f0
Author: Matthieu Patou <mat at matws.net>
Date:   Thu Mar 4 03:05:06 2010 +0300

    s4:winbind Implement logic for getgroups to work
    
    This function is called by the system everytime we do a id user or when we do wbinfo -r
    
    Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>

commit 30baf31411363ebd79a6366caf4a792850c40192
Author: Matthieu Patou <mat at matws.net>
Date:   Thu Mar 4 02:46:36 2010 +0300

    s4:winbind: implement calls for allowing getent groups
    
    This is to say getgrent and setgrent, and the associated technical objects (states, build directives,...) needed.
    
    Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>

commit 74166c380c5ad110d93c4e7141eaa7b1d069ced8
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Wed Feb 17 09:51:41 2010 +0100

    s4:torture/rpc/netlogon.c - "LogonGetDomainInfo" test - make it compatible against Windows Server 2008
    
    This is a reworked version of the mentioned test which passes against Windows
    Server 2008. The previous version, also mainly written by me passed only against
    Windows Server <= 2003.

commit 9995a37a8cffb5e20e2b0ef5abfee602673d362d
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Fri Mar 5 11:09:57 2010 +0100

    s4:netlogon RPC - "LogonGetDomainInfo" - make the call compatible with >= Windows 2008
    
    Add more security checks and other corrections to imitate Windows Server >= 2008.

commit 1deefcaee1f3de97c0377b513a6f9c3d1181e2b0
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Tue Mar 9 17:12:02 2010 +0100

    libcli/auth/schannel_state_tdb.c - fix an obviously wrong error handling

-----------------------------------------------------------------------

Summary of changes:
 libcli/auth/schannel_state_tdb.c              |    1 -
 nsswitch/tests/test_wbinfo.sh                 |    3 +-
 source4/rpc_server/netlogon/dcerpc_netlogon.c |   85 +++++++---
 source4/torture/rpc/netlogon.c                |  118 +++++++++++--
 source4/winbind/config.mk                     |    3 +
 source4/winbind/wb_async_helpers.c            |   20 +-
 source4/winbind/wb_cmd_getgrent.c             |  124 ++++++++++++++
 source4/winbind/wb_cmd_getgroups.c            |  223 +++++++++++++++++++++++++
 source4/winbind/wb_cmd_list_trustdom.c        |    8 +-
 source4/winbind/wb_cmd_setgrent.c             |  171 +++++++++++++++++++
 source4/winbind/wb_cmd_userdomgroups.c        |    8 +-
 source4/winbind/wb_cmd_usersids.c             |   12 +-
 source4/winbind/wb_samba3_cmd.c               |  151 ++++++++++++++++-
 source4/winbind/wb_samba3_protocol.c          |    5 +-
 source4/winbind/wb_server.h                   |   13 ++
 15 files changed, 866 insertions(+), 79 deletions(-)
 create mode 100644 source4/winbind/wb_cmd_getgrent.c
 create mode 100644 source4/winbind/wb_cmd_getgroups.c
 create mode 100644 source4/winbind/wb_cmd_setgrent.c


Changeset truncated at 500 lines:

diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c
index 0ec928f..d1e5ed0 100644
--- a/libcli/auth/schannel_state_tdb.c
+++ b/libcli/auth/schannel_state_tdb.c
@@ -340,7 +340,6 @@ NTSTATUS schannel_check_creds_state(TALLOC_CTX *mem_ctx,
 
 	ret = tdb_transaction_start(tdb_sc->tdb);
 	if (ret != 0) {
-		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
 		goto done;
 	}
diff --git a/nsswitch/tests/test_wbinfo.sh b/nsswitch/tests/test_wbinfo.sh
index 8d8f116..b92b8f0 100755
--- a/nsswitch/tests/test_wbinfo.sh
+++ b/nsswitch/tests/test_wbinfo.sh
@@ -178,7 +178,8 @@ testit "wbinfo --uid-info against $TARGET" $wbinfo --uid-info $admin_uid
 # this does not work
 knownfail "wbinfo --group-info against $TARGET" $wbinfo --group-info "S-1-22-2-0"
 knownfail "wbinfo --gid-info against $TARGET" $wbinfo --gid-info 30001
-knownfail "wbinfo -r against $TARGET" $wbinfo -r "$DOMAIN/$USERNAME"
+
+testit "wbinfo -r against $TARGET" $wbinfo -r "$DOMAIN/$USERNAME" || failed=`expr $failed + 1`
 
