mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
s4-secrets: fetch secure channel type with domain SID
The secure channel type is needed to work out what DC to connect to Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
bd51d30809
commit
94fb6120d8
@ -101,15 +101,17 @@ struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
|
|||||||
struct tevent_context *ev_ctx,
|
struct tevent_context *ev_ctx,
|
||||||
struct loadparm_context *lp_ctx,
|
struct loadparm_context *lp_ctx,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
|
enum netr_SchannelType *sec_channel_type,
|
||||||
char **errstring)
|
char **errstring)
|
||||||
{
|
{
|
||||||
struct ldb_context *ldb;
|
struct ldb_context *ldb;
|
||||||
struct ldb_message *msg;
|
struct ldb_message *msg;
|
||||||
int ldb_ret;
|
int ldb_ret;
|
||||||
const char *attrs[] = { "objectSid", NULL };
|
const char *attrs[] = { "objectSid", "secureChannelType", NULL };
|
||||||
struct dom_sid *result = NULL;
|
struct dom_sid *result = NULL;
|
||||||
const struct ldb_val *v;
|
const struct ldb_val *v;
|
||||||
enum ndr_err_code ndr_err;
|
enum ndr_err_code ndr_err;
|
||||||
|
|
||||||
*errstring = NULL;
|
*errstring = NULL;
|
||||||
|
|
||||||
ldb = secrets_db_connect(mem_ctx, ev_ctx, lp_ctx);
|
ldb = secrets_db_connect(mem_ctx, ev_ctx, lp_ctx);
|
||||||
@ -135,6 +137,18 @@ struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
|
|||||||
domain, (char *) ldb_get_opaque(ldb, "ldb_url"));
|
domain, (char *) ldb_get_opaque(ldb, "ldb_url"));
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (sec_channel_type) {
|
||||||
|
int v;
|
||||||
|
v = ldb_msg_find_attr_as_int(msg, "secureChannelType", -1);
|
||||||
|
if (v == -1) {
|
||||||
|
*errstring = talloc_asprintf(mem_ctx, "Failed to find secureChannelType for %s in %s",
|
||||||
|
domain, (char *) ldb_get_opaque(ldb, "ldb_url"));
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
*sec_channel_type = v;
|
||||||
|
}
|
||||||
|
|
||||||
result = talloc(mem_ctx, struct dom_sid);
|
result = talloc(mem_ctx, struct dom_sid);
|
||||||
if (result == NULL) {
|
if (result == NULL) {
|
||||||
talloc_free(ldb);
|
talloc_free(ldb);
|
||||||
|
@ -38,12 +38,14 @@
|
|||||||
*/
|
*/
|
||||||
struct loadparm_context;
|
struct loadparm_context;
|
||||||
struct tevent_context;
|
struct tevent_context;
|
||||||
|
enum netr_SchannelType;
|
||||||
struct tdb_wrap *secrets_init(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
|
struct tdb_wrap *secrets_init(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
|
||||||
struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx, struct loadparm_context *lp_ctx);
|
struct ldb_context *secrets_db_connect(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx, struct loadparm_context *lp_ctx);
|
||||||
struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
|
struct dom_sid *secrets_get_domain_sid(TALLOC_CTX *mem_ctx,
|
||||||
struct tevent_context *ev_ctx,
|
struct tevent_context *ev_ctx,
|
||||||
struct loadparm_context *lp_ctx,
|
struct loadparm_context *lp_ctx,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
|
enum netr_SchannelType *sec_channel_type,
|
||||||
char **errstring);
|
char **errstring);
|
||||||
|
|
||||||
|
|
||||||
|
@ -239,7 +239,9 @@ static void winbind_task_init(struct task_server *task)
|
|||||||
primary_sid = secrets_get_domain_sid(service,
|
primary_sid = secrets_get_domain_sid(service,
|
||||||
service->task->event_ctx,
|
service->task->event_ctx,
|
||||||
service->task->lp_ctx,
|
service->task->lp_ctx,
|
||||||
lpcfg_netbios_name(service->task->lp_ctx), &errstring);
|
lpcfg_netbios_name(service->task->lp_ctx),
|
||||||
|
&service->sec_channel_type,
|
||||||
|
&errstring);
|
||||||
if (!primary_sid) {
|
if (!primary_sid) {
|
||||||
char *message = talloc_asprintf(task,
|
char *message = talloc_asprintf(task,
|
||||||
"Cannot start Winbind (standalone configuration): %s: "
|
"Cannot start Winbind (standalone configuration): %s: "
|
||||||
@ -253,7 +255,9 @@ static void winbind_task_init(struct task_server *task)
|
|||||||
primary_sid = secrets_get_domain_sid(service,
|
primary_sid = secrets_get_domain_sid(service,
|
||||||
service->task->event_ctx,
|
service->task->event_ctx,
|
||||||
service->task->lp_ctx,
|
service->task->lp_ctx,
|
||||||
lpcfg_workgroup(service->task->lp_ctx), &errstring);
|
lpcfg_workgroup(service->task->lp_ctx),
|
||||||
|
&service->sec_channel_type,
|
||||||
|
&errstring);
|
||||||
if (!primary_sid) {
|
if (!primary_sid) {
|
||||||
char *message = talloc_asprintf(task, "Cannot start Winbind (domain member): %s: "
|
char *message = talloc_asprintf(task, "Cannot start Winbind (domain member): %s: "
|
||||||
"Have you joined the %s domain?",
|
"Have you joined the %s domain?",
|
||||||
@ -266,7 +270,9 @@ static void winbind_task_init(struct task_server *task)
|
|||||||
primary_sid = secrets_get_domain_sid(service,
|
primary_sid = secrets_get_domain_sid(service,
|
||||||
service->task->event_ctx,
|
service->task->event_ctx,
|
||||||
service->task->lp_ctx,
|
service->task->lp_ctx,
|
||||||
lpcfg_workgroup(service->task->lp_ctx), &errstring);
|
lpcfg_workgroup(service->task->lp_ctx),
|
||||||
|
&service->sec_channel_type,
|
||||||
|
&errstring);
|
||||||
if (!primary_sid) {
|
if (!primary_sid) {
|
||||||
char *message = talloc_asprintf(task, "Cannot start Winbind (domain controller): %s: "
|
char *message = talloc_asprintf(task, "Cannot start Winbind (domain controller): %s: "
|
||||||
"Have you provisioned the %s domain?",
|
"Have you provisioned the %s domain?",
|
||||||
|
@ -29,6 +29,7 @@ struct wbsrv_service {
|
|||||||
struct task_server *task;
|
struct task_server *task;
|
||||||
|
|
||||||
const struct dom_sid *primary_sid;
|
const struct dom_sid *primary_sid;
|
||||||
|
enum netr_SchannelType sec_channel_type;
|
||||||
struct wbsrv_domain *domains;
|
struct wbsrv_domain *domains;
|
||||||
struct idmap_context *idmap_ctx;
|
struct idmap_context *idmap_ctx;
|
||||||
const char *priv_pipe_dir;
|
const char *priv_pipe_dir;
|
||||||
|
Loading…
Reference in New Issue
Block a user