[SCM] Samba Shared Repository - branch v4-10-test updated
Karolin Seeger
kseeger at samba.org
Tue May 14 17:37:02 UTC 2019
The branch, v4-10-test has been updated
via 893ac2a6b20 netcmd: Fix passwordsettings --max-pwd-age command
via afc2243b478 netcmd: Add some timestamp conversion helper functions
via 36da4c095de netcmd: Use python constant for -0x8000000000000000
via 1efa1e01194 tests: Add test for setting min/maxPwdAge
via ea74b0eb2ef dbcheck: fix the err_empty_attribute() check
via b01e1e3376b winbind: Use domain name from lsa query for sid_to_name cache entry
via 9034980420d winbind: Return queried domain name from name_to_sid
via b519cd2156d winbind: Query domain from winbind sam_name_to_sid
via af48878005a winbind: Query domain from winbind rpc name_to_sid
via 2670fe83374 winbind: Query domain from msrpc name_to_sid
via b7f79137dcd nsswitch: Add testcase for checking output of wbinfo --sid-to-name
from 2ad7a4a6477 VERSION: Bump version up to 4.10.4.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test
- Log -----------------------------------------------------------------
commit 893ac2a6b2046e4e1d7a46f2a2c50afc7546d3b2
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Wed Apr 3 09:10:55 2019 +1300
netcmd: Fix passwordsettings --max-pwd-age command
The min_pwd_age and max_pwd_age parameters are both optional and default
to None. However, if we just set the max-pwd-age, then the check
'min_pwd_age >= max_pwd_age' will throw a Python exception because it's
trying to compare an int to NoneType (min_pwd_age). This works on Python 2
but is a problem on Python 3.
We could just add a check that min_pwd_age is not None, but that defeats
the point of having the check if you're only setting either the min or
max age indepedently.
This patch gets the current min/max password age from the DB (in ticks).
If either setting is changed, the ticks will be updated. Then at the end
we check the min is still less than the max (to do this, we convert the
ticks back to days in the interests of readability).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Apr 5 08:03:08 UTC 2019 on sn-devel-144
(cherry picked from commit 7a410ccb5f6f2958d56fa6f16d8780c69a3830dd)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-10-test): Tue May 14 17:36:28 UTC 2019 on sn-devel-144
commit afc2243b4785180c74bccaa5491396fe7d5d8bcd
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Apr 2 11:10:41 2019 +1300
netcmd: Add some timestamp conversion helper functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 940306a24a8d14fbb8c76c5a60b3d5f2773873a0)
commit 36da4c095deb73dfb14ca629b223998fce1f9403
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Mon Apr 1 16:42:32 2019 +1300
netcmd: Use python constant for -0x8000000000000000
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b43f997f2397771b159c49526a36bd2b3467b0ef)
commit 1efa1e011941075d24b55f5228c167fd847ed61d
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Mon Apr 1 16:32:27 2019 +1300
tests: Add test for setting min/maxPwdAge
Currently setting maxPwdAge doesn't work at all.
While we're adding a test, we might as well assert that minPwdAge
can't be greater than maxPwdAge as well.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d247a600845fdc6bf232496e8db56cd1d95a3022)
commit ea74b0eb2ef634b35eb0c51053ba3f87d3bee383
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 19 13:16:59 2019 +0100
dbcheck: fix the err_empty_attribute() check
ldb.bytes('') == '' is never True in python3,
we nee ldb.bytes('') == b'' in order to
check that on attribute has an empty value,
that seems to work for python2 and python3.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13843
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Mar 21 18:15:20 UTC 2019 on sn-devel-144
(cherry picked from commit 261ef9d5b62f0d49f858717e6d8b4b41f008efb5)
commit b01e1e3376be76fea435f987e0edea98161b7a35
Author: Christof Schmitt <cs at samba.org>
Date: Mon Mar 11 16:14:02 2019 -0700
winbind: Use domain name from lsa query for sid_to_name cache entry
When winbindd is asked to map a name like realm.com\name to a SID ,that
is sucessfully resolved through the lsa lookup name call. The same call
also returns the short domain name (netbios name of the domain). Use
that short domain name for the sid_to_name cache entry, so that
subsequent sid_to_name queries return the expected netbiosname\name
result and not realm.com\name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit aec9bda25f10ca2710d91fb680cca7904e92f9de)
