[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Fri Aug 29 22:11:04 MDT 2014 

The branch, master has been updated
       via  f8ec0f9 s3-winbindd: Document parameters in ads_cached_connection_reuse
       via  b20fce8 s3-winbindd: Use more descriptive parameter names in ads_cached_connection_connect
       via  c203c72 s3-winbindd: Use correct realm for trusted domains in idmap child
      from  934b452 torture: Also run raw.read against the aio share

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f8ec0f98072e6646e204b4c90f5f6ad250b5dd5d
Author: Christof Schmitt <cs at samba.org>
Date:   Thu Aug 28 14:50:39 2014 -0700

    s3-winbindd: Document parameters in ads_cached_connection_reuse
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Sat Aug 30 06:10:36 CEST 2014 on sn-devel-104

commit b20fce84fa12de899616726d238a85e21a58aa0b
Author: Christof Schmitt <cs at samba.org>
Date:   Thu Aug 28 14:44:59 2014 -0700

    s3-winbindd: Use more descriptive parameter names in ads_cached_connection_connect
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit c203c722e7e22f9146f2ecf6f42452c0e82042e4
Author: Christof Schmitt <cs at samba.org>
Date:   Fri Aug 22 09:15:59 2014 -0700

    s3-winbindd: Use correct realm for trusted domains in idmap child
    
    When authenticating users in a trusted domain, the idmap_ad module
    always connects to a local DC instead of one in the trusted domain.
    
    Fix this by passing the correct realm to connect to.
    
    Also Comment parameters passed to ads_cached_connection_connect
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/winbindd/winbindd_ads.c |   40 +++++++++++++++++++++++++++++---------
 1 files changed, 30 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index a869ff5..cfda82c 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -73,12 +73,25 @@ static void ads_cached_connection_reuse(ADS_STRUCT **adsp)
 	}
 }
 
+/**
+ * @brief Establish a connection to a DC
+ *
+ * @param[out]   adsp             ADS_STRUCT that will be created
+ * @param[in]    target_realm     Realm of domain to connect to
+ * @param[in]    target_dom_name  'workgroup' name of domain to connect to
+ * @param[in]    ldap_server      DNS name of server to connect to
+ * @param[in]    password         Our machine acount secret
+ * @param[in]    auth_realm       Realm of local domain for creating krb token
+ * @param[in]    renewable        Renewable ticket time
+ *
+ * @return ADS_STATUS
+ */
 static ADS_STATUS ads_cached_connection_connect(ADS_STRUCT **adsp,
-						const char *dom_name_alt,
-						const char *dom_name,
+						const char *target_realm,
+						const char *target_dom_name,
 						const char *ldap_server,
 						char *password,
-						char *realm,
+						char *auth_realm,
 						time_t renewable)
 {
 	ADS_STRUCT *ads;
@@ -86,16 +99,16 @@ static ADS_STATUS ads_cached_connection_connect(ADS_STRUCT **adsp,
 	struct sockaddr_storage dc_ss;
 	fstring dc_name;
 
-	if (realm == NULL) {
+	if (auth_realm == NULL) {
 		return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
 	}
 
 	/* we don't want this to affect the users ccache */
 	setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1);
 
-	ads = ads_init(dom_name_alt, dom_name, ldap_server);
+	ads = ads_init(target_realm, target_dom_name, ldap_server);
 	if (!ads) {
-		DEBUG(1,("ads_init for domain %s failed\n", dom_name));
+		DEBUG(1,("ads_init for domain %s failed\n", target_dom_name));
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	}
 
@@ -105,7 +118,7 @@ static ADS_STATUS ads_cached_connection_connect(ADS_STRUCT **adsp,
 	ads->auth.renewable = renewable;
 	ads->auth.password = password;
 
-	ads->auth.realm = SMB_STRDUP(realm);
+	ads->auth.realm = SMB_STRDUP(auth_realm);
 	if (!strupper_m(ads->auth.realm)) {
 		ads_destroy(&ads);
 		return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
@@ -119,7 +132,7 @@ static ADS_STATUS ads_cached_connection_connect(ADS_STRUCT **adsp,
 	status = ads_connect(ads);
 	if (!ADS_ERR_OK(status)) {
 		DEBUG(1,("ads_connect for domain %s failed: %s\n",
-			 dom_name, ads_errstr(status)));
+			 target_dom_name, ads_errstr(status)));
 		ads_destroy(&ads);
 		return status;
 	}
@@ -188,8 +201,15 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name)
 		}
 	}
 
-	status = ads_cached_connection_connect(adsp, realm, dom_name, ldap_server,
-					       password, realm, 0);
+	status = ads_cached_connection_connect(
+		adsp,			/* Returns ads struct. */
+		wb_dom->alt_name,	/* realm to connect to. */
+		dom_name,		/* 'workgroup' name for ads_init */
+		ldap_server,		/* DNS name to connect to. */
+		password,		/* password for auth realm. */
+		realm,			/* realm used for krb5 ticket. */
+		0);			/* renewable ticket time. */
+
 	SAFE_FREE(realm);
 	TALLOC_FREE(ldap_server);
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list