s3:winbindd: it's 2024 and all AD domains should be native now

author Stefan Metzmacher <metze@samba.org>

Wed, 25 Sep 2024 17:04:41 +0000 (19:04 +0200)

committer Stefan Metzmacher <metze@samba.org>

Tue, 1 Oct 2024 09:53:32 +0000 (09:53 +0000)
author Stefan Metzmacher <metze@samba.org>
Wed, 25 Sep 2024 17:04:41 +0000 (19:04 +0200)
committer Stefan Metzmacher <metze@samba.org>
Tue, 1 Oct 2024 09:53:32 +0000 (09:53 +0000)
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h

index 53430a694bb4cae3e850cc15b29dd778ec3f4164..24139b46ce938715df235894423315fd5f644f37 100644 (file)
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -130,7 +130,6 @@ struct winbindd_domain {
         uint32_t domain_trust_attribs;           /* Trust attribs from netlogon.h */
         struct winbindd_domain *routing_domain;
         bool initialized;                      /* Did we already ask for the domain mode? */
-       bool native_mode;                      /* is this a win2k domain in native mode ? */
         bool active_directory;                 /* is this a win2k active directory ? */
         bool primary;                          /* is this our primary domain ? */
         bool internal;                         /* BUILTIN and member SAM */
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c

index fe634feb4c4c8790b2051c27038ba014b6602dc4..d10f0ffcf6fac8ef96a57b442e04b4159eb9f8b2 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2157,16 +2157,6 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
                         if ( domain->domain_type == LSA_TRUST_TYPE_UPLEVEL )
                                 domain->active_directory = True;
  
-                       /* This flag is only set if the domain is *our*
-                          primary domain and the primary domain is in
-                          native mode */
-
-                       domain->native_mode = (domain->domain_flags & NETR_TRUST_FLAG_NATIVE);
-
-                       DEBUG(5, ("set_dc_type_and_flags_trustinfo: domain %s is %sin "
-                                 "native mode.\n", domain->name,
-                                 domain->native_mode ? "" : "NOT "));
-
                         DEBUG(5,("set_dc_type_and_flags_trustinfo: domain %s is %s"
                                  "running active directory.\n", domain->name,
                                  domain->active_directory ? "" : "NOT "));
@@ -2196,11 +2186,9 @@ static void set_dc_type_and_flags_connect( struct winbindd_domain *domain )
  {
         NTSTATUS status, result;
         NTSTATUS close_status = NT_STATUS_UNSUCCESSFUL;
-       WERROR werr;
         TALLOC_CTX              *mem_ctx = NULL;
         struct rpc_pipe_client  *cli = NULL;
         struct policy_handle pol = { .handle_type = 0 };
-       union dssetup_DsRoleInfo info;
         union lsa_PolicyInformation *lsa_info = NULL;
         union lsa_revision_info out_revision_info = {
                 .info1 = {
@@ -2222,63 +2210,6 @@ static void set_dc_type_and_flags_connect( struct winbindd_domain *domain )
  
         DEBUG(5, ("set_dc_type_and_flags_connect: domain %s\n", domain->name ));
  
-       if (domain->internal) {
-               status = wb_open_internal_pipe(mem_ctx,
-                                              &ndr_table_dssetup,
-                                              &cli);
-       } else {
-               status = cli_rpc_pipe_open_noauth(domain->conn.cli,
-                                                 &ndr_table_dssetup,
-                                                 &cli);
-       }
-
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(5, ("set_dc_type_and_flags_connect: Could not bind to "
-                         "PI_DSSETUP on domain %s: (%s)\n",
-                         domain->name, nt_errstr(status)));
-
-               /* if this is just a non-AD domain we need to continue
-                * identifying so that we can in the end return with
-                * domain->initialized = True - gd */
-
-               goto no_dssetup;
-       }
-
-       status = dcerpc_dssetup_DsRoleGetPrimaryDomainInformation(cli->binding_handle, mem_ctx,
-                                                                 DS_ROLE_BASIC_INFORMATION,
-                                                                 &info,
-                                                                 &werr);
-       TALLOC_FREE(cli);
-
-       if (NT_STATUS_IS_OK(status)) {
-               result = werror_to_ntstatus(werr);
-       }
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(5, ("set_dc_type_and_flags_connect: rpccli_ds_getprimarydominfo "
-                         "on domain %s failed: (%s)\n",
-                         domain->name, nt_errstr(status)));
-
-               /* older samba3 DCs will return DCERPC_FAULT_OP_RNG_ERROR for
-                * every opcode on the DSSETUP pipe, continue with
-                * no_dssetup mode here as well to get domain->initialized
-                * set - gd */
-
-               if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
-                       goto no_dssetup;
-               }
-
-               TALLOC_FREE(mem_ctx);
-               return;
-       }
-
-       if ((info.basic.flags & DS_ROLE_PRIMARY_DS_RUNNING) &&
-           !(info.basic.flags & DS_ROLE_PRIMARY_DS_MIXED_MODE)) {
-               domain->native_mode = True;
-       } else {
-               domain->native_mode = False;
-       }
-
-no_dssetup:
         if (domain->internal) {
                 status = wb_open_internal_pipe(mem_ctx,
                                                &ndr_table_lsarpc,
@@ -2477,9 +2408,6 @@ done:
                                  &close_status);
         }
  
