summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/winbindd_cm.c71
-rw-r--r--source3/nsswitch/winbindd_group.c16
-rw-r--r--source3/nsswitch/winbindd_rpc.c40
3 files changed, 20 insertions, 107 deletions
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index d2d99a4203..79c63c9347 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -129,60 +129,16 @@ static BOOL cm_ads_find_dc(const char *domain, struct in_addr *dc_ip, fstring sr
return True;
}
-static BOOL cm_get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out)
+/**********************************************************************
+ wrapper around ads and rpc methods of finds DC's
+**********************************************************************/
+
+static BOOL cm_get_dc_name(const char *domain, fstring srv_name,
+ struct in_addr *ip_out)
{
- static struct get_dc_name_cache *get_dc_name_cache;
- struct get_dc_name_cache *dcc;
struct in_addr dc_ip;
BOOL ret;
- /* Check the cache for previous lookups */
-
- for (dcc = get_dc_name_cache; dcc; dcc = dcc->next) {
-
- if (!strequal(domain, dcc->domain_name))
- continue; /* Not our domain */
-
- if ((time(NULL) - dcc->lookup_time) >
- GET_DC_NAME_CACHE_TIMEOUT) {
-
- /* Cache entry has expired, delete it */
-
- DEBUG(10, ("get_dc_name_cache entry expired for %s\n", domain));
-
- DLIST_REMOVE(get_dc_name_cache, dcc);
- SAFE_FREE(dcc);
-
- break;
- }
-
- /* Return a positive or negative lookup for this domain */
-
- if (dcc->srv_name[0]) {
- DEBUG(10, ("returning positive get_dc_name_cache entry for %s\n", domain));
- fstrcpy(srv_name, dcc->srv_name);
- return True;
- } else {
- DEBUG(10, ("returning negative get_dc_name_cache entry for %s\n", domain));
- return False;
- }
- }
-
- /* Add cache entry for this lookup. */
-
- DEBUG(10, ("Creating get_dc_name_cache entry for %s\n", domain));
-
- if (!(dcc = (struct get_dc_name_cache *)
- malloc(sizeof(struct get_dc_name_cache))))
- return False;
-
- ZERO_STRUCTP(dcc);
-
- fstrcpy(dcc->domain_name, domain);
- dcc->lookup_time = time(NULL);
-
- DLIST_ADD(get_dc_name_cache, dcc);
-
zero_ip(&dc_ip);
ret = False;
@@ -191,21 +147,12 @@ static BOOL cm_get_dc_name(const char *domain, fstring srv_name, struct in_addr
if (!ret) {
/* fall back on rpc methods if the ADS methods fail */
- ret = get_dc_name(domain, srv_name, &dc_ip);
+ ret = rpc_dc_name(domain, srv_name, &dc_ip);
}
- if (!ret)
- return False;
-
- /* We have a name so make the cache entry positive now */
- fstrcpy(dcc->srv_name, srv_name);
-
- DEBUG(3, ("cm_get_dc_name: Returning DC %s (%s) for domain %s\n", srv_name,
- inet_ntoa(dc_ip), domain));
-
*ip_out = dc_ip;
- return True;
+ return ret;
}
/* Choose between anonymous or authenticated connections. We need to use
@@ -257,7 +204,7 @@ static NTSTATUS cm_open_connection(const char *domain, const int pipe_index,
fstrcpy(new_conn->domain, domain);
fstrcpy(new_conn->pipe_name, get_pipe_name_from_index(pipe_index));
- /* connection failure cache has been moved inside of get_dc_name
+ /* connection failure cache has been moved inside of rpc_dc_name
so we can deal with half dead DC's --jerry */
if (!cm_get_dc_name(domain, new_conn->controller, &dc_ip)) {
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index 11884af4cf..e4b0e78e2e 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -296,14 +296,6 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state)
return WINBINDD_ERROR;
}
- if ( !((name_type==SID_NAME_DOM_GRP) ||
- ((name_type==SID_NAME_ALIAS) && strequal(lp_workgroup(), domain->name))) )
- {
- DEBUG(1, ("name '%s' is not a local or domain group: %d\n",
- group_name, name_type));
- return WINBINDD_ERROR;
- }
-
/* Fill in group structure */
domain = find_domain_from_sid(&group_sid);
@@ -313,6 +305,14 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state)
return WINBINDD_ERROR;
}
+ if ( !((name_type==SID_NAME_DOM_GRP) ||
+ ((name_type==SID_NAME_ALIAS) && strequal(lp_workgroup(), domain->name))) )
+ {
+ DEBUG(1, ("name '%s' is not a local or domain group: %d\n",
+ group_name, name_type));
+ return WINBINDD_ERROR;
+ }
+
if (!fill_grent(&state->response.data.gr, dom_name, group_name,
state->request.data.gid) ||
!fill_grent_mem(domain, &group_sid, name_type,
diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
index 7d6055006d..131a7cfd43 100644
--- a/source3/nsswitch/winbindd_rpc.c
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -734,12 +734,6 @@ static int get_ldap_seq(const char *server, uint32 *seq)
if ((ldp = ldap_open_with_timeout(server, LDAP_PORT, 10)) == NULL)
return -1;
-#if 0
- /* As per tridge comment this doesn't seem to be needed. JRA */
- if ((err = ldap_simple_bind_s(ldp, NULL, NULL)) != 0)
- goto done;
-#endif
-
/* Timeout if no response within 20 seconds. */
to.tv_sec = 10;
to.tv_usec = 0;
@@ -786,38 +780,10 @@ int get_ldap_sequence_number( const char* domain, uint32 *seq)
return False;
}
- if ( !list_ordered )
- {
- /*
- * Pick a nice close server. Look for DC on local net
- * (assuming we don't have a list of preferred DC's)
- */
-
- for (i = 0; i < count; i++) {
- if (is_zero_ip(ip_list[i]))
- continue;
-
- if ( !is_local_net(ip_list[i]) )
- continue;
-
- if ( (ret = get_ldap_seq( inet_ntoa(ip_list[i]), seq)) == 0 )
- goto done;
-
- zero_ip(&ip_list[i]);
- }
+ /* sort the list so we can pick a close server */
-
- /*
- * Secondly try and contact a random PDC/BDC.
- */
-
- i = (sys_random() % count);
-
- if ( !is_zero_ip(ip_list[i]) ) {
- if ( (ret = get_ldap_seq( inet_ntoa(ip_list[i]), seq)) == 0 )
- goto done;
- }
- zero_ip(&ip_list[i]); /* Tried and failed. */
+ if (!list_ordered && (count > 1) ) {
+ qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare);
}
/* Finally return first DC that we can contact */