#include "passdb.h"
#include "messages.h"
#include "auth/gensec/gensec.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "lib/param/loadparm.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
struct dc_name_ip *dcs = NULL;
int num_dcs = 0;
TALLOC_CTX *mem_ctx = NULL;
- pid_t parent_pid = sys_getpid();
+ pid_t parent_pid = getpid();
char *lfile = NULL;
NTSTATUS status;
domain->dc_probe_pid = (pid_t)-1;
}
- domain->dc_probe_pid = sys_fork();
+ domain->dc_probe_pid = fork();
if (domain->dc_probe_pid == (pid_t)-1) {
DEBUG(0, ("fork_child_dc_connect: Could not fork: %s\n", strerror(errno)));
struct cli_state **cli,
bool *retry)
{
+ bool try_spnego = false;
+ bool try_ipc_auth = false;
char *machine_password = NULL;
char *machine_krb5_principal = NULL;
char *machine_account = NULL;
cli_set_timeout(*cli, 10000); /* 10 seconds */
- result = cli_negprot(*cli, PROTOCOL_NT1);
+ result = smbXcli_negprot((*cli)->conn, (*cli)->timeout, PROTOCOL_CORE,
+ PROTOCOL_SMB2_02);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(1, ("cli_negprot failed: %s\n", nt_errstr(result)));
goto done;
}
- if (!is_dc_trusted_domain_situation(domain->name) &&
- cli_state_protocol(*cli) >= PROTOCOL_NT1 &&
- cli_state_capabilities(*cli) & CAP_EXTENDED_SECURITY)
- {
+ if (smbXcli_conn_protocol((*cli)->conn) >= PROTOCOL_NT1 &&
+ smb1cli_conn_capabilities((*cli)->conn) & CAP_EXTENDED_SECURITY) {
+ try_spnego = true;
+ } else if (smbXcli_conn_protocol((*cli)->conn) >= PROTOCOL_SMB2_02) {
+ try_spnego = true;
+ }
+
+ if (!is_dc_trusted_domain_situation(domain->name) && try_spnego) {
result = get_trust_creds(domain, &machine_password,
&machine_account,
&machine_krb5_principal);
cm_get_ipc_userpass(&ipc_username, &ipc_domain, &ipc_password);
- sec_mode = cli_state_security_mode(*cli);
- if (((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) != 0) &&
- (strlen(ipc_username) > 0)) {
+ sec_mode = smb1cli_conn_server_security_mode((*cli)->conn);
+
+ try_ipc_auth = false;
+ if (try_spnego) {
+ try_ipc_auth = true;
+ } else if (sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) {
+ try_ipc_auth = true;
+ }
+
+ if (try_ipc_auth && (strlen(ipc_username) > 0)) {
/* Only try authenticated if we have a username */
}
ads_destroy( &ads );
+ return false;
}
#endif
- status = nbt_getdc(winbind_messaging_context(), pss, domain->name,
+ status = nbt_getdc(winbind_messaging_context(), 10, pss, domain->name,
&domain->sid, nt_version, mem_ctx, &nt_version,
&dc_name, NULL);
if (NT_STATUS_IS_OK(status)) {
}
print_sockaddr(addr, sizeof(addr),
- cli_state_remote_sockaddr(cli));
+ smbXcli_conn_remote_sockaddr(cli->conn));
key = current_dc_key(talloc_tos(), domain_name);
if (key == NULL) {
* requests in invalidate_cm_connection()
*/
if (cli_state_is_connected(domain->conn.cli)) {
- cli_state_disconnect(domain->conn.cli);
+ smbXcli_conn_disconnect(domain->conn.cli->conn, NT_STATUS_OK);
}
invalidate_cm_connection(&domain->conn);
return NT_STATUS_OK;
}
- if (!winbindd_can_contact_domain(domain)) {
- invalidate_cm_connection(&domain->conn);
- domain->initialized = True;
- return NT_STATUS_OK;
- }
-
if (connection_ok(domain)) {
if (!domain->initialized) {
set_dc_type_and_flags(domain);
char *machine_account = NULL;
char *domain_name = NULL;
- if (sid_check_is_domain(&domain->sid)) {
+ if (sid_check_is_our_sam(&domain->sid)) {
return open_internal_samr_conn(mem_ctx, domain, cli, sam_handle);
}
NCACN_NP,
GENSEC_OID_NTLMSSP,
DCERPC_AUTH_LEVEL_PRIVACY,
- cli_state_remote_name(conn->cli),
+ smbXcli_conn_remote_name(conn->cli->conn),
domain_name,
machine_account,
machine_password,
(conn->cli, &ndr_table_lsarpc, NCACN_NP,
GENSEC_OID_NTLMSSP,
DCERPC_AUTH_LEVEL_PRIVACY,
- cli_state_remote_name(conn->cli),
+ smbXcli_conn_remote_name(conn->cli->conn),
conn->cli->domain, conn->cli->user_name, conn->cli->password,
&conn->lsa_pipe);
struct winbindd_cm_conn *conn;
NTSTATUS result;
- uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
uint8 mach_pwd[16];
enum netr_SchannelType sec_chan_type;
const char *account_name;
}
print_sockaddr(sockaddr, sizeof(sockaddr),
- cli_state_local_sockaddr(domain->conn.cli));
+ smbXcli_conn_local_sockaddr(domain->conn.cli->conn));
if (strequal(sockaddr, addr)) {
- cli_state_disconnect(domain->conn.cli);
+ smbXcli_conn_disconnect(domain->conn.cli->conn, NT_STATUS_OK);
}
}
TALLOC_FREE(freeit);