summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/winbindd_cm.c62
1 files changed, 37 insertions, 25 deletions
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index c9e970c13c..b24ed842de 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -177,7 +177,6 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
char *ipc_username, *ipc_domain, *ipc_password;
BOOL got_mutex;
- BOOL add_failed_connection = True;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -233,6 +232,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
(peeraddr_in->sin_family != PF_INET))
{
DEBUG(0,("cm_prepare_connection: %s\n", strerror(errno)));
+ result = NT_STATUS_UNSUCCESSFUL;
goto done;
}
@@ -246,6 +246,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
if (!cli_session_request(*cli, &calling, &called)) {
DEBUG(8, ("cli_session_request failed for %s\n",
controller));
+ result = NT_STATUS_UNSUCCESSFUL;
goto done;
}
}
@@ -254,10 +255,9 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
if (!cli_negprot(*cli)) {
DEBUG(1, ("cli_negprot failed\n"));
- cli_shutdown(*cli);
+ result = NT_STATUS_UNSUCCESSFUL;
goto done;
}
-
if ((*cli)->protocol >= PROTOCOL_NT1 && (*cli)->capabilities & CAP_EXTENDED_SECURITY) {
ADS_STATUS ads_status;
@@ -371,8 +371,6 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
if (NT_STATUS_IS_OK(result))
result = NT_STATUS_UNSUCCESSFUL;
- cli_shutdown(*cli);
- *cli = NULL;
goto done;
}
@@ -386,7 +384,6 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
}
result = NT_STATUS_OK;
- add_failed_connection = False;
done:
if (got_mutex) {
@@ -400,8 +397,12 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
SAFE_FREE(ipc_domain);
SAFE_FREE(ipc_password);
- if (add_failed_connection) {
+ if (!NT_STATUS_IS_OK(result)) {
add_failed_connection_entry(domain->name, controller, result);
+ if ((*cli) != NULL) {
+ cli_shutdown(*cli);
+ *cli = NULL;
+ }
}
return result;
@@ -579,7 +580,7 @@ static BOOL receive_getdc_response(struct in_addr dc_ip,
convert an ip to a name
*******************************************************************/
-static void dcip_to_name( const char *domainname, const char *realm,
+static BOOL dcip_to_name( const char *domainname, const char *realm,
const DOM_SID *sid, struct in_addr ip, fstring name )
{
struct ip_service ip_list;
@@ -595,7 +596,7 @@ static void dcip_to_name( const char *domainname, const char *realm,
for (i=0; i<5; i++) {
if (receive_getdc_response(ip, domainname, name)) {
namecache_store(name, 0x20, 1, &ip_list);
- return;
+ return True;
}
smb_msleep(500);
}
@@ -605,13 +606,9 @@ static void dcip_to_name( const char *domainname, const char *realm,
if ( name_status_find(domainname, 0x1c, 0x20, ip, name) ) {
namecache_store(name, 0x20, 1, &ip_list);
- return;
+ return True;
}
- /* backup in case the netbios stuff fails */
-
- fstrcpy( name, inet_ntoa(ip) );
-
#ifdef WITH_ADS
/* for active directory servers, try to get the ldap server name.
None of these failure should be considered critical for now */
@@ -625,17 +622,18 @@ static void dcip_to_name( const char *domainname, const char *realm,
if ( !ads_try_connect( ads, inet_ntoa(ip) ) ) {
ads_destroy( &ads );
- return;
+ return False;
}
fstrcpy(name, ads->config.ldap_server_name);
namecache_store(name, 0x20, 1, &ip_list);
ads_destroy( &ads );
+ return True;
}
#endif
- return;
+ return False;
}
/*******************************************************************
@@ -705,6 +703,7 @@ static BOOL find_new_dc(TALLOC_CTX *mem_ctx,
int i, fd_index;
+ again:
if (!get_dcs(mem_ctx, domain, &dcs, &num_dcs) || (num_dcs == 0))
return False;
@@ -735,15 +734,22 @@ static BOOL find_new_dc(TALLOC_CTX *mem_ctx,
*addr = addrs[fd_index];
- /* if we have no name on the server or just an IP address for
- the name, now try to get the name */
-
- if ( is_ipaddress(dcnames[fd_index]) || *dcnames[fd_index] == '\0' )
- dcip_to_name( domain->name, domain->alt_name, &domain->sid, addr->sin_addr, dcname );
- else
+ if (*dcnames[fd_index] != '\0' && !is_ipaddress(dcnames[fd_index])) {
+ /* Ok, we've got a name for the DC */
fstrcpy(dcname, dcnames[fd_index]);
+ return True;
+ }
- return True;
+ /* Try to figure out the name */
+ if (dcip_to_name( domain->name, domain->alt_name, &domain->sid,
+ addr->sin_addr, dcname )) {
+ return True;
+ }
+
+ /* We can not continue without the DC's name */
+ add_failed_connection_entry(domain->name, dcs[fd_index].name,
+ NT_STATUS_UNSUCCESSFUL);
+ goto again;
}
static NTSTATUS cm_open_connection(struct winbindd_domain *domain,
@@ -769,8 +775,14 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain,
struct in_addr ip;
ip = *interpret_addr2( saf_servername );
- dcip_to_name( domain->name, domain->alt_name, &domain->sid, ip, saf_name );
- fstrcpy( domain->dcname, saf_name );
+ if (dcip_to_name( domain->name, domain->alt_name,
+ &domain->sid, ip, saf_name )) {
+ fstrcpy( domain->dcname, saf_name );
+ } else {
+ add_failed_connection_entry(
+ domain->name, saf_name,
+ NT_STATUS_UNSUCCESSFUL);
+ }
}
else
{