[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon Mar 7 00:01:02 UTC 2022
The branch, master has been updated
via e9e2aead1e7 s3:rpcclient: Fix crash in rpcclient
via 1ed9ece3ed1 s3:rpcclient: Fix trailing whitespace in cmd_dfs.c
via 39d85c34d2b s3:script: Blackbox tests for the rpcclient DFS commands
via 0f5d7ff1a9f s4:kdc: redirect pre-authentication failures to an RWDC
via 27ee5ad713b s4:kdc: let pac functions in wdc-samba4.c take astgs_request_t
via f33f73f82fb third_party/heimdal: import lorikeet-heimdal-202203031927 (commit 7abc451ddd74d0c2e57dbb32f3198bde8def73ab)
via 95b1963339e examples: Update winbindd.stp and its generator script
via e07f8901ec9 s3:winbind: Convert ListTrustedDomains parent/child call to NDR
via d05b5366a63 s3:winbind: Remove list_all_domains condition always false
via 64160686e45 s3:winbind: Move the function to list trusted domains to winbindd_dual_srv.c
from 3f977cd6f83 s3:lib: Fix possible 32-bit arithmetic overflow
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e9e2aead1e72709a2d67962440e8deecca8c536a
Author: Pavel Filipenský <pfilipen at redhat.com>
Date: Thu Feb 17 19:20:46 2022 +0100
s3:rpcclient: Fix crash in rpcclient
rpcclient SERVER -c 'dfsenum 5' dumps core
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Mar 7 00:00:32 UTC 2022 on sn-devel-184
commit 1ed9ece3ed14b30c8971946920b2b2663d30cbe5
Author: Pavel Filipenský <pfilipen at redhat.com>
Date: Thu Feb 17 19:20:46 2022 +0100
s3:rpcclient: Fix trailing whitespace in cmd_dfs.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 39d85c34d2b2b3b26f57980fc6955bc9f7f283a5
Author: Pavel Filipenský <pfilipen at redhat.com>
Date: Wed Feb 23 17:39:46 2022 +0100
s3:script: Blackbox tests for the rpcclient DFS commands
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 0f5d7ff1a9fd14fd412b09883d413d1d660fa7be
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Feb 21 10:29:12 2022 +0100
s4:kdc: redirect pre-authentication failures to an RWDC
The most important case is that we still have a previous
password cached at the RODC and the inbound replication
hasn't wiped the cache yet and we also haven't triggered
a new replication yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 27ee5ad713b760e8226537d79c529ace1efb07bf
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 24 21:31:52 2022 +0100
s4:kdc: let pac functions in wdc-samba4.c take astgs_request_t
NOTE: This commit finally works again!
This aligns us with the following Heimdal change:
commit 11d8a053f50c88256b4d49c7e482c2eb8f6bde33
Author: Stefan Metzmacher <metze at samba.org>
AuthorDate: Thu Feb 24 18:27:09 2022 +0100
Commit: Luke Howard <lukeh at padl.com>
CommitDate: Thu Mar 3 09:58:48 2022 +1100
kdc-plugin: also pass astgs_request_t to the pac related functions
This is more consistent and allows the pac hooks to be more flexible.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit f33f73f82fb2d5d96928ce5910e2d0d939c2ff57
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 3 19:17:06 2022 +0100
third_party/heimdal: import lorikeet-heimdal-202203031927 (commit 7abc451ddd74d0c2e57dbb32f3198bde8def73ab)
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 95b1963339e27667eacbe4b99e2501c1aba54b38
Author: Samuel Cabrero <scabrero at samba.org>
Date: Tue Feb 15 17:46:17 2022 +0100
examples: Update winbindd.stp and its generator script
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e07f8901ec95aab8c36965000de185d99e642644
Author: Samuel Cabrero <scabrero at samba.org>
Date: Fri Jun 4 15:36:16 2021 +0200
s3:winbind: Convert ListTrustedDomains parent/child call to NDR
By using NDR we avoid manual marshalling (netr_DomainTrust array
to text string) and unmarshalling (parse the received text string
back to a netr_DomainTrust array).