commit 9034980420db2b50b1d2924d196de0548eac6fc3
Author: Christof Schmitt <cs at samba.org>
Date: Mon Mar 11 16:11:01 2019 -0700
winbind: Return queried domain name from name_to_sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 640e0ef4fd338ddf03b813a8d45cce67c7ec7a01)
commit b519cd2156d47ce09207bd8f254a9971bcfb8b2c
Author: Christof Schmitt <cs at samba.org>
Date: Thu Mar 14 10:30:45 2019 -0700
winbind: Query domain from winbind sam_name_to_sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 32e3f0663be39cf4a81639c818fc88e959791673)
commit af48878005a6452961bda7b9bc731120eef32be1
Author: Christof Schmitt <cs at samba.org>
Date: Mon Mar 11 15:54:21 2019 -0700
winbind: Query domain from winbind rpc name_to_sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 562551c0886bdef1f97059e16d375c2e97452b45)
commit 2670fe833748c8b508ed164e8e2b0a86cb5c38ec
Author: Christof Schmitt <cs at samba.org>
Date: Mon Mar 11 15:53:51 2019 -0700
winbind: Query domain from msrpc name_to_sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 60b0e91237179b8782c4bd83b9579f51d5af2928)
commit b7f79137dcdb0dcb99479c7e9e9bc7a73ff38dfa
Author: Christof Schmitt <cs at samba.org>
Date: Mon Mar 11 16:26:48 2019 -0700
nsswitch: Add testcase for checking output of wbinfo --sid-to-name
The username should always be returned in the DOMAISHORTNAME/USERNAME
format.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit d006c769a9cad275339b18b08e13d48acb29d7fc)
-----------------------------------------------------------------------
Summary of changes:
nsswitch/tests/test_wbinfo_name_lookup.sh | 15 ++++++
python/samba/dbchecker.py | 2 +-
python/samba/netcmd/domain.py | 56 +++++++++++++++++------
python/samba/tests/samba_tool/passwordsettings.py | 38 +++++++++++++++
source3/winbindd/winbindd.h | 1 +
source3/winbindd/winbindd_ads.c | 3 +-
source3/winbindd/winbindd_cache.c | 5 +-
source3/winbindd/winbindd_msrpc.c | 15 +++++-
source3/winbindd/winbindd_reconnect.c | 5 +-
source3/winbindd/winbindd_reconnect_ads.c | 5 +-
source3/winbindd/winbindd_rpc.c | 15 +++++-
source3/winbindd/winbindd_rpc.h | 1 +
source3/winbindd/winbindd_samr.c | 11 +++++
13 files changed, 147 insertions(+), 25 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh
index c1d39c1a602..ee8ae11f4b1 100755
--- a/nsswitch/tests/test_wbinfo_name_lookup.sh
+++ b/nsswitch/tests/test_wbinfo_name_lookup.sh
@@ -31,6 +31,21 @@ testit "name-to-sid.upn" \
$wbinfo -n $DC_USERNAME@$REALM || \
failed=$(expr $failed + 1)
+testit "name-to-sid.realm-user" \
+ $wbinfo -n $REALM/$DC_USERNAME || \
+ failed=$(expr $failed + 1)
+
+# For the name-to-sid.realm-user query, ensure
+# that this does not change subsequent sid-to-name
+# queries.
+sid=$($wbinfo -n $REALM/$DC_USERNAME | sed -e 's/ .*//')
+out=$($wbinfo -s $sid | sed -e 's/ .//')
+# winbindd returns usernames in lowercase
+lcuser=$(echo $DC_USERNAME | tr A-Z a-z)
+testit "Verify DOMAIN/USER output" \
+ test "$out" = "$DOMAIN/$lcuser" || \
+ failed=$(expr $failed + 1)
+
# Two separator characters should fail
testit_expect_failure "name-to-sid.double-separator" \
$wbinfo -n $DOMAIN//$DC_USERNAME || \
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index d341983738a..e7ec426de54 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -2435,7 +2435,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
# check for empty attributes
for val in obj[attrname]:
- if val == '':
+ if val == b'':
self.err_empty_attribute(dn, attrname)
error_count += 1
continue
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index b7aedc16a91..8ebaefa26d6 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -1254,6 +1254,26 @@ class cmd_domain_level(Command):
raise CommandError("invalid argument: '%s' (choose from 'show', 'raise')" % subcommand)
+# In MS AD, setting a timeout to '(never)' corresponds to this value
+NEVER_TIMESTAMP = int(-0x8000000000000000)
+
+
+def timestamp_to_mins(timestamp_str):
+ """Converts a timestamp in -100 nanosecond units to minutes"""
+ # treat a timestamp of 'never' the same as zero (this should work OK for
+ # most settings, and it displays better than trying to convert
+ # -0x8000000000000000 to minutes)
+ if int(timestamp_str) == NEVER_TIMESTAMP:
+ return 0
+ else:
+ return abs(int(timestamp_str)) / (1e7 * 60)
+
+
+def timestamp_to_days(timestamp_str):
+ """Converts a timestamp in -100 nanosecond units to days"""
+ return timestamp_to_mins(timestamp_str) / (60 * 24)
+
+
class cmd_domain_passwordsettings_show(Command):
"""Display current password settings for the domain."""
