diff options
| author | Sumit Bose <sbose@redhat.com> | 2012-09-11 13:28:35 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2012-10-02 09:04:55 +0200 |
| commit | 3058755280fa7a8d35a13cdd459be3e1db2a373a (patch) | |
| tree | 3487ce2c4623a3b3366eddc0f947fd517fd4685a | |
| parent | a92e4e5a09d2665c0e22a0a11cd3ecc67a94f2a7 (diff) | |
| download | samba-3058755280fa7a8d35a13cdd459be3e1db2a373a.tar.gz | |
s3-winbindd: Allow DNS resolution of trusted domains if DNS name is avaliable
Signed-off-by: Günther Deschner <gd@samba.org>
| -rw-r--r-- | source3/winbindd/winbindd_cm.c | 11 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_rpc.c | 68 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_util.c | 4 |
3 files changed, 58 insertions, 25 deletions
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index c08530e8195..0639be1fb54 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1286,10 +1286,17 @@ static bool get_dcs(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, iplist_size = 0; } - /* Try standard netbios queries if no ADS */ + /* Try standard netbios queries if no ADS and fall back to DNS queries + * if alt_name is available */ if (*num_dcs == 0) { get_sorted_dc_list(domain->name, NULL, &ip_list, &iplist_size, - False); + false); + if (iplist_size == 0) { + if (domain->alt_name != NULL) { + get_sorted_dc_list(domain->alt_name, NULL, &ip_list, + &iplist_size, true); + } + } for ( i=0; i<iplist_size; i++ ) { char addr[INET6_ADDRSTRLEN]; diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 8a11cb24207..a580b796c35 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -972,29 +972,44 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, do { struct lsa_DomainList dom_list; + struct lsa_DomainListEx dom_list_ex; + bool has_ex = false; uint32_t i; /* * We don't run into deadlocks here, cause winbind_off() is * called in the main function. */ - status = dcerpc_lsa_EnumTrustDom(b, - mem_ctx, - lsa_policy, - &enum_ctx, - &dom_list, - (uint32_t) -1, - &result); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - if (!NT_STATUS_IS_OK(result)) { - if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - return result; + status = dcerpc_lsa_EnumTrustedDomainsEx(b, + mem_ctx, + lsa_policy, + &enum_ctx, + &dom_list_ex, + (uint32_t) -1, + &result); + if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result) && + dom_list_ex.count > 0) { + count += dom_list_ex.count; + has_ex = true; + } else { + status = dcerpc_lsa_EnumTrustDom(b, + mem_ctx, + lsa_policy, + &enum_ctx, + &dom_list, + (uint32_t) -1, + &result); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { + return result; + } } - } - count += dom_list.count; + count += dom_list.count; + } array = talloc_realloc(mem_ctx, array, @@ -1004,21 +1019,32 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - for (i = 0; i < dom_list.count; i++) { + for (i = 0; i < count; i++) { struct netr_DomainTrust *trust = &array[i]; struct dom_sid *sid; ZERO_STRUCTP(trust); - trust->netbios_name = talloc_move(array, - &dom_list.domains[i].name.string); - trust->dns_name = NULL; - sid = talloc(array, struct dom_sid); if (sid == NULL) { return NT_STATUS_NO_MEMORY; } - sid_copy(sid, dom_list.domains[i].sid); + + if (has_ex) { + trust->netbios_name = talloc_move(array, + &dom_list_ex.domains[i].netbios_name.string); + trust->dns_name = talloc_move(array, + &dom_list_ex.domains[i].domain_name.string); + + sid_copy(sid, dom_list_ex.domains[i].sid); + } else { + trust->netbios_name = talloc_move(array, + &dom_list.domains[i].name.string); + trust->dns_name = NULL; + + sid_copy(sid, dom_list.domains[i].sid); + } + trust->sid = sid; } } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index c36ae0bb0ac..25ef750075d 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -108,9 +108,9 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const } } - /* ignore alt_name if we are not in an AD domain */ + /* use alt_name if available to allow DNS lookups */ - if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) { + if (alt_name && *alt_name) { alternative_name = alt_name; } |