#include "includes.h"
#include "winbindd.h"
+#include "../libcli/auth/libcli_auth.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
int num_dcs = 0;
TALLOC_CTX *mem_ctx = NULL;
pid_t parent_pid = sys_getpid();
+ char *lfile = NULL;
/* Stop zombies */
CatchChild();
/* Leave messages blocked - we will never process one. */
- if (!reinit_after_fork(winbind_messaging_context(),
- winbind_event_context(), true)) {
- DEBUG(0,("reinit_after_fork() failed\n"));
+ if (!override_logfile) {
+ if (asprintf(&lfile, "%s/log.winbindd-dc-connect", get_dyn_LOGFILEBASE()) == -1) {
+ DEBUG(0, ("fork_child_dc_connect: out of memory.\n"));
+ _exit(1);
+ }
+ }
+
+ if (!winbindd_reinit_after_fork(lfile)) {
messaging_send_buf(winbind_messaging_context(),
pid_to_procid(parent_pid),
MSG_WINBIND_FAILED_TO_GO_ONLINE,
(uint8 *)domain->name,
strlen(domain->name)+1);
- _exit(0);
- }
-
- close_conns_after_fork();
-
- if (!override_logfile) {
- char *lfile;
- if (asprintf(&lfile, "%s/log.winbindd-dc-connect", get_dyn_LOGFILEBASE()) > 0) {
- lp_set_logfile(lfile);
- SAFE_FREE(lfile);
- reopen_logs();
- }
+ _exit(1);
}
+ SAFE_FREE(lfile);
mem_ctx = talloc_init("fork_child_dc_connect");
if (!mem_ctx) {
MSG_WINBIND_FAILED_TO_GO_ONLINE,
(uint8 *)domain->name,
strlen(domain->name)+1);
- _exit(0);
+ _exit(1);
}
if ((!get_dcs(mem_ctx, domain, &dcs, &num_dcs)) || (num_dcs == 0)) {
static void check_domain_online_handler(struct event_context *ctx,
struct timed_event *te,
- const struct timeval *now,
+ struct timeval now,
void *private_data)
{
struct winbindd_domain *domain =
/* Are we still in "startup" mode ? */
- if (domain->startup && (now->tv_sec > domain->startup_time + 30)) {
+ if (domain->startup && (now.tv_sec > domain->startup_time + 30)) {
/* No longer in "startup" mode. */
DEBUG(10,("check_domain_online_handler: domain %s no longer in 'startup' mode.\n",
domain->name ));
domain->check_online_event = event_add_timed(winbind_event_context(),
NULL,
timeval_current_ofs(domain->check_online_timeout,0),
- "check_domain_online_handler",
check_domain_online_handler,
domain);
static void set_domain_online(struct winbindd_domain *domain)
{
- struct timeval now;
-
DEBUG(10,("set_domain_online: called for domain %s\n",
domain->name ));
winbindd_set_locator_kdc_envs(domain);
/* If we are waiting to get a krb5 ticket, trigger immediately. */
- GetTimeOfDay(&now);
- set_event_dispatch_time(winbind_event_context(),
- "krb5_ticket_gain_handler", now);
- set_event_dispatch_time(winbind_event_context(),
- "krb5_ticket_refresh_handler", now);
+ ccache_regain_all_now();
/* Ok, we're out of any startup mode now... */
domain->startup = False;
domain->check_online_event = event_add_timed(winbind_event_context(),
NULL,
tev,
- "check_domain_online_handler",
check_domain_online_handler,
domain);
DS_RETURN_DNS_NAME,
&domain_info,
&werr);
- if (W_ERROR_IS_OK(werr)) {
+ if (NT_STATUS_IS_OK(result) && W_ERROR_IS_OK(werr)) {
tmp = talloc_strdup(
mem_ctx, domain_info->dc_unc);
if (tmp == NULL) {
}
}
- cli_setup_signing_state(*cli, Undefined);
-
result = cli_negprot(*cli);
if (!NT_STATUS_IS_OK(result)) {
result = ads_ntstatus(ads_status);
if (NT_STATUS_IS_OK(result)) {
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
- cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
+ result = cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
goto session_setup_done;
}
}
result = ads_ntstatus(ads_status);
if (NT_STATUS_IS_OK(result)) {
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
- cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
+ result = cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
goto session_setup_done;
}
}
ipc_password, strlen(ipc_password)+1,
ipc_domain))) {
/* Successful logon with given username. */
- cli_init_creds(*cli, ipc_username, ipc_domain, ipc_password);
+ result = cli_init_creds(*cli, ipc_username, ipc_domain, ipc_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
goto session_setup_done;
} else {
DEBUG(4, ("authenticated session setup with user %s\\%s failed.\n",
if (NT_STATUS_IS_OK(cli_session_setup(*cli, "", NULL, 0,
NULL, 0, ""))) {
DEBUG(5, ("Connected anonymously\n"));
- cli_init_creds(*cli, "", "", "");
+ result = cli_init_creds(*cli, "", "", "");
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
goto session_setup_done;
}
winbindd_set_locator_kdc_envs(domain);
- if (!cli_send_tconX(*cli, "IPC$", "IPC", "", 0)) {
-
- result = cli_nt_error(*cli);
+ result = cli_tcon_andx(*cli, "IPC$", "IPC", "", 0);
+ if (!NT_STATUS_IS_OK(result)) {
DEBUG(1,("failed tcon_X with %s\n", nt_errstr(result)));
