summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2002-12-13 02:07:05 +0000
committerGerald Carter <jerry@samba.org>2002-12-13 02:07:05 +0000
commit899b6e6d0facd1ef5865ce550fadd292514955d6 (patch)
tree7b959a887c100a29a3b74e354dd9142438e3d04f /source3
parent580110a47cf997f50f3442e04c28ce256e0e9c15 (diff)
downloadsamba-899b6e6d0facd1ef5865ce550fadd292514955d6.tar.gz
samba-899b6e6d0facd1ef5865ce550fadd292514955d6.tar.bz2
samba-899b6e6d0facd1ef5865ce550fadd292514955d6.zip
merge of get_dc_name()-like code from APP_HEAD; better support password server = DC1 *
(This used to be commit f49de4c5176bf635ac080e082fda412066b466c8)
Diffstat (limited to 'source3')
-rw-r--r--source3/Makefile.in4
-rw-r--r--source3/auth/auth_domain.c96
-rw-r--r--source3/include/smb.h8
-rw-r--r--source3/nsswitch/winbindd_cm.c50
-rw-r--r--source3/passdb/secrets.c30
5 files changed, 49 insertions, 139 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index acf88cbf3e..d7147cb4d6 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -193,7 +193,7 @@ LIBMSRPC_OBJ = rpc_client/cli_lsarpc.o rpc_client/cli_samr.o \
rpc_client/cli_wkssvc.o rpc_client/cli_dfs.o \
rpc_client/cli_reg.o rpc_client/cli_pipe.o \
rpc_client/cli_spoolss.o rpc_client/cli_spoolss_notify.o \
- rpc_client/cli_ds.o
+ rpc_client/cli_ds.o libsmb/namequery_dc.o
LIBMSRPC_SERVER_OBJ = libsmb/trust_passwd.o
@@ -458,7 +458,7 @@ LOCKTEST2_OBJ = torture/locktest2.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
SMBCACLS_OBJ = utils/smbcacls.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \
- $(LIBMSRPC_OBJ)
+ $(LIBMSRPC_OBJ) $(SECRETS_OBJ)
TALLOCTORT_OBJ = lib/talloctort.o $(LIB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ)
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index eebe647ec0..8c56b4484e 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -262,103 +262,23 @@ static NTSTATUS attempt_connect_to_dc(struct cli_state **cli,
We have been asked to dynamically determine the IP addresses of
the PDC and BDC's for DOMAIN, and query them in turn.
************************************************************************/
-static NTSTATUS find_connect_pdc(struct cli_state **cli,
+static NTSTATUS find_connect_dc(struct cli_state **cli,
const char *domain,
const char *setup_creds_as,
uint16 sec_chan,
unsigned char *trust_passwd,
time_t last_change_time)
{
- struct in_addr *ip_list = NULL;
- int count = 0;
- int i;
- NTSTATUS nt_status = NT_STATUS_NO_LOGON_SERVERS;
- time_t time_now = time(NULL);
- BOOL use_pdc_only = False;
- BOOL list_ordered;
-
- /*
- * If the time the machine password has changed
- * was less than an hour ago then we need to contact
- * the PDC only, as we cannot be sure domain replication
- * has yet taken place. Bug found by Gerald (way to go
- * Gerald !). JRA.
- */
-
- if (time_now - last_change_time < 3600)
- use_pdc_only = True;
-
- if (use_pdc_only) {
- struct in_addr pdc_ip;
+ struct in_addr dc_ip;
+ fstring srv_name;
- if (!get_pdc_ip(domain, &pdc_ip))
- return NT_STATUS_NO_LOGON_SERVERS;
-
- if ((ip_list = (struct in_addr *)
- malloc(sizeof(struct in_addr))) == NULL)
- return NT_STATUS_NO_MEMORY;
-
- ip_list[0] = pdc_ip;
- count = 1;
-
- } else {
- if (!get_dc_list(domain, &ip_list, &count, &list_ordered))
+ if ( !rpc_find_dc(lp_workgroup(), srv_name, &dc_ip) ) {
+ DEBUG(0,("find_connect_dc: Failed to find an DCs for %s\n", lp_workgroup()));
return NT_STATUS_NO_LOGON_SERVERS;
}
- /*
- * Firstly try and contact a PDC/BDC who has the same
- * network address as any of our interfaces.
- */
- for(i = 0; i < count; i++) {
- if( !list_ordered && !is_local_net(ip_list[i]) )
- continue;
-
- if(NT_STATUS_IS_OK(nt_status =
- attempt_connect_to_dc(cli, domain,
- &ip_list[i], setup_creds_as,
- sec_chan, trust_passwd)))
- break;
-
- zero_ip(&ip_list[i]); /* Tried and failed. */
- }
-
- /*
- * Secondly try and contact a random PDC/BDC.
- */
- if(!NT_STATUS_IS_OK(nt_status)) {
- i = (sys_random() % count);
-
- if (!is_zero_ip(ip_list[i])) {
- if (!NT_STATUS_IS_OK(nt_status =
- attempt_connect_to_dc(cli, domain,
- &ip_list[i], setup_creds_as,
- sec_chan, trust_passwd)))
- zero_ip(&ip_list[i]); /* Tried and failed. */
- }
- }
-
- /*
- * Finally go through the IP list in turn, ignoring any addresses
- * we have already tried.
