diff options
author | Gerald Carter <jerry@samba.org> | 2006-06-08 20:07:34 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2006-06-08 20:07:34 +0000 |
commit | 3a5cc58fde0d53d83d46e37f80670ad6bd67f892 (patch) | |
tree | af90a90140ba6578e973247176d40c6af54a167a /source/nsswitch | |
parent | a1b3f2f9bac039395fa20f0be779367f7e23400a (diff) | |
download | samba-3a5cc58fde0d53d83d46e37f80670ad6bd67f892.tar.gz samba-3a5cc58fde0d53d83d46e37f80670ad6bd67f892.tar.xz samba-3a5cc58fde0d53d83d46e37f80670ad6bd67f892.zip |
r16104: Set version to 3.0.23rc2
Bring release tree up to current 3.0 tree
(svn merge -r15845:16103 $SVNURL/branches/SAMBA_3_0)
Diffstat (limited to 'source/nsswitch')
-rw-r--r-- | source/nsswitch/pam_winbind.c | 2 | ||||
-rw-r--r-- | source/nsswitch/wbinfo.c | 18 | ||||
-rw-r--r-- | source/nsswitch/winbindd_ads.c | 2 | ||||
-rw-r--r-- | source/nsswitch/winbindd_cm.c | 62 | ||||
-rw-r--r-- | source/nsswitch/winbindd_pam.c | 8 | ||||
-rw-r--r-- | source/nsswitch/winbindd_passdb.c | 43 | ||||
-rw-r--r-- | source/nsswitch/winbindd_util.c | 2 |
7 files changed, 102 insertions, 35 deletions
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c index 43ac83a99a8..8110a02a685 100644 --- a/source/nsswitch/pam_winbind.c +++ b/source/nsswitch/pam_winbind.c @@ -48,7 +48,7 @@ static int _pam_parse(int argc, const char **argv, dictionary **d) int ctrl = 0; const char *config_file = NULL; - if (d == NULL || *d == NULL) { + if (d == NULL) { goto config_from_pam; } diff --git a/source/nsswitch/wbinfo.c b/source/nsswitch/wbinfo.c index c004b842f4f..69d7a1069f9 100644 --- a/source/nsswitch/wbinfo.c +++ b/source/nsswitch/wbinfo.c @@ -332,6 +332,14 @@ static BOOL wbinfo_list_domains(BOOL list_all_domains) return True; } +/* List own domain */ + +static BOOL wbinfo_list_own_domain(void) +{ + d_printf("%s\n", get_winbind_domain()); + + return True; +} /* show sequence numbers */ static BOOL wbinfo_show_sequence(const char *domain) @@ -1080,7 +1088,8 @@ enum { OPT_ALLOCATE_UID, OPT_ALLOCATE_GID, OPT_SEPARATOR, - OPT_LIST_ALL_DOMAINS + OPT_LIST_ALL_DOMAINS, + OPT_LIST_OWN_DOMAIN }; int main(int argc, char **argv) @@ -1116,6 +1125,7 @@ int main(int argc, char **argv) { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" }, + { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" }, { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" }, { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" }, { "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" }, @@ -1396,6 +1406,12 @@ int main(int argc, char **argv) if (!wbinfo_list_domains(True)) { goto done; } + break; + case OPT_LIST_OWN_DOMAIN: + if (!wbinfo_list_own_domain()) { + goto done; + } + break; /* generic configuration options */ case OPT_DOMAIN_NAME: break; diff --git a/source/nsswitch/winbindd_ads.c b/source/nsswitch/winbindd_ads.c index 8259fd7cd36..f777b2ae18b 100644 --- a/source/nsswitch/winbindd_ads.c +++ b/source/nsswitch/winbindd_ads.c @@ -1042,7 +1042,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, struct ds_domain_trust *domains = NULL; int count = 0; int i; - uint32 flags = DS_DOMAIN_DIRECT_OUTBOUND; + uint32 flags = DS_DOMAIN_IN_FOREST | DS_DOMAIN_DIRECT_OUTBOUND; struct rpc_pipe_client *cli; DEBUG(3,("ads: trusted_domains\n")); diff --git a/source/nsswitch/winbindd_cm.c b/source/nsswitch/winbindd_cm.c index c9e970c13cd..b24ed842de3 100644 --- a/source/nsswitch/winbindd_cm.c +++ b/source/nsswitch/winbindd_cm.c @@ -177,7 +177,6 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, char *ipc_username, *ipc_domain, *ipc_password; BOOL got_mutex; - BOOL add_failed_connection = True; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; @@ -233,6 +232,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, (peeraddr_in->sin_family != PF_INET)) { DEBUG(0,("cm_prepare_connection: %s\n", strerror(errno))); + result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -246,6 +246,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, if (!cli_session_request(*cli, &calling, &called)) { DEBUG(8, ("cli_session_request failed for %s\n", controller)); + result = NT_STATUS_UNSUCCESSFUL; goto done; } } @@ -254,10 +255,9 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, if (!cli_negprot(*cli)) { DEBUG(1, ("cli_negprot failed\n")); - cli_shutdown(*cli); + result = NT_STATUS_UNSUCCESSFUL; goto done; } - if ((*cli)->protocol >= PROTOCOL_NT1 && (*cli)->capabilities & CAP_EXTENDED_SECURITY) { ADS_STATUS ads_status; @@ -371,8 +371,6 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, if (NT_STATUS_IS_OK(result)) result = NT_STATUS_UNSUCCESSFUL; - cli_shutdown(*cli); - *cli = NULL; goto done; } @@ -386,7 +384,6 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, } result = NT_STATUS_OK; - add_failed_connection = False; done: if (got_mutex) { @@ -400,8 +397,12 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, SAFE_FREE(ipc_domain); SAFE_FREE(ipc_password); - if (add_failed_connection) { + if (!NT_STATUS_IS_OK(result)) { add_failed_connection_entry(domain->name, controller, result); + if ((*cli) != NULL) { + cli_shutdown(*cli); + *cli = NULL; + } } return result; @@ -579,7 +580,7 @@ static BOOL receive_getdc_response(struct in_addr dc_ip, convert an ip to a name *******************************************************************/ -static void dcip_to_name( const char *domainname, const char *realm, +static BOOL dcip_to_name( const char *domainname, const char *realm, const DOM_SID *sid, struct in_addr ip, fstring name ) { struct ip_service ip_list; @@ -595,7 +596,7 @@ static void dcip_to_name( const char *domainname, const char *realm, for (i=0; i<5; i++) { if (receive_getdc_response(ip, domainname, name)) { namecache_store(name, 0x20, 1, &ip_list); - return; + return True; } smb_msleep(500); } @@ -605,13 +606,9 @@ static void dcip_to_name( const char *domainname, const char *realm, if ( name_status_find(domainname, 0x1c, 0x20, ip, name) ) { namecache_store(name, 0x20, 1, &ip_list); - return; + return True; } - /* backup in case the netbios stuff fails */ - - fstrcpy( name, inet_ntoa(ip) ); - #ifdef WITH_ADS /* for active directory servers, try to get the ldap server name. None of these failure should be considered critical for now */ @@ -625,17 +622,18 @@ static void dcip_to_name( const char *domainname, const char *realm, if ( !ads_try_connect( ads, inet_ntoa(ip) ) ) { ads_destroy( &ads ); - return; + return False; } fstrcpy(name, ads->config.ldap_server_name); namecache_store(name, 0x20, 1, &ip_list); ads_destroy( &ads ); + return True; } #endif - return; + return False; } /******************************************************************* @@ -705,6 +703,7 @@ static BOOL find_new_dc(TALLOC_CTX *mem_ctx, int i, fd_index; + again: if (!get_dcs(mem_ctx, domain, &dcs, &num_dcs) || (num_dcs == 0)) return False; @@ -735,15 +734,22 @@ static BOOL find_new_dc(TALLOC_CTX *mem_ctx, *addr = addrs[fd_index]; - /* if we have no name on the server or just an IP address for - the name, now try to get the name */ - - if ( is_ipaddress(dcnames[fd_index]) || *dcnames[fd_index] == '\0' ) - dcip_to_name( domain->name, domain->alt_name, &domain->sid, addr->sin_addr, dcname ); - else + if (*dcnames[fd_index] != '\0' && !is_ipaddress(dcnames[fd_index])) { + /* Ok, we've got a name for the DC */ fstrcpy(dcname, dcnames[fd_index]); + return True; + } - return True; + /* Try to figure out the name */ + if (dcip_to_name( domain->name, domain->alt_name, &domain->sid, + addr->sin_addr, dcname )) { + return True; + } + + /* We can not continue without the DC's name */ + add_failed_connection_entry(domain->name, dcs[fd_index].name, + NT_STATUS_UNSUCCESSFUL); + goto again; } static NTSTATUS cm_open_connection(struct winbindd_domain *domain, @@ -769,8 +775,14 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain, struct in_addr ip; ip = *interpret_addr2( saf_servername ); - dcip_to_name( domain->name, domain->alt_name, &domain->sid, ip, saf_name ); - fstrcpy( domain->dcname, saf_name ); + if (dcip_to_name( domain->name, domain->alt_name, + &domain->sid, ip, saf_name )) { + fstrcpy( domain->dcname, saf_name ); + } else { + add_failed_connection_entry( + domain->name, saf_name, + NT_STATUS_UNSUCCESSFUL); + } } else { diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c index b02ba8e36ca..3ae7692c127 100644 --- a/source/nsswitch/winbindd_pam.c +++ b/source/nsswitch/winbindd_pam.c @@ -512,7 +512,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, } strlower_m(client_princ); - local_service = talloc_asprintf(state->mem_ctx, "HOST/%s@%s", client_princ, lp_realm()); + local_service = talloc_asprintf(state->mem_ctx, "%s$@%s", client_princ, lp_realm()); if (local_service == NULL) { DEBUG(0,("winbindd_raw_kerberos_login: out of memory\n")); result = NT_STATUS_NO_MEMORY; @@ -552,9 +552,6 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, goto failed; } - DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n", - local_service)); - if (!pac_data) { DEBUG(3,("winbindd_raw_kerberos_login: no pac data\n")); result = NT_STATUS_INVALID_PARAMETER; @@ -568,6 +565,9 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, goto failed; } + DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n", + local_service)); + /* last step: * put results together */ diff --git a/source/nsswitch/winbindd_passdb.c b/source/nsswitch/winbindd_passdb.c index 2aaed1acefb..b949ea08085 100644 --- a/source/nsswitch/winbindd_passdb.c +++ b/source/nsswitch/winbindd_passdb.c @@ -443,8 +443,47 @@ static NTSTATUS password_policy(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, SAM_UNK_INFO_1 *policy) { - /* actually we have that */ - return NT_STATUS_NOT_IMPLEMENTED; + uint32 min_pass_len,pass_hist,password_properties; + time_t u_expire, u_min_age; + NTTIME nt_expire, nt_min_age; + uint32 account_policy_temp; + + if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) { + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + min_pass_len = account_policy_temp; + + if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + pass_hist = account_policy_temp; + + if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + password_properties = account_policy_temp; + + if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + u_expire = account_policy_temp; + + if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + u_min_age = account_policy_temp; + + unix_to_nt_time_abs(&nt_expire, u_expire); + unix_to_nt_time_abs(&nt_min_age, u_min_age); + + init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist, + password_properties, nt_expire, nt_min_age); + + return NT_STATUS_OK; } /* get a list of trusted domains */ diff --git a/source/nsswitch/winbindd_util.c b/source/nsswitch/winbindd_util.c index 5caf48942b0..928e78a05fe 100644 --- a/source/nsswitch/winbindd_util.c +++ b/source/nsswitch/winbindd_util.c @@ -162,7 +162,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const domain->sequence_number = DOM_SEQUENCE_NONE; domain->last_seq_check = 0; domain->initialized = False; - domain->online = False; + domain->online = is_internal_domain(sid); if (sid) { sid_copy(&domain->sid, sid); } |