r19754: * When using a krb5 session setup, we don't fill in the server_name

  string the clis_state struct.  So call saf_store() after we
  have the short domain name in the lsa_query_inof_policy code.

* Remove unused server string in saf_delete()
(This used to be commit 3eddae2f2080f8dafec883cb9ffa2e578c242607)

5 files changed, 37 insertions, 40 deletions

diff --git a/source3/include/includes.h b/source3/include/includes.h
index 2e87b25edd1..f21033b61fa 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -178,6 +178,9 @@
 #ifndef LDAP_OPT_SUCCESS
 #define LDAP_OPT_SUCCESS 0
 #endif
+#ifndef LDAP_SCOPE_ONELEVEL
+#define LDAP_SCOPE_ONELEVEL 1
+#endif
 /* Solaris 8 and maybe other LDAP implementations spell this "..._INPROGRESS": */
 #if defined(LDAP_SASL_BIND_INPROGRESS) && !defined(LDAP_SASL_BIND_IN_PROGRESS)
 #define LDAP_SASL_BIND_IN_PROGRESS LDAP_SASL_BIND_INPROGRESS
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index 555d88fdc83..c232ad4938b 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -15,8 +15,7 @@
    
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-   
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.   
 */
 
 #include "includes.h"
@@ -24,7 +23,6 @@
 /* nmbd.c sets this to True. */
 BOOL global_in_nmbd = False;
 
-
 /****************************
  * SERVER AFFINITY ROUTINES *
  ****************************/
@@ -82,13 +80,13 @@ BOOL saf_store( const char *domain, const char *servername )
 	return ret;
 }
 
-BOOL saf_delete( const char *domain, const char *servername )
+BOOL saf_delete( const char *domain )
 {
 	char *key;
 	BOOL ret = False;
 	
-	if ( !domain || !servername ) {
-		DEBUG(2,("saf_delete: Refusing to store empty domain or servername!\n"));
+	if ( !domain ) {
+		DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));		
 		return False;
 	}
 	
@@ -99,10 +97,11 @@ BOOL saf_delete( const char *domain, const char *servername )
 	ret = gencache_del(key);
 	
 	if (ret) {
-		DEBUG(10,("saf_delete: domain = [%s], server = [%s]\n",
-			domain, servername));
+		DEBUG(10,("saf_delete: domain = [%s]\n", domain ));		
 	}
+
 	SAFE_FREE( key );
+
 	return ret;
 }
 
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index bf23af5b338..3f392c48259 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -258,10 +258,10 @@ void winbind_add_failed_connection_entry(const struct winbindd_domain *domain,
 	add_failed_connection_entry(domain->name, server, result);
 	/* If this was the saf name for the last thing we talked to,
 	   remove it. */
-	saf_delete(domain->name, server);
+	saf_delete(domain->name);
 	if (*domain->alt_name) {
 		add_failed_connection_entry(domain->alt_name, server, result);
-		saf_delete(domain->alt_name, server);
+		saf_delete(domain->alt_name);
 	}
 }
 
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index e1762da2f78..0f189f9c6fc 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -819,6 +819,7 @@ static int net_ads_leave(int argc, const char **argv)
 	struct cli_state *cli = NULL;
 	TALLOC_CTX *ctx;
 	DOM_SID *dom_sid = NULL;
+	char *short_domain_name = NULL;      
 
 	if (!secrets_init()) {
 		DEBUG(1,("Failed to initialise secrets database\n"));
@@ -845,15 +846,15 @@ static int net_ads_leave(int argc, const char **argv)
 		goto done;
 	}
 	
-	saf_store( cli->server_domain, cli->desthost );
-
-	if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &dom_sid )) ) {
+	if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &short_domain_name, &dom_sid )) ) {
 		goto done;
 	}
 
+	saf_delete( short_domain_name );
+
 	status = netdom_leave_domain(ctx, cli, dom_sid);
 
-	/* Ty and delete it via LDAP - the old way we used to. */
+	/* Try and delete it via LDAP - the old way we used to. */
 
 	adsret = ads_leave_realm(ads, global_myname());
 	if (ADS_ERR_OK(adsret)) {
@@ -962,7 +963,8 @@ static NTSTATUS check_ads_config( void )
  ********************************************************************/
 
 static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername, 
-				struct in_addr *ip, DOM_SID **dom_sid, 
+				struct in_addr *ip, char **domain, 
+				DOM_SID **dom_sid, 
 				const char *password)
 {
 	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
@@ -973,13 +975,16 @@ static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername,
 		goto done;
 	}
 	
