diff options
author | Günther Deschner <gd@samba.org> | 2011-01-18 12:40:47 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2011-02-02 13:30:04 +0100 |
commit | 39c6809eeb46a2be3de5b586483c28d32138229c (patch) | |
tree | 56ffeb7b99d66a14c954e97d51710aa11dfc6983 /source3/winbindd | |
parent | 02a8e1e490de7fca82cc689f4281bab86430a2df (diff) | |
download | samba-39c6809eeb46a2be3de5b586483c28d32138229c.tar.gz samba-39c6809eeb46a2be3de5b586483c28d32138229c.tar.bz2 samba-39c6809eeb46a2be3de5b586483c28d32138229c.zip |
s3-winbind: prefer dcerpc_samr_X functions in cm_connect_sam.
Guenther
Diffstat (limited to 'source3/winbindd')
-rw-r--r-- | source3/winbindd/winbindd_cm.c | 48 |
1 files changed, 35 insertions, 13 deletions
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index b8eb01b3cb..c1557bd8c4 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -2146,7 +2146,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, struct rpc_pipe_client **cli, struct policy_handle *sam_handle) { struct winbindd_cm_conn *conn; - NTSTATUS status; + NTSTATUS status, result; struct netlogon_creds_CredentialState *p_creds; char *machine_password = NULL; char *machine_account = NULL; @@ -2224,14 +2224,19 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, "pipe: user %s\\%s\n", domain->name, domain_name, machine_account)); - status = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx, + status = dcerpc_samr_Connect2(conn->samr_pipe->binding_handle, mem_ctx, conn->samr_pipe->desthost, SEC_FLAG_MAXIMUM_ALLOWED, - &conn->sam_connect_handle); - if (NT_STATUS_IS_OK(status)) { + &conn->sam_connect_handle, + &result); + if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) { goto open_domain; } - DEBUG(10,("cm_connect_sam: ntlmssp-sealed rpccli_samr_Connect2 " + if (NT_STATUS_IS_OK(status)) { + status = result; + } + + DEBUG(10,("cm_connect_sam: ntlmssp-sealed dcerpc_samr_Connect2 " "failed for domain %s, error was %s. Trying schannel\n", domain->name, nt_errstr(status) )); TALLOC_FREE(conn->samr_pipe); @@ -2263,14 +2268,18 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, DEBUG(10,("cm_connect_sam: connected to SAMR pipe for domain %s using " "schannel.\n", domain->name )); - status = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx, + status = dcerpc_samr_Connect2(conn->samr_pipe->binding_handle, mem_ctx, conn->samr_pipe->desthost, SEC_FLAG_MAXIMUM_ALLOWED, - &conn->sam_connect_handle); - if (NT_STATUS_IS_OK(status)) { + &conn->sam_connect_handle, + &result); + if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) { goto open_domain; } - DEBUG(10,("cm_connect_sam: schannel-sealed rpccli_samr_Connect2 failed " + if (NT_STATUS_IS_OK(status)) { + status = result; + } + DEBUG(10,("cm_connect_sam: schannel-sealed dcerpc_samr_Connect2 failed " "for domain %s, error was %s. Trying anonymous\n", domain->name, nt_errstr(status) )); TALLOC_FREE(conn->samr_pipe); @@ -2285,25 +2294,38 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, goto done; } - status = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx, + status = dcerpc_samr_Connect2(conn->samr_pipe->binding_handle, mem_ctx, conn->samr_pipe->desthost, SEC_FLAG_MAXIMUM_ALLOWED, - &conn->sam_connect_handle); + &conn->sam_connect_handle, + &result); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("cm_connect_sam: rpccli_samr_Connect2 failed " "for domain %s Error was %s\n", domain->name, nt_errstr(status) )); goto done; } + if (!NT_STATUS_IS_OK(result)) { + status = result; + DEBUG(10,("cm_connect_sam: dcerpc_samr_Connect2 failed " + "for domain %s Error was %s\n", + domain->name, nt_errstr(result))); + goto done; + } open_domain: - status = rpccli_samr_OpenDomain(conn->samr_pipe, + status = dcerpc_samr_OpenDomain(conn->samr_pipe->binding_handle, mem_ctx, &conn->sam_connect_handle, SEC_FLAG_MAXIMUM_ALLOWED, &domain->sid, - &conn->sam_domain_handle); + &conn->sam_domain_handle, + &result); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + status = result; done: if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { |