[SCM] Samba Shared Repository - branch master updated

Günther Deschner gd at samba.org
Mon Jan 5 11:24:02 MST 2015 

The branch, master has been updated
       via  8a2a598 s3:winbindd: improve logic to use CLDAP for a given domain.
       via  3c99260 s3:winbindd: mark our primary as active_directory if possible
       via  0c9ee5b libcli/netlogon: We need to handle a bug in FreeIPA (at least <= 4.1.2).
      from  c594804 s3:passdb: fix logic in pdb_set_pw_history()

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8a2a5986b687a393d31cfa0e662d2d70212879a2
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Dec 23 09:43:19 2014 +0000

    s3:winbindd: improve logic to use CLDAP for a given domain.
    
    As an AC Domain Controller we should try CLDAP for active directory domains.
    E.g. FreeIPA domains doesn't provide NBT at all...
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    
    Autobuild-User(master): Günther Deschner <gd at samba.org>
    Autobuild-Date(master): Mon Jan  5 19:23:40 CET 2015 on sn-devel-104

commit 3c9926055139beee0fcdf532df08fab02cdb298c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Dec 23 09:43:03 2014 +0000

    s3:winbindd: mark our primary as active_directory if possible
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>

commit 0c9ee5b82f84182fe7c0182257bd8b67cc93ca37
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Dec 23 11:09:04 2014 +0000

    libcli/netlogon: We need to handle a bug in FreeIPA (at least <= 4.1.2).
    
    They include the ip address information without setting
    NETLOGON_NT_VERSION_5EX_WITH_IP, while using
    ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX instead of
    ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 libcli/netlogon/netlogon.c       | 15 ++++++++++++---
 source3/winbindd/winbindd_cm.c   | 10 +++++++++-
 source3/winbindd/winbindd_util.c |  9 +++++++++
 3 files changed, 30 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/netlogon/netlogon.c b/libcli/netlogon/netlogon.c
index d82a201..58a331d 100644
--- a/libcli/netlogon/netlogon.c
+++ b/libcli/netlogon/netlogon.c
@@ -91,9 +91,18 @@ NTSTATUS pull_netlogon_samlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx,
 			ndr, NDR_SCALARS|NDR_BUFFERS, &response->data.nt5_ex,
 			ntver);
 		if (ndr->offset < ndr->data_size) {
-			ndr_err = ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES,
-						 "not all bytes consumed ofs[%u] size[%u]",
-						 ndr->offset, ndr->data_size);
+			TALLOC_FREE(ndr);
+			/*
+			 * We need to handle a bug in FreeIPA (at least <= 4.1.2).
+			 *
+			 * They include the ip address information without setting
+			 * NETLOGON_NT_VERSION_5EX_WITH_IP, while using
+			 * ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX instead of
+			 * ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags.
+			 */
+			ndr_err = ndr_pull_struct_blob_all(data, mem_ctx,
+						   &response->data.nt5,
+						   (ndr_pull_flags_fn_t)ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX);
 		}
 		response->ntver = NETLOGON_NT_VERSION_5EX;
 		if (NDR_ERR_CODE_IS_SUCCESS(ndr_err) && DEBUGLEVEL >= 10) {
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 0a63369..59c0b86 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1381,7 +1381,9 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
 	NTSTATUS status;
 	const char *dc_name;
 	fstring nbtname;
-
+#ifdef HAVE_ADS
+	bool is_ad_domain = false;
+#endif
 	ip_list.ss = *pss;
 	ip_list.port = 0;
 
@@ -1390,6 +1392,12 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
 	   None of these failures should be considered critical for now */
 
 	if ((lp_security() == SEC_ADS) && (domain->alt_name != NULL)) {
+		is_ad_domain = true;
+	} else if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
+		is_ad_domain = domain->active_directory;
+	}
+
+	if (is_ad_domain) {
 		ADS_STRUCT *ads;
 		ADS_STATUS ads_status;
 		char addr[INET6_ADDRSTRLEN];
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 0b7e234..8dab36e 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -213,6 +213,15 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
 		domain->primary = true;
 	}
 
+	if (domain->primary) {
+		if (role == ROLE_ACTIVE_DIRECTORY_DC) {
+			domain->active_directory = true;
+		}
+		if (lp_security() == SEC_ADS) {
+			domain->active_directory = true;
+		}
+	}
+
 	/* Link to domain list */
 	DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *);
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list