- */
- if(!NT_STATUS_IS_OK(nt_status)) {
- /*
- * Try and connect to any of the other IP addresses in the PDC/BDC list.
- * Note that from a WINS server the #1 IP address is the PDC.
- */
- for(i = 0; i < count; i++) {
- if (is_zero_ip(ip_list[i]))
- continue;
-
- if (NT_STATUS_IS_OK(nt_status = attempt_connect_to_dc(cli, domain,
- &ip_list[i], setup_creds_as, sec_chan, trust_passwd)))
- break;
- }
- }
-
- SAFE_FREE(ip_list);
- return nt_status;
+ return attempt_connect_to_dc( cli, domain, &dc_ip, setup_creds_as,
+ sec_chan, trust_passwd );
}
/***********************************************************************
@@ -393,7 +313,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
while (!NT_STATUS_IS_OK(nt_status) &&
next_token(&server,remote_machine,LIST_SEP,sizeof(remote_machine))) {
if(lp_security() != SEC_ADS && strequal(remote_machine, "*")) {
- nt_status = find_connect_pdc(&cli, domain, setup_creds_as, sec_chan, trust_passwd, last_change_time);
+ nt_status = find_connect_dc(&cli, domain, setup_creds_as, sec_chan, trust_passwd, last_change_time);
} else {
int i;
BOOL retry = True;
diff --git a/source3/include/smb.h b/source3/include/smb.h
index de0f10b3c5..b389020e23 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -221,6 +221,14 @@ typedef struct nttime_info
#define MAX_HOURS_LEN 32
+/*
+ * window during which we must talk to the PDC to avoid
+ * sam sync delays; expressed in seconds (15 minutes is the
+ * default period for SAM replication under Windows NT 4.0
+ */
+#define SAM_SYNC_WINDOW 900
+
+
#ifndef MAXSUBAUTHS
#define MAXSUBAUTHS 15 /* max sub authorities in a SID */
#endif
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 403bc38052..075da1e2b2 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -135,54 +135,6 @@ static BOOL cm_ads_find_dc(const char *domain, struct in_addr *dc_ip, fstring sr
return True;
}
-/*
- find the DC for a domain using methods appropriate for a RPC domain
-*/
-static BOOL cm_rpc_find_dc(const char *domain, struct in_addr *dc_ip, fstring srv_name)
-{
- struct in_addr *ip_list = NULL;
- int count, i;
- BOOL list_ordered;
-
- if (!get_dc_list(domain, &ip_list, &count, &list_ordered)) {
- struct in_addr pdc_ip;
-
- if (!get_pdc_ip(domain, &pdc_ip)) {
- DEBUG(3, ("Could not look up any DCs for domain %s\n",
- domain));
- return False;
- }
-
- ip_list = (struct in_addr *)malloc(sizeof(struct in_addr));
-
- if (!ip_list)
- return False;
-
- ip_list[0] = pdc_ip;
- count = 1;
- }
-
- /* Pick a nice close server, but only if the list was not ordered */
- if (!list_ordered && (count > 1) ) {
- qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare);
- }
-
- for (i = 0; i < count; i++) {
- if (is_zero_ip(ip_list[i]))
- continue;
-
- if (name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) {
- *dc_ip = ip_list[i];
- SAFE_FREE(ip_list);
- return True;
- }
- }
-
-
- SAFE_FREE(ip_list);
-
- return False;
-}
static BOOL cm_get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out)
@@ -247,7 +199,7 @@ static BOOL cm_get_dc_name(const char *domain, fstring srv_name, struct in_addr
}
if (!ret) {
/* fall back on rpc methods if the ADS methods fail */
- ret = cm_rpc_find_dc(domain, &dc_ip, srv_name);
+ ret = rpc_find_dc(domain, srv_name, &dc_ip);
}
if (!ret) {
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 29afaddea3..b93ea74d8b 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -610,3 +610,33 @@ void secrets_named_mutex_release(const char *name)
tdb_unlock_bystring(tdb, name);
DEBUG(10,("secrets_named_mutex: released mutex for %s\n", name ));
}
+
+/*********************************************************
+ Check to see if we must talk to the PDC to avoid sam
+ sync delays
+ ********************************************************/
+
+BOOL must_use_pdc( const char *domain )
+{
+ time_t now = time(NULL);
+ time_t last_change_time;
+ unsigned char passwd[16];
+
+ if ( !secrets_fetch_trust_account_password(domain, passwd, &last_change_time) )
+ return False;
+
+ /*
+ * If the time the machine password has changed
+ * was less than about 15 minutes then we need to contact
+ * the PDC only, as we cannot be sure domain replication
+ * has yet taken place. Bug found by Gerald (way to go
+ * Gerald !). JRA.
+ */
+
+ if ( now - last_change_time < SAM_SYNC_WINDOW )
+ return True;
+
+ return False;
+
+}
+