-
- if (NT_STATUS_IS_OK(result))
- result = NT_STATUS_UNSUCCESSFUL;
-
goto done;
}
*retry = False;
/* set the domain if empty; needed for schannel connections */
- if ( !*(*cli)->domain ) {
- fstrcpy( (*cli)->domain, domain->name );
+ if ( !(*cli)->domain[0] ) {
+ result = cli_set_domain((*cli), domain->name);
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
}
result = NT_STATUS_OK;
NTSTATUS result;
WERROR werr;
TALLOC_CTX *mem_ctx = NULL;
- struct rpc_pipe_client *cli;
- POLICY_HND pol;
+ struct rpc_pipe_client *cli = NULL;
+ struct policy_handle pol;
union dssetup_DsRoleInfo info;
union lsa_PolicyInformation *lsa_info = NULL;
/**********************************************************************
***********************************************************************/
-static bool cm_get_schannel_dcinfo(struct winbindd_domain *domain,
- struct dcinfo **ppdc)
+static bool cm_get_schannel_creds(struct winbindd_domain *domain,
+ struct netlogon_creds_CredentialState **ppdc)
{
NTSTATUS result;
struct rpc_pipe_client *netlogon_pipe;
return False;
}
- /* Return a pointer to the struct dcinfo from the
+ /* Return a pointer to the struct netlogon_creds_CredentialState from the
netlogon pipe. */
if (!domain->conn.netlogon_pipe->dc) {
}
NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
- struct rpc_pipe_client **cli, POLICY_HND *sam_handle)
+ struct rpc_pipe_client **cli, struct policy_handle *sam_handle)
{
struct winbindd_cm_conn *conn;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- fstring conn_pwd;
- struct dcinfo *p_dcinfo;
+ struct netlogon_creds_CredentialState *p_creds;
char *machine_password = NULL;
char *machine_account = NULL;
char *domain_name = NULL;
* anonymous.
*/
- pwd_get_cleartext(&conn->cli->pwd, conn_pwd);
if ((conn->cli->user_name[0] == '\0') ||
(conn->cli->domain[0] == '\0') ||
- (conn_pwd[0] == '\0'))
+ (conn->cli->password == NULL || conn->cli->password[0] == '\0'))
{
result = get_trust_creds(domain, &machine_password,
&machine_account, NULL);
}
domain_name = domain->name;
} else {
- machine_password = SMB_STRDUP(conn_pwd);
+ machine_password = SMB_STRDUP(conn->cli->password);
machine_account = SMB_STRDUP(conn->cli->user_name);
domain_name = conn->cli->domain;
}
/* Fall back to schannel if it's a W2K pre-SP1 box. */
- if (!cm_get_schannel_dcinfo(domain, &p_dcinfo)) {
+ if (!cm_get_schannel_creds(domain, &p_creds)) {
/* If this call fails - conn->cli can now be NULL ! */
DEBUG(10, ("cm_connect_sam: Could not get schannel auth info "
"for domain %s, trying anon\n", domain->name));
}
result = cli_rpc_pipe_open_schannel_with_key
(conn->cli, &ndr_table_samr.syntax_id, PIPE_AUTH_LEVEL_PRIVACY,
- domain->name, p_dcinfo, &conn->samr_pipe);
+ domain->name, p_creds, &conn->samr_pipe);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("cm_connect_sam: failed to connect to SAMR pipe for "
}
NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
- struct rpc_pipe_client **cli, POLICY_HND *lsa_policy)
+ struct rpc_pipe_client **cli, struct policy_handle *lsa_policy)
{
struct winbindd_cm_conn *conn;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- fstring conn_pwd;
- struct dcinfo *p_dcinfo;
+ struct netlogon_creds_CredentialState *p_creds;
result = init_dc_connection(domain);
if (!NT_STATUS_IS_OK(result))
goto done;
}
- pwd_get_cleartext(&conn->cli->pwd, conn_pwd);
if ((conn->cli->user_name[0] == '\0') ||
(conn->cli->domain[0] == '\0') ||
- (conn_pwd[0] == '\0')) {
+ (conn->cli->password == NULL || conn->cli->password[0] == '\0')) {
DEBUG(10, ("cm_connect_lsa: No no user available for "
"domain %s, trying schannel\n", conn->cli->domain));
goto schannel;
result = cli_rpc_pipe_open_spnego_ntlmssp
(conn->cli, &ndr_table_lsarpc.syntax_id,
PIPE_AUTH_LEVEL_PRIVACY,
- conn->cli->domain, conn->cli->user_name, conn_pwd,
+ conn->cli->domain, conn->cli->user_name, conn->cli->password,
&conn->lsa_pipe);
if (!NT_STATUS_IS_OK(result)) {
/* Fall back to schannel if it's a W2K pre-SP1 box. */
- if (!cm_get_schannel_dcinfo(domain, &p_dcinfo)) {
+ if (!cm_get_schannel_creds(domain, &p_creds)) {
/* If this call fails - conn->cli can now be NULL ! */
DEBUG(10, ("cm_connect_lsa: Could not get schannel auth info "
"for domain %s, trying anon\n", domain->name));
result = cli_rpc_pipe_open_schannel_with_key
(conn->cli, &ndr_table_lsarpc.syntax_id,
PIPE_AUTH_LEVEL_PRIVACY,
- domain->name, p_dcinfo, &conn->lsa_pipe);
+ domain->name, p_creds, &conn->lsa_pipe);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("cm_connect_lsa: failed to connect to LSA pipe for "