libnet4: Use netlogon_pings() in findsite

Enable LDAPS lookups

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c
index 04c60c519176998e21d561e651519804deb6d4d2..369db586fb9cd0948b166a39b578e8c293ceaeee 100644 (file)
--- a/source4/libnet/libnet_site.c
+++ b/source4/libnet/libnet_site.c
@@ -20,6 +20,7 @@
 #include "includes.h"
 #include "libnet/libnet.h"
 #include "libcli/cldap/cldap.h"
+#include "source3/libads/netlogon_ping.h"
 #include <ldb.h>
 #include <ldb_errors.h>
 #include "libcli/resolve/resolve.h"
@@ -39,10 +40,9 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li
        char *config_dn_str = NULL;
        char *server_dn_str = NULL;
 
-       struct cldap_socket *cldap = NULL;
-       struct cldap_netlogon search = {};
        int ret;
        struct tsocket_address *dest_address = NULL;
+       struct netlogon_samlogon_response **responses = NULL;
 
        tmp_ctx = talloc_named(ctx, 0, "libnet_FindSite temp context");
        if (!tmp_ctx) {
@@ -50,12 +50,11 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li
                goto nomem;
        }
 
-       /* Resolve the site name. */
-       ZERO_STRUCT(search);
-       search.in.dest_address = NULL;
-       search.in.dest_port = 0;
-       search.in.acct_control = -1;
-       search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+       site_name_str = talloc_strdup(tmp_ctx, "Default-First-Site-Name");
+       if (site_name_str == NULL) {
+               r->out.error_string = NULL;
+               goto nomem;
+       }
 
        ret = tsocket_address_inet_from_strings(
                tmp_ctx, "ip", r->in.dest_address, 389, &dest_address);
@@ -65,38 +64,36 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li
                goto fail;
        }
 
-       /* we want to use non async calls, so we're not passing an event context */
-       status = cldap_socket_init(tmp_ctx, NULL, dest_address, &cldap);
-       if (!NT_STATUS_IS_OK(status)) {
-               r->out.error_string = NULL;
-               goto fail;
-       }
-       status = cldap_netlogon(cldap, tmp_ctx, &search);
+       status = netlogon_pings(tmp_ctx, /* mem_ctx */
+                               lpcfg_client_netlogon_ping_protocol(
+                                       lctx->lp_ctx), /* proto */
+                               &dest_address,         /* servers*/
+                               1,                     /* num_servers */
+                               (struct netlogon_ping_filter){
+                                       .ntversion = NETLOGON_NT_VERSION_5 |
+                                                    NETLOGON_NT_VERSION_5EX,
+                                       .acct_ctrl = -1,
+                               },
+                               1, /* min_servers */
+                               tevent_timeval_current_ofs(2, 0), /* timeout */
+                               &responses);
+
        if (NT_STATUS_IS_OK(status)) {
-               map_netlogon_samlogon_response(search.out.netlogon);
-       }
-       if (!NT_STATUS_IS_OK(status) ||
-           search.out.netlogon->data.nt5_ex.client_site == NULL ||
-           search.out.netlogon->data.nt5_ex.client_site[0] == '\0')
-       {
-               /*
-                 If cldap_netlogon() returns in error,
-                 default to using Default-First-Site-Name.
-               */
-               site_name_str = talloc_asprintf(tmp_ctx, "%s",
-                                               "Default-First-Site-Name");
-               if (!site_name_str) {
-                       r->out.error_string = NULL;
-                       goto nomem;
-               }
-       } else {
-               site_name_str = talloc_asprintf(
-                       tmp_ctx,
-                       "%s",
-                       search.out.netlogon->data.nt5_ex.client_site);
-               if (!site_name_str) {
-                       r->out.error_string = NULL;
-                       goto nomem;
+               struct netlogon_samlogon_response *resp = responses[0];
+               struct NETLOGON_SAM_LOGON_RESPONSE_EX
+                       *nt5ex = &resp->data.nt5_ex;
+
+               map_netlogon_samlogon_response(resp);
+
+               if ((nt5ex->client_site != NULL) ||
+                   (nt5ex->client_site[0] != '\0'))
+               {
+                       site_name_str = talloc_strdup(tmp_ctx,
+                                                     nt5ex->client_site);
+                       if (site_name_str == NULL) {
+                               r->out.error_string = NULL;
+                               goto nomem;
+                       }
                }
        }
 

diff --git a/source4/libnet/wscript_build b/source4/libnet/wscript_build
index 3f89af10434dd534bf41f336f6204c1e0e85d4e1..f6ea51b61a225512bccb98a970ff4da26f908e11 100644 (file)
--- a/source4/libnet/wscript_build
+++ b/source4/libnet/wscript_build
@@ -10,7 +10,7 @@ bld.SAMBA_LIBRARY('samba-net',
         source='libnet.c libnet_passwd.c libnet_time.c libnet_rpc.c libnet_site.c libnet_become_dc.c libnet_unbecome_dc.c libnet_user.c libnet_group.c libnet_share.c libnet_lookup.c libnet_domain.c userinfo.c groupinfo.c userman.c groupman.c prereq_domain.c',
         autoproto=auto_proto,
         deps='INIT_SAMR',
-        public_deps='samba-credentials dcerpc dcerpc-samr RPC_NDR_LSA RPC_NDR_SRVSVC RPC_NDR_DRSUAPI cli_composite LIBCLI_RESOLVE LIBCLI_FINDDCS cli_cldap LIBCLI_FINDDCS gensec_schannel LIBCLI_AUTH ndr smbpasswdparser LIBCLI_SAMSYNC LIBTSOCKET GNUTLS_HELPERS',
+        public_deps='samba-credentials dcerpc dcerpc-samr RPC_NDR_LSA RPC_NDR_SRVSVC RPC_NDR_DRSUAPI cli_composite LIBCLI_RESOLVE LIBCLI_FINDDCS NETLOGON_PING LIBCLI_FINDDCS gensec_schannel LIBCLI_AUTH ndr smbpasswdparser LIBCLI_SAMSYNC LIBTSOCKET GNUTLS_HELPERS',
         private_library=True
         )