Changeset 587 for vendor/current/source3/winbindd

Timestamp:

Jun 29, 2011, 7:36:41 AM (14 years ago)

Author:

Herwig Bauernfeind

Message:

Samba 3.5: Update vendor to version 3.5.6

Location:

vendor/current/source3/winbindd

Files:

• winbindd_cm.c (modified) (6 diffs)
• winbindd_dual_srv.c (modified) (1 diff)
• winbindd_pam.c (modified) (2 diffs)

vendor/current/source3/winbindd/winbindd_cm.c

@@ -2017 +2017 @@
 ***********************************************************************/
 
-static bool cm_get_schannel_creds(struct winbindd_domain *domain,
+static NTSTATUS cm_get_schannel_creds(struct winbindd_domain *domain,
                                    struct netlogon_creds_CredentialState **ppdc)
 {
-        NTSTATUS result;
+        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
         struct rpc_pipe_client *netlogon_pipe;
 
         if (lp_client_schannel() == False) {
-                return False;
+                return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;;
         }
 
         result = cm_connect_netlogon(domain, &netlogon_pipe);
         if (!NT_STATUS_IS_OK(result)) {
-                return False;
+                return result;
         }
 
@@ -2036 +2036 @@
 
         if (!domain->conn.netlogon_pipe->dc) {
-                return false;
+                return NT_STATUS_INTERNAL_ERROR; /* This shouldn't happen. */
         }
 
         *ppdc = domain->conn.netlogon_pipe->dc;
-        return True;
+        return NT_STATUS_OK;
 }
 
@@ -2137 +2137 @@
         /* Fall back to schannel if it's a W2K pre-SP1 box. */
 
-        if (!cm_get_schannel_creds(domain, &p_creds)) {
+        result = cm_get_schannel_creds(domain, &p_creds);
+        if (!NT_STATUS_IS_OK(result)) {
                 /* If this call fails - conn->cli can now be NULL ! */
                 DEBUG(10, ("cm_connect_sam: Could not get schannel auth info "
-                           "for domain %s, trying anon\n", domain->name));
+                           "for domain %s (error %s), trying anon\n",
+                        domain->name,
+                        nt_errstr(result) ));
                 goto anonymous;
         }
@@ -2232 +2235 @@
 {
         struct winbindd_cm_conn *conn;
+        struct netlogon_creds_CredentialState *creds;
         NTSTATUS status;
 
@@ -2252 +2256 @@
         TALLOC_FREE(conn->lsa_pipe_tcp);
 
-        status = cli_rpc_pipe_open_schannel(conn->cli,
-                                            &ndr_table_lsarpc.syntax_id,
-                                            NCACN_IP_TCP,
-                                            DCERPC_AUTH_LEVEL_PRIVACY,
-                                            domain->name,
-                                            &conn->lsa_pipe_tcp);
+        status = cm_get_schannel_creds(domain, &creds);
         if (!NT_STATUS_IS_OK(status)) {
-                DEBUG(10,("cli_rpc_pipe_open_schannel failed: %s\n",
+                goto done;
+        }
+
+        status = cli_rpc_pipe_open_schannel_with_key(conn->cli,
+                                                     &ndr_table_lsarpc.syntax_id,
+                                                     NCACN_IP_TCP,
+                                                     DCERPC_AUTH_LEVEL_PRIVACY,
+                                                     domain->name,
+                                                     &creds,
+                                                     &conn->lsa_pipe_tcp);
+        if (!NT_STATUS_IS_OK(status)) {
+                DEBUG(10,("cli_rpc_pipe_open_schannel_with_key failed: %s\n",
                         nt_errstr(status)));
                 goto done;
@@ -2339 +2349 @@
         /* Fall back to schannel if it's a W2K pre-SP1 box. */
 
-        if (!cm_get_schannel_creds(domain, &p_creds)) {
+        result = cm_get_schannel_creds(domain, &p_creds);
+        if (!NT_STATUS_IS_OK(result)) {
                 /* If this call fails - conn->cli can now be NULL ! */
                 DEBUG(10, ("cm_connect_lsa: Could not get schannel auth info "
-                           "for domain %s, trying anon\n", domain->name));
+                           "for domain %s (error %s), trying anon\n",
+                        domain->name,
+                        nt_errstr(result) ));
                 goto anonymous;
         }

vendor/current/source3/winbindd/winbindd_dual_srv.c

@@ -611 +611 @@
         id.id = r->in.id;
 
-        switch (id.type) {
+        switch (r->in.type) {
         case WBINT_ID_TYPE_UID:
                 id.type = ID_TYPE_UID;
                 status = idmap_set_uid_hwm(&id);
                 break;
-        case ID_TYPE_GID:
+        case WBINT_ID_TYPE_GID:
                 id.type = ID_TYPE_GID;
                 status = idmap_set_gid_hwm(&id);

vendor/current/source3/winbindd/winbindd_pam.c

@@ -802 +802 @@
 {
         struct winbindd_domain *domain;
-        fstring name_domain, name_user, mapped_user;
+        fstring name_domain, name_user;
         char *mapped = NULL;
         NTSTATUS result;
@@ -829 +829 @@
                                                &mapped);
 
-        /* If the name normalization didnt' actually do anything,
-           just use the original name */
-
-        if (NT_STATUS_IS_OK(name_map_status)
-            ||NT_STATUS_EQUAL(name_map_status, NT_STATUS_FILE_RENAMED)) {
-                fstrcpy(mapped_user, mapped);
-        } else {
-                fstrcpy(mapped_user, state->request->data.auth.user);
-        }
-
-        if (!canonicalize_username(mapped_user, name_domain, name_user)) {
+        /* Update the auth name if we did any mapping */
+
+        if (NT_STATUS_IS_OK(name_map_status) ||
+            NT_STATUS_EQUAL(name_map_status, NT_STATUS_FILE_RENAMED))
+        {
+                fstrcpy(state->request->data.auth.user, mapped);
+        }
+
+        if (!canonicalize_username(state->request->data.auth.user, name_domain, name_user)) {
                 result = NT_STATUS_NO_SUCH_USER;
                 goto done;