summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/winbindd/idmap_ad.c41
-rw-r--r--source3/winbindd/winbindd_ads.c125
-rw-r--r--source3/winbindd/winbindd_proto.h7
3 files changed, 87 insertions, 86 deletions
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 0e00a340bf..5b9c3774f6 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -58,13 +58,8 @@ struct idmap_ad_context {
static ADS_STATUS ad_idmap_cached_connection_internal(struct idmap_domain *dom)
{
- ADS_STRUCT *ads;
- ADS_STATUS status;
- fstring dc_name;
- struct sockaddr_storage dc_ip;
struct idmap_ad_context *ctx;
- char *ldap_server = NULL;
- char *realm = NULL;
+ char *ldap_server, *realm, *password;
struct winbindd_domain *wb_dom;
DEBUG(10, ("ad_idmap_cached_connection: called for domain '%s'\n",
@@ -77,9 +72,6 @@ static ADS_STATUS ad_idmap_cached_connection_internal(struct idmap_domain *dom)
return ADS_SUCCESS;
}
- /* we don't want this to affect the users ccache */
- setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1);
-
/*
* At this point we only have the NetBIOS domain name.
* Check if we can get server nam and realm from SAF cache
@@ -99,35 +91,12 @@ static ADS_STATUS ad_idmap_cached_connection_internal(struct idmap_domain *dom)
realm = wb_dom->alt_name;
}
- if ( (ads = ads_init(realm, dom->name, ldap_server)) == NULL ) {
- DEBUG(1,("ads_init failed\n"));
- return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
/* the machine acct password might have change - fetch it every time */
- SAFE_FREE(ads->auth.password);
- ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
-
- SAFE_FREE(ads->auth.realm);
- ads->auth.realm = SMB_STRDUP(lp_realm());
-
- /* setup server affinity */
-
- get_dc_name(dom->name, realm, dc_name, &dc_ip );
-
- status = ads_connect(ads);
- if (!ADS_ERR_OK(status)) {
- DEBUG(1, ("ad_idmap_cached_connection_internal: failed to "
- "connect to AD\n"));
- ads_destroy(&ads);
- return status;
- }
-
- ads->is_mine = False;
-
- ctx->ads = ads;
+ password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
+ realm = SMB_STRDUP(lp_realm());
- return ADS_SUCCESS;
+ return ads_cached_connection_connect(&ctx->ads, realm, dom->name,
+ ldap_server, password, realm, 0);
}
/************************************************************************
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 03cbcf23a3..e806aa87f0 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -72,16 +72,73 @@ void ads_cached_connection_reuse(ADS_STRUCT **adsp)
}
}
+ADS_STATUS ads_cached_connection_connect(ADS_STRUCT **adsp,
+ const char *dom_name_alt,
+ const char *dom_name,
+ const char *ldap_server,
+ char *password,
+ char *realm,
+ time_t renewable)
+{
+ ADS_STRUCT *ads;
+ ADS_STATUS status;
+ struct sockaddr_storage dc_ss;
+ fstring dc_name;
+
+ /* we don't want this to affect the users ccache */
+ setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1);
+
+ ads = ads_init(dom_name_alt, dom_name, ldap_server);
+ if (!ads) {
+ DEBUG(1,("ads_init for domain %s failed\n", dom_name));
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ SAFE_FREE(ads->auth.password);
+ SAFE_FREE(ads->auth.realm);
+
+ ads->auth.renewable = renewable;
+ ads->auth.password = password;
+ ads->auth.realm = realm;
+
+ ads->auth.realm = SMB_STRDUP(realm);
+ if (!strupper_m(ads->auth.realm)) {
+ ads_destroy(&ads);
+ return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
+ }
+
+ /* Setup the server affinity cache. We don't reaally care
+ about the name. Just setup affinity and the KRB5_CONFIG
+ file. */
+ get_dc_name(ads->server.workgroup, ads->server.realm, dc_name, &dc_ss);
+
+ status = ads_connect(ads);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(1,("ads_connect for domain %s failed: %s\n",
+ dom_name, ads_errstr(status)));
+ ads_destroy(&ads);
+ return status;
+ }
+
+ /* set the flag that says we don't own the memory even
+ though we do so that ads_destroy() won't destroy the
+ structure we pass back by reference */
