This puts real netlogon connection caching to winbind. This becomes

important once we start doing schannel, as there would be a lot more roundtrips for the second PIPE open and bind. With this patch logging in to a member server is a matter of two (three if you count the ack...) packets between us and the DC. Volker (This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
author: Volker Lendecke <vlendec@samba.org> 2003-05-08 08:02:52 +0000
committer: Volker Lendecke <vlendec@samba.org> 2003-05-08 08:02:52 +0000
commit: d1da999e0a84939e372ebe590861376e2c0075b3 (patch)
tree: 98431ea78f62be7e3b383a7d8c8249e573feb307 /source3/nsswitch/winbindd_pam.c
parent: 8210b69406f8b3b213cb7d9fdc5c58986f80a56b (diff)
download: samba-d1da999e0a84939e372ebe590861376e2c0075b3.tar.gz
samba-d1da999e0a84939e372ebe590861376e2c0075b3.tar.bz2
samba-d1da999e0a84939e372ebe590861376e2c0075b3.zip
1 files changed, 60 insertions, 28 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index 2998372bd2..3b306eed3b 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -68,6 +68,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
 	TALLOC_CTX *mem_ctx = NULL;
 	DATA_BLOB lm_resp;
 	DATA_BLOB nt_resp;
+	DOM_CRED ret_creds;
+	int attempts = 0;
 
 	/* Ensure null termination */
 	state->request.data.auth.user[sizeof(state->request.data.auth.user)-1]='\0';
@@ -119,23 +121,35 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
 		goto done;
 	}
 
-	ZERO_STRUCT(info3);
+	do {
+		ZERO_STRUCT(info3);
+		ZERO_STRUCT(ret_creds);
 	
-	/* Don't shut this down - it belongs to the connection cache code */
-        result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, 
-				     sec_channel_type, 
-				     &cli);
-
-        if (!NT_STATUS_IS_OK(result)) {
-                DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
-                goto done;
-        }
-
-	result = cli_netlogon_sam_network_logon(cli, mem_ctx,
-						name_user, name_domain, 
-						global_myname(), chal, 
-						lm_resp, nt_resp, 
-						&info3);
+		/* Don't shut this down - it belongs to the connection cache code */
+		result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, 
+					     sec_channel_type, False, &cli);
+
+		if (!NT_STATUS_IS_OK(result)) {
+			DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
+			goto done;
+		}
+
+		result = cli_netlogon_sam_network_logon(cli, mem_ctx,
+							&ret_creds,
+							name_user, name_domain, 
+							global_myname(), chal, 
+							lm_resp, nt_resp,
+							&info3);
+		attempts += 1;
+
+		/* We have to try a second time as cm_get_netlogon_cli
+		   might not yet have noticed that the DC has killed
+		   our connection. */
+
+	} while ( (attempts < 2) && (cli->fd == -1) );
+
+        
+	clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &ret_creds);
         
 	uni_group_cache_store_netlogon(mem_ctx, &info3);
 done:
@@ -176,6 +190,8 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
 	const char *domain = NULL;
 	const char *contact_domain;
 	const char *workstation;
+	DOM_CRED ret_creds;
+	int attempts = 0;
 
 	DATA_BLOB lm_resp, nt_resp;
 
@@ -264,21 +280,37 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
 		goto done;
 	}
 
-	ZERO_STRUCT(info3);
+	do {
+		ZERO_STRUCT(info3);
+		ZERO_STRUCT(ret_creds);
+
+		/* Don't shut this down - it belongs to the connection cache code */
+		result = cm_get_netlogon_cli(contact_domain, trust_passwd,
+					     sec_channel_type, False, &cli);
+
+		if (!NT_STATUS_IS_OK(result)) {
+			DEBUG(3, ("could not open handle to NETLOGON pipe (error: %s)\n",
+				  nt_errstr(result)));
+			goto done;
+		}
+
+		result = cli_netlogon_sam_network_logon(cli, mem_ctx,
+							&ret_creds,
+							user, domain,
+							workstation,
+							state->request.data.auth_crap.chal, 
+							lm_resp, nt_resp, 
+							&info3);
+
+		attempts += 1;
 
-	/* Don't shut this down - it belongs to the connection cache code */
-        result = cm_get_netlogon_cli(contact_domain, trust_passwd, sec_channel_type, &cli);
+		/* We have to try a second time as cm_get_netlogon_cli
+		   might not yet have noticed that the DC has killed
+		   our connection. */
 
-        if (!NT_STATUS_IS_OK(result)) {
-                DEBUG(3, ("could not open handle to NETLOGON pipe (error: %s)\n", nt_errstr(result)));
-                goto done;
-        }
+	} while ( (attempts < 2) && (cli->fd == -1) );
 
-	result = cli_netlogon_sam_network_logon(cli, mem_ctx,
-						user, domain,
-						workstation, state->request.data.auth_crap.chal, 
-						lm_resp, nt_resp, 
-						&info3);
+	clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &ret_creds);
         
 	if (NT_STATUS_IS_OK(result)) {
 		uni_group_cache_store_netlogon(mem_ctx, &info3);
author	Volker Lendecke <vlendec@samba.org>	2003-05-08 08:02:52 +0000
committer	Volker Lendecke <vlendec@samba.org>	2003-05-08 08:02:52 +0000
commit	d1da999e0a84939e372ebe590861376e2c0075b3 (patch)
tree	98431ea78f62be7e3b383a7d8c8249e573feb307 /source3/nsswitch/winbindd_pam.c
parent	8210b69406f8b3b213cb7d9fdc5c58986f80a56b (diff)
download	samba-d1da999e0a84939e372ebe590861376e2c0075b3.tar.gz samba-d1da999e0a84939e372ebe590861376e2c0075b3.tar.bz2 samba-d1da999e0a84939e372ebe590861376e2c0075b3.zip