diff options
author | Gerald Carter <jerry@samba.org> | 2003-07-01 17:51:52 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2003-07-01 17:51:52 +0000 |
commit | 814968d41b04fd6a3e889039d227ed6abb429ae2 (patch) | |
tree | 1c48412925a45ee6c003b51c0466094d67660176 /source3/auth/auth_util.c | |
parent | 125ab5463b0c4b96fbc10c2d008d2e4c995b91f1 (diff) | |
download | samba-814968d41b04fd6a3e889039d227ed6abb429ae2.tar.gz samba-814968d41b04fd6a3e889039d227ed6abb429ae2.tar.bz2 samba-814968d41b04fd6a3e889039d227ed6abb429ae2.zip |
* fixed volker's wbinfo -a lockup again. This one was my fault.
It was caused by the winbind_ping() call in is_trusted_domain()
o if we are a DC then we check our own direct trust relationships
we have to rely on winbindd to update the truatdom_cache
o if we are a domain member, then we can update the trustdom_cache
ourselves if winbindd is not there
(This used to be commit 22dfcafb37f7109dc455f4fb6323a25ba4f097bc)
Diffstat (limited to 'source3/auth/auth_util.c')
-rw-r--r-- | source3/auth/auth_util.c | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index ab08a28ff6..4e25d7fd34 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. Authentication utility functions Copyright (C) Andrew Tridgell 1992-1998 @@ -1258,4 +1258,47 @@ NTSTATUS nt_status_squash(NTSTATUS nt_status) } +/** + * Verify whether or not given domain is trusted. + * + * @param domain_name name of the domain to be verified + * @return true if domain is one of the trusted once or + * false if otherwise + **/ + +BOOL is_trusted_domain(const char* dom_name) +{ + DOM_SID trustdom_sid; + char *pass = NULL; + time_t lct; + BOOL ret; + + /* if we are a DC, then check for a direct trust relationships */ + + if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) { + become_root(); + ret = secrets_fetch_trusted_domain_password(dom_name, &pass, &trustdom_sid, &lct); + unbecome_root(); + SAFE_FREE(pass); + if (ret) + return True; + } + else { + /* if winbindd is not up and we are a domain member) then we need to update the + trustdom_cache ourselves */ + + if ( !winbind_ping() ) + update_trustdom_cache(); + } + + /* now the trustdom cache should be available a DC could still + * have a transitive trust so fall back to the cache of trusted + * domains (like a domain member would use */ + + if ( trustdom_cache_fetch(dom_name, &trustdom_sid) ) { + return True; + } + + return False; +} |