* s/get_dc_name/rpc_dc_name/g (revert a previous change)

* move back to qsort() for sorting IP address in get_dc_list()

* remove dc_name_cache in cm_get_dc_name() since it slowed
  things down more than it helped.  I've made a note of where
  to add in the negative connection cache in the ads code.
  Will come back to that.

* fix rpcclient to use PRINTER_ALL_ACCESS for set printer (instead
  of MAX_ALLOWED)

* only enumerate domain local groups in our domain

* simplify ldap search for seqnum in winbindd's rpc backend
(This used to be commit f8cab8635b02b205b4031279cedd804c1fb22c5b)

3 files changed, 20 insertions, 107 deletions

diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index d2d99a4203..79c63c9347 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -129,60 +129,16 @@ static BOOL cm_ads_find_dc(const char *domain, struct in_addr *dc_ip, fstring sr
 	return True;
 }
 
-static BOOL cm_get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out)
+/**********************************************************************
+ wrapper around ads and rpc methods of finds DC's
+**********************************************************************/
+
+static BOOL cm_get_dc_name(const char *domain, fstring srv_name, 
+                           struct in_addr *ip_out)
 {
-	static struct get_dc_name_cache *get_dc_name_cache;
-	struct get_dc_name_cache *dcc;
 	struct in_addr dc_ip;
 	BOOL ret;
 
-	/* Check the cache for previous lookups */
-
-	for (dcc = get_dc_name_cache; dcc; dcc = dcc->next) {
-
-		if (!strequal(domain, dcc->domain_name))
-			continue; /* Not our domain */
-
-		if ((time(NULL) - dcc->lookup_time) > 
-		    GET_DC_NAME_CACHE_TIMEOUT) {
-
-			/* Cache entry has expired, delete it */
-
-			DEBUG(10, ("get_dc_name_cache entry expired for %s\n", domain));
-
-			DLIST_REMOVE(get_dc_name_cache, dcc);
-			SAFE_FREE(dcc);
-
-			break;
-		}
-
-		/* Return a positive or negative lookup for this domain */
-
-		if (dcc->srv_name[0]) {
-			DEBUG(10, ("returning positive get_dc_name_cache entry for %s\n", domain));
-			fstrcpy(srv_name, dcc->srv_name);
-			return True;
-		} else {
-			DEBUG(10, ("returning negative get_dc_name_cache entry for %s\n", domain));
-			return False;
-		}
-	}
-
-	/* Add cache entry for this lookup. */
-
-	DEBUG(10, ("Creating get_dc_name_cache entry for %s\n", domain));
-
-	if (!(dcc = (struct get_dc_name_cache *) 
-	      malloc(sizeof(struct get_dc_name_cache))))
-		return False;
-
-	ZERO_STRUCTP(dcc);
-
-	fstrcpy(dcc->domain_name, domain);
-	dcc->lookup_time = time(NULL);
-
-	DLIST_ADD(get_dc_name_cache, dcc);
-
 	zero_ip(&dc_ip);
 
 	ret = False;
@@ -191,21 +147,12 @@ static BOOL cm_get_dc_name(const char *domain, fstring srv_name, struct in_addr
 
 	if (!ret) {
 		/* fall back on rpc methods if the ADS methods fail */
-		ret = get_dc_name(domain, srv_name, &dc_ip);
+		ret = rpc_dc_name(domain, srv_name, &dc_ip);
 	}
 
-	if (!ret)
-		return False;
-
-	/* We have a name so make the cache entry positive now */
-	fstrcpy(dcc->srv_name, srv_name);
-
-	DEBUG(3, ("cm_get_dc_name: Returning DC %s (%s) for domain %s\n", srv_name,
-		  inet_ntoa(dc_ip), domain));
-
 	*ip_out = dc_ip;
 
-	return True;
+	return ret;
 }
 
 /* Choose between anonymous or authenticated connections.  We need to use
@@ -257,7 +204,7 @@ static NTSTATUS cm_open_connection(const char *domain, const int pipe_index,
 	fstrcpy(new_conn->domain, domain);
 	fstrcpy(new_conn->pipe_name, get_pipe_name_from_index(pipe_index));
 	
-	/* connection failure cache has been moved inside of get_dc_name
+	/* connection failure cache has been moved inside of rpc_dc_name
 	   so we can deal with half dead DC's   --jerry */
 
 	if (!cm_get_dc_name(domain, new_conn->controller, &dc_ip)) {
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index 11884af4cf..e4b0e78e2e 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -296,14 +296,6 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state)
 		return WINBINDD_ERROR;
 	}
 
-	if ( !((name_type==SID_NAME_DOM_GRP) ||
-		((name_type==SID_NAME_ALIAS) && strequal(lp_workgroup(), domain->name))) )
-	{
-		DEBUG(1, ("name '%s' is not a local or domain group: %d\n", 
-			  group_name, name_type));
-		return WINBINDD_ERROR;
-	}
-
 	/* Fill in group structure */
 
 	domain = find_domain_from_sid(&group_sid);
@@ -313,6 +305,14 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state)
 		return WINBINDD_ERROR;
 	}
 
+	if ( !((name_type==SID_NAME_DOM_GRP) ||
+		((name_type==SID_NAME_ALIAS) && strequal(lp_workgroup(), domain->name))) )
+	{
+		DEBUG(1, ("name '%s' is not a local or domain group: %d\n", 
+			  group_name, name_type));
+		return WINBINDD_ERROR;
+	}
+
 	if (!fill_grent(&state->response.data.gr, dom_name, group_name, 
 			state->request.data.gid) ||
 	    !fill_grent_mem(domain, &group_sid, name_type,
diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
index 7d6055006d..131a7cfd43 100644
--- a/source3/nsswitch/winbindd_rpc.c
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -734,12 +734,6 @@ static int get_ldap_seq(const char *server, uint32 *seq)
 	if ((ldp = ldap_open_with_timeout(server, LDAP_PORT, 10)) == NULL)
 		return -1;
 
-#if 0
-	/* As per tridge comment this doesn't seem to be needed. JRA */
-	if ((err = ldap_simple_bind_s(ldp, NULL, NULL)) != 0)
-		goto done;
-#endif
-
 	/* Timeout if no response within 20 seconds. */
 	to.tv_sec = 10;
 	to.tv_usec = 0;
@@ -786,38 +780,10 @@ int get_ldap_sequence_number( const char* domain, uint32 *seq)
 		return False;
 	}
 
-	if ( !list_ordered )
-	{
-		/* 
-		 * Pick a nice close server. Look for DC on local net 
-		 * (assuming we don't have a list of preferred DC's)
-		 */
-
-		for (i = 0; i < count; i++) {
-			if (is_zero_ip(ip_list[i]))
-				continue;
-
-			if ( !is_local_net(ip_list[i]) )
-				continue;
-		
-			if ( (ret = get_ldap_seq( inet_ntoa(ip_list[i]), seq)) == 0 )
-				goto done;
-		
-			zero_ip(&ip_list[i]);
-		}
+	/* sort the list so we can pick a close server */
 	
-
-		/*
-		 * Secondly try and contact a random PDC/BDC.
-		 */
-
-		i = (sys_random() % count);
-
-		if ( !is_zero_ip(ip_list[i]) ) {
-			if ( (ret = get_ldap_seq( inet_ntoa(ip_list[i]), seq)) == 0 )
-				goto done;
-		}
-		zero_ip(&ip_list[i]); /* Tried and failed. */
+	if (!list_ordered && (count > 1) ) {
+		qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare);
 	}
 
 	/* Finally return first DC that we can contact */