Attachment 7970 Details for Bug 9185 – Fixed version of that patch (that is in master)

[patch] Fixed version of that patch (that is in master)

patch (text/plain), 6.81 KB, created by Guenther Deschner on 2012-10-01 10:27:03 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Guenther Deschner

Created: 2012-10-01 10:27:03 UTC

Size: 6.81 KB

patch

obsolete

>From 8e53b9dd51b25c9830799e162f7b98286d844c96 Mon Sep 17 00:00:00 2001
>From: Sumit Bose <sbose@redhat.com>
>Date: Tue, 11 Sep 2012 13:28:35 +0200
>Subject: [PATCH 1/3] s3-winbindd: Allow DNS resolution of trusted domains if
> DNS name is avaliable
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>Signed-off-by: GÃ¼nther Deschner <gd@samba.org>
>---
> source3/winbindd/winbindd_cm.c   | 11 +++++--
> source3/winbindd/winbindd_rpc.c  | 68 +++++++++++++++++++++++++++-------------
> source3/winbindd/winbindd_util.c |  4 +--
> 3 files changed, 58 insertions(+), 25 deletions(-)
>
>diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
>index c08530e..0639be1 100644
>--- a/source3/winbindd/winbindd_cm.c
>+++ b/source3/winbindd/winbindd_cm.c
>@@ -1286,10 +1286,17 @@ static bool get_dcs(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain,
> 		iplist_size = 0;
>         }
> 
>-	/* Try standard netbios queries if no ADS */
>+	/* Try standard netbios queries if no ADS and fall back to DNS queries
>+	 * if alt_name is available */
> 	if (*num_dcs == 0) {
> 		get_sorted_dc_list(domain->name, NULL, &ip_list, &iplist_size,
>-		       False);
>+		       false);
>+		if (iplist_size == 0) {
>+			if (domain->alt_name != NULL) {
>+				get_sorted_dc_list(domain->alt_name, NULL, &ip_list,
>+				       &iplist_size, true);
>+			}
>+		}
> 
> 		for ( i=0; i<iplist_size; i++ ) {
> 			char addr[INET6_ADDRSTRLEN];
>diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
>index 8a11cb2..a580b79 100644
>--- a/source3/winbindd/winbindd_rpc.c
>+++ b/source3/winbindd/winbindd_rpc.c
>@@ -972,29 +972,44 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx,
> 
> 	do {
> 		struct lsa_DomainList dom_list;
>+		struct lsa_DomainListEx dom_list_ex;
>+		bool has_ex = false;
> 		uint32_t i;
> 
> 		/*
> 		 * We don't run into deadlocks here, cause winbind_off() is
> 		 * called in the main function.
> 		 */
>-		status = dcerpc_lsa_EnumTrustDom(b,
>-						 mem_ctx,
>-						 lsa_policy,
>-						 &enum_ctx,
>-						 &dom_list,
>-						 (uint32_t) -1,
>-						 &result);
>-		if (!NT_STATUS_IS_OK(status)) {
>-			return status;
>-		}
>-		if (!NT_STATUS_IS_OK(result)) {
>-			if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
>-				return result;
>+		status = dcerpc_lsa_EnumTrustedDomainsEx(b,
>+							 mem_ctx,
>+							 lsa_policy,
>+							 &enum_ctx,
>+							 &dom_list_ex,
>+							 (uint32_t) -1,
>+							 &result);
>+		if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result) &&
>+		    dom_list_ex.count > 0) {
>+			count += dom_list_ex.count;
>+			has_ex = true;
>+		} else {
>+			status = dcerpc_lsa_EnumTrustDom(b,
>+							 mem_ctx,
>+							 lsa_policy,
>+							 &enum_ctx,
>+							 &dom_list,
>+							 (uint32_t) -1,
>+							 &result);
>+			if (!NT_STATUS_IS_OK(status)) {
>+				return status;
>+			}
>+			if (!NT_STATUS_IS_OK(result)) {
>+				if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
>+					return result;
>+				}
> 			}
>-		}
> 
>-		count += dom_list.count;
>+			count += dom_list.count;
>+		}
> 
> 		array = talloc_realloc(mem_ctx,
> 				       array,
>@@ -1004,21 +1019,32 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx,
> 			return NT_STATUS_NO_MEMORY;
> 		}
> 
>-		for (i = 0; i < dom_list.count; i++) {
>+		for (i = 0; i < count; i++) {
> 			struct netr_DomainTrust *trust = &array[i];
