summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-10-06 02:04:57 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:15:13 -0500
commit4be3f7665c6fe17b782098d74a4b02c4555269b8 (patch)
tree8f930024ac1cd6ac422a60d98574220943bf7d15
parent06e36b4e1860927eb76a2e756d86ef9b525ac743 (diff)
downloadsamba-4be3f7665c6fe17b782098d74a4b02c4555269b8.tar.gz
samba-4be3f7665c6fe17b782098d74a4b02c4555269b8.tar.bz2
samba-4be3f7665c6fe17b782098d74a4b02c4555269b8.zip
r19105: Ok - this is currently untested (but I'm testing it at
the moment) but winbindd isn't run in the build farm so hopefully won't break anything too badly - I don't want to lose this. If winbindd starts offline then it falls back to using MS-RPC backend. On going online it needs to reset the backend and try and go to using the AD backend code if possible, as the MS-RPC sequence number fetch just returns 1 as the sequence number if run against an AD DC. In addition, the winbindd async child may end up with the AD backend whilst the main winbindd - which still contacts the DC for some non-async calls, is left using MS-RPC. This can cause some trouble (as you can imagine :-). Attempt to ensure both main winbindd and async children us AD backends on going online. Jeremy. (This used to be commit 5efd4b04b89ace4b264e9ac37a90e202749792be)
-rw-r--r--source3/nsswitch/winbindd_cm.c15
-rw-r--r--source3/nsswitch/winbindd_dual.c6
-rw-r--r--source3/nsswitch/winbindd_rpc.c46
3 files changed, 24 insertions, 43 deletions
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index a9f6ea3000..17663a7cfc 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -160,6 +160,7 @@ void set_domain_offline(struct winbindd_domain *domain)
static void set_domain_online(struct winbindd_domain *domain)
{
+ extern struct winbindd_methods reconnect_methods;
struct timeval now;
DEBUG(10,("set_domain_online: called for domain %s\n",
@@ -178,6 +179,20 @@ static void set_domain_online(struct winbindd_domain *domain)
/* Ok, we're out of any startup mode now... */
domain->startup = False;
+
+ /* We were offline - now we're online. We default to
+ using the MS-RPC backend if we started offline,
+ and if we're going online for the first time we
+ should really re-initialize the backends and the
+ checks to see if we're talking to an AD or NT domain.
+ */
+
+ domain->initialized = False;
+
+ /* 'reconnect_methods' is the MS-RPC backend. */
+ if (domain->backend == &reconnect_methods) {
+ domain->backend = NULL;
+ }
}
/****************************************************************
diff --git a/source3/nsswitch/winbindd_dual.c b/source3/nsswitch/winbindd_dual.c
index 976fff8ebe..72c720c985 100644
--- a/source3/nsswitch/winbindd_dual.c
+++ b/source3/nsswitch/winbindd_dual.c
@@ -494,6 +494,9 @@ void winbind_msg_online(int msg_type, struct process_id src, void *buf, size_t l
/* Set our global state as online. */
set_global_winbindd_state_online();
+ smb_nscd_flush_user_cache();
+ smb_nscd_flush_group_cache();
+
for (child = children; child != NULL; child = child->next) {
DEBUG(10,("winbind_msg_online: sending message to pid %u.\n",
(unsigned int)child->pid ));
@@ -606,9 +609,6 @@ static void child_msg_online(int msg_type, struct process_id src, void *buf, siz
/* Set our global state as online. */
set_global_winbindd_state_online();
- smb_nscd_flush_user_cache();
- smb_nscd_flush_group_cache();
-
/* Try and mark everything online - delete any negative cache entries
to force a reconnect now. */
diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
index dcf9b9b26e..06f0d2cb60 100644
--- a/source3/nsswitch/winbindd_rpc.c
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -770,48 +770,14 @@ static int get_ldap_seq(const char *server, int port, uint32 *seq)
static int get_ldap_sequence_number(struct winbindd_domain *domain, uint32 *seq)
{
int ret = -1;
- int i, port = LDAP_PORT;
- struct ip_service *ip_list = NULL;
- int count;
-
- if ( !NT_STATUS_IS_OK(get_sorted_dc_list(domain->name, &ip_list, &count,
- False)) ) {
- DEBUG(3, ("Could not look up dc's for domain %s\n", domain->name));
- return False;
- }
-
- /* Finally return first DC that we can contact */
-
- for (i = 0; i < count; i++) {
- fstring ipstr;
-
- /* since the is an LDAP lookup, default to the LDAP_PORT is
- * not set */
- port = (ip_list[i].port!= PORT_NONE) ?
- ip_list[i].port : LDAP_PORT;
-
- fstrcpy( ipstr, inet_ntoa(ip_list[i].ip) );
-
- if (is_zero_ip(ip_list[i].ip))
- continue;
+ fstring ipstr;
- if ( (ret = get_ldap_seq( ipstr, port, seq)) == 0 )
- goto done;
-
- /* add to failed connection cache */
- winbind_add_failed_connection_entry( domain, ipstr,
- NT_STATUS_UNSUCCESSFUL );
- }
-
-done:
- if ( ret == 0 ) {
+ fstrcpy( ipstr, inet_ntoa(domain->dcaddr.sin_addr));
+ if ((ret = get_ldap_seq( ipstr, LDAP_PORT, seq)) == 0) {
DEBUG(3, ("get_ldap_sequence_number: Retrieved sequence "
- "number for Domain (%s) from DC (%s:%d)\n",
- domain->name, inet_ntoa(ip_list[i].ip), port));
- }
-
- SAFE_FREE(ip_list);
-
+ "number for Domain (%s) from DC (%s)\n",
+ domain->name, ipstr));
+ }
return ret;
}