@@ -1288,18 +1308,14 @@ class cmd_domain_passwordsettings_show(Command):
pwd_hist_len = int(res[0]["pwdHistoryLength"][0])
cur_min_pwd_len = int(res[0]["minPwdLength"][0])
# ticks -> days
- cur_min_pwd_age = int(abs(int(res[0]["minPwdAge"][0])) / (1e7 * 60 * 60 * 24))
- if int(res[0]["maxPwdAge"][0]) == -0x8000000000000000:
- cur_max_pwd_age = 0
- else:
- cur_max_pwd_age = int(abs(int(res[0]["maxPwdAge"][0])) / (1e7 * 60 * 60 * 24))
+ cur_min_pwd_age = timestamp_to_days(res[0]["minPwdAge"][0])
+ cur_max_pwd_age = timestamp_to_days(res[0]["maxPwdAge"][0])
+
cur_account_lockout_threshold = int(res[0]["lockoutThreshold"][0])
+
# ticks -> mins
- if int(res[0]["lockoutDuration"][0]) == -0x8000000000000000:
- cur_account_lockout_duration = 0
- else:
- cur_account_lockout_duration = abs(int(res[0]["lockoutDuration"][0])) / (1e7 * 60)
- cur_reset_account_lockout_after = abs(int(res[0]["lockOutObservationWindow"][0])) / (1e7 * 60)
+ cur_account_lockout_duration = timestamp_to_mins(res[0]["lockoutDuration"][0])
+ cur_reset_account_lockout_after = timestamp_to_mins(res[0]["lockOutObservationWindow"][0])
except Exception as e:
raise CommandError("Could not retrieve password properties!", e)
@@ -1381,6 +1397,10 @@ class cmd_domain_passwordsettings_set(Command):
m.dn = ldb.Dn(samdb, domain_dn)
pwd_props = int(samdb.get_pwdProperties())
+ # get the current password age settings
+ max_pwd_age_ticks = samdb.get_maxPwdAge()
+ min_pwd_age_ticks = samdb.get_minPwdAge()
+
if complexity is not None:
if complexity == "on" or complexity == "default":
pwd_props = pwd_props | DOMAIN_PASSWORD_COMPLEX
@@ -1454,7 +1474,7 @@ class cmd_domain_passwordsettings_set(Command):
# days -> ticks
if max_pwd_age == 0:
- max_pwd_age_ticks = -0x8000000000000000
+ max_pwd_age_ticks = NEVER_TIMESTAMP
else:
max_pwd_age_ticks = -int(max_pwd_age * (24 * 60 * 60 * 1e7))
@@ -1473,7 +1493,7 @@ class cmd_domain_passwordsettings_set(Command):
# minutes -> ticks
if account_lockout_duration == 0:
- account_lockout_duration_ticks = -0x8000000000000000
+ account_lockout_duration_ticks = NEVER_TIMESTAMP
else:
account_lockout_duration_ticks = -int(account_lockout_duration * (60 * 1e7))
@@ -1502,7 +1522,7 @@ class cmd_domain_passwordsettings_set(Command):
# minutes -> ticks
if reset_account_lockout_after == 0:
- reset_account_lockout_after_ticks = -0x8000000000000000
+ reset_account_lockout_after_ticks = NEVER_TIMESTAMP
else:
reset_account_lockout_after_ticks = -int(reset_account_lockout_after * (60 * 1e7))
@@ -1510,8 +1530,14 @@ class cmd_domain_passwordsettings_set(Command):
ldb.FLAG_MOD_REPLACE, "lockOutObservationWindow")
msgs.append("Duration to reset account lockout after changed!")
- if max_pwd_age and max_pwd_age > 0 and min_pwd_age >= max_pwd_age:
- raise CommandError("Maximum password age (%d) must be greater than minimum password age (%d)!" % (max_pwd_age, min_pwd_age))
+ if max_pwd_age or min_pwd_age:
+ # If we're setting either min or max password, make sure the max is
+ # still greater overall. As either setting could be None, we use the
+ # ticks here (which are always set) and work backwards.
