diff options
Diffstat (limited to 'source3/nsswitch/winbindd_misc.c')
| -rw-r--r-- | source3/nsswitch/winbindd_misc.c | 84 |
1 files changed, 29 insertions, 55 deletions
diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c index b06ee223a7..95c4f29c18 100644 --- a/source3/nsswitch/winbindd_misc.c +++ b/source3/nsswitch/winbindd_misc.c @@ -25,22 +25,6 @@ extern pstring global_myname; -/* Some routines to fetch the trust account password from a HEAD - version of Samba. Yuck. )-: */ - -/************************************************************************ -form a key for fetching a domain trust password from -************************************************************************/ -static char *trust_keystr(char *domain) -{ - static fstring keystr; - - snprintf(keystr,sizeof(keystr),"%s/%s", SECRETS_MACHINE_ACCT_PASS, - domain); - - return keystr; -} - /************************************************************************ Routine to get the trust account password for a domain ************************************************************************/ @@ -51,11 +35,15 @@ static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd, size_t size; if (!(pass = secrets_fetch(trust_keystr(domain), &size)) || - size != sizeof(*pass)) return False; + size != sizeof(*pass)) + return False; + + if (pass_last_set_time) + *pass_last_set_time = pass->mod_time; - if (pass_last_set_time) *pass_last_set_time = pass->mod_time; memcpy(ret_pwd, pass->hash, 16); SAFE_FREE(pass); + return True; } @@ -63,13 +51,10 @@ static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd, enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state) { - NTSTATUS status; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uchar trust_passwd[16]; - struct in_addr *ip_list = NULL; - int count; - fstring controller, trust_account; int num_retries = 0; - + struct cli_state *cli; DEBUG(3, ("[%5d]: check machine account\n", state->pid)); /* Get trust account password */ @@ -77,36 +62,21 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat again: if (!_get_trust_account_password(lp_workgroup(), trust_passwd, NULL)) { - status = NT_STATUS_INTERNAL_ERROR; - goto done; - } - - /* Get domain controller */ - - if (!get_dc_list(True, lp_workgroup(), &ip_list, &count) || - !lookup_pdc_name(global_myname, lp_workgroup(), &ip_list[0], - controller)) { - DEBUG(0, ("could not find domain controller for " - "domain %s\n", lp_workgroup())); - status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; + result = NT_STATUS_INTERNAL_ERROR; goto done; } - DEBUG(3, ("contacting controller %s to check secret\n", controller)); + /* This call does a cli_nt_setup_creds() which implicitly checks + the trust account password. */ - /* Contact domain controller to check secret */ + result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli); - slprintf(trust_account, sizeof(trust_account) - 1, "%s$", - global_myname); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(3, ("could not open handle to NETLOGON pipe\n")); + goto done; + } -#if 0 /* XXX */ - { - uint16 validation_level; - status = cli_nt_setup_creds(controller, lp_workgroup(), global_myname, - trust_account, trust_passwd, - SEC_CHAN_WKSTA, &validation_level); - } -#endif + cli_shutdown(cli); /* There is a race condition between fetching the trust account password and joining the domain so it's possible that the trust @@ -116,7 +86,7 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat #define MAX_RETRIES 8 if ((num_retries < MAX_RETRIES) && - NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) { + NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) { num_retries++; goto again; } @@ -124,10 +94,12 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat /* Pass back result code - zero for success, other values for specific failures. */ - DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(status) ? "good" : "bad")); + DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(result) ? + "good" : "bad")); done: - state->response.data.num_entries = NT_STATUS_V(status); + state->response.data.num_entries = NT_STATUS_V(result); + return WINBINDD_OK; } @@ -147,20 +119,21 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state /* Skip own domain */ - if (strequal(domain->name, lp_workgroup())) continue; + if (strequal(domain->name, lp_workgroup())) + continue; /* Add domain to list */ total_entries++; ted = Realloc(extra_data, sizeof(fstring) * - total_entries); + total_entries); if (!ted) { DEBUG(0,("winbindd_list_trusted_domains: failed to enlarge buffer!\n")); SAFE_FREE(extra_data); return WINBINDD_ERROR; - } - else extra_data = ted; + } else + extra_data = ted; memcpy(&extra_data[extra_data_len], domain->name, strlen(domain->name)); @@ -170,7 +143,8 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state } if (extra_data) { - if (extra_data_len > 1) extra_data[extra_data_len - 1] = '\0'; + if (extra_data_len > 1) + extra_data[extra_data_len - 1] = '\0'; state->response.extra_data = extra_data; state->response.length += extra_data_len; } |