+
+ ads->is_mine = False;
+
+ *adsp = ads;
+
+ return status;
+}
+
/*
return our ads connections structure for a domain. We keep the connection
open to make things faster
*/
static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
{
- ADS_STRUCT *ads;
ADS_STATUS status;
- fstring dc_name;
- struct sockaddr_storage dc_ss;
+ char *password, *realm;
DEBUG(10,("ads_cached_connection\n"));
ads_cached_connection_reuse((ADS_STRUCT **)&domain->private_data);
@@ -90,37 +147,22 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
return (ADS_STRUCT *)domain->private_data;
}
- ads = ads_init(domain->alt_name, domain->name, NULL);
- if (!ads) {
- DEBUG(1,("ads_init for domain %s failed\n", domain->name));
- return NULL;
- }
-
- /* we don't want ads operations to affect the default ccache */
- ads->auth.ccache_name = SMB_STRDUP("MEMORY:winbind_ccache");
-
/* the machine acct password might have change - fetch it every time */
- SAFE_FREE(ads->auth.password);
- SAFE_FREE(ads->auth.realm);
-
if ( IS_DC ) {
- if ( !pdb_get_trusteddom_pw( domain->name, &ads->auth.password, NULL, NULL ) ) {
- ads_destroy( &ads );
- return NULL;
- }
- ads->auth.realm = SMB_STRDUP( ads->server.realm );
- if (!strupper_m( ads->auth.realm )) {
- ads_destroy( &ads );
+ if ( !pdb_get_trusteddom_pw( domain->name, &password, NULL,
+ NULL ) ) {
return NULL;
}
+ realm = NULL;
}
else {
struct winbindd_domain *our_domain = domain;
- ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
+ password = secrets_fetch_machine_password(lp_workgroup(), NULL,
+ NULL);
/* always give preference to the alt_name in our
primary domain if possible */
@@ -128,30 +170,21 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
our_domain = find_our_domain();
if (our_domain->alt_name != NULL) {
- ads->auth.realm = SMB_STRDUP( our_domain->alt_name );
- if (!strupper_m( ads->auth.realm )) {
- ads_destroy( &ads );
- return NULL;
- }
+ realm = SMB_STRDUP( our_domain->alt_name );
}
else
- ads->auth.realm = SMB_STRDUP( lp_realm() );
+ realm = SMB_STRDUP( lp_realm() );
}
- ads->auth.renewable = WINBINDD_PAM_AUTH_KRB5_RENEW_TIME;
+ status = ads_cached_connection_connect(
+ (ADS_STRUCT **)&domain->private_data,
+ domain->alt_name,
+ domain->name, NULL,
+ password, realm,
+ WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
- /* Setup the server affinity cache. We don't reaally care
- about the name. Just setup affinity and the KRB5_CONFIG
- file. */
-
- get_dc_name( ads->server.workgroup, ads->server.realm, dc_name, &dc_ss );
-
- status = ads_connect(ads);
- if (!ADS_ERR_OK(status) || !ads->config.realm) {
- DEBUG(1,("ads_connect for domain %s failed: %s\n",
- domain->name, ads_errstr(status)));
- ads_destroy(&ads);
+ if (!ADS_ERR_OK(status)) {
/* if we get ECONNREFUSED then it might be a NT4
server, fall back to MSRPC */
if (status.error_type == ENUM_ADS_ERROR_SYSTEM &&
@@ -163,17 +196,9 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
return NULL;
}
- /* set the flag that says we don't own the memory even
- though we do so that ads_destroy() won't destroy the
- structure we pass back by reference */
-
- ads->is_mine = False;
-
- domain->private_data = (void *)ads;
- return ads;
+ return (ADS_STRUCT *)domain->private_data;
}
-
/* Query display info for a realm. This is the basic user list fn */
static NTSTATUS query_user_list(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 0d75791020..8bd7a392f2 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -895,5 +895,12 @@ NTSTATUS open_internal_samr_conn(TALLOC_CTX *mem_ctx,
/* The following definitions come from winbindd/winbindd_ads.c */
#define WINBIND_CCACHE_NAME "MEMORY:winbind_ccache"
void ads_cached_connection_reuse(ADS_STRUCT **ads);
+ADS_STATUS ads_cached_connection_connect(ADS_STRUCT **adsp,
+ const char *dom_name_alt,
+ const char *dom_name,
+ const char *ldap_server,
+ char *password,
+ char *realm,
+ time_t renewable);
#endif /* _WINBINDD_PROTO_H_ */