summaryrefslogtreecommitdiff
path: root/source3/auth/auth_util.c
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-07-01 17:51:52 +0000
committerGerald Carter <jerry@samba.org>2003-07-01 17:51:52 +0000
commit814968d41b04fd6a3e889039d227ed6abb429ae2 (patch)
tree1c48412925a45ee6c003b51c0466094d67660176 /source3/auth/auth_util.c
parent125ab5463b0c4b96fbc10c2d008d2e4c995b91f1 (diff)
downloadsamba-814968d41b04fd6a3e889039d227ed6abb429ae2.tar.gz
samba-814968d41b04fd6a3e889039d227ed6abb429ae2.tar.bz2
samba-814968d41b04fd6a3e889039d227ed6abb429ae2.zip
* fixed volker's wbinfo -a lockup again. This one was my fault.
It was caused by the winbind_ping() call in is_trusted_domain() o if we are a DC then we check our own direct trust relationships we have to rely on winbindd to update the truatdom_cache o if we are a domain member, then we can update the trustdom_cache ourselves if winbindd is not there (This used to be commit 22dfcafb37f7109dc455f4fb6323a25ba4f097bc)
Diffstat (limited to 'source3/auth/auth_util.c')
-rw-r--r--source3/auth/auth_util.c45
1 files changed, 44 insertions, 1 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index ab08a28ff6..4e25d7fd34 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
Authentication utility functions
Copyright (C) Andrew Tridgell 1992-1998
@@ -1258,4 +1258,47 @@ NTSTATUS nt_status_squash(NTSTATUS nt_status)
}
+/**
+ * Verify whether or not given domain is trusted.
+ *
+ * @param domain_name name of the domain to be verified
+ * @return true if domain is one of the trusted once or
+ * false if otherwise
+ **/
+
+BOOL is_trusted_domain(const char* dom_name)
+{
+ DOM_SID trustdom_sid;
+ char *pass = NULL;
+ time_t lct;
+ BOOL ret;
+
+ /* if we are a DC, then check for a direct trust relationships */
+
+ if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
+ become_root();
+ ret = secrets_fetch_trusted_domain_password(dom_name, &pass, &trustdom_sid, &lct);
+ unbecome_root();
+ SAFE_FREE(pass);
+ if (ret)
+ return True;
+ }
+ else {
+ /* if winbindd is not up and we are a domain member) then we need to update the
+ trustdom_cache ourselves */
+
+ if ( !winbind_ping() )
+ update_trustdom_cache();
+ }
+
+ /* now the trustdom cache should be available a DC could still
+ * have a transitive trust so fall back to the cache of trusted
+ * domains (like a domain member would use */
+
+ if ( trustdom_cache_fetch(dom_name, &trustdom_sid) ) {
+ return True;
+ }
+
+ return False;
+}