From 4be3f7665c6fe17b782098d74a4b02c4555269b8 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 6 Oct 2006 02:04:57 +0000
Subject: r19105: Ok - this is currently untested (but I'm testing it at the
 moment) but winbindd isn't run in the build farm so hopefully won't break
 anything too badly - I don't want to lose this.

If winbindd starts offline then it falls back to using
MS-RPC backend. On going online it needs to reset the
backend and try and go to using the AD backend code if
possible, as the MS-RPC sequence number fetch just returns
1 as the sequence number if run against an AD DC.

In addition, the winbindd async child may end up
with the AD backend whilst the main winbindd - which
still contacts the DC for some non-async calls, is
left using MS-RPC. This can cause some trouble (as
you can imagine :-).

Attempt to ensure both main winbindd and async children
us AD backends on going online.

Jeremy.
(This used to be commit 5efd4b04b89ace4b264e9ac37a90e202749792be)
---
 source3/nsswitch/winbindd_cm.c   | 15 +++++++++++++
 source3/nsswitch/winbindd_dual.c |  6 +++---
 source3/nsswitch/winbindd_rpc.c  | 46 ++++++----------------------------------
 3 files changed, 24 insertions(+), 43 deletions(-)

(limited to 'source3/nsswitch')

diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index a9f6ea3000..17663a7cfc 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -160,6 +160,7 @@ void set_domain_offline(struct winbindd_domain *domain)
 
 static void set_domain_online(struct winbindd_domain *domain)
 {
+	extern struct winbindd_methods reconnect_methods;
 	struct timeval now;
 
 	DEBUG(10,("set_domain_online: called for domain %s\n",
@@ -178,6 +179,20 @@ static void set_domain_online(struct winbindd_domain *domain)
 
 	/* Ok, we're out of any startup mode now... */
 	domain->startup = False;
+
+	/* We were offline - now we're online. We default to
+	   using the MS-RPC backend if we started offline,
+	   and if we're going online for the first time we
+	   should really re-initialize the backends and the
+	   checks to see if we're talking to an AD or NT domain.
+	*/
+
+	domain->initialized = False;
+
+	/* 'reconnect_methods' is the MS-RPC backend. */
+	if (domain->backend == &reconnect_methods) {
+		domain->backend = NULL;
+	}
 }
 
 /****************************************************************
diff --git a/source3/nsswitch/winbindd_dual.c b/source3/nsswitch/winbindd_dual.c
index 976fff8ebe..72c720c985 100644
--- a/source3/nsswitch/winbindd_dual.c
+++ b/source3/nsswitch/winbindd_dual.c
@@ -494,6 +494,9 @@ void winbind_msg_online(int msg_type, struct process_id src, void *buf, size_t l
 	/* Set our global state as online. */
 	set_global_winbindd_state_online();
 
+	smb_nscd_flush_user_cache();
+	smb_nscd_flush_group_cache();
+
 	for (child = children; child != NULL; child = child->next) {
 		DEBUG(10,("winbind_msg_online: sending message to pid %u.\n",
 			(unsigned int)child->pid ));
@@ -606,9 +609,6 @@ static void child_msg_online(int msg_type, struct process_id src, void *buf, siz
 	/* Set our global state as online. */
 	set_global_winbindd_state_online();
 
-	smb_nscd_flush_user_cache();
-	smb_nscd_flush_group_cache();
-
 	/* Try and mark everything online - delete any negative cache entries
 	   to force a reconnect now. */
 
diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
index dcf9b9b26e..06f0d2cb60 100644
--- a/source3/nsswitch/winbindd_rpc.c
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -770,48 +770,14 @@ static int get_ldap_seq(const char *server, int port, uint32 *seq)
 static int get_ldap_sequence_number(struct winbindd_domain *domain, uint32 *seq)
 {
 	int ret = -1;
-	int i, port = LDAP_PORT;
-	struct ip_service *ip_list = NULL;
-	int count;
-	
-	if ( !NT_STATUS_IS_OK(get_sorted_dc_list(domain->name, &ip_list, &count,
-						 False)) ) {
-		DEBUG(3, ("Could not look up dc's for domain %s\n", domain->name));
-		return False;
-	}
-
-	/* Finally return first DC that we can contact */
-
-	for (i = 0; i < count; i++) {
-		fstring ipstr;
-
-		/* since the is an LDAP lookup, default to the LDAP_PORT is
-		 * not set */
-		port = (ip_list[i].port!= PORT_NONE) ?
-			ip_list[i].port : LDAP_PORT;
-
-		fstrcpy( ipstr, inet_ntoa(ip_list[i].ip) );
-		
-		if (is_zero_ip(ip_list[i].ip))
-			continue;
+	fstring ipstr;
 
-		if ( (ret = get_ldap_seq( ipstr, port,  seq)) == 0 )
-			goto done;
-
-		/* add to failed connection cache */
-		winbind_add_failed_connection_entry( domain, ipstr,
-					     NT_STATUS_UNSUCCESSFUL );
-	}
-
-done:
-	if ( ret == 0 ) {
+	fstrcpy( ipstr, inet_ntoa(domain->dcaddr.sin_addr));
+	if ((ret = get_ldap_seq( ipstr, LDAP_PORT, seq)) == 0) {
 		DEBUG(3, ("get_ldap_sequence_number: Retrieved sequence "
-			  "number for Domain (%s) from DC (%s:%d)\n", 
-			domain->name, inet_ntoa(ip_list[i].ip), port));
-	}
-
-	SAFE_FREE(ip_list);
-
+			  "number for Domain (%s) from DC (%s)\n", 
+			domain->name, ipstr));
+	} 
 	return ret;
 }
 
-- 
cgit