Use cli_nt_login_network() instead of domain_client_validate() to perform

pam authentication.  This allows us to link in less other crap.

Authenticating with a challenge/response doesn't seem to work though - we
always get back NT_STATUS_WRONG_PASSWORD.
(This used to be commit d85aa1ce83327dda6aa3dcd9bbab9cf6979dda1e)

1 files changed, 30 insertions, 0 deletions

diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 4f0974fe06..c41ed5ac62 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -513,3 +513,33 @@ CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid,
 
         return &hnd;
 }
+
+/* Get a handle on a netlogon pipe */
+
+struct cli_state *cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd)
+{
+        struct winbindd_cm_conn conn;
+        NTSTATUS result;
+
+        /* Open an initial conection */
+
+        ZERO_STRUCT(conn);
+
+        if (!cm_open_connection(domain, PIPE_NETLOGON, &conn)) {
+                DEBUG(3, ("Could not open a connection to %s\n", domain));
+                return NULL;
+        }
+
+        result = cli_nt_setup_creds(conn.cli, trust_passwd);
+
+        if (!NT_STATUS_IS_OK(result)) {
+                DEBUG(0, ("error connecting to domain password server: %s\n",
+                          get_nt_error_msg(result)));
+                cli_shutdown(conn.cli);
+                return NULL;
+        }
+
+        /* We only want the client handle from this structure */
+
+        return conn.cli;
+}