 testit "wbinfo --user-domgroups against $TARGET" $wbinfo --user-domgroups $admin_sid || failed=`expr $failed + 1`
 
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 563ed5e..e82158f 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1148,16 +1148,18 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 		"securityIdentifier", "trustPartner", NULL };
 	const char * const attrs2[] = { "dNSHostName",
 		"msDS-SupportedEncryptionTypes", NULL };
-	const char *temp_str;
+	const char * const attrs3[] = { NULL };
+	const char *temp_str, *temp_str2;
 	const char *old_dns_hostname;
 	struct ldb_context *sam_ctx;
-	struct ldb_message **res1, **res2, **res3, *new_msg;
+	struct ldb_message **res0, **res1, **res2, **res3, *new_msg;
 	struct ldb_dn *workstation_dn;
 	struct netr_DomainInformation *domain_info;
 	struct netr_LsaPolicyInformation *lsa_policy_info;
 	struct netr_OsVersionInfoEx *os_version;
 	uint32_t default_supported_enc_types = 0xFFFFFFFF;
-	int ret1, ret2, ret3, i;
+	bool update_dns_hostname = true;
+	int ret, ret3, i;
 	NTSTATUS status;
 
 	status = dcesrv_netr_creds_server_step_check(dce_call,
@@ -1181,27 +1183,59 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 	switch (r->in.level) {
 	case 1: /* Domain information */
 
-		/* TODO: check NTSTATUS results - and fail also on SAMDB
-		 * errors (needs some testing against Windows Server 2008) */
+		/*
+		 * Updates the DNS hostname when the client wishes that the
+		 * server should handle this for him
+		 * ("NETR_WS_FLAG_HANDLES_SPN_UPDATE" not set).
+		 * See MS-NRPC section 3.5.4.3.9
+		 */
+		if ((r->in.query->workstation_info->workstation_flags
+		    & NETR_WS_FLAG_HANDLES_SPN_UPDATE) != 0) {
+			update_dns_hostname = false;
+		}
 
 		/*
-		 * Check that the computer name parameter matches as prefix with
-		 * the DNS hostname in the workstation info structure.
+		 * Checks that the computer name parameter without possible "$"
+		 * matches as prefix with the DNS hostname in the workstation
+		 * info structure.
 		 */
-		temp_str = strndup(r->in.query->workstation_info->dns_hostname,
-			strcspn(r->in.query->workstation_info->dns_hostname,
-			"."));
-		if (strcasecmp(r->in.computer_name, temp_str) != 0)
-			return NT_STATUS_INVALID_PARAMETER;
+		temp_str = talloc_strndup(mem_ctx,
+					  r->in.computer_name,
+					  strcspn(r->in.computer_name, "$"));
+		NT_STATUS_HAVE_NO_MEMORY(temp_str);
+		temp_str2 = talloc_strndup(mem_ctx,
+					   r->in.query->workstation_info->dns_hostname,
+					   strcspn(r->in.query->workstation_info->dns_hostname, "."));
+		NT_STATUS_HAVE_NO_MEMORY(temp_str2);
+		if (strcasecmp(temp_str, temp_str2) != 0) {
+			update_dns_hostname = false;
+		}
+
+		/*
+		 * Check that the DNS hostname when it should be updated
+		 * will be used only by maximum one host.
+		 */
+		ret = gendb_search(sam_ctx, mem_ctx, samdb_base_dn(sam_ctx),
+				   &res0, attrs3, "(dNSHostName=%s)",
+				   r->in.query->workstation_info->dns_hostname);
+		if (ret < 0) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+		if (ret >= 1) {
+			update_dns_hostname = false;
+		}
+
+		talloc_free(res0);
 
