The Samba-Bugzilla – Attachment 7970 Details for
Bug 9185
Winbind cannot resolve AD DC in a different subnet
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Fixed version of that patch (that is in master)
patch (text/plain), 6.81 KB, created by
Guenther Deschner
on 2012-10-01 10:27:03 UTC
(
hide
)
Description:
Fixed version of that patch (that is in master)
Filename:
MIME Type:
Creator:
Guenther Deschner
Created:
2012-10-01 10:27:03 UTC
Size:
6.81 KB
patch
obsolete
>From 8e53b9dd51b25c9830799e162f7b98286d844c96 Mon Sep 17 00:00:00 2001 >From: Sumit Bose <sbose@redhat.com> >Date: Tue, 11 Sep 2012 13:28:35 +0200 >Subject: [PATCH 1/3] s3-winbindd: Allow DNS resolution of trusted domains if > DNS name is avaliable >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Signed-off-by: Günther Deschner <gd@samba.org> >--- > source3/winbindd/winbindd_cm.c | 11 +++++-- > source3/winbindd/winbindd_rpc.c | 68 +++++++++++++++++++++++++++------------- > source3/winbindd/winbindd_util.c | 4 +-- > 3 files changed, 58 insertions(+), 25 deletions(-) > >diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c >index c08530e..0639be1 100644 >--- a/source3/winbindd/winbindd_cm.c >+++ b/source3/winbindd/winbindd_cm.c >@@ -1286,10 +1286,17 @@ static bool get_dcs(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, > iplist_size = 0; > } > >- /* Try standard netbios queries if no ADS */ >+ /* Try standard netbios queries if no ADS and fall back to DNS queries >+ * if alt_name is available */ > if (*num_dcs == 0) { > get_sorted_dc_list(domain->name, NULL, &ip_list, &iplist_size, >- False); >+ false); >+ if (iplist_size == 0) { >+ if (domain->alt_name != NULL) { >+ get_sorted_dc_list(domain->alt_name, NULL, &ip_list, >+ &iplist_size, true); >+ } >+ } > > for ( i=0; i<iplist_size; i++ ) { > char addr[INET6_ADDRSTRLEN]; >diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c >index 8a11cb2..a580b79 100644 >--- a/source3/winbindd/winbindd_rpc.c >+++ b/source3/winbindd/winbindd_rpc.c >@@ -972,29 +972,44 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, > > do { > struct lsa_DomainList dom_list; >+ struct lsa_DomainListEx dom_list_ex; >+ bool has_ex = false; > uint32_t i; > > /* > * We don't run into deadlocks here, cause winbind_off() is > * called in the main function. > */ >- status = dcerpc_lsa_EnumTrustDom(b, >- mem_ctx, >- lsa_policy, >- &enum_ctx, >- &dom_list, >- (uint32_t) -1, >- &result); >- if (!NT_STATUS_IS_OK(status)) { >- return status; >- } >- if (!NT_STATUS_IS_OK(result)) { >- if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { >- return result; >+ status = dcerpc_lsa_EnumTrustedDomainsEx(b, >+ mem_ctx, >+ lsa_policy, >+ &enum_ctx, >+ &dom_list_ex, >+ (uint32_t) -1, >+ &result); >+ if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result) && >+ dom_list_ex.count > 0) { >+ count += dom_list_ex.count; >+ has_ex = true; >+ } else { >+ status = dcerpc_lsa_EnumTrustDom(b, >+ mem_ctx, >+ lsa_policy, >+ &enum_ctx, >+ &dom_list, >+ (uint32_t) -1, >+ &result); >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ if (!NT_STATUS_IS_OK(result)) { >+ if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { >+ return result; >+ } > } >- } > >- count += dom_list.count; >+ count += dom_list.count; >+ } > > array = talloc_realloc(mem_ctx, > array, >@@ -1004,21 +1019,32 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, > return NT_STATUS_NO_MEMORY; > } > >- for (i = 0; i < dom_list.count; i++) { >+ for (i = 