s3:libsmb: get rid of cli_state_remote_name

[samba.git] / source3 / winbindd / winbindd_cm.c

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 39ac28422e8ae34f2998b6704c10991f765fd0c6..c515ace34776aa477b1f6c59a5c6a0b85336aeb3 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -77,6 +77,7 @@
 #include "passdb.h"
 #include "messages.h"
 #include "auth/gensec/gensec.h"
+#include "../libcli/smb/smbXcli_base.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
@@ -188,7 +189,7 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain)
        struct dc_name_ip *dcs = NULL;
        int num_dcs = 0;
        TALLOC_CTX *mem_ctx = NULL;
-       pid_t parent_pid = sys_getpid();
+       pid_t parent_pid = getpid();
        char *lfile = NULL;
        NTSTATUS status;
 
@@ -206,7 +207,7 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain)
                domain->dc_probe_pid = (pid_t)-1;
        }
 
-       domain->dc_probe_pid = sys_fork();
+       domain->dc_probe_pid = fork();
 
        if (domain->dc_probe_pid == (pid_t)-1) {
                DEBUG(0, ("fork_child_dc_connect: Could not fork: %s\n", strerror(errno)));
@@ -782,6 +783,8 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
                                      struct cli_state **cli,
                                      bool *retry)
 {
+       bool try_spnego = false;
+       bool try_ipc_auth = false;
        char *machine_password = NULL;
        char *machine_krb5_principal = NULL;
        char *machine_account = NULL;
@@ -824,17 +827,21 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 
        cli_set_timeout(*cli, 10000); /* 10 seconds */
 
-       result = cli_negprot(*cli, PROTOCOL_NT1);
+       result = cli_negprot(*cli, PROTOCOL_SMB2_02);
 
        if (!NT_STATUS_IS_OK(result)) {
                DEBUG(1, ("cli_negprot failed: %s\n", nt_errstr(result)));
                goto done;
        }
 
-       if (!is_dc_trusted_domain_situation(domain->name) &&
-           cli_state_protocol(*cli) >= PROTOCOL_NT1 &&
-           cli_state_capabilities(*cli) & CAP_EXTENDED_SECURITY)
-       {
+       if (cli_state_protocol(*cli) >= PROTOCOL_NT1 &&
+           cli_state_capabilities(*cli) & CAP_EXTENDED_SECURITY) {
+               try_spnego = true;
+       } else if (cli_state_protocol(*cli) >= PROTOCOL_SMB2_02) {
+               try_spnego = true;
+       }
+
+       if (!is_dc_trusted_domain_situation(domain->name) && try_spnego) {
                result = get_trust_creds(domain, &machine_password,
                                         &machine_account,
                                         &machine_krb5_principal);
@@ -912,8 +919,15 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
        cm_get_ipc_userpass(&ipc_username, &ipc_domain, &ipc_password);
 
        sec_mode = cli_state_security_mode(*cli);
-       if (((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) != 0) &&
-           (strlen(ipc_username) > 0)) {
+
+       try_ipc_auth = false;
+       if (try_spnego) {
+               try_ipc_auth = true;
+       } else if (sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) {
+               try_ipc_auth = true;
+       }
+
+       if (try_ipc_auth && (strlen(ipc_username) > 0)) {
 
                /* Only try authenticated if we have a username */
 
@@ -1145,10 +1159,11 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
                }
 
                ads_destroy( &ads );
+               return false;
        }
 #endif
 
-       status = nbt_getdc(winbind_messaging_context(), pss, domain->name,
+       status = nbt_getdc(winbind_messaging_context(), 10, pss, domain->name,
                           &domain->sid, nt_version, mem_ctx, &nt_version,
                           &dc_name, NULL);
        if (NT_STATUS_IS_OK(status)) {
@@ -1331,7 +1346,7 @@ static bool find_new_dc(TALLOC_CTX *mem_ctx,
                                    &dcnames, &num_dcnames)) {
                        return False;
                }
-               if (!add_sockaddr_to_array(mem_ctx, &dcs[i].ss, 445,
+               if (!add_sockaddr_to_array(mem_ctx, &dcs[i].ss, TCP_SMB_PORT,
                                      &addrs, &num_addrs)) {
                        return False;
                }
@@ -1410,7 +1425,7 @@ static void store_current_dc_in_gencache(const char *domain_name,
        }
 
        print_sockaddr(addr, sizeof(addr),
-                      cli_state_remote_sockaddr(cli));
+                      smbXcli_conn_remote_sockaddr(cli->conn));
 
        key = current_dc_key(talloc_tos(), domain_name);
        if (key == NULL) {
@@ -1882,6 +1897,8 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
                                 "running active directory.\n", domain->name, 
                                 domain->active_directory ? "" : "NOT "));
 
+                       domain->can_do_ncacn_ip_tcp = domain->active_directory;
+                       domain->can_do_validation6 = domain->active_directory;
 
                        domain->initialized = True;
 
@@ -2195,7 +2212,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                                          NCACN_NP,
                                          GENSEC_OID_NTLMSSP,
                                          DCERPC_AUTH_LEVEL_PRIVACY,
-                                         cli_state_remote_name(conn->cli),
+                                         smbXcli_conn_remote_name(conn->cli->conn),
                                          domain_name,
                                          machine_account,
                                          machine_password,
@@ -2434,7 +2451,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                (conn->cli, &ndr_table_lsarpc, NCACN_NP,
                 GENSEC_OID_NTLMSSP,
                 DCERPC_AUTH_LEVEL_PRIVACY,
-                cli_state_remote_name(conn->cli),
+                smbXcli_conn_remote_name(conn->cli->conn),
                 conn->cli->domain, conn->cli->user_name, conn->cli->password,
                 &conn->lsa_pipe);
 
@@ -2705,7 +2722,7 @@ void winbind_msg_ip_dropped(struct messaging_context *msg_ctx,
                }
 
                print_sockaddr(sockaddr, sizeof(sockaddr),
-                              cli_state_local_sockaddr(domain->conn.cli));
+                              smbXcli_conn_local_sockaddr(domain->conn.cli->conn));
 
                if (strequal(sockaddr, addr)) {
                        cli_state_disconnect(domain->conn.cli);