Fixed check machine account function.

(This used to be commit 8f01a8b07883d18f44da665cbc8e5fba04d3bc91)

4 files changed, 63 insertions, 74 deletions

diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index baff937b7f..a00bc3f5d9 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -625,10 +625,11 @@ CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid,
 /* Get a handle on a netlogon pipe.  This is a bit of a hack to re-use the
    netlogon pipe as no handle is returned. */
 
-struct cli_state *cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd)
+NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
+                             struct cli_state **cli)
 {
 	struct winbindd_cm_conn conn;
-	NTSTATUS result;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 
 	/* Open an initial conection */
 
@@ -636,7 +637,7 @@ struct cli_state *cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd)
 
 	if (!cm_open_connection(domain, PIPE_NETLOGON, &conn)) {
 		DEBUG(3, ("Could not open a connection to %s\n", domain));
-		return NULL;
+                return result;
 	}
 
 	result = cli_nt_setup_creds(conn.cli, trust_passwd);
@@ -645,12 +646,13 @@ struct cli_state *cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd)
 		DEBUG(0, ("error connecting to domain password server: %s\n",
 			get_nt_error_msg(result)));
 			cli_shutdown(conn.cli);
-			return NULL;
+                        return result;
 	}
 
-	/* We only want the client handle from this structure */
+        if (cli)
+                *cli = conn.cli;
 
-	return conn.cli;
+        return result;
 }
 
 /* Dump the current connection status */
diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c
index b06ee223a7..95c4f29c18 100644
--- a/source3/nsswitch/winbindd_misc.c
+++ b/source3/nsswitch/winbindd_misc.c
@@ -25,22 +25,6 @@
 
 extern pstring global_myname;
 
-/* Some routines to fetch the trust account password from a HEAD
-   version of Samba.  Yuck.  )-: */
-
-/************************************************************************
-form a key for fetching a domain trust password from
-************************************************************************/
-static char *trust_keystr(char *domain)
-{
-	static fstring keystr;
-
-	snprintf(keystr,sizeof(keystr),"%s/%s", SECRETS_MACHINE_ACCT_PASS, 
-		 domain);
-
-	return keystr;
-}
-
 /************************************************************************
  Routine to get the trust account password for a domain
 ************************************************************************/
@@ -51,11 +35,15 @@ static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd,
 	size_t size;
 
 	if (!(pass = secrets_fetch(trust_keystr(domain), &size)) ||
-	    size != sizeof(*pass)) return False;
+	    size != sizeof(*pass)) 
+                return False;
+        
+	if (pass_last_set_time) 
+                *pass_last_set_time = pass->mod_time;
 
-	if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
 	memcpy(ret_pwd, pass->hash, 16);
 	SAFE_FREE(pass);
+
 	return True;
 }
 
@@ -63,13 +51,10 @@ static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd,
 
 enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state)
 {
-	NTSTATUS status;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	uchar trust_passwd[16];
-	struct in_addr *ip_list = NULL;
-	int count;
-	fstring controller, trust_account;
         int num_retries = 0;
-
+        struct cli_state *cli;
 	DEBUG(3, ("[%5d]: check machine account\n", state->pid));
 
 	/* Get trust account password */
@@ -77,36 +62,21 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat
  again:
 	if (!_get_trust_account_password(lp_workgroup(), trust_passwd, 
                                          NULL)) {
-		status = NT_STATUS_INTERNAL_ERROR;
-		goto done;
-	}
-
-	/* Get domain controller */
-
-	if (!get_dc_list(True, lp_workgroup(), &ip_list, &count) ||
-	    !lookup_pdc_name(global_myname, lp_workgroup(), &ip_list[0],
-			     controller)) {
-		DEBUG(0, ("could not find domain controller for "
-			  "domain %s\n", lp_workgroup()));		  
-		status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
+		result = NT_STATUS_INTERNAL_ERROR;
 		goto done;
 	}
 
