diff options
| author | Günther Deschner <gd@samba.org> | 2013-08-23 14:56:17 +0200 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2013-08-29 16:57:51 +0200 |
| commit | b66ce754a327a5bdb7600fb67ffb7aaac03cb7db (patch) | |
| tree | 537c87c557787da9fa9c288cca5665d8d92a902d | |
| parent | 576c597ae38e788bc3c16efc5417e7481c673add (diff) | |
| download | samba-b66ce754a327a5bdb7600fb67ffb7aaac03cb7db.tar.gz samba-b66ce754a327a5bdb7600fb67ffb7aaac03cb7db.tar.bz2 samba-b66ce754a327a5bdb7600fb67ffb7aaac03cb7db.zip | |
s3-winbindd: make sure also the idmap code can deal with trusted domains.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
| -rw-r--r-- | source3/winbindd/winbindd_ads.c | 40 |
1 files changed, 31 insertions, 9 deletions
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 7aa936bfa1..fc44158211 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -136,6 +136,7 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name) { char *ldap_server, *realm, *password; struct winbindd_domain *wb_dom; + ADS_STATUS status; ads_cached_connection_reuse(adsp); if (*adsp != NULL) { @@ -154,19 +155,40 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name) wb_dom = find_domain_from_name(dom_name); if (wb_dom == NULL) { DEBUG(10, ("could not find domain '%s'\n", dom_name)); - realm = NULL; - } else { - DEBUG(10, ("find_domain_from_name found realm '%s' for " + return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); + } + + DEBUG(10, ("find_domain_from_name found realm '%s' for " " domain '%s'\n", wb_dom->alt_name, dom_name)); - realm = wb_dom->alt_name; + + if (!get_trust_pw_clear(dom_name, &password, NULL, NULL)) { + return ADS_ERROR_NT(NT_STATUS_CANT_ACCESS_DOMAIN_INFO); } - /* the machine acct password might have change - fetch it every time */ - password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); - realm = SMB_STRDUP(lp_realm()); + if (IS_DC) { + realm = SMB_STRDUP(wb_dom->alt_name); + } else { + struct winbindd_domain *our_domain = wb_dom; - return ads_cached_connection_connect(adsp, realm, dom_name, ldap_server, - password, realm, 0); + /* always give preference to the alt_name in our + primary domain if possible */ + + if (!wb_dom->primary) { + our_domain = find_our_domain(); + } + + if (our_domain->alt_name != NULL) { + realm = SMB_STRDUP(our_domain->alt_name); + } else { + realm = SMB_STRDUP(lp_realm()); + } + } + + status = ads_cached_connection_connect(adsp, realm, dom_name, ldap_server, + password, realm, 0); + SAFE_FREE(realm); + + return status; } /* |