+ max_pwd_age = timestamp_to_days(max_pwd_age_ticks)
+ min_pwd_age = timestamp_to_days(min_pwd_age_ticks)
+ if max_pwd_age != 0 and min_pwd_age >= max_pwd_age:
+ raise CommandError("Maximum password age (%d) must be greater than minimum password age (%d)!" % (max_pwd_age, min_pwd_age))
if len(m) == 0:
raise CommandError("You must specify at least one option to set. Try --help")
diff --git a/python/samba/tests/samba_tool/passwordsettings.py b/python/samba/tests/samba_tool/passwordsettings.py
index e29c76c730d..43264b64608 100644
--- a/python/samba/tests/samba_tool/passwordsettings.py
+++ b/python/samba/tests/samba_tool/passwordsettings.py
@@ -444,3 +444,41 @@ class PwdSettingsCmdTestCase(SambaToolCmdTest):
self.assertCmdSuccess(result, out, err)
self.assertEquals(err, "", "Shouldn't be any error messages")
self.assertIn("Minimum password length: %u" % new_len, out)
+
+ def test_domain_passwordsettings_pwdage(self):
+ """Checks the 'set' command for the domain password age (non-PSO)"""
+
+ # check we can set the domain max password age
+ max_pwd_age = self.ldb.get_maxPwdAge()
+ self.addCleanup(self.ldb.set_maxPwdAge, max_pwd_age)
+ max_pwd_args = "--max-pwd-age=270"
+ (result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
+ "set"), max_pwd_args,
+ "-H", self.server,
+ self.user_auth)
+ self.assertCmdSuccess(result, out, err)
+ self.assertEquals(err, "", "Shouldn't be any error messages")
+ self.assertIn("successful", out)
+ self.assertNotEquals(max_pwd_age, self.ldb.get_maxPwdAge())
+
+ # check we can't set the domain min password age to more than the max
+ min_pwd_age = self.ldb.get_minPwdAge()
+ self.addCleanup(self.ldb.set_minPwdAge, min_pwd_age)
+ min_pwd_args = "--min-pwd-age=271"
+ (result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
+ "set"), min_pwd_args,
+ "-H", self.server,
+ self.user_auth)
+ self.assertCmdFail(result, "minPwdAge > maxPwdAge should be rejected")
+ self.assertIn("Maximum password age", err)
+
+ # check we can set the domain min password age to less than the max
+ min_pwd_args = "--min-pwd-age=269"
+ (result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
+ "set"), min_pwd_args,
+ "-H", self.server,
+ self.user_auth)
+ self.assertCmdSuccess(result, out, err)
+ self.assertEquals(err, "", "Shouldn't be any error messages")
+ self.assertIn("successful", out)
+ self.assertNotEquals(min_pwd_age, self.ldb.get_minPwdAge())
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index 7490d62a705..a72d6aa7830 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -225,6 +225,7 @@ struct winbindd_methods {
const char *domain_name,
const char *name,
uint32_t flags,
+ const char **pdom_name,
struct dom_sid *sid,
enum lsa_SidType *type);
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 4076f8227cb..204afdffb1f 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -558,11 +558,12 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
const char *domain_name,
const char *name,
uint32_t flags,
+ const char **pdom_name,
struct dom_sid *sid,
enum lsa_SidType *type)
{
return msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name,
- flags, sid, type);
+ flags, pdom_name, sid, type);
}
/* convert a domain SID to a user or group name - use rpc methods */
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index c686089d517..abdfd11dc53 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -1794,6 +1794,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
{
NTSTATUS status;
bool old_status;
+ const char *dom_name;
old_status = domain->online;
@@ -1820,7 +1821,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
winbindd_domain_init_backend(domain);
status = domain->backend->name_to_sid(domain, mem_ctx, domain_name,
- name, flags, sid, type);
+ name, flags, &dom_name, sid, type);
if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
@@ -1855,7 +1856,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
}
(void)strlower_m(discard_const_p(char, name));
wcache_save_sid_to_name(domain, status, sid,
- domain_name, name, save_type);
+ dom_name, name, save_type);
}
}
diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
index 203fbc6b56a..342f22cfde3 100644
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -218,6 +218,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
const char *domain_name,
const char *name,
uint32_t flags,
+ const char **pdom_name,
struct dom_sid *sid,
enum lsa_SidType *type)
{
@@ -226,6 +227,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
enum lsa_SidType *types = NULL;