+		/* Prepare the workstation DN */
 		workstation_dn = ldb_dn_new_fmt(mem_ctx, sam_ctx, "<SID=%s>",
 			dom_sid_string(mem_ctx, creds->sid));
 		NT_STATUS_HAVE_NO_MEMORY(workstation_dn);
 
 		/* Lookup for attributes in workstation object */
-		ret1 = gendb_search_dn(sam_ctx, mem_ctx, workstation_dn,
+		ret = gendb_search_dn(sam_ctx, mem_ctx, workstation_dn,
 			&res1, attrs2);
-		if (ret1 != 1) {
+		if (ret != 1) {
 			return NT_STATUS_INTERNAL_DB_CORRUPTION;
 		}
 
@@ -1260,13 +1294,10 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 		}
 
 		/*
-		 * Updates the "dNSHostname" and the "servicePrincipalName"s
-		 * since the client wishes that the server should handle this
-		 * for him ("NETR_WS_FLAG_HANDLES_SPN_UPDATE" not set).
-		 * See MS-NRPC section 3.5.4.3.9
+		 * If the boolean "update_dns_hostname" remained true, then we
+		 * are fine to start the update.
 		 */
-		if ((r->in.query->workstation_info->workstation_flags
-			& NETR_WS_FLAG_HANDLES_SPN_UPDATE) == 0) {
+		if (update_dns_hostname) {
 			samdb_msg_set_string(sam_ctx, mem_ctx, new_msg,
 				"dNSHostname",
 			r->in.query->workstation_info->dns_hostname);
@@ -1297,9 +1328,9 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 		   primary domain is also a "trusted" domain, so we need to
 		   put the primary domain into the lists of returned trusts as
 		   well. */
-		ret2 = gendb_search_dn(sam_ctx, mem_ctx, samdb_base_dn(sam_ctx),
+		ret = gendb_search_dn(sam_ctx, mem_ctx, samdb_base_dn(sam_ctx),
 			&res2, attrs);
-		if (ret2 != 1) {
+		if (ret != 1) {
 			return NT_STATUS_INTERNAL_DB_CORRUPTION;
 		}
 
@@ -1356,7 +1387,15 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 
 		domain_info->lsa_policy = *lsa_policy_info;
 
-		domain_info->dns_hostname.string = old_dns_hostname;
+		/* The DNS hostname is only returned back when there is a chance
+		 * for a change. */
+		if ((r->in.query->workstation_info->workstation_flags
+		    & NETR_WS_FLAG_HANDLES_SPN_UPDATE) != 0) {
+			domain_info->dns_hostname.string = old_dns_hostname;
+		} else {
+			domain_info->dns_hostname.string = NULL;
+		}
+
 		domain_info->workstation_flags =
 			r->in.query->workstation_info->workstation_flags;
 
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index c7bfb94..c2ff86d 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -6,7 +6,7 @@
    Copyright (C) Andrew Tridgell 2003
    Copyright (C) Andrew Bartlett <abartlet at samba.org> 2003-2004
    Copyright (C) Tim Potter      2003
-   Copyright (C) Matthias Dieter Wallnöfer            2009
+   Copyright (C) Matthias Dieter Wallnöfer            2009-2010
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -37,7 +37,6 @@
 #include "lib/ldb_wrap.h"
 
 #define TEST_MACHINE_NAME "torturetest"
-#define TEST_MACHINE_DNS_SUFFIX "torturedomain"
 
 static bool test_LogonUasLogon(struct torture_context *tctx, 
 			       struct dcerpc_pipe *p)
@@ -2394,7 +2393,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
 
 	ZERO_STRUCT(q1);
 	q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
-		TEST_MACHINE_DNS_SUFFIX);
+		lp_dnsdomain(tctx->lp_ctx));
 	q1.sitename = "Default-First-Site-Name";
 	q1.os_version.os = &os;
 	q1.os_name.string = talloc_asprintf(tctx,
@@ -2497,19 +2496,20 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
 		"Out 'workstation flags' don't match!");
 
