[PATCHES] allow 'wbinfo --ping-dc --domain=SOMEDOMAIN'

[Stefan (metze) Metzmacher]

Hi,

here're some patches to allow 'wbinfo --ping-dc --domain=SOMEDOMAIN',
this is every useful to test trusted domains on a DC.

Please review and push.

Thanks!
metze
-------------- next part --------------
From 86aa0cefeb1cddc216a041357776df45e8673efd Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Wed, 10 Dec 2014 12:25:55 +0000
Subject: [PATCH 1/4] s3:winbindd: report our own name for PING_DC and internal
 domains

This means "wbinfo --ping-dc" works fine on a DC.
---
 source3/winbindd/winbindd_ping_dc.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/source3/winbindd/winbindd_ping_dc.c b/source3/winbindd/winbindd_ping_dc.c
index 0a767d9..b5a6977 100644
--- a/source3/winbindd/winbindd_ping_dc.c
+++ b/source3/winbindd/winbindd_ping_dc.c
@@ -54,10 +54,32 @@ struct tevent_req *winbindd_ping_dc_send(TALLOC_CTX *mem_ctx,
 		return tevent_req_post(req, ev);
 	}
 	if (domain->internal) {
+		const char *d = lp_dnsdomain();
+		const char *n = lp_netbios_name();
+
 		/*
 		 * Internal domains are passdb based, we can always
 		 * contact them.
 		 */
+
+		if (d != NULL) {
+			char *h;
+			h = strlower_talloc(mem_ctx, n);
+			if (tevent_req_nomem(h, req)) {
+				return tevent_req_post(req, ev);
+			}
+
+			state->dcname = talloc_asprintf(state, "%s.%s", h, d);
+			if (tevent_req_nomem(state->dcname, req)) {
+				return tevent_req_post(req, ev);
+			}
+		} else {
+			state->dcname = talloc_strdup(state, n);
+			if (tevent_req_nomem(state->dcname, req)) {
+				return tevent_req_post(req, ev);
+			}
+		}
+
 		tevent_req_done(req);
 		return tevent_req_post(req, ev);
 	}
-- 
1.9.1


From 049a14624e55735c5bdf7aa187d2867d0cae0df3 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Tue, 16 Dec 2014 11:27:21 +0000
Subject: [PATCH 2/4] s3:winbindd: use find_domain_from_name_noinit() in
 winbindd_ping_dc_send()

We should not try to connect to the given domain from within the winbindd parent.
---
 source3/winbindd/winbindd_ping_dc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/winbindd/winbindd_ping_dc.c b/source3/winbindd/winbindd_ping_dc.c
index b5a6977..05e8402 100644
--- a/source3/winbindd/winbindd_ping_dc.c
+++ b/source3/winbindd/winbindd_ping_dc.c
@@ -47,7 +47,7 @@ struct tevent_req *winbindd_ping_dc_send(TALLOC_CTX *mem_ctx,
 		/* preserve old behavior, when no domain name is given */
 		domain = find_our_domain();
 	} else {
-		domain = find_domain_from_name(request->domain_name);
+		domain = find_domain_from_name_noinit(request->domain_name);
 	}
 	if (domain == NULL) {
 		tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN);
-- 
1.9.1


From 4f1f7607d25f6bc6743fd704887095ec64f4ed62 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Wed, 10 Dec 2014 14:02:18 +0000
Subject: [PATCH 3/4] nsswitch: allow passing the domain name to wbcPingDC[2]()

winbindd already supports this.
---
 nsswitch/libwbclient/wbc_pam.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index 11b59f6..e243538 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -639,18 +639,14 @@ wbcErr wbcPingDc2(const char *domain, struct wbcAuthErrorInfo **error,
 	struct winbindd_response response;
 	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 
-	if (domain) {
-		/*
-		 * the current protocol doesn't support
-		 * specifying a domain
-		 */
-		wbc_status = WBC_ERR_NOT_IMPLEMENTED;
-		BAIL_ON_WBC_ERROR(wbc_status);
-	}
-
 	ZERO_STRUCT(request);
 	ZERO_STRUCT(response);
 
+	if (domain) {
+		strncpy(request.domain_name, domain,
+			sizeof(request.domain_name)-1);
+	}
+
 	/* Send request */
 
 	wbc_status = wbcRequestResponse(WINBINDD_PING_DC,
-- 
1.9.1


From 9cb86661dec95f54ccced1c3706ff1702850a0ee Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Wed, 10 Dec 2014 14:03:55 +0000
Subject: [PATCH 4/4] nsswitch/wbinfo: allow 'wbinfo --ping-dc
 --domain=SOMEDOMAIN'

---
 nsswitch/wbinfo.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 9e06fb2..2c9f4de 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -826,15 +826,24 @@ static bool wbinfo_change_secret(const char *domain)
 
 /* Check DC connection */
 
-static bool wbinfo_ping_dc(void)
+static bool wbinfo_ping_dc(const char *domain)
 {
 	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 	struct wbcAuthErrorInfo *error = NULL;
 	char *dcname = NULL;
 
-	wbc_status = wbcPingDc2(NULL, &error, &dcname);
+	const char *domain_name;
+
+	if (domain) {
+		domain_name = domain;
+	} else {
+		domain_name = get_winbind_domain();
+	}
+
+	wbc_status = wbcPingDc2(domain_name, &error, &dcname);
 
-	d_printf("checking the NETLOGON dc connection to \"%s\" %s\n",
+	d_printf("checking the NETLOGON for domain[%s] dc connection to \"%s\" %s\n",
+		 domain_name ? domain_name : "",
 		 dcname ? dcname : "",
 		 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
 
@@ -2424,7 +2433,7 @@ int main(int argc, const char **argv, char **envp)
 			}
 			break;
 		case 'P':
-			if (!wbinfo_ping_dc()) {
+			if (!wbinfo_ping_dc(opt_domain_name)) {
 				goto done;
 			}
 			break;
-- 
1.9.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20141218/7e271043/attachment.pgp>