lib/param: Move all enum declarations to lib/param

[samba.git] / source3 / winbindd / winbindd_cm.c

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index edd50d12bc1a89f9820b68f1f3876a71ec2bc337..5a602422ae05e8ade94722e05195c0e7e912b496 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -77,6 +77,8 @@
 #include "passdb.h"
 #include "messages.h"
 #include "auth/gensec/gensec.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "lib/param/loadparm.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
@@ -782,6 +784,8 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
                                      struct cli_state **cli,
                                      bool *retry)
 {
+       bool try_spnego = false;
+       bool try_ipc_auth = false;
        char *machine_password = NULL;
        char *machine_krb5_principal = NULL;
        char *machine_account = NULL;
@@ -824,17 +828,22 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 
        cli_set_timeout(*cli, 10000); /* 10 seconds */
 
-       result = cli_negprot(*cli, PROTOCOL_NT1);
+       result = smbXcli_negprot((*cli)->conn, (*cli)->timeout, PROTOCOL_CORE,
+                                PROTOCOL_SMB2_02);
 
        if (!NT_STATUS_IS_OK(result)) {
                DEBUG(1, ("cli_negprot failed: %s\n", nt_errstr(result)));
                goto done;
        }
 
-       if (!is_dc_trusted_domain_situation(domain->name) &&
-           cli_state_protocol(*cli) >= PROTOCOL_NT1 &&
-           cli_state_capabilities(*cli) & CAP_EXTENDED_SECURITY)
-       {
+       if (smbXcli_conn_protocol((*cli)->conn) >= PROTOCOL_NT1 &&
+           smb1cli_conn_capabilities((*cli)->conn) & CAP_EXTENDED_SECURITY) {
+               try_spnego = true;
+       } else if (smbXcli_conn_protocol((*cli)->conn) >= PROTOCOL_SMB2_02) {
+               try_spnego = true;
+       }
+
+       if (!is_dc_trusted_domain_situation(domain->name) && try_spnego) {
                result = get_trust_creds(domain, &machine_password,
                                         &machine_account,
                                         &machine_krb5_principal);
@@ -911,9 +920,16 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 
        cm_get_ipc_userpass(&ipc_username, &ipc_domain, &ipc_password);
 
-       sec_mode = cli_state_security_mode(*cli);
-       if (((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) != 0) &&
-           (strlen(ipc_username) > 0)) {
+       sec_mode = smb1cli_conn_server_security_mode((*cli)->conn);
+
+       try_ipc_auth = false;
+       if (try_spnego) {
+               try_ipc_auth = true;
+       } else if (sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) {
+               try_ipc_auth = true;
+       }
+
+       if (try_ipc_auth && (strlen(ipc_username) > 0)) {
 
                /* Only try authenticated if we have a username */
 
@@ -1145,10 +1161,11 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
                }
 
                ads_destroy( &ads );
+               return false;
        }
 #endif
 
-       status = nbt_getdc(winbind_messaging_context(), pss, domain->name,
+       status = nbt_getdc(winbind_messaging_context(), 10, pss, domain->name,
                           &domain->sid, nt_version, mem_ctx, &nt_version,
                           &dc_name, NULL);
        if (NT_STATUS_IS_OK(status)) {
@@ -1410,7 +1427,7 @@ static void store_current_dc_in_gencache(const char *domain_name,
        }
 
        print_sockaddr(addr, sizeof(addr),
-                      cli_state_remote_sockaddr(cli));
+                      smbXcli_conn_remote_sockaddr(cli->conn));
 
        key = current_dc_key(talloc_tos(), domain_name);
        if (key == NULL) {
@@ -1676,7 +1693,7 @@ void close_conns_after_fork(void)
                 * requests in invalidate_cm_connection()
                 */
                if (cli_state_is_connected(domain->conn.cli)) {
-                       cli_state_disconnect(domain->conn.cli);
+                       smbXcli_conn_disconnect(domain->conn.cli->conn, NT_STATUS_OK);
                }
 
                invalidate_cm_connection(&domain->conn);
@@ -1724,12 +1741,6 @@ static NTSTATUS init_dc_connection_network(struct winbindd_domain *domain)
                return NT_STATUS_OK;
        }
 
-       if (!winbindd_can_contact_domain(domain)) {
-               invalidate_cm_connection(&domain->conn);
-               domain->initialized = True;
-               return NT_STATUS_OK;
-       }
-
        if (connection_ok(domain)) {
                if (!domain->initialized) {
                        set_dc_type_and_flags(domain);
@@ -2143,7 +2154,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
        char *machine_account = NULL;
        char *domain_name = NULL;
 
-       if (sid_check_is_domain(&domain->sid)) {
+       if (sid_check_is_our_sam(&domain->sid)) {
                return open_internal_samr_conn(mem_ctx, domain, cli, sam_handle);
        }
 
@@ -2197,7 +2208,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                                          NCACN_NP,
                                          GENSEC_OID_NTLMSSP,
                                          DCERPC_AUTH_LEVEL_PRIVACY,
-                                         cli_state_remote_name(conn->cli),
+                                         smbXcli_conn_remote_name(conn->cli->conn),
                                          domain_name,
                                          machine_account,
                                          machine_password,
@@ -2436,7 +2447,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                (conn->cli, &ndr_table_lsarpc, NCACN_NP,
                 GENSEC_OID_NTLMSSP,
                 DCERPC_AUTH_LEVEL_PRIVACY,
-                cli_state_remote_name(conn->cli),
+                smbXcli_conn_remote_name(conn->cli->conn),
                 conn->cli->domain, conn->cli->user_name, conn->cli->password,
                 &conn->lsa_pipe);
 
@@ -2539,7 +2550,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
        struct winbindd_cm_conn *conn;
        NTSTATUS result;
 
-       uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+       uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
        uint8  mach_pwd[16];
        enum netr_SchannelType sec_chan_type;
        const char *account_name;
@@ -2707,10 +2718,10 @@ void winbind_msg_ip_dropped(struct messaging_context *msg_ctx,
                }
 
                print_sockaddr(sockaddr, sizeof(sockaddr),
-                              cli_state_local_sockaddr(domain->conn.cli));
+                              smbXcli_conn_local_sockaddr(domain->conn.cli->conn));
 
                if (strequal(sockaddr, addr)) {
-                       cli_state_disconnect(domain->conn.cli);
+                       smbXcli_conn_disconnect(domain->conn.cli->conn, NT_STATUS_OK);
                }
        }
        TALLOC_FREE(freeit);