0; i < count; i++) { > struct netr_DomainTrust *trust = &array[i]; > struct dom_sid *sid; > > ZERO_STRUCTP(trust); > >- trust->netbios_name = talloc_move(array, >- &dom_list.domains[i].name.string); >- trust->dns_name = NULL; >- > sid = talloc(array, struct dom_sid); > if (sid == NULL) { > return NT_STATUS_NO_MEMORY; > } >- sid_copy(sid, dom_list.domains[i].sid); >+ >+ if (has_ex) { >+ trust->netbios_name = talloc_move(array, >+ &dom_list_ex.domains[i].netbios_name.string); >+ trust->dns_name = talloc_move(array, >+ &dom_list_ex.domains[i].domain_name.string); >+ >+ sid_copy(sid, dom_list_ex.domains[i].sid); >+ } else { >+ trust->netbios_name = talloc_move(array, >+ &dom_list.domains[i].name.string); >+ trust->dns_name = NULL; >+ >+ sid_copy(sid, dom_list.domains[i].sid); >+ } >+ > trust->sid = sid; > } > } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); >diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c >index c36ae0b..25ef750 100644 >--- a/source3/winbindd/winbindd_util.c >+++ b/source3/winbindd/winbindd_util.c >@@ -108,9 +108,9 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const > } > } > >- /* ignore alt_name if we are not in an AD domain */ >+ /* use alt_name if available to allow DNS lookups */ > >- if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) { >+ if (alt_name && *alt_name) { > alternative_name = alt_name; > } > >-- >1.7.11.4 > > >From e792a44c34e7767f21f8a3dbcdf41e8416349da7 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 28 Sep 2012 18:03:25 +0200 >Subject: [PATCH 2/3] s3-lsa: Flesh out the returned info in > _lsa_EnumTrustedDomainsEx(). > >Guenther >--- > source3/rpc_server/lsa/srv_lsa_nt.c | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c >index fc403df..f4dc4afd 100644 >--- a/source3/rpc_server/lsa/srv_lsa_nt.c >+++ b/source3/rpc_server/lsa/srv_lsa_nt.c >@@ -3940,9 +3940,14 @@ NTSTATUS _lsa_EnumTrustedDomainsEx(struct pipes_struct *p, > } > > for (i=0; i<count; i++) { >+ init_lsa_StringLarge(&entries[i].domain_name, >+ domains[i]->domain_name); > init_lsa_StringLarge(&entries[i].netbios_name, > domains[i]->netbios_name); > entries[i].sid = &domains[i]->security_identifier; >+ entries[i].trust_direction = domains[i]->trust_direction; >+ entries[i].trust_type = domains[i]->trust_type; >+ entries[i].trust_attributes = domains[i]->trust_attributes; > } > > if (*r->in.resume_handle >= count) { >-- >1.7.11.4 > > >From 837f47d630618fb382cfd49f5fb14e9af35e82fa Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 28 Sep 2012 18:04:07 +0200 >Subject: [PATCH 3/3] s3-winbindd: Adjust error code loop logic in > rpc_trusted_domains(). >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Autobuild-User(master): Günther Deschner <gd@samba.org> >Autobuild-Date(master): Sat Sep 29 00:34:04 CEST 2012 on sn-devel-104 >--- > source3/winbindd/winbindd_rpc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c >index a580b79..a3faf42 100644 >--- a/source3/winbindd/winbindd_rpc.c >+++ b/source3/winbindd/winbindd_rpc.c >@@ -987,7 +987,7 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, > &dom_list_ex, > (uint32_t) -1, > &result); >- if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result) && >+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_ERR(result) && > dom_list_ex.count > 0) { > count += dom_list_ex.count; > has_ex = true; >-- >1.7.11.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
asn
:
review+
Actions:
View
Attachments on
bug 9185
:
7911
| 7970