diff options
author | Günther Deschner <gd@samba.org> | 2007-05-15 13:46:26 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:22:06 -0500 |
commit | 4ff2e1eb8c5ab34b8af2244f9d5d52df787dab1b (patch) | |
tree | 5086a4754acb3a62f2ab7b62c086a6eacd190b43 | |
parent | ab7a9d2bbe95ac2194db7eb358e3bf1ba4aa8890 (diff) | |
download | samba-4ff2e1eb8c5ab34b8af2244f9d5d52df787dab1b.tar.gz samba-4ff2e1eb8c5ab34b8af2244f9d5d52df787dab1b.tar.bz2 samba-4ff2e1eb8c5ab34b8af2244f9d5d52df787dab1b.zip |
r22903: Now that we have the on-disc trustdomaincache with type flags we can better
decide whether it's worth to register a krb5 ticket gain handler while users
logon offline.
Guenther
(This used to be commit 203391623b31bce71268c6e8fc955eab348e92f0)
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index c82ac2b0ba..c7c18fb702 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -784,6 +784,9 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, NET_USER_INFO_3 *my_info3; time_t kickoff_time, must_change_time; BOOL password_good = False; +#ifdef HAVE_KRB5 + struct winbindd_tdc_domain *tdc_domain = NULL; +#endif *info3 = NULL; @@ -894,9 +897,9 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, } #ifdef HAVE_KRB5 - /* FIXME: what else points out that the remote domain is AD ? */ - if (!strequal(domain->name, domain->alt_name) && - (state->request.flags & WBFLAG_PAM_KRB5)) { + if ((state->request.flags & WBFLAG_PAM_KRB5) && + ((tdc_domain = wcache_tdc_fetch_domain(state->mem_ctx, name_domain)) != NULL) && + (tdc_domain->trust_type & DS_DOMAIN_TRUST_TYPE_UPLEVEL)) { uid_t uid = -1; const char *cc = NULL; |