* Winbind daemon for NT domain authentication nss module.
**/
+static bool add_trusted_domains_dc(void);
/* The list of trusted domains. Note that the list can be deleted and
recreated using the init_domain_list() function so pointers to
return NT_STATUS_NO_MEMORY;
}
+ domain->queue = tevent_queue_create(domain, "winbind_domain");
+ if (domain->queue == NULL) {
+ TALLOC_FREE(domain);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ domain->binding_handle = wbint_binding_handle(domain, domain, NULL);
+ if (domain->binding_handle == NULL) {
+ TALLOC_FREE(domain);
+ return NT_STATUS_NO_MEMORY;
+ }
+
domain->name = talloc_strdup(domain, domain_name);
if (domain->name == NULL) {
TALLOC_FREE(domain);
}
if (validation_level == 6) {
- dns_domainname = &info6->dns_domainname[0];
+ if (!strequal(info6->dns_domainname, "")) {
+ dns_domainname = info6->dns_domainname;
+ }
}
status = add_trusted_domain(info3->logon_dom,
[sizeof(state->request->data.init_conn.dcname)-1]='\0';
if (strlen(state->request->data.init_conn.dcname) > 0) {
- fstrcpy(domain->dcname, state->request->data.init_conn.dcname);
+ TALLOC_FREE(domain->dcname);
+ domain->dcname = talloc_strdup(domain,
+ state->request->data.init_conn.dcname);
+ if (domain->dcname == NULL) {
+ return WINBINDD_ERROR;
+ }
}
init_dc_connection(domain, false);
struct server_id server_id,
DATA_BLOB *data)
{
- TALLOC_CTX *frame = talloc_stackframe();
- enum netr_SchannelType secure_channel_type = SEC_CHAN_DOMAIN;
- struct lsa_TrustDomainInfoInfoEx info;
- enum ndr_err_code ndr_err;
- struct winbindd_domain *d = NULL;
- uint32_t trust_flags = 0;
- NTSTATUS status;
-
- DEBUG(5, ("wb_imsg_new_trusted_domain\n"));
-
- if (data == NULL) {
- TALLOC_FREE(frame);
- return;
- }
-
- ndr_err = ndr_pull_struct_blob_all(data, frame, &info,
- (ndr_pull_flags_fn_t)ndr_pull_lsa_TrustDomainInfoInfoEx);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- TALLOC_FREE(frame);
- return;
- }
-
- d = find_domain_from_name_noinit(info.netbios_name.string);
- if (d != NULL) {
- TALLOC_FREE(frame);
- return;
- }
+ bool ok;
- if (info.trust_type == LSA_TRUST_TYPE_UPLEVEL) {
- secure_channel_type = SEC_CHAN_DNS_DOMAIN;
- }
- if (info.trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
- trust_flags |= NETR_TRUST_FLAG_INBOUND;
- }
- if (info.trust_direction & LSA_TRUST_DIRECTION_OUTBOUND) {
- trust_flags |= NETR_TRUST_FLAG_OUTBOUND;
- }
- if (info.trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
- trust_flags |= NETR_TRUST_FLAG_IN_FOREST;
- }
+ DBG_NOTICE("Rescanning trusted domains\n");
- status = add_trusted_domain(info.netbios_name.string,
- info.domain_name.string,
- info.sid,
- info.trust_type,
- trust_flags,
- info.trust_attributes,
- secure_channel_type,
- find_default_route_domain(),
- &d);
- if (!NT_STATUS_IS_OK(status) &&
- !NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_DOMAIN))
- {
- DBG_NOTICE("add_trusted_domain returned %s\n",
- nt_errstr(status));
- TALLOC_FREE(frame);
- return;
+ ok = add_trusted_domains_dc();
+ if (!ok) {
+ DBG_ERR("Failed to reload trusted domains\n");
}
-
- TALLOC_FREE(frame);
}
/*
}
status = imessaging_register(winbind_imessaging_context(), NULL,
- MSG_WINBIND_NEW_TRUSTED_DOMAIN,
+ MSG_WINBIND_RELOAD_TRUSTED_DOMAINS,
wb_imsg_new_trusted_domain);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("imessaging_register failed %s\n", nt_errstr(status));
if (!IS_DC) {
return find_our_domain();
}
- DBG_ERR("Routing logic not yet implemented on a DC");
+ DBG_DEBUG("Routing logic not yet implemented on a DC\n");
return NULL;
}
git.samba.org / samba.git / blobdiff