 
-	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call (variation of DNS hostname)\n");
+	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call (variation of DNS hostname doesn't work)\n");
 	netlogon_creds_client_authenticator(creds, &a);
 
 	/* Wipe out the osVersion, and prove which values still 'stick' */
 	q1.os_version.os = NULL;
 
 	/* Change also the DNS hostname to test differences in behaviour */
-	q1.dns_hostname = talloc_asprintf(tctx, "%s.newdomain",
-		TEST_MACHINE_NAME);
+	talloc_free(discard_const_p(char, q1.dns_hostname));
+	q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
+		lp_dnsdomain(tctx->lp_ctx));
 
-	/* Let the DC handle the "servicePrincipalName" and DNS hostname
+	/* The workstation handles the "servicePrincipalName" and DNS hostname
 	   updates */
-	q1.workstation_flags = 0;
+	q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
 
 	status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
 	torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
@@ -2522,6 +2522,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
 		ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
 				   "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
 		torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
+
 		torture_assert_str_equal(tctx,
 					 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
 					 q1.os_name.string, "'operatingSystem' should stick!");
@@ -2531,13 +2532,14 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
 		torture_assert(tctx,
 			       ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL) == NULL,
 			       "'operatingSystemVersion' shouldn't stick!");
-		
-		/* The DNS host name should have been updated now by the server */
+
+		/* The DNS host name shouldn't have been updated by the server */
+
 		torture_assert_str_equal(tctx,
 					 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
-					 q1.dns_hostname, "'DNS host name' didn't change!");
+					 old_dnsname, "'DNS host name' did change!");
 		
-		/* Find the two "servicePrincipalName"s which the DC should have been
+		/* Find the two "servicePrincipalName"s which the DC shouldn't have been
 		   updated (HOST/<Netbios name> and HOST/<FQDN name>) - see MS-NRPC
 		   3.5.4.3.9 */
 		spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
@@ -2545,13 +2547,13 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
 			       "There should exist 'servicePrincipalName's in AD!");
 		temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
 		for (i=0; i < spn_el->num_values; i++)
-			if (strcmp((char *) spn_el->values[i].data, temp_str) == 0)
+			if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
 				break;
 		torture_assert(tctx, i != spn_el->num_values,
 			       "'servicePrincipalName' HOST/<Netbios name> not found!");
-		temp_str = talloc_asprintf(tctx, "HOST/%s", q1.dns_hostname);
+		temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
 		for (i=0; i < spn_el->num_values; i++)
-			if (strcmp((char *) spn_el->values[i].data, temp_str) == 0)
+			if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
 				break;
 		torture_assert(tctx, i != spn_el->num_values,
 			       "'servicePrincipalName' HOST/<FQDN name> not found!");
@@ -2563,13 +2565,93 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
 
