summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2005-06-03 15:42:03 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:57:05 -0500
commit5084d49052f47626b61e53add818fefaacc101b0 (patch)
treedebccf837c8d847ad2cd2749b4e3da3ae340dfe8
parenta01de91394f1723100bcd49870422e03f69afb7e (diff)
downloadsamba-5084d49052f47626b61e53add818fefaacc101b0.tar.gz
samba-5084d49052f47626b61e53add818fefaacc101b0.tar.bz2
samba-5084d49052f47626b61e53add818fefaacc101b0.zip
r7243: Don't look at gencache.tdb for the trusted domains if winbind is around.
Volker (This used to be commit 94acb93f57b963bf137c6ddd644a147f4d0b5175)
-rw-r--r--source3/auth/auth_util.c23
-rw-r--r--source3/nsswitch/wb_client.c31
-rw-r--r--source3/script/mkproto.awk2
3 files changed, 51 insertions, 5 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 79205f1206..31bfa2fe01 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1532,11 +1532,26 @@ BOOL is_trusted_domain(const char* dom_name)
return True;
}
else {
- /* if winbindd is not up and we are a domain member) then we need to update the
- trustdom_cache ourselves */
+ NSS_STATUS result;
- if ( !winbind_ping() )
- update_trustdom_cache();
+ /* If winbind is around, ask it */
+
+ result = wb_is_trusted_domain(dom_name);
+
+ if (result == NSS_STATUS_SUCCESS) {
+ return True;
+ }
+
+ if (result == NSS_STATUS_NOTFOUND) {
+ /* winbind could not find the domain */
+ return False;
+ }
+
+ /* The only other possible result is that winbind is not up
+ and running. We need to update the trustdom_cache
+ ourselves */
+
+ update_trustdom_cache();
}
/* now the trustdom cache should be available a DC could still
diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c
index 6b184b568b..5005f72457 100644
--- a/source3/nsswitch/wb_client.c
+++ b/source3/nsswitch/wb_client.c
@@ -394,4 +394,35 @@ BOOL winbind_ping( void )
return result == NSS_STATUS_SUCCESS;
}
+/**********************************************************************
+ Is a domain trusted?
+
+ result == NSS_STATUS_UNAVAIL: winbind not around
+ result == NSS_STATUS_NOTFOUND: winbind around, but domain missing
+
+ Due to a bad API NSS_STATUS_NOTFOUND is returned both when winbind_off and
+ when winbind return WINBINDD_ERROR. So the semantics of this routine depends
+ on winbind_on. Grepping for winbind_off I just found 3 places where winbind
+ is turned off, and this does not conflict (as far as I have seen) with the
+ callers of is_trusted_domains.
+
+ I *hate* global variables....
+
+ Volker
+
+**********************************************************************/
+
+NSS_STATUS wb_is_trusted_domain(const char *domain)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+ /* Call winbindd */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ fstrcpy(request.domain_name, domain);
+
+ return winbindd_request(WINBINDD_DOMAIN_INFO, &request, &response);
+}
diff --git a/source3/script/mkproto.awk b/source3/script/mkproto.awk
index 45cc0821aa..d9223a1973 100644
--- a/source3/script/mkproto.awk
+++ b/source3/script/mkproto.awk
@@ -132,7 +132,7 @@ END {
gotstart = 1;
}
- if( $0 ~ /^WINBINDD_PW|^WINBINDD_GR|^NT_PRINTER_INFO_LEVEL_2|^LOGIN_CACHE|^krb5_error_code|^LDAP|^u32|^LUID_ATTR/ ) {
+ if( $0 ~ /^WINBINDD_PW|^WINBINDD_GR|^NT_PRINTER_INFO_LEVEL_2|^LOGIN_CACHE|^krb5_error_code|^LDAP|^u32|^LUID_ATTR|^NSS_STATUS/ ) {
gotstart = 1;
}