summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-09-15 14:18:52 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:51:49 -0500
commita0aaa82f6d360f2fe688f95791640b58231ed873 (patch)
tree9489ab56903e85e02d384a85519b34a7c4cfe6c2
parent07e9f4e61ae909d7ccc7ec7b650438510468829d (diff)
downloadsamba-a0aaa82f6d360f2fe688f95791640b58231ed873.tar.gz
samba-a0aaa82f6d360f2fe688f95791640b58231ed873.tar.bz2
samba-a0aaa82f6d360f2fe688f95791640b58231ed873.zip
r18552: Ensure the sitename matches before we SAF store a DC in ADS mode.
Jeremy. (This used to be commit 03e1078b459531af5a2336b584b3c886c5dd1e29)
-rw-r--r--source3/libads/ldap.c8
-rw-r--r--source3/nsswitch/winbindd_cm.c6
2 files changed, 8 insertions, 6 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 6b18bbf594..7b31586f7d 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -115,7 +115,6 @@ static int ldap_search_with_timeout(LDAP *ld,
return result;
}
-#ifdef HAVE_KRB5
/**********************************************
Do client and server sitename match ?
**********************************************/
@@ -139,7 +138,6 @@ BOOL ads_sitename_match(ADS_STRUCT *ads)
ads->config.client_site_name ? ads->config.client_site_name : "NULL"));
return False;
}
-#endif
/*
try a connection to a given ldap server, returning True and setting the servers IP
@@ -394,8 +392,10 @@ got_connection:
}
/* cache the successful connection for workgroup and realm */
- saf_store( ads->server.workgroup, inet_ntoa(ads->ldap_ip));
- saf_store( ads->server.realm, inet_ntoa(ads->ldap_ip));
+ if (ads_sitename_match(ads)) {
+ saf_store( ads->server.workgroup, inet_ntoa(ads->ldap_ip));
+ saf_store( ads->server.realm, inet_ntoa(ads->ldap_ip));
+ }
ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 7a1768354d..6fc473283c 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -754,7 +754,6 @@ static BOOL dcip_to_name( const char *domainname, const char *realm,
ads->auth.flags |= ADS_AUTH_NO_BIND;
if (ads_try_connect( ads, inet_ntoa(ip) ) ) {
- char *sitename = sitename_fetch();
/* We got a cldap packet. */
fstrcpy(name, ads->config.ldap_server_name);
namecache_store(name, 0x20, 1, &ip_list);
@@ -769,9 +768,12 @@ static BOOL dcip_to_name( const char *domainname, const char *realm,
create_local_private_krb5_conf_for_domain(realm,
domainname,
ip);
+
+ /* Ensure we contact this DC also. */
+ saf_store( domainname, name);
+ saf_store( realm, name);
}
#endif
- SAFE_FREE(sitename);
ads_destroy( &ads );
return True;
}