summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-07-01 17:51:52 +0000
committerGerald Carter <jerry@samba.org>2003-07-01 17:51:52 +0000
commit814968d41b04fd6a3e889039d227ed6abb429ae2 (patch)
tree1c48412925a45ee6c003b51c0466094d67660176
parent125ab5463b0c4b96fbc10c2d008d2e4c995b91f1 (diff)
downloadsamba-814968d41b04fd6a3e889039d227ed6abb429ae2.tar.gz
samba-814968d41b04fd6a3e889039d227ed6abb429ae2.tar.bz2
samba-814968d41b04fd6a3e889039d227ed6abb429ae2.zip
* fixed volker's wbinfo -a lockup again. This one was my fault.
It was caused by the winbind_ping() call in is_trusted_domain() o if we are a DC then we check our own direct trust relationships we have to rely on winbindd to update the truatdom_cache o if we are a domain member, then we can update the trustdom_cache ourselves if winbindd is not there (This used to be commit 22dfcafb37f7109dc455f4fb6323a25ba4f097bc)
-rw-r--r--source3/auth/auth_util.c45
-rw-r--r--source3/libsmb/trusts_util.c79
2 files changed, 63 insertions, 61 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index ab08a28ff6..4e25d7fd34 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
Authentication utility functions
Copyright (C) Andrew Tridgell 1992-1998
@@ -1258,4 +1258,47 @@ NTSTATUS nt_status_squash(NTSTATUS nt_status)
}
+/**
+ * Verify whether or not given domain is trusted.
+ *
+ * @param domain_name name of the domain to be verified
+ * @return true if domain is one of the trusted once or
+ * false if otherwise
+ **/
+
+BOOL is_trusted_domain(const char* dom_name)
+{
+ DOM_SID trustdom_sid;
+ char *pass = NULL;
+ time_t lct;
+ BOOL ret;
+
+ /* if we are a DC, then check for a direct trust relationships */
+
+ if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
+ become_root();
+ ret = secrets_fetch_trusted_domain_password(dom_name, &pass, &trustdom_sid, &lct);
+ unbecome_root();
+ SAFE_FREE(pass);
+ if (ret)
+ return True;
+ }
+ else {
+ /* if winbindd is not up and we are a domain member) then we need to update the
+ trustdom_cache ourselves */
+
+ if ( !winbind_ping() )
+ update_trustdom_cache();
+ }
+
+ /* now the trustdom cache should be available a DC could still
+ * have a transitive trust so fall back to the cache of trusted
+ * domains (like a domain member would use */
+
+ if ( trustdom_cache_fetch(dom_name, &trustdom_sid) ) {
+ return True;
+ }
+
+ return False;
+}
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 464a3324c1..77e63709aa 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -1,4 +1,4 @@
-/*
+/*
* Unix SMB/CIFS implementation.
* Routines to operate on various trust relationships
* Copyright (C) Andrew Bartlett 2001
@@ -127,8 +127,8 @@ NTSTATUS trust_pw_find_change_and_store_it(struct cli_state *cli,
Enumerate the list of trusted domains from a DC
*********************************************************************/
-BOOL enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
- char ***domain_names, uint32 *num_domains,
+BOOL enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
+ char ***domain_names, uint32 *num_domains,
DOM_SID **sids )
{
POLICY_HND pol;
@@ -138,36 +138,36 @@ BOOL enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
uint32 enum_ctx = 0;
struct cli_state *cli = NULL;
BOOL retry;
-
+
*domain_names = NULL;
*num_domains = 0;
*sids = NULL;
-
+
/* lookup a DC first */
-
+
if ( !get_dc_name(domain, dc_name, &dc_ip) ) {
DEBUG(3,("enumerate_domain_trusts: can't locate a DC for domain %s\n",
domain));
return False;
}
-
+
/* setup the anonymous connection */
-
- result = cli_full_connection( &cli, global_myname(), dc_name, &dc_ip, 0, "IPC$", "IPC",
+
+ result = cli_full_connection( &cli, global_myname(), dc_name, &dc_ip, 0, "IPC$", "IPC",
"", "", "", 0, &retry);
if ( !NT_STATUS_IS_OK(result) )
goto done;
-
+
/* open the LSARPC_PIPE */
-
+
if ( !cli_nt_session_open( cli, PI_LSARPC ) ) {
result = NT_STATUS_UNSUCCESSFUL;
goto done;
}
-
+
/* get a handle */
-
- result = cli_lsa_open_policy(cli, mem_ctx, True,
+
+ result = cli_lsa_open_policy(cli, mem_ctx, True,
POLICY_VIEW_LOCAL_INFORMATION, &pol);
if ( !NT_STATUS_IS_OK(result) )
goto done;
@@ -176,56 +176,15 @@ BOOL enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
num_domains, domain_names, sids);
- if ( !NT_STATUS_IS_OK(result) )
+ if ( !NT_STATUS_IS_OK(result) )
goto done;
-
-done:
+
+done:
/* cleanup */
-
+
cli_nt_session_close( cli );
cli_shutdown( cli );
-
- return NT_STATUS_IS_OK(result);
-}
-
-
-/**
- * Verify whether or not given domain is trusted.
- *
- * @param domain_name name of the domain to be verified
- * @return true if domain is one of the trusted once or
- * false if otherwise
- **/
-
-BOOL is_trusted_domain(const char* dom_name)
-{
- DOM_SID trustdom_sid;
- char *pass = NULL;
- time_t lct;
- BOOL ret;
- /* if we are a DC, then check for a direct trust relationships */
-
- if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
- ret = secrets_fetch_trusted_domain_password(dom_name, &pass, &trustdom_sid, &lct);
- SAFE_FREE(pass);
- if (ret)
- return True;
- }
-
- /* if winbindd is not up then we need to update the trustdom_cache ourselves */
-
- if ( !winbind_ping() )
- update_trustdom_cache();
-
- /* now the trustdom cache should be available a DC could still
- * have a transitive trust so fall back to the cache of trusted
- * domains (like a domain member would use */
-
- if ( trustdom_cache_fetch(dom_name, &trustdom_sid) ) {
- return True;
- }
-
- return False;
+ return NT_STATUS_IS_OK(result);
}