[PATCHES] allow 'wbinfo --ping-dc --domain=SOMEDOMAIN'
Stefan (metze) Metzmacher
metze at samba.org
Thu Dec 18 12:39:23 MST 2014
Hi,
here're some patches to allow 'wbinfo --ping-dc --domain=SOMEDOMAIN',
this is every useful to test trusted domains on a DC.
Please review and push.
Thanks!
metze
-------------- next part --------------
From 86aa0cefeb1cddc216a041357776df45e8673efd Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Wed, 10 Dec 2014 12:25:55 +0000
Subject: [PATCH 1/4] s3:winbindd: report our own name for PING_DC and internal
domains
This means "wbinfo --ping-dc" works fine on a DC.
---
source3/winbindd/winbindd_ping_dc.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/source3/winbindd/winbindd_ping_dc.c b/source3/winbindd/winbindd_ping_dc.c
index 0a767d9..b5a6977 100644
--- a/source3/winbindd/winbindd_ping_dc.c
+++ b/source3/winbindd/winbindd_ping_dc.c
@@ -54,10 +54,32 @@ struct tevent_req *winbindd_ping_dc_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
if (domain->internal) {
+ const char *d = lp_dnsdomain();
+ const char *n = lp_netbios_name();
+
/*
* Internal domains are passdb based, we can always
* contact them.
*/
+
+ if (d != NULL) {
+ char *h;
+ h = strlower_talloc(mem_ctx, n);
+ if (tevent_req_nomem(h, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->dcname = talloc_asprintf(state, "%s.%s", h, d);
+ if (tevent_req_nomem(state->dcname, req)) {
+ return tevent_req_post(req, ev);
+ }
+ } else {
+ state->dcname = talloc_strdup(state, n);
+ if (tevent_req_nomem(state->dcname, req)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
tevent_req_done(req);
return tevent_req_post(req, ev);
}
--
1.9.1
From 049a14624e55735c5bdf7aa187d2867d0cae0df3 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Tue, 16 Dec 2014 11:27:21 +0000
Subject: [PATCH 2/4] s3:winbindd: use find_domain_from_name_noinit() in
winbindd_ping_dc_send()
We should not try to connect to the given domain from within the winbindd parent.
---
source3/winbindd/winbindd_ping_dc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/winbindd/winbindd_ping_dc.c b/source3/winbindd/winbindd_ping_dc.c
index b5a6977..05e8402 100644
--- a/source3/winbindd/winbindd_ping_dc.c
+++ b/source3/winbindd/winbindd_ping_dc.c
@@ -47,7 +47,7 @@ struct tevent_req *winbindd_ping_dc_send(TALLOC_CTX *mem_ctx,
/* preserve old behavior, when no domain name is given */
domain = find_our_domain();
} else {
- domain = find_domain_from_name(request->domain_name);
+ domain = find_domain_from_name_noinit(request->domain_name);
}
if (domain == NULL) {
tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN);
--
1.9.1
From 4f1f7607d25f6bc6743fd704887095ec64f4ed62 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Wed, 10 Dec 2014 14:02:18 +0000
Subject: [PATCH 3/4] nsswitch: allow passing the domain name to wbcPingDC[2]()
winbindd already supports this.
---
nsswitch/libwbclient/wbc_pam.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index 11b59f6..e243538 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -639,18 +639,14 @@ wbcErr wbcPingDc2(const char *domain, struct wbcAuthErrorInfo **error,
struct winbindd_response response;
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
- if (domain) {
- /*
- * the current protocol doesn't support
- * specifying a domain
- */
- wbc_status = WBC_ERR_NOT_IMPLEMENTED;
- BAIL_ON_WBC_ERROR(wbc_status);
- }
-
ZERO_STRUCT(request);
ZERO_STRUCT(response);
+ if (domain) {
+ strncpy(request.domain_name, domain,
+ sizeof(request.domain_name)-1);
+ }
+
/* Send request */
wbc_status = wbcRequestResponse(WINBINDD_PING_DC,
--
1.9.1
From 9cb86661dec95f54ccced1c3706ff1702850a0ee Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Wed, 10 Dec 2014 14:03:55 +0000
Subject: [PATCH 4/4] nsswitch/wbinfo: allow 'wbinfo --ping-dc
--domain=SOMEDOMAIN'
---
nsswitch/wbinfo.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 9e06fb2..2c9f4de 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -826,15 +826,24 @@ static bool wbinfo_change_secret(const char *domain)
/* Check DC connection */
-static bool wbinfo_ping_dc(void)
+static bool wbinfo_ping_dc(const char *domain)
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
struct wbcAuthErrorInfo *error = NULL;
char *dcname = NULL;
- wbc_status = wbcPingDc2(NULL, &error, &dcname);
+ const char *domain_name;
+
+ if (domain) {
+ domain_name = domain;
+ } else {
+ domain_name = get_winbind_domain();
+ }
+
+ wbc_status = wbcPingDc2(domain_name, &error, &dcname);
- d_printf("checking the NETLOGON dc connection to \"%s\" %s\n",
+ d_printf("checking the NETLOGON for domain[%s] dc connection to \"%s\" %s\n",
+ domain_name ? domain_name : "",
dcname ? dcname : "",
WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
@@ -2424,7 +2433,7 @@ int main(int argc, const char **argv, char **envp)
}
break;
case 'P':
- if (!wbinfo_ping_dc()) {
+ if (!wbinfo_ping_dc(opt_domain_name)) {
goto done;
}
break;
--
1.9.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20141218/7e271043/attachment.pgp>
More information about the samba-technical
mailing list