[SCM] Samba Shared Repository - branch v4-3-test updated
Karolin Seeger
kseeger at samba.org
Mon Jun 20 11:21:05 UTC 2016
The branch, v4-3-test has been updated
via 58c5338 libnet: make Kerberos domain join site-aware
via 5297368 dsgetdcname: fix flag check
via fb45575 dsgetdcname: return an IP address on rediscovery
from 2b18b8b s3: krb5: keytab - The done label can be jumped to with context == NULL.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-3-test
- Log -----------------------------------------------------------------
commit 58c5338addb56a0c57b08eddd9352981c4f2d852
Author: Uri Simchoni <uri at samba.org>
Date: Thu Mar 3 09:18:58 2016 +0200
libnet: make Kerberos domain join site-aware
When joining a domain using Kerberos authentication, create a
configuration file for the Kerberos libs to prefer on-site
domain controllers, without relying on the winbindd Kerberos
locator, which many not be operational at this stage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11769
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 8 01:30:35 CET 2016 on sn-devel-144
(cherry picked from commit 0dbab0e33e9efc46f72b6a8b0dc894ea251df9aa)
Autobuild-User(v4-3-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-3-test): Mon Jun 20 13:20:34 CEST 2016 on sn-devel-104
commit 5297368862b2b3092b938fe0baadcba4d8e45194
Author: Uri Simchoni <uri at samba.org>
Date: Thu Mar 3 09:18:57 2016 +0200
dsgetdcname: fix flag check
Fix the check for zero requseted flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11769
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 6d717402e42131298ba670ee47686379854ec56d)
commit fb45575e4d14e896c4b171e181b8b04cb091f1d3
Author: Uri Simchoni <uri at samba.org>
Date: Thu Mar 3 09:18:44 2016 +0200
dsgetdcname: return an IP address on rediscovery
When dsgetdcname return its result based on discovery
process (instead of retrieving cached value), always
return the found server's IP address in dc_address field,
rather than its netbios name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11769
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit ef84f4c018424b1fcc232a4780dc2c0435701d86)
-----------------------------------------------------------------------
Summary of changes:
source3/libnet/libnet_join.c | 52 ++++++++++++++++++++++++++++++++++++++++++++
source3/libsmb/dsgetdcname.c | 16 +++++++-------
2 files changed, 60 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 632b81c..fc4fbb9 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2217,6 +2217,17 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
#ifdef HAVE_ADS
ADS_STATUS ads_status;
#endif /* HAVE_ADS */
+ const char *pre_connect_realm = NULL;
+ const char *numeric_dcip = NULL;
+ const char *sitename = NULL;
+
+ /* Before contacting a DC, we can securely know
+ * the realm only if the user specifies it.
+ */
+ if (r->in.use_kerberos &&
+ r->in.domain_name_type == JoinDomNameTypeDNS) {
+ pre_connect_realm = r->in.domain_name;
+ }
if (!r->in.dc_name) {
struct netr_DsRGetDCNameInfo *info;
@@ -2249,6 +2260,47 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
dc = strip_hostname(info->dc_unc);
r->in.dc_name = talloc_strdup(mem_ctx, dc);
W_ERROR_HAVE_NO_MEMORY(r->in.dc_name);
+
+ if (info->dc_address == NULL || info->dc_address[0] != '\\' ||
+ info->dc_address[1] != '\\') {
+ DBG_ERR("ill-formed DC address '%s'\n",
+ info->dc_address);
+ return WERR_DCNOTFOUND;
+ }
+
+ numeric_dcip = info->dc_address + 2;
+ sitename = info->dc_site_name;
+ /* info goes out of scope but the memory stays
+ allocated on the talloc context */
+ }
+
+ if (pre_connect_realm != NULL) {
+ struct sockaddr_storage ss = {0};
+
+ if (numeric_dcip != NULL) {
+ if (!interpret_string_addr(&ss, numeric_dcip,
+ AI_NUMERICHOST)) {
+ DBG_ERR(
+ "cannot parse IP address '%s' of DC '%s'\n",
+ numeric_dcip, r->in.dc_name);
+ return WERR_DCNOTFOUND;
+ }
+ } else {
+ if (!interpret_string_addr(&ss, r->in.dc_name, 0)) {
+ DBG_WARNING(
+ "cannot resolve IP address of DC '%s'\n",
+ r->in.dc_name);
+ return WERR_DCNOTFOUND;
+ }
+ }
+
+ /* The domain parameter is only used as modifier
+ * to krb5.conf file name. .JOIN is is not a valid
+ * NetBIOS name so it cannot clash with another domain
+ * -- Uri.
+ */
+ create_local_private_krb5_conf_for_domain(
+ pre_connect_realm, ".JOIN", sitename, &ss);
}
status = libnet_join_lookup_dc_rpc(mem_ctx, r, &cli);
diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c
index ac3bfd6..213a8e3 100644
--- a/source3/libsmb/dsgetdcname.c
+++ b/source3/libsmb/dsgetdcname.c
@@ -284,7 +284,7 @@ static uint32_t get_cldap_reply_server_flags(struct netlogon_samlogon_response *
static bool check_cldap_reply_required_flags(uint32_t ret_flags,
uint32_t req_flags)
{
- if (ret_flags == 0) {
+ if (req_flags == 0) {
return true;
}
@@ -800,14 +800,14 @@ static NTSTATUS make_dc_info_from_cldap_reply(TALLOC_CTX *mem_ctx,
print_sockaddr(addr, sizeof(addr), ss);
dc_address = addr;
dc_address_type = DS_ADDRESS_TYPE_INET;
- }
-
- if (!ss && r->sockaddr.pdc_ip) {
- dc_address = r->sockaddr.pdc_ip;
- dc_address_type = DS_ADDRESS_TYPE_INET;
} else {
- dc_address = r->pdc_name;
- dc_address_type = DS_ADDRESS_TYPE_NETBIOS;
+ if (r->sockaddr.pdc_ip) {
+ dc_address = r->sockaddr.pdc_ip;
+ dc_address_type = DS_ADDRESS_TYPE_INET;
+ } else {
+ dc_address = r->pdc_name;
+ dc_address_type = DS_ADDRESS_TYPE_NETBIOS;
+ }
}
map_dc_and_domain_names(flags,
--
Samba Shared Repository
More information about the samba-cvs
mailing list