-	DEBUG(3, ("contacting controller %s to check secret\n", controller));
+        /* This call does a cli_nt_setup_creds() which implicitly checks
+           the trust account password. */
 
-	/* Contact domain controller to check secret */
+        result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli);
 
-        slprintf(trust_account, sizeof(trust_account) - 1, "%s$",
-                 global_myname);
+        if (!NT_STATUS_IS_OK(result)) {
+                DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
+                goto done;
+        }
 
-#if 0 /* XXX */
-	{
-		uint16 validation_level;
-        status = cli_nt_setup_creds(controller, lp_workgroup(), global_myname,
-                                    trust_account, trust_passwd, 
-                                    SEC_CHAN_WKSTA, &validation_level);	
-	}
-#endif
+        cli_shutdown(cli);
 
         /* There is a race condition between fetching the trust account
            password and joining the domain so it's possible that the trust
@@ -116,7 +86,7 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat
 #define MAX_RETRIES 8
 
         if ((num_retries < MAX_RETRIES) && 
-            NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) {
+            NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) {
                 num_retries++;
                 goto again;
         }
@@ -124,10 +94,12 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat
 	/* Pass back result code - zero for success, other values for
 	   specific failures. */
 
-	DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(status) ?  "good" : "bad"));
+	DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(result) ?  
+                  "good" : "bad"));
 
  done:
-	state->response.data.num_entries = NT_STATUS_V(status);
+	state->response.data.num_entries = NT_STATUS_V(result);
+
 	return WINBINDD_OK;
 }
 
@@ -147,20 +119,21 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state
 
 		/* Skip own domain */
 
-		if (strequal(domain->name, lp_workgroup())) continue;
+		if (strequal(domain->name, lp_workgroup())) 
+                        continue;
 
 		/* Add domain to list */
 
 		total_entries++;
 		ted = Realloc(extra_data, sizeof(fstring) * 
-				     total_entries);
+                              total_entries);
 
 		if (!ted) {
 			DEBUG(0,("winbindd_list_trusted_domains: failed to enlarge buffer!\n"));
 			SAFE_FREE(extra_data);
 			return WINBINDD_ERROR;
-		}
-		else extra_data = ted;
+		} else 
+                        extra_data = ted;
 
 		memcpy(&extra_data[extra_data_len], domain->name,
 		       strlen(domain->name));
@@ -170,7 +143,8 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state
 	}
 
 	if (extra_data) {
-		if (extra_data_len > 1) extra_data[extra_data_len - 1] = '\0';
+		if (extra_data_len > 1) 
+                        extra_data[extra_data_len - 1] = '\0';
 		state->response.extra_data = extra_data;
 		state->response.length += extra_data_len;
 	}
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index aa248aadaf..57733b5471 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -2,7 +2,7 @@
    Unix SMB/Netbios implementation.
    Version 3.0
 
-   Winbind daemon - pam auuth funcions
+   Winbind daemon - pam auth funcions
 
    Copyright (C) Andrew Tridgell 2000
    Copyright (C) Tim Potter 2001
@@ -102,9 +102,11 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
 
 	ZERO_STRUCT(info3);
 
-        if (!(cli = cm_get_netlogon_cli(lp_workgroup(), trust_passwd))) {
+        result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli);
+
+        if (!NT_STATUS_IS_OK(result)) {
                 DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
-                return WINBINDD_ERROR;
+                goto done;
         }
 
 	result = cli_nt_login_network(cli, user_info, smb_uid_low, 
@@ -113,7 +115,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
         free_user_info(&user_info);
 
         cli_shutdown(cli);
-
+        
+ done:
 	return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
 }
 
@@ -165,9 +168,11 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
 
 	ZERO_STRUCT(info3);
 
-        if (!(cli = cm_get_netlogon_cli(lp_workgroup(), trust_passwd))) {
+        result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli);
+
+        if (!NT_STATUS_IS_OK(result)) {
                 DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
-                return WINBINDD_ERROR;
+                goto done;
         }
 
 	result = cli_nt_login_network(cli, user_info, smb_uid_low, 
@@ -177,6 +182,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
 
         cli_shutdown(cli);
 
