From 94fb6120d80d05de0f24ea71a93c761517fd4231 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 13 Sep 2010 12:15:52 +1000
Subject: [PATCH] s4-secrets: fetch secure channel type with domain SID

The secure channel type is needed to work out what DC to connect to

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
---
 source4/param/secrets.c     | 16 +++++++++++++++-
 source4/param/secrets.h     |  2 ++
 source4/winbind/wb_server.c | 12 +++++++++---
 source4/winbind/wb_server.h |  1 +
 4 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/source4/param/secrets.c b/source4/param/secrets.c
index befe7f3658..8fc595fbb0 100644
--- a/source4/param/secrets.c
+++ b/source4/param/secrets.c
@@ -101,15 +101,17 @@ struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
 				       struct tevent_context *ev_ctx,
 				       struct loadparm_context *lp_ctx,
 				       const char *domain,
+				       enum netr_SchannelType *sec_channel_type,
 				       char **errstring)
 {
 	struct ldb_context *ldb;
 	struct ldb_message *msg;
 	int ldb_ret;
-	const char *attrs[] = { "objectSid", NULL };
+	const char *attrs[] = { "objectSid", "secureChannelType", NULL };
 	struct dom_sid *result = NULL;
 	const struct ldb_val *v;
 	enum ndr_err_code ndr_err;
+
 	*errstring = NULL;
 
 	ldb = secrets_db_connect(mem_ctx, ev_ctx, lp_ctx);
@@ -135,6 +137,18 @@ struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
 					     domain, (char *) ldb_get_opaque(ldb, "ldb_url"));
 		return NULL;
 	}
+
+	if (sec_channel_type) {
+		int v;
+		v = ldb_msg_find_attr_as_int(msg, "secureChannelType", -1);
+		if (v == -1) {
+			*errstring = talloc_asprintf(mem_ctx, "Failed to find secureChannelType for %s in %s",
+						     domain, (char *) ldb_get_opaque(ldb, "ldb_url"));
+			return NULL;
+		}
+		*sec_channel_type = v;
+	}
+
 	result = talloc(mem_ctx, struct dom_sid);
 	if (result == NULL) {
 		talloc_free(ldb);
diff --git a/source4/param/secrets.h b/source4/param/secrets.h
index c3227dfbcb..018bd36337 100644
--- a/source4/param/secrets.h
+++ b/source4/param/secrets.h
@@ -38,12 +38,14 @@
  */
 struct loadparm_context;
 struct tevent_context;
+enum netr_SchannelType;
 struct tdb_wrap *secrets_init(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
 struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx, struct loadparm_context *lp_ctx);
 struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
 				       struct tevent_context *ev_ctx,
 				       struct loadparm_context *lp_ctx,
 				       const char *domain,
+				       enum netr_SchannelType *sec_channel_type,
 				       char **errstring);
 
 
diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c
index ee44f0a240..96dab0acd5 100644
--- a/source4/winbind/wb_server.c
+++ b/source4/winbind/wb_server.c
@@ -239,7 +239,9 @@ static void winbind_task_init(struct task_server *task)
 		primary_sid = secrets_get_domain_sid(service,
 						     service->task->event_ctx,
 						     service->task->lp_ctx,
-						     lpcfg_netbios_name(service->task->lp_ctx), &errstring);
+						     lpcfg_netbios_name(service->task->lp_ctx),
+						     &service->sec_channel_type,
+						     &errstring);
 		if (!primary_sid) {
 			char *message = talloc_asprintf(task, 
 							"Cannot start Winbind (standalone configuration): %s: "
@@ -253,7 +255,9 @@ static void winbind_task_init(struct task_server *task)
 		primary_sid = secrets_get_domain_sid(service,
 						     service->task->event_ctx,
 						     service->task->lp_ctx,
-						     lpcfg_workgroup(service->task->lp_ctx), &errstring);
+						     lpcfg_workgroup(service->task->lp_ctx),
+						     &service->sec_channel_type,
+						     &errstring);
 		if (!primary_sid) {
 			char *message = talloc_asprintf(task, "Cannot start Winbind (domain member): %s: "
 							"Have you joined the %s domain?", 
@@ -266,7 +270,9 @@ static void winbind_task_init(struct task_server *task)
 		primary_sid = secrets_get_domain_sid(service,
 						     service->task->event_ctx,
 						     service->task->lp_ctx,
-						     lpcfg_workgroup(service->task->lp_ctx), &errstring);
+						     lpcfg_workgroup(service->task->lp_ctx),
+						     &service->sec_channel_type,
+						     &errstring);
 		if (!primary_sid) {
 			char *message = talloc_asprintf(task, "Cannot start Winbind (domain controller): %s: "
 							"Have you provisioned the %s domain?", 
diff --git a/source4/winbind/wb_server.h b/source4/winbind/wb_server.h
index 1ffb62e485..7fc778a97b 100644
--- a/source4/winbind/wb_server.h
+++ b/source4/winbind/wb_server.h
@@ -29,6 +29,7 @@ struct wbsrv_service {
 	struct task_server *task;
 
 	const struct dom_sid *primary_sid;
+	enum netr_SchannelType sec_channel_type;
 	struct wbsrv_domain *domains;
 	struct idmap_context *idmap_ctx;
 	const char *priv_pipe_dir;
-- 
2.34.1