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d05b5366a633110c627cf1d1f9d026d1a56e0123
Author: Samuel Cabrero <scabrero at samba.org>
Date: Tue Mar 1 12:24:41 2022 +0100
s3:winbind: Remove list_all_domains condition always false
The 'list_all_domains' flag in a winbind request is only set by the
torture_winbind_struct_list_trustdom() test, in fact to check the flag
is ignored.
The WINBINDD_LIST_TRUSTDOM command received by winbind parent is handled
by winbindd_list_trusted_domains() which fills the response from the
cached domain list and does not handle the flag.
The WINBINDD_LIST_TRUSTDOM command sent from the parent to the domain
childs when the rescan timer expires do not set this flag, so this
commit removes the code handling it in the child.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 64160686e4586b749efe070b3032fa855955947e
Author: Samuel Cabrero <scabrero at samba.org>
Date: Tue Mar 1 11:40:31 2022 +0100
s3:winbind: Move the function to list trusted domains to winbindd_dual_srv.c
This function will be converted to a local RPC call handler so move it
to the file including ndr_winbindd_scompat.c.
Updated debug message and use newer debug macros.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
examples/systemtap/generate-winbindd.stp.sh | 2 +-
examples/systemtap/winbindd.stp | 42 +++---
librpc/idl/netlogon.idl | 4 +-
librpc/idl/winbind.idl | 6 +
selftest/knownfail | 1 -
selftest/knownfail.d/rpc-dfs | 2 +
source3/rpcclient/cmd_dfs.c | 18 +--
source3/script/tests/test_rpcclient_dfs.sh | 38 +++++
source3/selftest/tests.py | 5 +
source3/winbindd/winbindd_domain.c | 4 -
source3/winbindd/winbindd_dual_srv.c | 81 +++++++++++
source3/winbindd/winbindd_misc.c | 75 ----------
source3/winbindd/winbindd_proto.h | 2 -
source3/winbindd/winbindd_util.c | 159 ++++-----------------
source4/dsdb/tests/python/rodc_rwdc.py | 3 +-
source4/kdc/hdb-samba4.c | 93 +++---------
source4/kdc/wdc-samba4.c | 10 +-
third_party/heimdal/kdc/fast.c | 20 ++-
third_party/heimdal/kdc/kdc-accessors.h | 20 +++
third_party/heimdal/kdc/kdc-plugin.c | 28 ++--
third_party/heimdal/kdc/kdc-plugin.h | 6 +-
third_party/heimdal/kdc/kdc_locl.h | 5 +
third_party/heimdal/kdc/kerberos5.c | 17 ++-
third_party/heimdal/kdc/krb5tgs.c | 25 +++-
third_party/heimdal/kdc/libkdc-exports.def | 3 +
third_party/heimdal/kdc/mssfu.c | 5 +-
third_party/heimdal/kdc/version-script.map | 3 +
third_party/heimdal/lib/asn1/krb5.asn1 | 54 ++++++-
third_party/heimdal/lib/asn1/libasn1-exports.def | 25 ++++
third_party/heimdal/lib/krb5/krb5.h | 4 +
third_party/heimdal/lib/krb5/pac.c | 2 +-
third_party/heimdal/lib/krb5/principal.c | 9 +-
third_party/heimdal/tests/plugin/kdc_test_plugin.c | 8 +-
33 files changed, 415 insertions(+), 364 deletions(-)
create mode 100644 selftest/knownfail.d/rpc-dfs
create mode 100755 source3/script/tests/test_rpcclient_dfs.sh
Changeset truncated at 500 lines:
diff --git a/examples/systemtap/generate-winbindd.stp.sh b/examples/systemtap/generate-winbindd.stp.sh
index d38bf2cab00..ec8e3af2828 100755
--- a/examples/systemtap/generate-winbindd.stp.sh
+++ b/examples/systemtap/generate-winbindd.stp.sh
@@ -3,13 +3,13 @@
outfile="$(dirname $0)/winbindd.stp"
child_funcs="winbindd_dual_ping
-winbindd_dual_list_trusted_domains
winbindd_dual_init_connection
winbindd_dual_pam_auth
winbindd_dual_pam_auth_crap
winbindd_dual_pam_logoff
winbindd_dual_pam_chng_pswd_auth_crap
winbindd_dual_pam_chauthtok
+_wbint_ListTrustedDomains
_wbint_LookupSid
_wbint_LookupSids