char *full_name = NULL;
const char *names[1];
+ const char **domains;
NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
char *mapped_name = NULL;
@@ -260,13 +262,24 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
names[0] = full_name;
result = winbindd_lookup_names(mem_ctx, domain, 1,
- names, NULL,
+ names, &domains,
&sids, &types);
if (!NT_STATUS_IS_OK(result))
return result;
/* Return rid and type if lookup successful */
+ if (pdom_name != NULL) {
+ const char *dom_name;
+
+ dom_name = talloc_strdup(mem_ctx, domains[0]);
+ if (dom_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ *pdom_name = dom_name;
+ }
+
sid_copy(sid, &sids[0]);
*type = types[0];
diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c
index 1d0e8e6d472..56741d4670e 100644
--- a/source3/winbindd/winbindd_reconnect.c
+++ b/source3/winbindd/winbindd_reconnect.c
@@ -131,18 +131,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
const char *domain_name,
const char *name,
uint32_t flags,
+ const char **pdom_name,
struct dom_sid *sid,
enum lsa_SidType *type)
{
NTSTATUS result;
result = msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name,
- flags, sid, type);
+ flags, pdom_name, sid, type);
if (reconnect_need_retry(result, domain))
result = msrpc_methods.name_to_sid(domain, mem_ctx,
domain_name, name, flags,
- sid, type);
+ pdom_name, sid, type);
return result;
}
diff --git a/source3/winbindd/winbindd_reconnect_ads.c b/source3/winbindd/winbindd_reconnect_ads.c
index 0a0a14f6dd0..f77430572d0 100644
--- a/source3/winbindd/winbindd_reconnect_ads.c
+++ b/source3/winbindd/winbindd_reconnect_ads.c
@@ -137,18 +137,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
const char *domain_name,
const char *name,
uint32_t flags,
+ const char **pdom_name,
struct dom_sid *sid,
enum lsa_SidType *type)
{
NTSTATUS result;
result = ads_methods.name_to_sid(domain, mem_ctx, domain_name, name,
- flags, sid, type);
+ flags, pdom_name, sid, type);
if (reconnect_need_retry(result, domain)) {
result = ads_methods.name_to_sid(domain, mem_ctx,
domain_name, name, flags,
- sid, type);
+ pdom_name, sid, type);
}
return result;
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 6f7cb07f4e3..ffbaabcfe49 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -247,6 +247,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
const char *domain_name,
const char *name,
uint32_t flags,
+ const char **pdom_name,
struct dom_sid *sid,
enum lsa_SidType *type)
{
@@ -254,6 +255,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
struct dom_sid *sids = NULL;
char *full_name = NULL;
const char *names[1];
+ const char **domains;
char *mapped_name = NULL;
NTSTATUS status;
@@ -290,7 +292,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
lsa_policy,
1, /* num_names */
names,
- NULL, /* domains */
+ &domains,
1, /* level */
&sids,
&types);
@@ -300,6 +302,17 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
return status;
}
+ if (pdom_name != NULL) {
+ const char *dom_name;
+
+ dom_name = talloc_strdup(mem_ctx, domains[0]);
+ if (dom_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ *pdom_name = dom_name;
+ }
+
sid_copy(sid, &sids[0]);
*type = types[0];
diff --git a/source3/winbindd/winbindd_rpc.h b/source3/winbindd/winbindd_rpc.h
index 162f1ef3329..a5cfe77f289 100644
--- a/source3/winbindd/winbindd_rpc.h
+++ b/source3/winbindd/winbindd_rpc.h
@@ -53,6 +53,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
const char *domain_name,
const char *name,
uint32_t flags,
+ const char **pdom_name,
struct dom_sid *psid,
enum lsa_SidType *ptype);
diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
index 3727e8fa39f..396e2c97709 100644
--- a/source3/winbindd/winbindd_samr.c
+++ b/source3/winbindd/winbindd_samr.c
@@ -581,12 +581,14 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
const char *domain_name,
const char *name,
uint32_t flags,
+ const char **pdom_name,
struct dom_sid *psid,
enum lsa_SidType *ptype)
{
struct rpc_pipe_client *lsa_pipe;
struct policy_handle lsa_policy = { 0 };
struct dom_sid sid;
+ const char *dom_name;
enum lsa_SidType type;
TALLOC_CTX *tmp_ctx;
NTSTATUS status;
@@ -615,6 +617,7 @@ again:
domain_name,
name,
flags,
+ &dom_name,
&sid,
&type);
@@ -627,6 +630,14 @@ again:
goto done;
}
+ if (pdom_name != NULL) {
+ *pdom_name = talloc_strdup(mem_ctx, dom_name);
+ if (*pdom_name == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ }
+
if (psid) {
sid_copy(psid, &sid);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list