large change:

*)  consolidates the dc location routines again (dns
    and netbios)  get_dc_list() or get_sorted_dc_list()
    is the authoritative means of locating DC's again.

    (also inludes a flag to get_dc_list() to define
     if this should be a DNS only lookup or not)

    (however, if you set "name resolve order = hosts wins"
     you could still get DNS queries for domain name IFF
     ldap_domain2hostlist() fails.  The answer?  Fix your DNS
     setup)

*)  enabled DOMAIN<0x1c> lookups to be funneled through
    resolve_hosts resulting in a call to ldap_domain2hostlist()
    if lp_security() == SEC_ADS

*)  enables name cache for winbind ADS backend

*)  enable the negative connection cache for winbind
    ADS backend

*)  removes some old dead code

*)  consolidates some duplicate code

*)  moves the internal_name_resolve() to use an IP/port pair
    to deal with SRV RR dns replies.  The namecache code
    also supports the IP:port syntax now as well.

*)  removes 'ads server' and moves the functionality back
    into 'password server' (which can support "hostname:port"
    syntax now but works fine with defaults depending on
    the value of lp_security())
(This used to be commit d7f7fcda425bef380441509734eca33da943c091)

3 files changed, 31 insertions, 33 deletions

diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 79c63c9347..befd1d562c 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -76,22 +76,10 @@ struct winbindd_cm_conn {
 
 static struct winbindd_cm_conn *cm_conns = NULL;
 
-/* Get a domain controller name.  Cache positive and negative lookups so we
-   don't go to the network too often when something is badly broken. */
-
-#define GET_DC_NAME_CACHE_TIMEOUT 30 /* Seconds between dc lookups */
-
-struct get_dc_name_cache {
-	fstring domain_name;
-	fstring srv_name;
-	time_t lookup_time;
-	struct get_dc_name_cache *prev, *next;
-};
-
 /*
   find the DC for a domain using methods appropriate for a ADS domain
 */
-static BOOL cm_ads_find_dc(const char *domain, struct in_addr *dc_ip, fstring srv_name)
+static BOOL ads_dc_name(const char *domain, struct in_addr *dc_ip, fstring srv_name)
 {
 	ADS_STRUCT *ads;
 	const char *realm = domain;
@@ -123,7 +111,7 @@ static BOOL cm_ads_find_dc(const char *domain, struct in_addr *dc_ip, fstring sr
 	*dc_ip = ads->ldap_ip;
 	ads_destroy(&ads);
 	
-	DEBUG(4,("cm_ads_find_dc: using server='%s' IP=%s\n",
+	DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n",
 		 srv_name, inet_ntoa(*dc_ip)));
 	
 	return True;
@@ -143,7 +131,7 @@ static BOOL cm_get_dc_name(const char *domain, fstring srv_name,
 
 	ret = False;
 	if (lp_security() == SEC_ADS)
-		ret = cm_ads_find_dc(domain, &dc_ip, srv_name);
+		ret = ads_dc_name(domain, &dc_ip, srv_name);
 
 	if (!ret) {
 		/* fall back on rpc methods if the ADS methods fail */
diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
index 6436d4860c..81a79751f8 100644
--- a/source3/nsswitch/winbindd_rpc.c
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -715,7 +715,7 @@ static LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int t
 	return ldp;
 }
 
-static int get_ldap_seq(const char *server, uint32 *seq)
+static int get_ldap_seq(const char *server, int port, uint32 *seq)
 {
 	int ret = -1;
 	struct timeval to;
@@ -731,7 +731,7 @@ static int get_ldap_seq(const char *server, uint32 *seq)
 	 * doesn't seem to apply to doing an open as well. JRA.
 	 */
 
-	if ((ldp = ldap_open_with_timeout(server, LDAP_PORT, 10)) == NULL)
+	if ((ldp = ldap_open_with_timeout(server, port, 10)) == NULL)
 		return -1;
 
 	/* Timeout if no response within 20 seconds. */
@@ -770,36 +770,39 @@ static int get_ldap_seq(const char *server, uint32 *seq)
 int get_ldap_sequence_number( const char* domain, uint32 *seq)
 {
 	int ret = -1;
-	int i;
-	struct in_addr *ip_list = NULL;
+	int i, port = LDAP_PORT;
+	struct ip_service *ip_list = NULL;
 	int count;
-	BOOL list_ordered;
 	
-	if ( !get_dc_list( domain, &ip_list, &count, &list_ordered ) ) {
+	if ( !get_sorted_dc_list(domain, &ip_list, &count, False) ) {
 		DEBUG(3, ("Could not look up dc's for domain %s\n", domain));
 		return False;
 	}
 
-	/* sort the list so we can pick a close server */
-	
-	if (!list_ordered && (count > 1) ) {
-		qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare);
-	}
-
 	/* Finally return first DC that we can contact */
 
 	for (i = 0; i < count; i++) {
-		if (is_zero_ip(ip_list[i]))
+		fstring ipstr;
+
+		/* since the is an LDAP lookup, default to the LDAP_PORT is not set */
+		port = (ip_list[i].port!= PORT_NONE) ? ip_list[i].port : LDAP_PORT;
+
+		fstrcpy( ipstr, inet_ntoa(ip_list[i].ip) );
+		
+		if (is_zero_ip(ip_list[i].ip))
 			continue;
 
-		if ( (ret = get_ldap_seq( inet_ntoa(ip_list[i]), seq)) == 0 )
+		if ( (ret = get_ldap_seq( ipstr, port,  seq)) == 0 )
 			goto done;
+
+		/* add to failed connection cache */
+		add_failed_connection_entry( domain, ipstr, NT_STATUS_UNSUCCESSFUL );
 	}
 
 done:
 	if ( ret == 0 ) {
-		DEBUG(3, ("get_ldap_sequence_number: Retrieved sequence number for Domain (%s) from DC (%s)\n", 
-			domain, inet_ntoa(ip_list[i])));
+		DEBUG(3, ("get_ldap_sequence_number: Retrieved sequence number for Domain (%s) from DC (%s:%d)\n", 
+			domain, inet_ntoa(ip_list[i].ip), port));
 	}
 
 	SAFE_FREE(ip_list);
diff --git a/source3/nsswitch/wins.c b/source3/nsswitch/wins.c
index 61edb1323b..62493ef0a9 100644
--- a/source3/nsswitch/wins.c
+++ b/source3/nsswitch/wins.c
@@ -112,7 +112,8 @@ static struct node_status *lookup_byaddr_backend(char *addr, int *count)
 static struct in_addr *lookup_byname_backend(const char *name, int *count)
 {
 	int fd = -1;
-	struct in_addr *ret = NULL;
+	struct ip_service *address = NULL;
+	struct in_addr *ret;
 	int j, flags = 0;
 
 	if (!initialised) {
@@ -122,7 +123,13 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count)
 	*count = 0;
 
 	/* always try with wins first */
-	if (resolve_wins(name,0x20,&ret,count)) {
+	if (resolve_wins(name,0x20,&address,count)) {
+		if ( (ret = (struct in_addr *)malloc(sizeof(struct in_addr))) == NULL ) {
+			free( address );
+			return NULL;
+		}
+		*ret = address[0].ip;
+		free( address );
 		return ret;
 	}