_wbint_LookupName
diff --git a/examples/systemtap/winbindd.stp b/examples/systemtap/winbindd.stp
index 0769312fd2b..60dd80a5c76 100644
--- a/examples/systemtap/winbindd.stp
+++ b/examples/systemtap/winbindd.stp
@@ -2,7 +2,7 @@
#
# Systemtap script to instrument winbindd
#
-# Generated by examples/systemtap/generate-winbindd.stp.sh on Sat Jul 15 18:49:52 CEST 2017, do not edit
+# Generated by examples/systemtap/generate-winbindd.stp.sh on mar 15 feb 2022 17:45:48 CET, do not edit
#
# Usage:
#
@@ -43,26 +43,6 @@ probe process("winbindd").function("winbindd_dual_ping").return {
dc_svctime["winbindd_dual_ping"] <<< duration
}
-#
-# winbind domain child function winbindd_dual_list_trusted_domains
-#
-
-probe process("winbindd").function("winbindd_dual_list_trusted_domains") {
- dc_running[tid(), "winbindd_dual_list_trusted_domains"] = gettimeofday_us()
-}
-
-probe process("winbindd").function("winbindd_dual_list_trusted_domains").return {
- if (!([tid(), "winbindd_dual_list_trusted_domains"] in dc_running))
- next
-
- end = gettimeofday_us()
- begin = dc_running[tid(), "winbindd_dual_list_trusted_domains"]
- delete dc_running[tid(), "winbindd_dual_list_trusted_domains"]
-
- duration = end - begin
- dc_svctime["winbindd_dual_list_trusted_domains"] <<< duration
-}
-
#
# winbind domain child function winbindd_dual_init_connection
#
@@ -183,6 +163,26 @@ probe process("winbindd").function("winbindd_dual_pam_chauthtok").return {
dc_svctime["winbindd_dual_pam_chauthtok"] <<< duration
}
+#
+# winbind domain child function _wbint_ListTrustedDomains
+#
+
+probe process("winbindd").function("_wbint_ListTrustedDomains") {
+ dc_running[tid(), "_wbint_ListTrustedDomains"] = gettimeofday_us()
+}
+
+probe process("winbindd").function("_wbint_ListTrustedDomains").return {
+ if (!([tid(), "_wbint_ListTrustedDomains"] in dc_running))
+ next
+
+ end = gettimeofday_us()
+ begin = dc_running[tid(), "_wbint_ListTrustedDomains"]
+ delete dc_running[tid(), "_wbint_ListTrustedDomains"]
+
+ duration = end - begin
+ dc_svctime["_wbint_ListTrustedDomains"] <<< duration
+}
+
#
# winbind domain child function _wbint_LookupSid
#
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
index cbfc88fe078..05c592be7e5 100644
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@@ -1598,7 +1598,7 @@ interface netlogon
/****************/
/* Function 0x24 */
- typedef struct {
+ typedef [public] struct {
[string,charset(UTF16)] uint16 *netbios_name;
[string,charset(UTF16)] uint16 *dns_name;
netr_TrustFlags trust_flags;
@@ -1609,7 +1609,7 @@ interface netlogon
GUID guid;
} netr_DomainTrust;
- typedef struct {
+ typedef [public] struct {
uint32 count;
[size_is(count)] netr_DomainTrust *array;
} netr_DomainTrustList;
diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl
index a2bc81a9333..4acad1b091f 100644
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -168,6 +168,12 @@ interface winbind
[out,string,charset(UTF8)] char **dcname
);
+ NTSTATUS wbint_ListTrustedDomains(
+ [in,string,charset(UTF8)] char *client_name,
+ [in] hyper client_pid,
+ [out,ref] netr_DomainTrustList *domains
+ );
+
/* Public methods available via IRPC */
typedef [switch_type(uint16)] union netr_LogonLevel netr_LogonLevel;
diff --git a/selftest/knownfail b/selftest/knownfail
index 2a5287cba2d..7e897dd026d 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -377,7 +377,6 @@
^samba.tests.auth_log_pass_change.samba.tests.auth_log_pass_change.AuthLogPassChangeTests.test_rap_change_password\(ad_dc_ntvfs\)