 	/* Checks "workstation flags" */
 	torture_assert(tctx,
+		info.domain_info->workstation_flags == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
+		"Out 'workstation flags' don't match!");
+
+
+	/* Now try the same but the workstation flags set to 0 */
+
+	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 3rd call (variation of DNS hostname doesn't work)\n");
+	netlogon_creds_client_authenticator(creds, &a);
+
+	/* Change also the DNS hostname to test differences in behaviour */
+	talloc_free(discard_const_p(char, q1.dns_hostname));
+	q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
+		lp_dnsdomain(tctx->lp_ctx));
+
+	/* Wipe out the osVersion, and prove which values still 'stick' */
+	q1.os_version.os = NULL;
+
+	/* Let the DC handle the "servicePrincipalName" and DNS hostname
+	   updates */
+	q1.workstation_flags = 0;
+
+	status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+
+	msleep(250);
+
+	if (sam_ctx) {
+		/* AD workstation infos entry check */
+		ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
+				   "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
+		torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
+
+		torture_assert_str_equal(tctx,
+					 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
+					 q1.os_name.string, "'operatingSystem' should stick!");
+		torture_assert(tctx,
+			       ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL) == NULL,
+			       "'operatingSystemServicePack' shouldn't stick!");
+		torture_assert(tctx,
+			       ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL) == NULL,
+			       "'operatingSystemVersion' shouldn't stick!");
+
+		/* The DNS host name shouldn't have been updated by the server */
+
+		torture_assert_str_equal(tctx,
+					 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
+					 old_dnsname, "'DNS host name' did change!");
+
+		/* Find the two "servicePrincipalName"s which the DC shouldn't have been
+		   updated (HOST/<Netbios name> and HOST/<FQDN name>) - see MS-NRPC
+		   3.5.4.3.9 */
+		spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
+		torture_assert(tctx, spn_el != NULL,
+			       "There should exist 'servicePrincipalName's in AD!");
+		temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
+		for (i=0; i < spn_el->num_values; i++)
+			if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
+				break;
+		torture_assert(tctx, i != spn_el->num_values,
+			       "'servicePrincipalName' HOST/<Netbios name> not found!");
+		temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
+		for (i=0; i < spn_el->num_values; i++)
+			if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
+				break;
+		torture_assert(tctx, i != spn_el->num_values,
+			       "'servicePrincipalName' HOST/<FQDN name> not found!");
+
+		/* Here the server gives us NULL as the out DNS hostname */
+		torture_assert(tctx, info.domain_info->dns_hostname.string == NULL,
+			       "Out 'DNS hostname' should be NULL!");
+	}
+
+	/* Checks "workstation flags" */
+	torture_assert(tctx,
 		info.domain_info->workstation_flags == 0,
 		"Out 'workstation flags' don't match!");
 
 
-	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 3rd call (verification of DNS hostname and check for trusted domains)\n");
+	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 4th call (verification of DNS hostname and check for trusted domains)\n");
 	netlogon_creds_client_authenticator(creds, &a);
 
+	/* Put the DNS hostname back */
+	talloc_free(discard_const_p(char, q1.dns_hostname));
+	q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
+		lp_dnsdomain(tctx->lp_ctx));
+
 	/* The workstation handles the "servicePrincipalName" and DNS hostname
 	   updates */
 	q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
@@ -2599,7 +2681,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
 		"Trusted domains have been requested!");
 
 
-	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 4th call (check for trusted domains)\n");
+	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 5th call (check for trusted domains)\n");
 	netlogon_creds_client_authenticator(creds, &a);
 
 	/* The workstation handles the "servicePrincipalName" and DNS hostname
@@ -2664,7 +2746,7 @@ static bool test_GetDomainInfo_async(struct torture_context *tctx,
 
 	ZERO_STRUCT(q1);
 	q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
-		TEST_MACHINE_DNS_SUFFIX);
+		lp_dnsdomain(tctx->lp_ctx));
 	q1.sitename = "Default-First-Site-Name";
 	q1.os_name.string = "UNIX/Linux or similar";
 
diff --git a/source4/winbind/config.mk b/source4/winbind/config.mk
index 17cbd95..0bee89c 100644
--- a/source4/winbind/config.mk
+++ b/source4/winbind/config.mk
@@ -50,6 +50,9 @@ WINBIND_OBJ_FILES = $(addprefix $(winbindsrcdir)/, \
 		wb_cmd_list_users.o \
 		wb_cmd_setpwent.o \
 		wb_cmd_getpwent.o \
+		wb_cmd_getgrent.o \
+		wb_cmd_setgrent.o \
+		wb_cmd_getgroups.o \
 		wb_pam_auth.o \
 		wb_sam_logon.o)
 
diff --git a/source4/winbind/wb_async_helpers.c b/source4/winbind/wb_async_helpers.c
index f23e05d..6eced45 100644
--- a/source4/winbind/wb_async_helpers.c
+++ b/source4/winbind/wb_async_helpers.c
@@ -31,7 +31,7 @@
 
