diff options
-rw-r--r-- | source3/nsswitch/winbindd.h | 12 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_util.c | 281 |
2 files changed, 2 insertions, 291 deletions
diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h index 17282cf131..a9035ca200 100644 --- a/source3/nsswitch/winbindd.h +++ b/source3/nsswitch/winbindd.h @@ -80,17 +80,9 @@ extern struct winbindd_state server_state; /* Server information */ /* Structures to hold per domain information */ struct winbindd_domain { - - /* Domain information */ - - fstring name; /* Domain name */ - + fstring name; /* Domain name */ DOM_SID sid; /* SID for this domain */ - BOOL got_domain_info; /* Got controller and sid */ - - /* Cached handles to samr pipe */ - - struct winbindd_domain *prev, *next; /* Linked list info */ + struct winbindd_domain *prev, *next; /* Linked list info */ }; extern struct winbindd_domain *domain_list; /* List of domains we know */ diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index 23f46f239a..fc5318f034 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -109,258 +109,6 @@ BOOL get_domain_info(void) return True; } -#if 0 - -/* Open sam and sam domain handles */ - -static BOOL open_sam_handles(struct winbindd_domain *domain) -{ - /* Get domain info (sid and controller name) */ - - if (!domain->got_domain_info) { - domain->got_domain_info = get_domain_info(domain); - if (!domain->got_domain_info) return False; - } - - /* Shut down existing sam handles */ - - if (domain->sam_dom_handle_open) { - wb_samr_close(&domain->sam_dom_handle); - domain->sam_dom_handle_open = False; - } - - if (domain->sam_handle_open) { - wb_samr_close(&domain->sam_handle); - domain->sam_handle_open = False; - } - - /* Open sam handle */ - - domain->sam_handle_open = - wb_samr_connect(domain->controller, - SEC_RIGHTS_MAXIMUM_ALLOWED, - &domain->sam_handle); - - if (!domain->sam_handle_open) return False; - - /* Open sam domain handle */ - - domain->sam_dom_handle_open = - wb_samr_open_domain(&domain->sam_handle, - SEC_RIGHTS_MAXIMUM_ALLOWED, - &domain->sid, - &domain->sam_dom_handle); - - if (!domain->sam_dom_handle_open) return False; - - return True; -} - -static BOOL rpc_hnd_ok(CLI_POLICY_HND *hnd) -{ - return hnd->cli->fd != -1; -} - -/* Return true if the SAM domain handles are open and responding. */ - -BOOL domain_handles_open(struct winbindd_domain *domain) -{ - time_t t; - BOOL result; - - /* Check we haven't checked too recently */ - - t = time(NULL); - - if ((t - domain->last_check) < WINBINDD_ESTABLISH_LOOP) { - return domain->sam_handle_open && - domain->sam_dom_handle_open; - } - - DEBUG(3, ("checking domain handles for domain %s\n", domain->name)); - - domain->last_check = t; - - /* Open sam handles if they are marked as closed */ - - if (!domain->sam_handle_open || !domain->sam_dom_handle_open) { - reopen: - DEBUG(3, ("opening sam handles\n")); - return open_sam_handles(domain); - } - - /* Check sam handles are ok - the domain controller may have failed - and we need to move to a BDC. */ - - if (!rpc_hnd_ok(&domain->sam_handle) || - !rpc_hnd_ok(&domain->sam_dom_handle)) { - - /* We want to close the current connection but attempt - to open a new set, possibly to a new dc. If this - doesn't work then return False as we have no dc - to talk to. */ - - DEBUG(3, ("sam handles not responding\n")); - - winbindd_kill_connections(domain); - goto reopen; - } - - result = domain->sam_handle_open && domain->sam_dom_handle_open; - - return result; -} - -/* Shut down connections to all domain controllers */ - -static void winbindd_kill_connections(struct winbindd_domain *domain) -{ - /* Kill all connections */ - - if (!domain) { - struct winbindd_domain *tmp; - - for (tmp = domain_list; tmp; tmp = tmp->next) { - winbindd_kill_connections(domain); - } - - return; - } - - /* Log a level 0 message - this is probably a domain controller - failure */ - - if (!domain->controller[0]) - return; - - DEBUG(0, ("killing connections to domain %s with controller %s\n", - domain->name, domain->controller)); - - /* Close LSA connections if we are killing connections to the dc - that has them open. */ - - if (strequal(server_state.controller, domain->controller)) { - server_state.pwdb_initialised = False; - server_state.lsa_handle_open = False; - wb_lsa_close(&server_state.lsa_handle); - } - - /* Close domain sam handles but don't free them as this - severely traumatises the getent state. The connections - will be reopened later. */ - - if (domain->sam_dom_handle_open) { - wb_samr_close(&domain->sam_dom_handle); - domain->sam_dom_handle_open = False; - } - - if (domain->sam_handle_open) { - wb_samr_close(&domain->sam_handle); - domain->sam_handle_open = False; - } - - /* Re-lookup domain info which includes domain controller name */ - - domain->got_domain_info = False; -} - -/* Kill connections to all servers */ - -void winbindd_kill_all_connections(void) -{ - struct winbindd_domain *domain; - - /* Iterate over domain list */ - - domain = domain_list; - - while (domain) { - struct winbindd_domain *next; - - /* Kill conections */ - - winbindd_kill_connections(domain); - - /* Remove domain from list */ - - next = domain->next; - DLIST_REMOVE(domain_list, domain); - SAFE_FREE(domain); - - domain = next; - } -} - -/* Attempt to connect to all domain controllers we know about */ - -void establish_connections(BOOL force_reestablish) -{ - static time_t lastt; - time_t t; - - /* Check we haven't checked too recently */ - - t = time(NULL); - if ((t - lastt < WINBINDD_ESTABLISH_LOOP) && !force_reestablish) { - return; - } - lastt = t; - - DEBUG(3, ("establishing connections\n")); - - /* Maybe the connection died - if so then close up and restart */ - - if (server_state.pwdb_initialised && - server_state.lsa_handle_open && - !rpc_hnd_ok(&server_state.lsa_handle)) { - winbindd_kill_connections(NULL); - } - - if (!server_state.pwdb_initialised) { - - /* Lookup domain controller name */ - - if (!get_any_dc_name(lp_workgroup(), - server_state.controller)) { - DEBUG(3, ("could not find any domain controllers " - "for domain %s\n", lp_workgroup())); - return; - } - - /* Initialise password database and sids */ - - /* server_state.pwdb_initialised = pwdb_initialise(False); */ - server_state.pwdb_initialised = True; - - if (!server_state.pwdb_initialised) { - DEBUG(3, ("could not initialise pwdb\n")); - return; - } - } - - /* Open lsa handle if it isn't already open */ - - if (!server_state.lsa_handle_open) { - - server_state.lsa_handle_open = - wb_lsa_open_policy(server_state.controller, - False, SEC_RIGHTS_MAXIMUM_ALLOWED, - &server_state.lsa_handle); - - if (!server_state.lsa_handle_open) { - DEBUG(0, ("error opening lsa handle on dc %s\n", - server_state.controller)); - return; - } - - /* Now we can talk to the server we can get some info */ - - get_trusted_domains(); - } -} - -#endif - /* Connect to a domain controller using get_any_dc_name() to discover the domain name and sid */ @@ -416,35 +164,6 @@ BOOL lookup_domain_sid(char *domain_name, struct winbindd_domain *domain) return NT_STATUS_IS_OK(result); } -#if 0 - -/* Lookup domain controller and sid for a domain */ - - BOOL get_domain_info(struct winbindd_domain *domain) -{ - fstring sid_str; - - DEBUG(1, ("Getting domain info for domain %s\n", domain->name)); - - /* Lookup domain sid */ - - if (!lookup_domain_sid(domain->name, domain)) { - DEBUG(0, ("could not find sid for domain %s\n", domain->name)); - return False; - } - - /* Lookup OK */ - - domain->got_domain_info = 1; - - sid_to_string(sid_str, &domain->sid); - DEBUG(1, ("found sid %s for domain %s\n", sid_str, domain->name)); - - return True; -} - -#endif - /* Lookup a sid in a domain from a name */ BOOL winbindd_lookup_sid_by_name(char *name, DOM_SID *sid, |