diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2014-05-26 11:58:38 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2014-07-04 02:52:35 +0200 |
| commit | af7f88721a21fbe33cec2bc277f65a736f6cb9cc (patch) | |
| tree | ae69c5d117289d1e77a51dbf787ba973ba86ef38 /source3/winbindd/winbindd_util.c | |
| parent | da3a79831afbd1b85592be36eb47de375e575643 (diff) | |
| download | samba-af7f88721a21fbe33cec2bc277f65a736f6cb9cc.tar.gz samba-af7f88721a21fbe33cec2bc277f65a736f6cb9cc.tar.xz samba-af7f88721a21fbe33cec2bc277f65a736f6cb9cc.zip | |
winbindd: Use a remote RPC server when we are an RODC when needed
This allows us to operate against the local cache where possible, but
to forward some operations to the read-write DC.
Andrew Bartlett
Change-Id: Idc78ae379a402969381758919fcede17568f094e
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
Diffstat (limited to 'source3/winbindd/winbindd_util.c')
| -rw-r--r-- | source3/winbindd/winbindd_util.c | 37 |
1 files changed, 32 insertions, 5 deletions
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 4e8ab92c00..35cc524bae 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -26,6 +26,7 @@ #include "../libcli/security/security.h" #include "../libcli/auth/pam_errors.h" #include "passdb/machine_sid.h" +#include "passdb.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND @@ -576,7 +577,7 @@ enum winbindd_result winbindd_dual_init_connection(struct winbindd_domain *domai fstrcpy(domain->dcname, state->request->data.init_conn.dcname); } - init_dc_connection(domain); + init_dc_connection(domain, false); if (!domain->initialized) { /* If we return error here we can't do any cached authentication, @@ -618,8 +619,34 @@ bool init_domain_list(void) /* Local SAM */ if ( role == ROLE_ACTIVE_DIRECTORY_DC ) { - (void)add_trusted_domain(get_global_sam_name(), lp_dnsdomain(), - &cache_methods, get_global_sam_sid()); + struct winbindd_domain *domain; + enum netr_SchannelType sec_chan_type; + const char *account_name; + struct samr_Password current_nt_hash; + bool ok; + + domain = add_trusted_domain(get_global_sam_name(), lp_dnsdomain(), + &cache_methods, get_global_sam_sid()); + if (domain == NULL) { + DEBUG(0, ("Failed to add our own, local AD domain to winbindd's internal list\n")); + return false; + } + + /* + * We need to call this to find out if we are an RODC + */ + ok = get_trust_pw_hash(domain->name, + current_nt_hash.hash, + &account_name, + &sec_chan_type); + if (!ok) { + DEBUG(0, ("Failed to fetch our own, local AD domain join password for winbindd's internal use\n")); + return false; + } + if (sec_chan_type == SEC_CHAN_RODC) { + domain->rodc = true; + } + } else { (void)add_trusted_domain(get_global_sam_name(), NULL, &cache_methods, get_global_sam_sid()); @@ -692,7 +719,7 @@ struct winbindd_domain *find_domain_from_name(const char *domain_name) return NULL; if (!domain->initialized) - init_dc_connection(domain); + init_dc_connection(domain, false); return domain; } @@ -727,7 +754,7 @@ struct winbindd_domain *find_domain_from_sid(const struct dom_sid *sid) return NULL; if (!domain->initialized) - init_dc_connection(domain); + init_dc_connection(domain, false); return domain; } |