 struct lsa_lookupsids_state {
 	struct composite_context *ctx;
-	int num_sids;
+	uint32_t num_sids;
 	struct lsa_LookupSids r;
 	struct lsa_SidArray sids;
 	struct lsa_TransNameArray names;
@@ -45,13 +45,13 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req);
 struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx,
 						 struct dcerpc_pipe *lsa_pipe,
 						 struct policy_handle *handle,
-						 int num_sids,
+						 uint32_t num_sids,
 						 const struct dom_sid **sids)
 {
 	struct composite_context *result;
 	struct rpc_request *req;
 	struct lsa_lookupsids_state *state;
-	int i;
+	uint32_t i;
 
 	result = composite_create(mem_ctx, lsa_pipe->conn->event_ctx);
 	if (result == NULL) goto failed;
@@ -105,7 +105,7 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req)
 	struct lsa_lookupsids_state *state =
 		talloc_get_type(req->async.private_data,
 				struct lsa_lookupsids_state);
-	int i;
+	uint32_t i;
 
 	state->ctx->status = dcerpc_lsa_LookupSids_recv(req);
 	if (!composite_is_ok(state->ctx)) return;
@@ -194,7 +194,7 @@ static void lsa_lookupnames_recv_sids(struct rpc_request *req);
 struct composite_context *wb_lsa_lookupnames_send(TALLOC_CTX *mem_ctx,
 						  struct dcerpc_pipe *lsa_pipe,
 						  struct policy_handle *handle,
-						  int num_names,
+						  uint32_t num_names,
 						  const char **names)
 {
 	struct composite_context *result;
@@ -202,7 +202,7 @@ struct composite_context *wb_lsa_lookupnames_send(TALLOC_CTX *mem_ctx,
 	struct lsa_lookupnames_state *state;
 
 	struct lsa_String *lsa_names;
-	int i;
+	uint32_t i;
 
 	result = composite_create(mem_ctx, lsa_pipe->conn->event_ctx);
 	if (result == NULL) goto failed;
@@ -254,7 +254,7 @@ static void lsa_lookupnames_recv_sids(struct rpc_request *req)
 	struct lsa_lookupnames_state *state =
 		talloc_get_type(req->async.private_data,
 				struct lsa_lookupnames_state);
-	int i;
+	uint32_t i;
 
 	state->ctx->status = dcerpc_lsa_LookupNames_recv(req);
 	if (!composite_is_ok(state->ctx)) return;
@@ -316,7 +316,7 @@ struct samr_getuserdomgroups_state {
 	struct composite_context *ctx;
 	struct dcerpc_pipe *samr_pipe;
 
-	int num_rids;
+	uint32_t num_rids;
 	uint32_t *rids;
 
 	struct samr_RidWithAttributeArray *rid_array;
@@ -425,13 +425,13 @@ static void samr_usergroups_recv_close(struct rpc_request *req)
 
 NTSTATUS wb_samr_userdomgroups_recv(struct composite_context *ctx,
 				    TALLOC_CTX *mem_ctx,
-				    int *num_rids, uint32_t **rids)
+				    uint32_t *num_rids, uint32_t **rids)
 {
         struct samr_getuserdomgroups_state *state =
                 talloc_get_type(ctx->private_data,
                                 struct samr_getuserdomgroups_state);
 
-	int i;
+	uint32_t i;
 	NTSTATUS status = composite_wait(ctx);
 	if (!NT_STATUS_IS_OK(status)) goto done;
 
diff --git a/source4/winbind/wb_cmd_getgrent.c b/source4/winbind/wb_cmd_getgrent.c
new file mode 100644
index 0000000..79a3aff
--- /dev/null
+++ b/source4/winbind/wb_cmd_getgrent.c
@@ -0,0 +1,124 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Command backend for getgrent
+
+   Copyright (C) Matthieu Patou 2010
+
+   This program is free software; you can redistribute it and/or modify


-- 
Samba Shared Repository


More information about the samba-cvs mailing list