s3:winbindd: make sure we don't try rpc requests against unaccessable domains

author Stefan Metzmacher <metze@samba.org>

Thu, 1 Apr 2010 07:29:38 +0000 (09:29 +0200)

committer Karolin Seeger <kseeger@samba.org>

Thu, 1 Apr 2010 13:26:22 +0000 (15:26 +0200)
author Stefan Metzmacher <metze@samba.org>
Thu, 1 Apr 2010 07:29:38 +0000 (09:29 +0200)
committer Karolin Seeger <kseeger@samba.org>
Thu, 1 Apr 2010 13:26:22 +0000 (15:26 +0200)
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c

index e8677bbbd491f60fbedabec941c5ca18a9dab07c..62466f8f02b68cd022506c8e4f6a579521415ebe 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1631,7 +1631,13 @@ static NTSTATUS init_dc_connection_network(struct winbindd_domain *domain)
         NTSTATUS result;
  
         /* Internal connections never use the network. */
-       if (domain->internal || !winbindd_can_contact_domain(domain)) {
+       if (domain->internal) {
+               domain->initialized = True;
+               return NT_STATUS_OK;
+       }
+
+       if (!winbindd_can_contact_domain(domain)) {
+               invalidate_cm_connection(&domain->conn);
                 domain->initialized = True;
                 return NT_STATUS_OK;
         }
@@ -1664,6 +1670,23 @@ NTSTATUS init_dc_connection(struct winbindd_domain *domain)
         return init_dc_connection_network(domain);
  }
  
+static NTSTATUS init_dc_connection_rpc(struct winbindd_domain *domain)
+{
+       NTSTATUS status;
+
+       status = init_dc_connection(domain);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
+       if (!domain->internal && domain->conn.cli == NULL) {
+               /* happens for trusted domains without inbound trust */
+               return NT_STATUS_TRUSTED_DOMAIN_FAILURE;
+       }
+
+       return NT_STATUS_OK;
+}
+
  /******************************************************************************
   Set the trust flags (direction and forest location) for a domain
  ******************************************************************************/
@@ -2010,7 +2033,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
         char *machine_account = NULL;
         char *domain_name = NULL;
  
-       result = init_dc_connection(domain);
+       result = init_dc_connection_rpc(domain);
         if (!NT_STATUS_IS_OK(result)) {
                 return result;
         }
@@ -2193,7 +2216,7 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain,
  
         DEBUG(10,("cm_connect_lsa_tcp\n"));
  
-       status = init_dc_connection(domain);
+       status = init_dc_connection_rpc(domain);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
@@ -2239,7 +2262,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
         struct netlogon_creds_CredentialState *p_creds;
  
-       result = init_dc_connection(domain);
+       result = init_dc_connection_rpc(domain);
         if (!NT_STATUS_IS_OK(result))
                 return result;
  
@@ -2371,7 +2394,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
  
         *cli = NULL;
  
-       result = init_dc_connection(domain);
+       result = init_dc_connection_rpc(domain);
         if (!NT_STATUS_IS_OK(result)) {
                 return result;
         }
author	Stefan Metzmacher <metze@samba.org>
	Thu, 1 Apr 2010 07:29:38 +0000 (09:29 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Thu, 1 Apr 2010 13:26:22 +0000 (15:26 +0200)