fstring name; /* Domain name */
fstring alt_name; /* alt Domain name (if any) */
DOM_SID sid; /* SID for this domain */
+ BOOL native_mode; /* is this a win2k domain in native mode ? */
/* Lookup methods for this domain (LDAP or RPC) */
/* Open a connction to the remote server, cache failures for 30 seconds */
-static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name,
+static NTSTATUS cm_open_connection(const char *domain, const iont pipe_index,
struct winbindd_cm_conn *new_conn)
{
struct failed_connection_cache *fcc;
ZERO_STRUCT(dc_ip);
fstrcpy(new_conn->domain, domain);
- fstrcpy(new_conn->pipe_name, pipe_name);
+ fstrcpy(new_conn->pipe_name, get_pipe_name_from_index(pipe_index));
/* Look for a domain controller for this domain. Negative results
are cached so don't bother applying the caching for this
return result;
}
- if (!cli_nt_session_open (new_conn->cli, get_pipe_index(pipe_name))) {
+ if ( !cli_nt_session_open (new_conn->cli, pipe_index) ) {
result = NT_STATUS_PIPE_NOT_AVAILABLE;
add_failed_connection_entry(new_conn, result);
cli_shutdown(new_conn->cli);
ZERO_STRUCTP(conn);
- if (!NT_STATUS_IS_OK(result = cm_open_connection(domain, pipe_name, conn))) {
+ if (!NT_STATUS_IS_OK(result = cm_open_connection(domain, get_pipe_index(pipe_name), conn))) {
DEBUG(3, ("Could not open a connection to %s for %s (%s)\n",
domain, pipe_name, nt_errstr(result)));
SAFE_FREE(conn);
return NT_STATUS_OK;
}
+
+/**********************************************************************************
+**********************************************************************************/
+
+BOOL cm_check_for_native_mode_win2k( const char *domain )
+{
+ NTSTATUS result;
+ struct winbindd_cm_conn conn;
+ DS_DOMINFO_CTR ctr;
+ BOOL ret = False;
+
+ ZERO_STRUCT( conn );
+ ZERO_STRUCT( ctr );
+
+
+ if ( !NT_STATUS_IS_OK(result = cm_open_connection(domain, PI_LSARPC_DS, &conn)) )
+ {
+ DEBUG(3, ("cm_check_for_native_mode_win2k: Could not open a connection to %s for PIPE_LSARPC (%s)\n",
+ domain, nt_errstr(result)));
+ return False;
+ }
+
+ if ( conn.cli ) {
+ if ( !NT_STATUS_IS_OK(cli_ds_getprimarydominfo( conn.cli,
+ conn.cli->mem_ctx, DsRolePrimaryDomainInfoBasic, &ctr)) )
+ {
+ ret = False;
+ goto done;
+ }
+ }
+
+ if ( (ctr.basic->flags & DSROLE_PRIMARY_DS_RUNNING)
+ && !(ctr.basic->flags & DSROLE_PRIMARY_DS_MIXED_MODE) )
+ {
+ ret = True;
+ }
+
+done:
+ if ( conn.cli )
+ cli_shutdown( conn.cli );
+
+ return ret;
+}
+
+
+
/* Return a LSA policy handle on a domain */
CLI_POLICY_HND *cm_get_lsa_handle(char *domain)
}
}
+
/* Add a trusted domain to our list of domains */
static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name,
struct winbindd_methods *methods,
}
}
- domain->methods = methods;
+ domain->methods = methods;
domain->sequence_number = DOM_SEQUENCE_NONE;
domain->last_seq_check = 0;
if (sid) {
sid_copy(&domain->sid, sid);
}
+
+ /* see if this is a native mode win2k domain, but only for our own domain */
+
+ if ( strequal( lp_workgroup(), domain_name) ) {
+ domain->native_mode = cm_check_for_native_mode_win2k( domain_name );
+ DEBUG(5,("add_trusted_domain: %s is a %s mode domain\n", domain_name,
+ domain->native_mode ? "native" : "mixed" ));
+ }
/* Link to domain list */
DLIST_ADD(_domain_list, domain);
return state_set;
}
-#if 0 /* JERRY */
-
/****************************************************************************
check the rpc bind acknowledge response
****************************************************************************/
-static BOOL valid_pipe_name(const char *pipe_name, RPC_IFACE *abstract, RPC_IFACE *transfer)
+int get_pipe_index( const char *pipe_name )
{
int pipe_idx = 0;
while (pipe_names[pipe_idx].client_pipe != NULL) {
- if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe )) {
- DEBUG(5,("Bind Abstract Syntax: "));
- dump_data(5, (char*)&(pipe_names[pipe_idx].abstr_syntax),
- sizeof(pipe_names[pipe_idx].abstr_syntax));
- DEBUG(5,("Bind Transfer Syntax: "));
- dump_data(5, (char*)&(pipe_names[pipe_idx].trans_syntax),
- sizeof(pipe_names[pipe_idx].trans_syntax));
-
- /* copy the required syntaxes out so we can do the right bind */
- *transfer = pipe_names[pipe_idx].trans_syntax;
- *abstract = pipe_names[pipe_idx].abstr_syntax;
-
- return True;
- }
+ if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe ))
+ return pipe_idx;
pipe_idx++;
};
- DEBUG(5,("Bind RPC Pipe[%s] unsupported\n", pipe_name));
- return False;
+ return -1;
}
-#endif
/****************************************************************************
check the rpc bind acknowledge response
****************************************************************************/
-int get_pipe_index( const char *pipe_name )
+char* get_pipe_name_from_index( const int pipe_index )
{
- int pipe_idx = 0;
- while (pipe_names[pipe_idx].client_pipe != NULL) {
- if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe ))
- return pipe_idx;
- pipe_idx++;
- };
+ if ( (pipe_index < 0) || (pipe_index >= PI_MAX_PIPES) )
+ return NULL;
- return -1;
+ return pipe_names[pipe_index].client_pipe;
}
/****************************************************************************
check the rpc bind acknowledge response
****************************************************************************/
-static BOOL valid_pipe_name_by_idx(const int pipe_idx, RPC_IFACE *abstract, RPC_IFACE *transfer)
+static BOOL valid_pipe_name(const int pipe_idx, RPC_IFACE *abstract, RPC_IFACE *transfer)
{
if ( pipe_idx >= PI_MAX_PIPES ) {
- DEBUG(0,("valid_pipe_name_by_idx: Programmer error! Invalid pipe index [%d]\n",
+ DEBUG(0,("valid_pipe_name: Programmer error! Invalid pipe index [%d]\n",
pipe_idx));
return False;
}
DEBUG(5,("Bind RPC Pipe[%x]: %s\n", cli->nt_pipe_fnum, pipe_names[pipe_idx].client_pipe));
- if (!valid_pipe_name_by_idx(pipe_idx, &abstract, &transfer))
+ if (!valid_pipe_name(pipe_idx, &abstract, &transfer))
return False;
prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL);
git.samba.org / samba.git / commitdiff