[PATCH] Allow GetDCNameEx to be called for arbitrary sites and trusted domains

Stefan Metzmacher metze at samba.org
Tue Apr 3 14:14:23 UTC 2018


Hi Garming,

> I've changed the patches to follow the calling format you've suggested
> (and squashed some patches in the process). Hopefully it's much closer
> to what you expect.

Yes, much better, but a few little cosmetic things:

- Can you please inline winbind_forward_GetDCName()
  it's easier to have this all in dcesrv_netr_DsRGetDCName_base_call()

- Please add TALLOC_FREE(subreq); after
  status = dcerpc_winbind_DsGetDcName_recv()

- It would be good to add a "finished:" label before
  "if (state->_r.dcex2 != NULL) {" in
  dcesrv_netr_DsRGetDCName_base_done()
  and use early "goto finished" in order to reduce the
  indentation levels.

- Rename irpc_GetDCName_state into wb_irpc_GetDCName_state

- Move the forward declaration of wb_irpc_GetDCName_done()
  after the 'struct wb_irpc_GetDCName_state' definition.

Now a few logic things:

- Can we really safely dereference state->r.out.info[0]->
  in dcesrv_netr_DsRGetDCName_base_done() if result is not
  NT_STATUS_OK?

- dc_unc = talloc_asprintf(state->dce_call, uses the wrong
  memory context, it should be state->r.out.info[0] (if we can assume a
  valid talloc pointer) or state->mem_ctx.

- Don't we need to check the result of samdb_client_site_name()
  in dcesrv_netr_DsRGetDCName_base_call() ?

- Is "netlogon: Resolve calls to GetDCNameEx2 within the same
  NETLOGON domain" really needed? "The return will have the DNS domain,
  which is not quite as nice, but it does not seem to violate any
  assumptions" sounds risky...

Thanks!
metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180403/817076de/signature.sig>


More information about the samba-technical mailing list