s4-11 interdomain trusts

[Matthew Geddes]

On 10 March 2010 11:25, simo <idra at samba.org> wrote:

> On Wed, 2010-03-10 at 11:17 -0800, Matthew Geddes wrote:
> > On 10 March 2010 10:55, simo <idra at samba.org> wrote:
> >
> > > I haven't yet attacked the problem, as a client samba 4 lacks a lot of
> > > stuff and that is a pre-requisite to be able to connect to another DC
> to
> > > do any operation,
> >
> >
> > What sorts of things? I'd like to take a look.
>
> DNS client library with DNS+CLDAP ping discovery for example.
>

I'm not sure what the relationship between a DNS client library and CLDAP
would be. Sure, we'd pull some of the fields from the CLDAP netlogont query
response and do DNS lookups on those, but apart from that, I'm at a loss.
What am I missing?

What else needed?

Apologies for the delay in getting this patch to you. I'll give you a quick
run through what the changes are by filename:

 * auth/ntlm/auth_winbind.c

Saw a segfault. Made it stop.

 * rpc_server/lsa/dcesrv_lsa.c
 * dsdb/common/util.c

When we add a trust, we were writing a string, but attempting to read a
dom_sid structure. We could have fixed this by going the other way and
keeping it a string all over, but Windows 2003 seems to keep it binary too,
so I picked that.

 * rpc_server/netlogon/dcerpc_netlogon.c

When enumerating domain trusts, enumerate domain trusts as well as just us.

 * kdc/hdb-samba4.c

In general, both principal->name.name_string.val[1] and principal->realm
will both be our domain, but in the case where we're requesting a TGT for a
trusted host, principal->name.name_string.val[1] will be the trusted realm.


Overall, it doesn't complete the interdomain trust stuff, but it gets us
part of the way there.

thx,
Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: s4-enumtrust.diff
Type: text/x-patch
Size: 6575 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100311/1b19857b/attachment.bin>