s3-winbindd: Use common helper function for connecting to ADS

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

1 files changed, 75 insertions, 50 deletions

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 03cbcf23a3..e806aa87f0 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -72,16 +72,73 @@ void ads_cached_connection_reuse(ADS_STRUCT **adsp)
 	}
 }
 
+ADS_STATUS ads_cached_connection_connect(ADS_STRUCT **adsp,
+					 const char *dom_name_alt,
+					 const char *dom_name,
+					 const char *ldap_server,
+					 char *password,
+					 char *realm,
+					 time_t renewable)
+{
+	ADS_STRUCT *ads;
+	ADS_STATUS status;
+	struct sockaddr_storage dc_ss;
+	fstring dc_name;
+
+	/* we don't want this to affect the users ccache */
+	setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1);
+
+	ads = ads_init(dom_name_alt, dom_name, ldap_server);
+	if (!ads) {
+		DEBUG(1,("ads_init for domain %s failed\n", dom_name));
+		return ADS_ERROR(LDAP_NO_MEMORY);
+	}
+
+	SAFE_FREE(ads->auth.password);
+	SAFE_FREE(ads->auth.realm);
+
+	ads->auth.renewable = renewable;
+	ads->auth.password = password;
+	ads->auth.realm = realm;
+
+	ads->auth.realm = SMB_STRDUP(realm);
+	if (!strupper_m(ads->auth.realm)) {
+		ads_destroy(&ads);
+		return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
+	}
+
+	/* Setup the server affinity cache.  We don't reaally care
+	   about the name.  Just setup affinity and the KRB5_CONFIG
+	   file. */
+	get_dc_name(ads->server.workgroup, ads->server.realm, dc_name, &dc_ss);
+
+	status = ads_connect(ads);
+	if (!ADS_ERR_OK(status)) {
+		DEBUG(1,("ads_connect for domain %s failed: %s\n",
+			 dom_name, ads_errstr(status)));
+		ads_destroy(&ads);
+		return status;
+	}
+
+	/* set the flag that says we don't own the memory even
+	   though we do so that ads_destroy() won't destroy the
+	   structure we pass back by reference */
+
+	ads->is_mine = False;
+
+	*adsp = ads;
+
+	return status;
+}
+
 /*
   return our ads connections structure for a domain. We keep the connection
   open to make things faster
 */
 static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
 {
-	ADS_STRUCT *ads;
 	ADS_STATUS status;
-	fstring dc_name;
-	struct sockaddr_storage dc_ss;
+	char *password, *realm;
 
 	DEBUG(10,("ads_cached_connection\n"));
 	ads_cached_connection_reuse((ADS_STRUCT **)&domain->private_data);
@@ -90,37 +147,22 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
 		return (ADS_STRUCT *)domain->private_data;
 	}
 
-	ads = ads_init(domain->alt_name, domain->name, NULL);
-	if (!ads) {
-		DEBUG(1,("ads_init for domain %s failed\n", domain->name));
-		return NULL;
-	}
-
-	/* we don't want ads operations to affect the default ccache */
-	ads->auth.ccache_name = SMB_STRDUP("MEMORY:winbind_ccache");
-
 	/* the machine acct password might have change - fetch it every time */
 
-	SAFE_FREE(ads->auth.password);
-	SAFE_FREE(ads->auth.realm);
-
 	if ( IS_DC ) {
 
-		if ( !pdb_get_trusteddom_pw( domain->name, &ads->auth.password, NULL, NULL ) ) {
-			ads_destroy( &ads );
-			return NULL;
-		}
-		ads->auth.realm = SMB_STRDUP( ads->server.realm );
-		if (!strupper_m( ads->auth.realm )) {
-			ads_destroy( &ads );
+		if ( !pdb_get_trusteddom_pw( domain->name, &password, NULL,
+					     NULL ) ) {
 			return NULL;
 		}
+		realm = NULL;
 	}
 	else {
 		struct winbindd_domain *our_domain = domain;
 
-		ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
 
+		password = secrets_fetch_machine_password(lp_workgroup(), NULL,
+							  NULL);
 		/* always give preference to the alt_name in our
 		   primary domain if possible */
 
@@ -128,30 +170,21 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
 			our_domain = find_our_domain();
 
 		if (our_domain->alt_name != NULL) {
-			ads->auth.realm = SMB_STRDUP( our_domain->alt_name );
-			if (!strupper_m( ads->auth.realm )) {
-				ads_destroy( &ads );
-				return NULL;
-			}
+			realm = SMB_STRDUP( our_domain->alt_name );
 		}
 		else
-			ads->auth.realm = SMB_STRDUP( lp_realm() );
+			realm = SMB_STRDUP( lp_realm() );
 	}
 
-	ads->auth.renewable = WINBINDD_PAM_AUTH_KRB5_RENEW_TIME;
+	status = ads_cached_connection_connect(
+					(ADS_STRUCT **)&domain->private_data,
+					domain->alt_name,
+					domain->name, NULL,
+					password, realm,
+					WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
 
-	/* Setup the server affinity cache.  We don't reaally care
-	   about the name.  Just setup affinity and the KRB5_CONFIG
-	   file. */
-
-	get_dc_name( ads->server.workgroup, ads->server.realm, dc_name, &dc_ss );
-
-	status = ads_connect(ads);
-	if (!ADS_ERR_OK(status) || !ads->config.realm) {
-		DEBUG(1,("ads_connect for domain %s failed: %s\n",
-			 domain->name, ads_errstr(status)));
-		ads_destroy(&ads);
 
+	if (!ADS_ERR_OK(status)) {
 		/* if we get ECONNREFUSED then it might be a NT4
                    server, fall back to MSRPC */
 		if (status.error_type == ENUM_ADS_ERROR_SYSTEM &&
@@ -163,17 +196,9 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
 		return NULL;
 	}
 
-	/* set the flag that says we don't own the memory even
-	   though we do so that ads_destroy() won't destroy the
-	   structure we pass back by reference */
-
-	ads->is_mine = False;
-
-	domain->private_data = (void *)ads;
-	return ads;
+	return (ADS_STRUCT *)domain->private_data;
 }
 
-
 /* Query display info for a realm. This is the basic user list fn */
 static NTSTATUS query_user_list(struct winbindd_domain *domain,
 			       TALLOC_CTX *mem_ctx,