> 			struct dom_sid *sid;
> 
> 			ZERO_STRUCTP(trust);
> 
>-			trust->netbios_name = talloc_move(array,
>-							  &dom_list.domains[i].name.string);
>-			trust->dns_name = NULL;
>-
> 			sid = talloc(array, struct dom_sid);
> 			if (sid == NULL) {
> 				return NT_STATUS_NO_MEMORY;
> 			}
>-			sid_copy(sid, dom_list.domains[i].sid);
>+
>+			if (has_ex) {
>+				trust->netbios_name = talloc_move(array,
>+								  &dom_list_ex.domains[i].netbios_name.string);
>+				trust->dns_name = talloc_move(array,
>+							      &dom_list_ex.domains[i].domain_name.string);
>+
>+				sid_copy(sid, dom_list_ex.domains[i].sid);
>+			} else {
>+				trust->netbios_name = talloc_move(array,
>+								  &dom_list.domains[i].name.string);
>+				trust->dns_name = NULL;
>+
>+				sid_copy(sid, dom_list.domains[i].sid);
>+			}
>+
> 			trust->sid = sid;
> 		}
> 	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
>diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
>index c36ae0b..25ef750 100644
>--- a/source3/winbindd/winbindd_util.c
>+++ b/source3/winbindd/winbindd_util.c
>@@ -108,9 +108,9 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
> 		}
> 	}
> 
>-	/* ignore alt_name if we are not in an AD domain */
>+	/* use alt_name if available to allow DNS lookups */
> 
>-	if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) {
>+	if (alt_name && *alt_name) {
> 		alternative_name = alt_name;
> 	}
> 
>-- 
>1.7.11.4
>
>
>From e792a44c34e7767f21f8a3dbcdf41e8416349da7 Mon Sep 17 00:00:00 2001
>From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
>Date: Fri, 28 Sep 2012 18:03:25 +0200
>Subject: [PATCH 2/3] s3-lsa: Flesh out the returned info in
> _lsa_EnumTrustedDomainsEx().
>
>Guenther
>---
> source3/rpc_server/lsa/srv_lsa_nt.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
>diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
>index fc403df..f4dc4afd 100644
>--- a/source3/rpc_server/lsa/srv_lsa_nt.c
>+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
>@@ -3940,9 +3940,14 @@ NTSTATUS _lsa_EnumTrustedDomainsEx(struct pipes_struct *p,
> 	}
> 
> 	for (i=0; i<count; i++) {
>+		init_lsa_StringLarge(&entries[i].domain_name,
>+				     domains[i]->domain_name);
> 		init_lsa_StringLarge(&entries[i].netbios_name,
> 				     domains[i]->netbios_name);
> 		entries[i].sid = &domains[i]->security_identifier;
>+		entries[i].trust_direction = domains[i]->trust_direction;
>+		entries[i].trust_type = domains[i]->trust_type;
>+		entries[i].trust_attributes = domains[i]->trust_attributes;
> 	}
> 
> 	if (*r->in.resume_handle >= count) {
>-- 
>1.7.11.4
>
>
>From 837f47d630618fb382cfd49f5fb14e9af35e82fa Mon Sep 17 00:00:00 2001
>From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
>Date: Fri, 28 Sep 2012 18:04:07 +0200
>Subject: [PATCH 3/3] s3-winbindd: Adjust error code loop logic in
> rpc_trusted_domains().
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>Guenther
>
>Autobuild-User(master): GÃ¼nther Deschner <gd@samba.org>
>Autobuild-Date(master): Sat Sep 29 00:34:04 CEST 2012 on sn-devel-104
>---
> source3/winbindd/winbindd_rpc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
>index a580b79..a3faf42 100644
>--- a/source3/winbindd/winbindd_rpc.c
>+++ b/source3/winbindd/winbindd_rpc.c
>@@ -987,7 +987,7 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx,
> 							 &dom_list_ex,
> 							 (uint32_t) -1,
> 							 &result);
>-		if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result) &&
>+		if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_ERR(result) &&
> 		    dom_list_ex.count > 0) {
> 			count += dom_list_ex.count;
> 			has_ex = true;
>-- 
>1.7.11.4
>

Flags:

asn: review+

Actions: View

Attachments on bug 9185: 7911 | 7970