# We currently don't send referrals for LDAP modify of non-replicated attrs
^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.*
-^samba4.ldap.rodc_rwdc.python.*.__main__.RodcRwdcTests.test_change_password_reveal_on_demand_kerberos
# NETLOGON is disabled in any non-DC environments
^samba.tests.netlogonsvc.python\(ad_member\)
^samba.tests.netlogonsvc.python\(simpleserver\)
diff --git a/selftest/knownfail.d/rpc-dfs b/selftest/knownfail.d/rpc-dfs
new file mode 100644
index 00000000000..8ab72ff7b38
--- /dev/null
+++ b/selftest/knownfail.d/rpc-dfs
@@ -0,0 +1,2 @@
+#_dfs_EnumEx() is not implemented on RPC server side
+^samba3.blackbox.rpcclient_dfs.dfsenumex
diff --git a/source3/rpcclient/cmd_dfs.c b/source3/rpcclient/cmd_dfs.c
index 1bc4d5c93c0..8177871dc17 100644
--- a/source3/rpcclient/cmd_dfs.c
+++ b/source3/rpcclient/cmd_dfs.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
RPC pipe client
@@ -9,12 +9,12 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -62,7 +62,7 @@ static WERROR cmd_dfs_add(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc != 5) {
- printf("Usage: %s path servername sharename comment\n",
+ printf("Usage: %s path servername sharename comment\n",
argv[0]);
return WERR_OK;
}
@@ -162,7 +162,7 @@ static void display_dfs_info(uint32_t level, union dfs_Info *ctr)
display_dfs_info_3(ctr->info3);
break;
default:
- printf("unsupported info level %d\n",
+ printf("unsupported info level %d\n",
level);
break;
}
@@ -171,7 +171,7 @@ static void display_dfs_info(uint32_t level, union dfs_Info *ctr)
static void display_dfs_enumstruct(struct dfs_EnumStruct *ctr)
{
int i;
-
+
/* count is always the first element, so we can just use info1 here */
for (i = 0; i < ctr->e.info1->count; i++) {
switch (ctr->level) {
@@ -179,7 +179,7 @@ static void display_dfs_enumstruct(struct dfs_EnumStruct *ctr)
case 2: display_dfs_info_2(&ctr->e.info2->s[i]); break;
case 3: display_dfs_info_3(&ctr->e.info3->s[i]); break;
default:
- printf("unsupported info level %d\n",
+ printf("unsupported info level %d\n",
ctr->level);
return;
}
@@ -222,7 +222,7 @@ static WERROR cmd_dfs_enum(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
case 300: str.e.info300 = &info300; ZERO_STRUCT(info300); break;
default:
printf("Unknown info level %d\n", str.level);
- break;
+ return WERR_OK;
}
result = dcerpc_dfs_Enum(b, mem_ctx, str.level, 0xFFFFFFFF, &str,
@@ -274,7 +274,7 @@ static WERROR cmd_dfs_enumex(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
case 300: str.e.info300 = &info300; ZERO_STRUCT(info300); break;
default:
printf("Unknown info level %d\n", str.level);
- break;
+ return WERR_OK;
}
result = dcerpc_dfs_EnumEx(b, mem_ctx, argv[1], str.level,
diff --git a/source3/script/tests/test_rpcclient_dfs.sh b/source3/script/tests/test_rpcclient_dfs.sh
new file mode 100755
index 00000000000..334de1b6ffb
--- /dev/null
+++ b/source3/script/tests/test_rpcclient_dfs.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# Copyright (c) 2022 Pavel Filipenský <pfilipen at redhat.com>
+#
+# Blackbox tests for the rpcclient DFS commands
+
+if [ $# -lt 4 ]; then
+cat <<EOF
+Usage: test_rpcclient_dfs.sh USERNAME PASSWORD SERVER RPCCLIENT
+EOF
+exit 1;
+fi
+
+USERNAME="$1"
+PASSWORD="$2"
+SERVER="$3"
+RPCCLIENT="$4"
+
+RPCCLIENTCMD="${VALGRIND} ${RPCCLIENT} ${SERVER} -U${USERNAME}%${PASSWORD}"
+
+incdir=$(dirname "$0")/../../../testprogs/blackbox
+. "${incdir}"/subunit.sh
+
+failed=0
+
+${RPCCLIENTCMD} -c "dfsversion"
+RC=$?
