diff options
-rw-r--r-- | source3/nsswitch/winbindd.h | 1 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_cm.c | 54 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_util.c | 11 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 42 |
4 files changed, 72 insertions, 36 deletions
diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h index dd92ecefe6..4ca59ff1cc 100644 --- a/source3/nsswitch/winbindd.h +++ b/source3/nsswitch/winbindd.h @@ -90,6 +90,7 @@ struct winbindd_domain { fstring name; /* Domain name */ fstring alt_name; /* alt Domain name (if any) */ DOM_SID sid; /* SID for this domain */ + BOOL native_mode; /* is this a win2k domain in native mode ? */ /* Lookup methods for this domain (LDAP or RPC) */ diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index 313b9da1bb..91ab5b209d 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -384,7 +384,7 @@ static void add_failed_connection_entry(struct winbindd_cm_conn *new_conn, /* Open a connction to the remote server, cache failures for 30 seconds */ -static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name, +static NTSTATUS cm_open_connection(const char *domain, const iont pipe_index, struct winbindd_cm_conn *new_conn) { struct failed_connection_cache *fcc; @@ -396,7 +396,7 @@ static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name, ZERO_STRUCT(dc_ip); fstrcpy(new_conn->domain, domain); - fstrcpy(new_conn->pipe_name, pipe_name); + fstrcpy(new_conn->pipe_name, get_pipe_name_from_index(pipe_index)); /* Look for a domain controller for this domain. Negative results are cached so don't bother applying the caching for this @@ -460,7 +460,7 @@ static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name, return result; } - if (!cli_nt_session_open (new_conn->cli, get_pipe_index(pipe_name))) { + if ( !cli_nt_session_open (new_conn->cli, pipe_index) ) { result = NT_STATUS_PIPE_NOT_AVAILABLE; add_failed_connection_entry(new_conn, result); cli_shutdown(new_conn->cli); @@ -533,7 +533,7 @@ static NTSTATUS get_connection_from_cache(const char *domain, const char *pipe_n ZERO_STRUCTP(conn); - if (!NT_STATUS_IS_OK(result = cm_open_connection(domain, pipe_name, conn))) { + if (!NT_STATUS_IS_OK(result = cm_open_connection(domain, get_pipe_index(pipe_name), conn))) { DEBUG(3, ("Could not open a connection to %s for %s (%s)\n", domain, pipe_name, nt_errstr(result))); SAFE_FREE(conn); @@ -546,6 +546,52 @@ static NTSTATUS get_connection_from_cache(const char *domain, const char *pipe_n return NT_STATUS_OK; } + +/********************************************************************************** +**********************************************************************************/ + +BOOL cm_check_for_native_mode_win2k( const char *domain ) +{ + NTSTATUS result; + struct winbindd_cm_conn conn; + DS_DOMINFO_CTR ctr; + BOOL ret = False; + + ZERO_STRUCT( conn ); + ZERO_STRUCT( ctr ); + + + if ( !NT_STATUS_IS_OK(result = cm_open_connection(domain, PI_LSARPC_DS, &conn)) ) + { + DEBUG(3, ("cm_check_for_native_mode_win2k: Could not open a connection to %s for PIPE_LSARPC (%s)\n", + domain, nt_errstr(result))); + return False; + } + + if ( conn.cli ) { + if ( !NT_STATUS_IS_OK(cli_ds_getprimarydominfo( conn.cli, + conn.cli->mem_ctx, DsRolePrimaryDomainInfoBasic, &ctr)) ) + { + ret = False; + goto done; + } + } + + if ( (ctr.basic->flags & DSROLE_PRIMARY_DS_RUNNING) + && !