From be3fdd8b6237a6dcaf4ff974dc4dad35b7009169 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Tue, 4 Sep 2007 14:06:33 +0000
Subject: r24952: Set the kdc locator env vars. This makes the krb5 locator
 plugin fully operational (from within winbindd and outside).

Guenther
(This used to be commit 800645d5388d7df1f8cf31b4218bfc7dd5b4d12a)
---
 source3/nsswitch/winbindd_cm.c   | 12 +++++++++
 source3/nsswitch/winbindd_util.c | 58 +++++++++++++++++++++++++++++++++++++---
 2 files changed, 67 insertions(+), 3 deletions(-)

(limited to 'source3/nsswitch')

diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 269dab0389..0888a934d1 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -395,6 +395,8 @@ static void set_domain_online(struct winbindd_domain *domain)
 		return;
 	}
 
+	winbindd_set_locator_kdc_envs(domain);
+
 	/* If we are waiting to get a krb5 ticket, trigger immediately. */
 	GetTimeOfDay(&now);
 	set_event_dispatch_time(winbind_event_context(),
@@ -520,6 +522,7 @@ void winbind_add_failed_connection_entry(const struct winbindd_domain *domain,
 		add_failed_connection_entry(domain->alt_name, server, result);
 		saf_delete(domain->alt_name);
 	}
+	winbindd_unset_locator_kdc_env(domain);
 }
 
 /* Choose between anonymous or authenticated connections.  We need to use
@@ -741,6 +744,8 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 				  "[%s]\n", controller, global_myname(),
 				  machine_krb5_principal));
 
+			winbindd_set_locator_kdc_envs(domain);
+
 			ads_status = cli_session_setup_spnego(*cli,
 							      machine_krb5_principal, 
 							      machine_password, 
@@ -837,6 +842,8 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 		saf_store( domain->alt_name, (*cli)->desthost );
 	}
 
+	winbindd_set_locator_kdc_envs(domain);
+
 	if (!cli_send_tconX(*cli, "IPC$", "IPC", "", 0)) {
 
 		result = cli_nt_error(*cli);
@@ -1089,6 +1096,8 @@ static BOOL dcip_to_name(const struct winbindd_domain *domain, struct in_addr ip
 								sitename,
 								ip);
 
+				winbindd_set_locator_kdc_envs(domain);
+
 				SAFE_FREE(sitename);
 				/* Ensure we contact this DC also. */
 				saf_store( domain->name, name);
@@ -1394,6 +1403,9 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain,
 	}
 
 	if (NT_STATUS_IS_OK(result)) {
+
+		winbindd_set_locator_kdc_envs(domain);
+
 		if (domain->online == False) {
 			/* We're changing state from offline to online. */
 			set_global_winbindd_state_online();
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index 225c6b5be1..a29ea38145 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -1366,24 +1366,40 @@ BOOL winbindd_internal_child(struct winbindd_child *child)
 	return False;
 }
 
+void winbindd_set_locator_kdc_envs(const struct winbindd_domain *domain);
+void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain);
+
+#ifdef HAVE_KRB5_LOCATE_PLUGIN_H
+
 /*********************************************************************
  ********************************************************************/
 
-void winbindd_set_locator_kdc_env(const struct winbindd_domain *domain)
+static void winbindd_set_locator_kdc_env(const struct winbindd_domain *domain)
 {
 	char *var = NULL;
 	const char *kdc = NULL;
+	int lvl = 11;
+
+	if (!domain || !domain->alt_name || !*domain->alt_name) {
+		return;
+	}
 
-	if (!domain) {
+	if (domain->initialized && !domain->active_directory) {
+		DEBUG(lvl,("winbindd_set_locator_kdc_env: %s not AD\n",
+			domain->alt_name));
 		return;
 	}
 
 	kdc = inet_ntoa(domain->dcaddr.sin_addr);
 	if (!kdc) {
+		DEBUG(lvl,("winbindd_set_locator_kdc_env: %s no DC IP\n",
+			domain->alt_name));
 		kdc = domain->dcname;
 	}
 
 	if (!kdc || !*kdc) {
+		DEBUG(lvl,("winbindd_set_locator_kdc_env: %s no DC at all\n",
+			domain->alt_name));
 		return;
 	}
 
@@ -1392,9 +1408,45 @@ void winbindd_set_locator_kdc_env(const struct winbindd_domain *domain)
 		return;
 	}
 
-	DEBUG(10,("winbindd_set_locator_kdc_env: setting var: %s to: %s\n",
+	DEBUG(lvl,("winbindd_set_locator_kdc_env: setting var: %s to: %s\n",
 		var, kdc));
 
 	setenv(var, kdc, 1);
 	free(var);
 }
+
+/*********************************************************************
+ ********************************************************************/
+
+void winbindd_set_locator_kdc_envs(const struct winbindd_domain *domain)
+{
+	struct winbindd_domain *our_dom = find_our_domain();
+
+	winbindd_set_locator_kdc_env(domain);
+
+	if (domain != our_dom) {
+		winbindd_set_locator_kdc_env(our_dom);
+	}
+}
+
+/*********************************************************************
+ ********************************************************************/
+
+void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain)
+{
+	char *var = NULL;
+
+	if (!domain || !domain->alt_name || !*domain->alt_name) {
+		return;
+	}
+
+	if (asprintf(&var, "%s_%s", WINBINDD_LOCATOR_KDC_ADDRESS,
+		     strupper_static(domain->alt_name)) == -1) {
+		return;
+	}
+
+	unsetenv(var);
+	free(var);
+}
+
+#endif /* HAVE_KRB5_LOCATE_PLUGIN_H */
-- 
cgit