+testit "dfsversion" test ${RC} -eq 0 || failed=$((failed + 1))
+
+${RPCCLIENTCMD} -c "dfsenum 5"
+RC=$?
+testit "dfsenum" test ${RC} -eq 0 || failed=$((failed + 1))
+
+${RPCCLIENTCMD} -c "dfsenumex 5"
+RC=$?
+testit "dfsenumex" test ${RC} -eq 0 || failed=$((failed + 1))
+
+testok "$0" "${failed}"
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 16303ab559d..9561e49d7e1 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1247,6 +1247,11 @@ plantestsuite("samba3.blackbox.rpcclient_lookup", "simpleserver",
"$USERNAME", "$PASSWORD", "$SERVER",
os.path.join(bindir(), "rpcclient")])
+plantestsuite("samba3.blackbox.rpcclient_dfs", "fileserver:local",
+ [os.path.join(samba3srcdir, "script/tests/test_rpcclient_dfs.sh"),
+ "$USERNAME", "$PASSWORD", "$SERVER",
+ os.path.join(bindir(), "rpcclient")])
+
plantestsuite("samba3.blackbox.rpcclient.pw-nt-hash", "simpleserver",
[os.path.join(samba3srcdir, "script/tests/test_rpcclient_pw_nt_hash.sh"),
"$USERNAME", "$PASSWORD", "$SERVER",
diff --git a/source3/winbindd/winbindd_domain.c b/source3/winbindd/winbindd_domain.c
index e998275c8e2..fdf5768c526 100644
--- a/source3/winbindd/winbindd_domain.c
+++ b/source3/winbindd/winbindd_domain.c
@@ -30,10 +30,6 @@ static const struct winbindd_child_dispatch_table domain_dispatch_table[] = {
.name = "PING",
.struct_cmd = WINBINDD_PING,
.struct_fn = winbindd_dual_ping,
- },{
- .name = "LIST_TRUSTDOM",
- .struct_cmd = WINBINDD_LIST_TRUSTDOM,
- .struct_fn = winbindd_dual_list_trusted_domains,
},{
.name = "INIT_CONNECTION",
.struct_cmd = WINBINDD_INIT_CONNECTION,
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index cefd134f2c6..3daa8468ddc 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -1927,4 +1927,85 @@ reconnect:
return status;
}
+NTSTATUS _wbint_ListTrustedDomains(struct pipes_struct *p,
+ struct wbint_ListTrustedDomains *r)
+{
+ struct winbindd_domain *domain = wb_child_domain();
+ uint32_t i, n;
+ NTSTATUS result;
+ struct netr_DomainTrustList trusts;
+ struct netr_DomainTrustList *out = NULL;
+ pid_t client_pid;
+
+ if (domain == NULL) {
+ return NT_STATUS_REQUEST_NOT_ACCEPTED;
+ }
+
+ /* Cut client_pid to 32bit */
+ client_pid = r->in.client_pid;
+ if ((uint64_t)client_pid != r->in.client_pid) {
+ DBG_DEBUG("pid out of range\n");
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ DBG_NOTICE("[%s %"PRIu32"]: list trusted domains\n",
+ r->in.client_name, client_pid);
+
+ result = wb_cache_trusted_domains(domain, p->mem_ctx, &trusts);
+ if (!NT_STATUS_IS_OK(result)) {
+ DBG_NOTICE("wb_cache_trusted_domains returned %s\n",
+ nt_errstr(result));
+ return result;
+ }
+
+ out = talloc_zero(p->mem_ctx, struct netr_DomainTrustList);
+ if (out == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ r->out.domains = out;
+
+ for (i=0; i<trusts.count; i++) {
+ if (trusts.array[i].sid == NULL) {
+ continue;
+ }
+ if (dom_sid_equal(trusts.array[i].sid, &global_sid_NULL)) {
+ continue;
+ }
+
+ n = out->count;
+ out->array = talloc_realloc(out, out->array,
+ struct netr_DomainTrust,
+ n + 1);
+ if (out->array == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ out->count = n + 1;
+
+ out->array[n].netbios_name = talloc_steal(
+ out->array, trusts.array[i].netbios_name);
+ if (out->array[n].netbios_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ out->array[n].dns_name = talloc_steal(
+ out->array, trusts.array[i].dns_name);
+ if (out->array[n].dns_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ out->array[n].sid = dom_sid_dup(out->array,
+ trusts.array[i].sid);