-       DEBUG(5, ("set_dc_type_and_flags_connect: domain %s is %sin native mode.\n",
-                 domain->name, domain->native_mode ? "" : "NOT "));
-
         DEBUG(5,("set_dc_type_and_flags_connect: domain %s is %srunning active directory.\n",
                   domain->name, domain->active_directory ? "" : "NOT "));
  
diff --git a/source3/winbindd/winbindd_domain_info.c b/source3/winbindd/winbindd_domain_info.c

index c4364d99ad3b9275c31079f0a382e26648f6e690..5b3c46a9de57d64d9cef3de18bb2603144d2ff36 100644 (file)
--- a/source3/winbindd/winbindd_domain_info.c
+++ b/source3/winbindd/winbindd_domain_info.c
@@ -133,7 +133,7 @@ NTSTATUS winbindd_domain_info_recv(struct tevent_req *req,
         fstrcpy(response->data.domain_info.alt_name, domain->alt_name);
         sid_to_fstring(response->data.domain_info.sid, &domain->sid);
  
-       response->data.domain_info.native_mode = domain->native_mode;
+       response->data.domain_info.native_mode = domain->active_directory;
         response->data.domain_info.active_directory = domain->active_directory;
         response->data.domain_info.primary = domain->primary;
  
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c

index d4e1995f9280ba6ee5f5ec2bc1084c07923fa724..7582c0606e46843f2eb9034140d9c72f77ceebeb 100644 (file)
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -701,8 +701,6 @@ static void wb_domain_request_initialized(struct tevent_req *subreq)
                 }
         }
  
-       state->domain->native_mode =
-                       (*state->r.out.flags & WB_DOMINFO_DOMAIN_NATIVE);
         state->domain->active_directory =
                         (*state->r.out.flags & WB_DOMINFO_DOMAIN_AD);
         state->domain->initialized = true;
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c

index 0c7e9dd54916a17f6b8c057deec33a964fe3167b..2572588f6d1a1590bb6f13c1522884b378e099e7 100644 (file)
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -91,11 +91,9 @@ NTSTATUS _wbint_InitConnection(struct pipes_struct *p,
         }
  
         *r->out.flags = 0;
-       if (domain->native_mode) {
-               *r->out.flags |= WB_DOMINFO_DOMAIN_NATIVE;
-       }
         if (domain->active_directory) {
                 *r->out.flags |= WB_DOMINFO_DOMAIN_AD;
+               *r->out.flags |= WB_DOMINFO_DOMAIN_NATIVE;
         }
         if (domain->primary) {
                 *r->out.flags |= WB_DOMINFO_DOMAIN_PRIMARY;
diff --git a/source3/winbindd/winbindd_ndr.c b/source3/winbindd/winbindd_ndr.c

index a52a704c024f998bb9ae2f3761f94fe4b2330285..058bf08ce8b536ce3fbe8ac5460377febf399b99 100644 (file)
--- a/source3/winbindd/winbindd_ndr.c
+++ b/source3/winbindd/winbindd_ndr.c
@@ -134,7 +134,6 @@ void ndr_print_winbindd_domain(struct ndr_print *ndr,
         ndr_print_lsa_TrustType(ndr, "domain_type", r->domain_type);
         ndr_print_lsa_TrustAttributes(ndr, "domain_trust_attribs", r->domain_trust_attribs);
         ndr_print_bool(ndr, "initialized", r->initialized);
-       ndr_print_bool(ndr, "native_mode", r->native_mode);
         ndr_print_bool(ndr, "active_directory", r->active_directory);
         ndr_print_bool(ndr, "primary", r->primary);
         ndr_print_bool(ndr, "internal", r->internal);
author	Stefan Metzmacher <metze@samba.org>
	Wed, 25 Sep 2024 17:04:41 +0000 (19:04 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 1 Oct 2024 09:53:32 +0000 (09:53 +0000)
source3/winbindd/winbindd.h		patch \| blob \| blame \| history
source3/winbindd/winbindd_cm.c		patch \| blob \| blame \| history
source3/winbindd/winbindd_domain_info.c		patch \| blob \| blame \| history
source3/winbindd/winbindd_dual.c		patch \| blob \| blame \| history
source3/winbindd/winbindd_dual_srv.c		patch \| blob \| blame \| history
source3/winbindd/winbindd_ndr.c		patch \| blob \| blame \| history