From: Stefan Metzmacher Date: Tue, 27 Feb 2024 08:23:17 +0000 (+0100) Subject: s3:winbindd: make winbindd_get_trust_credentials() public X-Git-Tag: tdb-1.4.11~762 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8166642e1bd4c9bfdae266e9be445f605dc9fb85;p=thirdparty%2Fsamba.git s3:winbindd: make winbindd_get_trust_credentials() public We'll use it outside of winbindd_cm.c soon. Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 5f8018e996e..f33e0bcb165 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -612,10 +612,11 @@ static bool get_dc_name_via_netlogon(struct winbindd_domain *domain, /** * Helper function to assemble trust password and account name */ -static NTSTATUS get_trust_credentials(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - bool netlogon, - struct cli_credentials **_creds) +NTSTATUS winbindd_get_trust_credentials(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + bool netlogon, + bool allow_ipc_fallback, + struct cli_credentials **_creds) { const struct winbindd_domain *creds_domain = NULL; struct cli_credentials *creds; @@ -670,6 +671,10 @@ static NTSTATUS get_trust_credentials(struct winbindd_domain *domain, return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } + if (!allow_ipc_fallback) { + return status; + } + status = cm_get_ipc_credentials(mem_ctx, &creds); if (!NT_STATUS_IS_OK(status)) { return status; @@ -831,10 +836,16 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, } if (try_ipc_auth) { - result = get_trust_credentials(domain, talloc_tos(), false, &creds); + result = winbindd_get_trust_credentials(domain, + talloc_tos(), + false, /* netlogon */ + true, /* ipc_fallback */ + &creds); if (!NT_STATUS_IS_OK(result)) { - DEBUG(1, ("get_trust_credentials(%s) failed: %s\n", - domain->name, nt_errstr(result))); + DBG_WARNING("winbindd_get_trust_credentials(%s) " + "failed: %s\n", + domain->name, + nt_errstr(result)); goto done; } } else { @@ -2601,7 +2612,11 @@ retry: * anonymous. */ - result = get_trust_credentials(domain, talloc_tos(), false, &creds); + result = winbindd_get_trust_credentials(domain, + talloc_tos(), + false, /* netlogon */ + true, /* ipc_fallback */ + &creds); if (!NT_STATUS_IS_OK(result)) { DEBUG(10, ("cm_connect_sam: No user available for " "domain %s, trying schannel\n", domain->name)); @@ -2935,7 +2950,11 @@ retry: goto schannel; } - result = get_trust_credentials(domain, talloc_tos(), false, &creds); + result = winbindd_get_trust_credentials(domain, + talloc_tos(), + false, /* netlogon */ + true, /* ipc_fallback */ + &creds); if (!NT_STATUS_IS_OK(result)) { DEBUG(10, ("cm_connect_lsa: No user available for " "domain %s, trying schannel\n", domain->name)); @@ -3213,7 +3232,11 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain, TALLOC_FREE(conn->netlogon_pipe); TALLOC_FREE(conn->netlogon_creds_ctx); - result = get_trust_credentials(domain, talloc_tos(), true, &creds); + result = winbindd_get_trust_credentials(domain, + talloc_tos(), + true, /* netlogon */ + false, /* ipc_fallback */ + &creds); if (!NT_STATUS_IS_OK(result)) { DBG_DEBUG("No user available for domain %s when trying " "schannel\n", domain->name); diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index a5e8c8b8df8..acfbc0543fa 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -207,6 +207,13 @@ void winbind_msg_domain_online(struct messaging_context *msg_ctx, void set_domain_offline(struct winbindd_domain *domain); void set_domain_online_request(struct winbindd_domain *domain); +struct cli_credentials; +NTSTATUS winbindd_get_trust_credentials(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + bool netlogon, + bool allow_ipc_fallback, + struct cli_credentials **_creds); + struct ndr_interface_table; NTSTATUS wb_open_internal_pipe(TALLOC_CTX *mem_ctx, const struct ndr_interface_table *table,