-	saf_store( cli->server_domain, cli->desthost );
-
-	ret = netdom_get_domain_sid( ctx, cli, dom_sid );
+	ret = netdom_get_domain_sid( ctx, cli, domain, dom_sid );
 	if ( !NT_STATUS_IS_OK(ret) ) {
 		goto done;
 	}
 
+	/* cli->server_domain is not filled in when using krb5 
+	   session setups */
+
+	saf_store( *domain, cli->desthost );
+
 	ret = netdom_join_domain( ctx, cli, *dom_sid, password, ND_TYPE_AD );
 
 done:
@@ -1331,9 +1336,8 @@ int net_ads_join(int argc, const char **argv)
 	ADS_STATUS status;
 	NTSTATUS nt_status;
 	char *machine_account = NULL;
-	const char *short_domain_name = NULL;
+	char *short_domain_name = NULL;
 	char *tmp_password, *password;
-	struct cldap_netlogon_reply cldap_reply;
 	TALLOC_CTX *ctx = NULL;
 	DOM_SID *domain_sid = NULL;
 	BOOL createupn = False;
@@ -1410,29 +1414,20 @@ int net_ads_join(int argc, const char **argv)
 	password = talloc_strdup(ctx, tmp_password);
 	
 	nt_status = net_join_domain(ctx, ads->config.ldap_server_name, 
-				    &ads->ldap_ip, &domain_sid, password);
+				    &ads->ldap_ip, &short_domain_name, &domain_sid, password);
 	if ( !NT_STATUS_IS_OK(nt_status) ) {
 		DEBUG(1, ("call of net_join_domain failed: %s\n", 
 			  get_friendly_nt_error_msg(nt_status)));
 		goto fail;
 	}
-	
+
 	/* Check the short name of the domain */
 	
-	ZERO_STRUCT( cldap_reply );
-	
-	if ( ads_cldap_netlogon( ads->config.ldap_server_name, 
-		ads->server.realm, &cldap_reply ) ) 
-	{
-		short_domain_name = talloc_strdup( ctx, cldap_reply.netbios_domain );
-		if ( !strequal(lp_workgroup(), short_domain_name) ) {
-			d_printf("The workgroup in smb.conf does not match the short\n");
-			d_printf("domain name obtained from the server.\n");
-			d_printf("Using the name [%s] from the server.\n", short_domain_name);
-			d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name);
-		}
-	} else {
-		short_domain_name = lp_workgroup();
+	if ( !strequal(lp_workgroup(), short_domain_name) ) {
+		d_printf("The workgroup in smb.conf does not match the short\n");
+		d_printf("domain name obtained from the server.\n");
+		d_printf("Using the name [%s] from the server.\n", short_domain_name);
+		d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name);
 	}
 	
 	d_printf("Using short domain name -- %s\n", short_domain_name);
@@ -1519,7 +1514,7 @@ int net_ads_join(int argc, const char **argv)
 	/* exit from this block using machine creds */
 #endif
 
-	d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm);
+	d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->server.realm);
 
 	SAFE_FREE(machine_account);
 	TALLOC_FREE( ctx );
diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c
index ab71d35fde0..4f7bc8ddecd 100644
--- a/source3/utils/net_domain.c
+++ b/source3/utils/net_domain.c
@@ -157,12 +157,12 @@ int netdom_store_machine_account( const char *domain, DOM_SID *sid, const char *
 /*******************************************************************
  ********************************************************************/
 
-NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, DOM_SID **sid )
+NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, 
+				char **domain, DOM_SID **sid )
 {
 	struct rpc_pipe_client *pipe_hnd = NULL;
 	POLICY_HND lsa_pol;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-	char *domain = NULL;
 
 	if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status)) == NULL ) {
 		DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n",
@@ -176,7 +176,7 @@ NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, DOM_
 		return status;
 
 	status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, 
-			&lsa_pol, 5, &domain, sid);
+			&lsa_pol, 5, domain, sid);
 	if ( !NT_STATUS_IS_OK(status) )
 		return status;