s3:winbindd: make winbindd_get_trust_credentials() public

We'll use it outside of winbindd_cm.c soon.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 5f8018e996e13c6def87516c1a13ccdfd82a7400..f33e0bcb165c659181d52500cae7b5c7cf1f4a09 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -612,10 +612,11 @@ static bool get_dc_name_via_netlogon(struct winbindd_domain *domain,
 /**
  * Helper function to assemble trust password and account name
  */
-static NTSTATUS get_trust_credentials(struct winbindd_domain *domain,
-                                     TALLOC_CTX *mem_ctx,
-                                     bool netlogon,
-                                     struct cli_credentials **_creds)
+NTSTATUS winbindd_get_trust_credentials(struct winbindd_domain *domain,
+                                       TALLOC_CTX *mem_ctx,
+                                       bool netlogon,
+                                       bool allow_ipc_fallback,
+                                       struct cli_credentials **_creds)
 {
        const struct winbindd_domain *creds_domain = NULL;
        struct cli_credentials *creds;
@@ -670,6 +671,10 @@ static NTSTATUS get_trust_credentials(struct winbindd_domain *domain,
                return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
        }
 
+       if (!allow_ipc_fallback) {
+               return status;
+       }
+
        status = cm_get_ipc_credentials(mem_ctx, &creds);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
@@ -831,10 +836,16 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
        }
 
        if (try_ipc_auth) {
-               result = get_trust_credentials(domain, talloc_tos(), false, &creds);
+               result = winbindd_get_trust_credentials(domain,
+                                                       talloc_tos(),
+                                                       false, /* netlogon */
+                                                       true, /* ipc_fallback */
+                                                       &creds);
                if (!NT_STATUS_IS_OK(result)) {
-                       DEBUG(1, ("get_trust_credentials(%s) failed: %s\n",
-                                 domain->name, nt_errstr(result)));
+                       DBG_WARNING("winbindd_get_trust_credentials(%s) "
+                                   "failed: %s\n",
+                                   domain->name,
+                                   nt_errstr(result));
                        goto done;
                }
        } else {
@@ -2601,7 +2612,11 @@ retry:
         * anonymous.
         */
 
-       result = get_trust_credentials(domain, talloc_tos(), false, &creds);
+       result = winbindd_get_trust_credentials(domain,
+                                               talloc_tos(),
+                                               false, /* netlogon */
+                                               true, /* ipc_fallback */
+                                               &creds);
        if (!NT_STATUS_IS_OK(result)) {
                DEBUG(10, ("cm_connect_sam: No user available for "
                           "domain %s, trying schannel\n", domain->name));
@@ -2935,7 +2950,11 @@ retry:
                goto schannel;
        }
 
-       result = get_trust_credentials(domain, talloc_tos(), false, &creds);
+       result = winbindd_get_trust_credentials(domain,
+                                               talloc_tos(),
+                                               false, /* netlogon */
+                                               true, /* ipc_fallback */
+                                               &creds);
        if (!NT_STATUS_IS_OK(result)) {
                DEBUG(10, ("cm_connect_lsa: No user available for "
                           "domain %s, trying schannel\n", domain->name));
@@ -3213,7 +3232,11 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
        TALLOC_FREE(conn->netlogon_pipe);
        TALLOC_FREE(conn->netlogon_creds_ctx);
 
-       result = get_trust_credentials(domain, talloc_tos(), true, &creds);
+       result = winbindd_get_trust_credentials(domain,
+                                               talloc_tos(),
+                                               true, /* netlogon */
+                                               false, /* ipc_fallback */
+                                               &creds);
        if (!NT_STATUS_IS_OK(result)) {
                DBG_DEBUG("No user available for domain %s when trying "
                          "schannel\n", domain->name);

diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index a5e8c8b8df8bc2a8e5cd3c923f905956f04ffbaa..acfbc0543fa34e9d609d4cc4dc525523783d4593 100644 (file)
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -207,6 +207,13 @@ void winbind_msg_domain_online(struct messaging_context *msg_ctx,
 void set_domain_offline(struct winbindd_domain *domain);
 void set_domain_online_request(struct winbindd_domain *domain);
 
+struct cli_credentials;
+NTSTATUS winbindd_get_trust_credentials(struct winbindd_domain *domain,
+                                       TALLOC_CTX *mem_ctx,
+                                       bool netlogon,
+                                       bool allow_ipc_fallback,
+                                       struct cli_credentials **_creds);
+
 struct ndr_interface_table;
 NTSTATUS wb_open_internal_pipe(TALLOC_CTX *mem_ctx,
                               const struct ndr_interface_table *table,