[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Mon Jan 5 11:24:02 MST 2015
The branch, master has been updated
via 8a2a598 s3:winbindd: improve logic to use CLDAP for a given domain.
via 3c99260 s3:winbindd: mark our primary as active_directory if possible
via 0c9ee5b libcli/netlogon: We need to handle a bug in FreeIPA (at least <= 4.1.2).
from c594804 s3:passdb: fix logic in pdb_set_pw_history()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8a2a5986b687a393d31cfa0e662d2d70212879a2
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 23 09:43:19 2014 +0000
s3:winbindd: improve logic to use CLDAP for a given domain.
As an AC Domain Controller we should try CLDAP for active directory domains.
E.g. FreeIPA domains doesn't provide NBT at all...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Mon Jan 5 19:23:40 CET 2015 on sn-devel-104
commit 3c9926055139beee0fcdf532df08fab02cdb298c
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 23 09:43:03 2014 +0000
s3:winbindd: mark our primary as active_directory if possible
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 0c9ee5b82f84182fe7c0182257bd8b67cc93ca37
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 23 11:09:04 2014 +0000
libcli/netlogon: We need to handle a bug in FreeIPA (at least <= 4.1.2).
They include the ip address information without setting
NETLOGON_NT_VERSION_5EX_WITH_IP, while using
ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX instead of
ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/netlogon/netlogon.c | 15 ++++++++++++---
source3/winbindd/winbindd_cm.c | 10 +++++++++-
source3/winbindd/winbindd_util.c | 9 +++++++++
3 files changed, 30 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/netlogon/netlogon.c b/libcli/netlogon/netlogon.c
index d82a201..58a331d 100644
--- a/libcli/netlogon/netlogon.c
+++ b/libcli/netlogon/netlogon.c
@@ -91,9 +91,18 @@ NTSTATUS pull_netlogon_samlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx,
ndr, NDR_SCALARS|NDR_BUFFERS, &response->data.nt5_ex,
ntver);
if (ndr->offset < ndr->data_size) {
- ndr_err = ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES,
- "not all bytes consumed ofs[%u] size[%u]",
- ndr->offset, ndr->data_size);
+ TALLOC_FREE(ndr);
+ /*
+ * We need to handle a bug in FreeIPA (at least <= 4.1.2).
+ *
+ * They include the ip address information without setting
+ * NETLOGON_NT_VERSION_5EX_WITH_IP, while using
+ * ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX instead of
+ * ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags.
+ */
+ ndr_err = ndr_pull_struct_blob_all(data, mem_ctx,
+ &response->data.nt5,
+ (ndr_pull_flags_fn_t)ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX);
}
response->ntver = NETLOGON_NT_VERSION_5EX;
if (NDR_ERR_CODE_IS_SUCCESS(ndr_err) && DEBUGLEVEL >= 10) {
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 0a63369..59c0b86 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1381,7 +1381,9 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
NTSTATUS status;
const char *dc_name;
fstring nbtname;
-
+#ifdef HAVE_ADS
+ bool is_ad_domain = false;
+#endif
ip_list.ss = *pss;
ip_list.port = 0;
@@ -1390,6 +1392,12 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
None of these failures should be considered critical for now */
if ((lp_security() == SEC_ADS) && (domain->alt_name != NULL)) {
+ is_ad_domain = true;
+ } else if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
+ is_ad_domain = domain->active_directory;
+ }
+
+ if (is_ad_domain) {
ADS_STRUCT *ads;
ADS_STATUS ads_status;
char addr[INET6_ADDRSTRLEN];
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 0b7e234..8dab36e 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -213,6 +213,15 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
domain->primary = true;
}
+ if (domain->primary) {
+ if (role == ROLE_ACTIVE_DIRECTORY_DC) {
+ domain->active_directory = true;
+ }
+ if (lp_security() == SEC_ADS) {
+ domain->active_directory = true;
+ }
+ }
+
/* Link to domain list */
DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *);
--
Samba Shared Repository
More information about the samba-cvs
mailing list