+ if (out->array[n].sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ out->array[n].trust_flags = trusts.array[i].trust_flags;
+ out->array[n].trust_type = trusts.array[i].trust_type;
+ out->array[n].trust_attributes = trusts.array[i].trust_attributes;
+ }
+
+ return NT_STATUS_OK;
+}
+
#include "librpc/gen_ndr/ndr_winbind_scompat.c"
diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c
index db7e1c87dee..e7e2021bec3 100644
--- a/source3/winbindd/winbindd_misc.c
+++ b/source3/winbindd/winbindd_misc.c
@@ -277,81 +277,6 @@ done:
return ret;
}
-enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *domain,
- struct winbindd_cli_state *state)
-{
- uint32_t i;
- int extra_data_len = 0;
- char *extra_data;
- NTSTATUS result;
- bool have_own_domain = False;
- struct netr_DomainTrustList trusts;
-
- DBG_NOTICE("[%s %u]: list trusted domains\n",
- state->client_name,
- (unsigned int)state->pid);
-
- result = wb_cache_trusted_domains(domain, state->mem_ctx, &trusts);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(3, ("winbindd_dual_list_trusted_domains: trusted_domains returned %s\n",
- nt_errstr(result) ));
- return WINBINDD_ERROR;
- }
-
- extra_data = talloc_strdup(state->mem_ctx, "");
-
- for (i=0; i<trusts.count; i++) {
- struct dom_sid_buf buf;
-
- if (trusts.array[i].sid == NULL) {
- continue;
- }
- if (dom_sid_equal(trusts.array[i].sid, &global_sid_NULL)) {
- continue;
- }
-
- extra_data = talloc_asprintf_append_buffer(
- extra_data, "%s\\%s\\%s\\%u\\%u\\%u\n",
- trusts.array[i].netbios_name, trusts.array[i].dns_name,
- dom_sid_str_buf(trusts.array[i].sid, &buf),
- trusts.array[i].trust_flags,
- (uint32_t)trusts.array[i].trust_type,
- trusts.array[i].trust_attributes);
- }
-
- /* add our primary domain */
-
- for (i=0; i<trusts.count; i++) {
- if (strequal(trusts.array[i].netbios_name, domain->name)) {
- have_own_domain = True;
- break;
- }
- }
-
- if (state->request->data.list_all_domains && !have_own_domain) {
- struct dom_sid_buf buf;
- extra_data = talloc_asprintf_append_buffer(
- extra_data, "%s\\%s\\%s\n", domain->name,
- domain->alt_name != NULL ?
- domain->alt_name :
- domain->name,
- dom_sid_str_buf(&domain->sid, &buf));
- }
-
- extra_data_len = strlen(extra_data);
- if (extra_data_len > 0) {
-
- /* Strip the last \n */
- extra_data[extra_data_len-1] = '\0';
-
- state->response->extra_data.data = extra_data;
- state->response->length += extra_data_len;
- }
-
- return WINBINDD_OK;
-}
-
bool winbindd_dc_info(struct winbindd_cli_state *cli)
{
struct winbindd_domain *domain;
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 16c23f3de40..b9b7be40245 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -396,8 +396,6 @@ struct dcerpc_binding_handle *locator_child_handle(void);
/* The following definitions come from winbindd/winbindd_misc.c */
bool winbindd_list_trusted_domains(struct winbindd_cli_state *state);
-enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *domain,
- struct winbindd_cli_state *state);
bool winbindd_dc_info(struct winbindd_cli_state *state);
bool winbindd_ping(struct winbindd_cli_state *state);
bool winbindd_info(struct winbindd_cli_state *state);
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index bd9d36bb248..53e7f32b5b9 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -376,7 +376,7 @@ bool domain_is_forest_root(const struct winbindd_domain *domain)
struct trustdom_state {
struct winbindd_domain *domain;
- struct winbindd_request request;
+ struct netr_DomainTrustList trusts;
};
--
Samba Shared Repository
More information about the samba-cvs
mailing list