diff options
| author | Steven Danneman <steven.danneman@isilon.com> | 2009-07-29 16:13:44 -0700 |
|---|---|---|
| committer | Steven Danneman <steven.danneman@isilon.com> | 2009-08-26 16:34:09 -0700 |
| commit | 5469866242f0dfbdc7260c86cfca196b10e4af21 (patch) | |
| tree | 664c544d72ae38b273eeb340f7e9d00e3cad6f42 | |
| parent | 32f9d20dff043cca5b81ff855c44a71bf18e41e4 (diff) | |
| download | samba-5469866242f0dfbdc7260c86cfca196b10e4af21.tar.gz samba-5469866242f0dfbdc7260c86cfca196b10e4af21.tar.bz2 samba-5469866242f0dfbdc7260c86cfca196b10e4af21.zip | |
s3/winbindd: Remove unnecessary check for NULL SID
There's a known bug in some Windows implementations of
DsEnumerateDomainTrusts() where domain SIDs are not returned for
transitively trusted domains within the same forest.
Jerry originally worked around this in the winbindd parent by checking
for S-0-0 and converting it to S-1-0 in 8b0fce0b. Guenter later moved
these checks into the child process in commit 3bdfcbac making the
initial patch unecessary.
I've removed it and added a clarifying comment to the child process.
If ever this SID is needed we could add an extra DsEnumerateDomainTrusts()
call in trusted_domains() as suggested by the Microsoft KB.
| -rw-r--r-- | source3/winbindd/winbindd_ads.c | 6 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_util.c | 9 |
2 files changed, 7 insertions, 8 deletions
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index a9df61d5f4..b5fe08093c 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -1379,9 +1379,13 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, DEBUG(10,("trusted_domains: Skipping external trusted domain " "%s because it is outside of our primary domain\n", trusts.array[i].netbios_name)); - continue; + continue; } + /* We must check that the SID of each trusted domain + * was returned to work around a bug in Windows: + * http://support.microsoft.com/kb/922832 */ + (*names)[ret_count] = CONST_DISCARD(char *, trusts.array[i].netbios_name); (*alt_names)[ret_count] = CONST_DISCARD(char *, trusts.array[i].dns_name); if (trusts.array[i].sid) { diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 5c2ebab836..ff8c101b37 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -322,13 +322,8 @@ static void trustdom_recv(void *private_data, bool success) *q = '\0'; if (!string_to_sid(&sid, sidstr)) { - /* Allow NULL sid for sibling domains */ - if ( strcmp(sidstr,"S-0-0") == 0) { - sid_copy( &sid, &global_sid_NULL); - } else { - DEBUG(0, ("Got invalid trustdom response\n")); - break; - } + DEBUG(0, ("Got invalid trustdom response\n")); + break; } /* use the real alt_name if we have one, else pass in NULL */ |