(ctr.basic->flags & DSROLE_PRIMARY_DS_MIXED_MODE) ) + { + ret = True; + } + +done: + if ( conn.cli ) + cli_shutdown( conn.cli ); + + return ret; +} + + + /* Return a LSA policy handle on a domain */ CLI_POLICY_HND *cm_get_lsa_handle(char *domain) diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index 2016c27881..005b1609b6 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -73,6 +73,7 @@ void free_domain_list(void) } } + /* Add a trusted domain to our list of domains */ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name, struct winbindd_methods *methods, @@ -116,12 +117,20 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const } } - domain->methods = methods; + domain->methods = methods; domain->sequence_number = DOM_SEQUENCE_NONE; domain->last_seq_check = 0; if (sid) { sid_copy(&domain->sid, sid); } + + /* see if this is a native mode win2k domain, but only for our own domain */ + + if ( strequal( lp_workgroup(), domain_name) ) { + domain->native_mode = cm_check_for_native_mode_win2k( domain_name ); + DEBUG(5,("add_trusted_domain: %s is a %s mode domain\n", domain_name, + domain->native_mode ? "native" : "mixed" )); + } /* Link to domain list */ DLIST_ADD(_domain_list, domain); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 2732c53e5c..7e1289edff 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -952,65 +952,45 @@ static BOOL rpc_pipe_set_hnd_state(struct cli_state *cli, const char *pipe_name, return state_set; } -#if 0 /* JERRY */ - /**************************************************************************** check the rpc bind acknowledge response ****************************************************************************/ -static BOOL valid_pipe_name(const char *pipe_name, RPC_IFACE *abstract, RPC_IFACE *transfer) +int get_pipe_index( const char *pipe_name ) { int pipe_idx = 0; while (pipe_names[pipe_idx].client_pipe != NULL) { - if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe )) { - DEBUG(5,("Bind Abstract Syntax: ")); - dump_data(5, (char*)&(pipe_names[pipe_idx].abstr_syntax), - sizeof(pipe_names[pipe_idx].abstr_syntax)); - DEBUG(5,("Bind Transfer Syntax: ")); - dump_data(5, (char*)&(pipe_names[pipe_idx].trans_syntax), - sizeof(pipe_names[pipe_idx].trans_syntax)); - - /* copy the required syntaxes out so we can do the right bind */ - *transfer = pipe_names[pipe_idx].trans_syntax; - *abstract = pipe_names[pipe_idx].abstr_syntax; - - return True; - } + if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe )) + return pipe_idx; pipe_idx++; }; - DEBUG(5,("Bind RPC Pipe[%s] unsupported\n", pipe_name)); - return False; + return -1; } -#endif /**************************************************************************** check the rpc bind acknowledge response ****************************************************************************/ -int get_pipe_index( const char *pipe_name ) +char* get_pipe_name_from_index( const int pipe_index ) { - int pipe_idx = 0; - while (pipe_names[pipe_idx].client_pipe != NULL) { - if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe )) - return pipe_idx; - pipe_idx++; - }; + if ( (pipe_index < 0) || (pipe_index >= PI_MAX_PIPES) ) + return NULL; - return -1; + return pipe_names[pipe_index].client_pipe; } /**************************************************************************** check the rpc bind acknowledge response ****************************************************************************/ -static BOOL valid_pipe_name_by_idx(const int pipe_idx, RPC_IFACE *abstract, RPC_IFACE *transfer) +static BOOL valid_pipe_name(const int pipe_idx, RPC_IFACE *abstract, RPC_IFACE *transfer) { if ( pipe_idx >= PI_MAX_PIPES ) { - DEBUG(0,("valid_pipe_name_by_idx: Programmer error! Invalid pipe index [%d]\n", + DEBUG(0,("valid_pipe_name: Programmer error! Invalid pipe index [%d]\n", pipe_idx)); return False; } @@ -1178,7 +1158,7 @@ BOOL rpc_pipe_bind(struct cli_state *cli, const int pipe_idx, char *my_name) DEBUG(5,("Bind RPC Pipe[%x]: %s\n", cli->nt_pipe_fnum, pipe_names[pipe_idx].client_pipe)); - if (!valid_pipe_name_by_idx(pipe_idx, &abstract, &transfer)) + if (!valid_pipe_name(pipe_idx, &abstract, &transfer)) return False; prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL); |