summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-08-08 23:53:13 +0000
committerGerald Carter <jerry@samba.org>2003-08-08 23:53:13 +0000
commit4b5257b5b09d2490b2f4dc48e2181fde2a67cb5f (patch)
tree29e4770b2b36667df0db73502a911f9f63579986
parentac8c6e47463545011f5471960c2a2073a9b04979 (diff)
downloadsamba-4b5257b5b09d2490b2f4dc48e2181fde2a67cb5f.tar.gz
samba-4b5257b5b09d2490b2f4dc48e2181fde2a67cb5f.tar.xz
samba-4b5257b5b09d2490b2f4dc48e2181fde2a67cb5f.zip
fix 2 bugs:
1) don't ask trusted DC's for a list of trusted domains. This causes us to treat non-transitive ones as if they were transitive. Not needed anyways 2) Fix dc lookup bug where we would always try to use DNS to resolve the DC's for a domain (even if it was a trusted NT4 domain). (This used to be commit 4d3acce5066d3adf53ee8fbaa627c42523b3cbc3)
-rw-r--r--source3/libsmb/namequery_dc.c16
-rw-r--r--source3/nsswitch/winbindd.c8
-rw-r--r--source3/nsswitch/winbindd_util.c61
3 files changed, 49 insertions, 36 deletions
diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
index c9d45a7acc1..a596f00ddb9 100644
--- a/source3/libsmb/namequery_dc.c
+++ b/source3/libsmb/namequery_dc.c
@@ -161,18 +161,28 @@ BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out)
{
struct in_addr dc_ip;
BOOL ret;
+ BOOL our_domain = False;
zero_ip(&dc_ip);
ret = False;
- if (lp_security() == SEC_ADS)
+
+ if ( strequal(lp_workgroup(), domain) || strequal(lp_realm(), domain) )
+ our_domain = True;
+
+ /* always try to obey what the admin specified in smb.conf.
+ If it is not our domain, assume that domain names with periods
+ in them are realm names */
+
+ if ( (our_domain && lp_security()==SEC_ADS) || strchr_m(domain, '.') ) {
ret = ads_dc_name(domain, &dc_ip, srv_name);
-
+ }
+
if (!ret) {
/* fall back on rpc methods if the ADS methods fail */
ret = rpc_dc_name(domain, srv_name, &dc_ip);
}
-
+
*ip_out = dc_ip;
return ret;
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index 8345fa11d0c..313161f5fa8 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -570,9 +570,15 @@ static void process_loop(void)
message_dispatch();
- /* rescan the trusted domains list. This must be done
+#if 0
+ /* not needed any more since we use a single RPC to
+ get transitive trusts --jerry
+
+ rescan the trusted domains list. This must be done
regularly to cope with transitive trusts */
+
rescan_trusted_domains(False);
+#endif
/* Free up temporary memory */
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index a810e503a00..79588477ba7 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -80,6 +80,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
DOM_SID *sid)
{
struct winbindd_domain *domain;
+ char *contact_name;
/* We can't call domain_list() as this function is called from
init_domain_list() and we'll get stuck in a loop. */
@@ -125,10 +126,12 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
sid_copy(&domain->sid, sid);
}
- /* see if this is a native mode win2k domain */
+ /* see if this is a native mode win2k domain (use realm name if possible) */
- domain->native_mode = cm_check_for_native_mode_win2k( domain_name );
- DEBUG(3,("add_trusted_domain: %s is a %s mode domain\n", domain_name,
+ contact_name = *domain->alt_name ? domain->alt_name : domain->name;
+ domain->native_mode = cm_check_for_native_mode_win2k( contact_name );
+
+ DEBUG(3,("add_trusted_domain: %s is a %s mode domain\n", contact_name,
domain->native_mode ? "native" : "mixed (or NT4)" ));
/* Link to domain list */
@@ -145,53 +148,45 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
/*
rescan our domains looking for new trusted domains
*/
-void rescan_trusted_domains(BOOL force)
+void add_trusted_domains( struct winbindd_domain *domain )
{
- struct winbindd_domain *domain;
TALLOC_CTX *mem_ctx;
- static time_t last_scan;
- time_t t = time(NULL);
+ NTSTATUS result;
+ time_t t;
+ char **names;
+ char **alt_names;
+ int num_domains = 0;
+ DOM_SID *dom_sids, null_sid;
+ int i;
+ struct winbindd_domain *new_domain;
/* trusted domains might be disabled */
if (!lp_allow_trusted_domains()) {
return;
}
- /* Only rescan every few minutes but force if necessary */
-
- if (((unsigned)(t - last_scan) < WINBINDD_RESCAN_FREQ) && !force)
- return;
-
- last_scan = t;
-
DEBUG(1, ("scanning trusted domain list\n"));
if (!(mem_ctx = talloc_init("init_domain_list")))
return;
+
+ ZERO_STRUCTP(&null_sid);
- for (domain = _domain_list; domain; domain = domain->next) {
- NTSTATUS result;
- char **names;
- char **alt_names;
- int num_domains = 0;
- DOM_SID *dom_sids, null_sid;
- int i;
- struct winbindd_domain *new_domain;
+ t = time(NULL);
+
+ /* ask the DC what domains it trusts */
+
+ result = domain->methods->trusted_domains(domain, mem_ctx, &num_domains,
+ &names, &alt_names, &dom_sids);
- ZERO_STRUCTP(&null_sid);
-
- result = domain->methods->trusted_domains(domain, mem_ctx, &num_domains,
- &names, &alt_names, &dom_sids);
- if (!NT_STATUS_IS_OK(result)) {
- continue;
- }
+ if ( NT_STATUS_IS_OK(result) ) {
/* Add each domain to the trusted domain list */
for(i = 0; i < num_domains; i++) {
DEBUG(10,("Found domain %s\n", names[i]));
add_trusted_domain(names[i], alt_names?alt_names[i]:NULL,
- domain->methods, &dom_sids[i]);
+ domain->methods, &dom_sids[i]);
/* if the SID was empty, we better set it now */
@@ -212,7 +207,7 @@ void rescan_trusted_domains(BOOL force)
result = domain->methods->domain_sid( new_domain, &new_domain->sid );
if ( NT_STATUS_IS_OK(result) )
- sid_copy( &dom_sids[i], &domain->sid );
+ sid_copy( &dom_sids[i], &new_domain->sid );
}
/* store trusted domain in the cache */
@@ -234,7 +229,9 @@ BOOL init_domain_list(void)
free_domain_list();
/* Add ourselves as the first entry */
+
domain = add_trusted_domain( lp_workgroup(), NULL, &cache_methods, NULL);
+
if (!secrets_fetch_domain_sid(domain->name, &domain->sid)) {
DEBUG(1, ("Could not fetch sid for our domain %s\n",
domain->name));
@@ -245,7 +242,7 @@ BOOL init_domain_list(void)
cache_methods.alternate_name(domain);
/* do an initial scan for trusted domains */
- rescan_trusted_domains(True);
+ add_trusted_domains(domain);
return True;
}