pid_t parent_pid = sys_getpid();
char *lfile = NULL;
- /* Stop zombies */
- CatchChild();
-
if (domain->dc_probe_pid != (pid_t)-1) {
/*
* We might already have a DC probe
static bool connection_ok(struct winbindd_domain *domain)
{
- if (domain->conn.cli == NULL) {
- DEBUG(8, ("connection_ok: Connection to %s for domain %s has NULL "
- "cli!\n", domain->dcname, domain->name));
- return False;
- }
+ bool ok;
- if (!domain->conn.cli->initialised) {
- DEBUG(3, ("connection_ok: Connection to %s for domain %s was never "
- "initialised!\n", domain->dcname, domain->name));
- return False;
- }
-
- if (domain->conn.cli->fd == -1) {
- DEBUG(3, ("connection_ok: Connection to %s for domain %s has died or was "
- "never started (fd == -1)\n",
+ ok = cli_state_is_connected(domain->conn.cli);
+ if (!ok) {
+ DEBUG(3, ("connection_ok: Connection to %s for domain %s is not connected\n",
domain->dcname, domain->name));
return False;
}
return NT_STATUS_OK;
}
+ if (!winbindd_can_contact_domain(domain)) {
+ invalidate_cm_connection(&domain->conn);
+ domain->initialized = True;
+ return NT_STATUS_OK;
+ }
+
if (connection_ok(domain)) {
if (!domain->initialized) {
set_dc_type_and_flags(domain);
return init_dc_connection_network(domain);
}
+static NTSTATUS init_dc_connection_rpc(struct winbindd_domain *domain)
+{
+ NTSTATUS status;
+
+ status = init_dc_connection(domain);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (!domain->internal && domain->conn.cli == NULL) {
+ /* happens for trusted domains without inbound trust */
+ return NT_STATUS_TRUSTED_DOMAIN_FAILURE;
+ }
+
+ return NT_STATUS_OK;
+}
+
/******************************************************************************
Set the trust flags (direction and forest location) for a domain
******************************************************************************/
domain->initialized = True;
- if ( !winbindd_can_contact_domain( domain) )
- domain->internal = True;
-
break;
}
}
char *machine_account = NULL;
char *domain_name = NULL;
- result = init_dc_connection(domain);
+ result = init_dc_connection_rpc(domain);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
conn = &domain->conn;
- if (conn->samr_pipe != NULL) {
+ if (rpccli_is_connected(conn->samr_pipe)) {
goto done;
}
+ TALLOC_FREE(conn->samr_pipe);
/*
* No SAMR pipe yet. Attempt to get an NTLMSSP SPNEGO authenticated
DEBUG(10,("cm_connect_lsa_tcp\n"));
- status = init_dc_connection(domain);
+ status = init_dc_connection_rpc(domain);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (conn->lsa_pipe_tcp &&
conn->lsa_pipe_tcp->transport->transport == NCACN_IP_TCP &&
- conn->lsa_pipe_tcp->auth->auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+ conn->lsa_pipe_tcp->auth->auth_level == PIPE_AUTH_LEVEL_PRIVACY &&
+ rpccli_is_connected(conn->lsa_pipe_tcp)) {
goto done;
}
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct dcinfo *p_dcinfo;
- result = init_dc_connection(domain);
+ result = init_dc_connection_rpc(domain);
if (!NT_STATUS_IS_OK(result))
return result;
conn = &domain->conn;
- if (conn->lsa_pipe != NULL) {
+ if (rpccli_is_connected(conn->lsa_pipe)) {
goto done;
}
+ TALLOC_FREE(conn->lsa_pipe);
+
if ((conn->cli->user_name[0] == '\0') ||
(conn->cli->domain[0] == '\0') ||
(conn->cli->password == NULL || conn->cli->password[0] == '\0')) {
*cli = NULL;
- result = init_dc_connection(domain);
+ result = init_dc_connection_rpc(domain);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
conn = &domain->conn;
- if (conn->netlogon_pipe != NULL) {
+ if (rpccli_is_connected(conn->netlogon_pipe)) {
*cli = conn->netlogon_pipe;
return NT_STATUS_OK;
}
+ TALLOC_FREE(conn->netlogon_pipe);
+
result = cli_rpc_pipe_open_noauth(conn->cli,
&ndr_table_netlogon.syntax_id,
&netlogon_pipe);
DEBUG(3, ("Could not open schannel'ed NETLOGON pipe. Error "
"was %s\n", nt_errstr(result)));
- /* make sure we return something besides OK */
- return !NT_STATUS_IS_OK(result) ? result : NT_STATUS_PIPE_NOT_AVAILABLE;
+ invalidate_cm_connection(conn);
+ return result;
}
/*
- * Try NetSamLogonEx for AD domains
+ * Always try netr_LogonSamLogonEx. We will fall back for NT4
+ * which gives DCERPC_FAULT_OP_RNG_ERROR (function not
+ * supported). We used to only try SamLogonEx for AD, but
+ * Samba DCs can also do it. And because we don't distinguish
+ * between Samba and NT4, always try it once.
*/
- domain->can_do_samlogon_ex = domain->active_directory;
+ domain->can_do_samlogon_ex = true;
*cli = conn->netlogon_pipe;
return NT_STATUS_OK;
}
+
+void winbind_msg_ip_dropped(struct messaging_context *msg_ctx,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB *data)
+{
+ struct winbindd_domain *domain;
+
+ if ((data == NULL)
+ || (data->data == NULL)
+ || (data->length == 0)
+ || (data->data[data->length-1] != '\0')
+ || !is_ipaddress((char *)data->data)) {
+ DEBUG(1, ("invalid msg_ip_dropped message\n"));
+ return;
+ }
+ for (domain = domain_list(); domain != NULL; domain = domain->next) {
+ char sockaddr[INET6_ADDRSTRLEN];
+ if (domain->conn.cli == NULL) {
+ continue;
+ }
+ if (domain->conn.cli->fd == -1) {
+ continue;
+ }
+ client_socket_addr(domain->conn.cli->fd, sockaddr,
+ sizeof(sockaddr));
+ if (strequal(sockaddr, (char *)data->data)) {
+ close(domain->conn.cli->fd);
+ domain->conn.cli->fd = -1;
+ }
+ }
+}
+
+extern struct winbindd_child *children;
+
+void winbind_msg_ip_dropped_parent(struct messaging_context *msg_ctx,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB *data)
+{
+ struct winbindd_child *child;
+
+ winbind_msg_ip_dropped(msg_ctx, private_data, msg_type,
+ server_id, data);
+
+
+ for (child = children; child != NULL; child = child->next) {
+ messaging_send_buf(msg_ctx, pid_to_procid(child->pid),
+ msg_type, data->data, data->length);
+ }
+}