/**
* Helper function to assemble trust password and account name
*/
-static NTSTATUS get_trust_credentials(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- bool netlogon,
- struct cli_credentials **_creds)
+NTSTATUS winbindd_get_trust_credentials(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ bool netlogon,
+ bool allow_ipc_fallback,
+ struct cli_credentials **_creds)
{
const struct winbindd_domain *creds_domain = NULL;
struct cli_credentials *creds;
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
+ if (!allow_ipc_fallback) {
+ return status;
+ }
+
status = cm_get_ipc_credentials(mem_ctx, &creds);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (try_ipc_auth) {
- result = get_trust_credentials(domain, talloc_tos(), false, &creds);
+ result = winbindd_get_trust_credentials(domain,
+ talloc_tos(),
+ false, /* netlogon */
+ true, /* ipc_fallback */
+ &creds);
if (!NT_STATUS_IS_OK(result)) {
- DEBUG(1, ("get_trust_credentials(%s) failed: %s\n",
- domain->name, nt_errstr(result)));
+ DBG_WARNING("winbindd_get_trust_credentials(%s) "
+ "failed: %s\n",
+ domain->name,
+ nt_errstr(result));
goto done;
}
} else {
* anonymous.
*/
- result = get_trust_credentials(domain, talloc_tos(), false, &creds);
+ result = winbindd_get_trust_credentials(domain,
+ talloc_tos(),
+ false, /* netlogon */
+ true, /* ipc_fallback */
+ &creds);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10, ("cm_connect_sam: No user available for "
"domain %s, trying schannel\n", domain->name));
goto schannel;
}
- result = get_trust_credentials(domain, talloc_tos(), false, &creds);
+ result = winbindd_get_trust_credentials(domain,
+ talloc_tos(),
+ false, /* netlogon */
+ true, /* ipc_fallback */
+ &creds);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10, ("cm_connect_lsa: No user available for "
"domain %s, trying schannel\n", domain->name));
TALLOC_FREE(conn->netlogon_pipe);
TALLOC_FREE(conn->netlogon_creds_ctx);
- result = get_trust_credentials(domain, talloc_tos(), true, &creds);
+ result = winbindd_get_trust_credentials(domain,
+ talloc_tos(),
+ true, /* netlogon */
+ false, /* ipc_fallback */
+ &creds);
if (!NT_STATUS_IS_OK(result)) {
DBG_DEBUG("No user available for domain %s when trying "
"schannel\n", domain->name);