+ done:
 	return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
 }
 
diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h
index 1a046c67d5..78afeae94c 100644
--- a/source3/nsswitch/winbindd_proto.h
+++ b/source3/nsswitch/winbindd_proto.h
@@ -16,6 +16,10 @@ void winbindd_store_user_cache(struct winbindd_domain *domain,
 void winbindd_store_group_cache(struct winbindd_domain *domain,
 				struct acct_info *sam_entries,
 				int num_sam_entries);
+void winbindd_store_name_cache_entry(struct winbindd_domain *domain, 
+                                     char *sid, struct winbindd_name *name);
+void winbindd_store_sid_cache_entry(struct winbindd_domain *domain, 
+                                     char *name, struct winbindd_sid *sid);
 void winbindd_store_user_cache_entry(struct winbindd_domain *domain, 
                                      char *user_name, struct winbindd_pw *pw);
 void winbindd_store_uid_cache_entry(struct winbindd_domain *domain, uid_t uid, 
@@ -32,6 +36,10 @@ BOOL winbindd_fetch_user_cache(struct winbindd_domain *domain,
 BOOL winbindd_fetch_group_cache(struct winbindd_domain *domain, 
 				struct acct_info **sam_entries,
                                 int *num_entries);
+BOOL winbindd_fetch_sid_cache_entry(struct winbindd_domain *domain, 
+                                     char *name, struct winbindd_sid *sid);
+BOOL winbindd_fetch_name_cache_entry(struct winbindd_domain *domain, 
+                                     char *sid, struct winbindd_name *name);
 BOOL winbindd_fetch_user_cache_entry(struct winbindd_domain *domain, 
                                      char *user, struct winbindd_pw *pw);
 BOOL winbindd_fetch_uid_cache_entry(struct winbindd_domain *domain, uid_t uid, 
@@ -54,7 +62,8 @@ CLI_POLICY_HND *cm_get_sam_user_handle(char *domain, DOM_SID *domain_sid,
                                        uint32 user_rid);
 CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid,
                                         uint32 group_rid);
-struct cli_state *cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd);
+NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
+                             struct cli_state **cli);
 void winbindd_cm_status(void);
 
 /* The following definitions come from nsswitch/winbindd_group.c  */
@@ -118,13 +127,13 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state);
 
 /* The following definitions come from nsswitch/winbindd_util.c  */
 
+struct winbindd_domain *find_domain_from_name(char *domain_name);
+struct winbindd_domain *find_domain_from_sid(DOM_SID *sid);
 BOOL get_domain_info(void);
 void free_domain_info(void);
 BOOL lookup_domain_sid(char *domain_name, struct winbindd_domain *domain);
-BOOL winbindd_lookup_sid_by_name(char *name, DOM_SID *sid,
-                                 enum SID_NAME_USE *type);
-BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, fstring name,
-                                 enum SID_NAME_USE *type);
+BOOL winbindd_lookup_sid_by_name(char *name, DOM_SID *sid, enum SID_NAME_USE *type);
+BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, fstring name, enum SID_NAME_USE *type);
 BOOL winbindd_lookup_userinfo(struct winbindd_domain *domain, 
                               TALLOC_CTX *mem_ctx, uint32 user_rid, 
                               SAM_USERINFO_CTR **user_info);
@@ -136,8 +145,6 @@ BOOL winbindd_lookup_groupmem(struct winbindd_domain *domain,
                               uint32 group_rid, uint32 *num_names, 
                               uint32 **rid_mem, char ***names, 
                               uint32 **name_types);
-struct winbindd_domain *find_domain_from_name(char *domain_name);
-struct winbindd_domain *find_domain_from_sid(DOM_SID *sid);
 void free_getent_state(struct getent_state *state);
 BOOL winbindd_param_init(void);
 NTSTATUS winbindd_query_dispinfo(struct winbindd_domain *domain,