port latest changes from SAMBA_3_0 tree

(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)

1 files changed, 80 insertions, 5 deletions

diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index 6177c46aef..a810e503a0 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -111,7 +111,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
 		fstrcpy(domain->name, alt_name);
 		fstrcpy(domain->alt_name, domain_name);
 	} else {
-	fstrcpy(domain->name, domain_name);
+		fstrcpy(domain->name, domain_name);
 		if (alt_name) {
 			fstrcpy(domain->alt_name, alt_name);
 		}
@@ -174,8 +174,11 @@ void rescan_trusted_domains(BOOL force)
 		char **names;
 		char **alt_names;
 		int num_domains = 0;
-		DOM_SID *dom_sids;
+		DOM_SID *dom_sids, null_sid;
 		int i;
+		struct winbindd_domain *new_domain;
+		
+		ZERO_STRUCTP(&null_sid);
 
 		result = domain->methods->trusted_domains(domain, mem_ctx, &num_domains,
 		                                          &names, &alt_names, &dom_sids);
@@ -183,12 +186,34 @@ void rescan_trusted_domains(BOOL force)
 			continue;
 		}
 
-		/* Add each domain to the trusted domain list. Each domain inherits
-		   the access methods of its parent */
+		/* Add each domain to the trusted domain list */
+		
 		for(i = 0; i < num_domains; i++) {
 			DEBUG(10,("Found domain %s\n", names[i]));
 			add_trusted_domain(names[i], alt_names?alt_names[i]:NULL,
 			                   domain->methods, &dom_sids[i]);
+					   
+			/* if the SID was empty, we better set it now */
+			
+			if ( sid_equal(&dom_sids[i], &null_sid) ) {
+			
+				new_domain = find_domain_from_name(names[i]);
+				 
+				/* this should never happen */
+				if ( !new_domain ) { 	
+					DEBUG(0,("rescan_trust_domains: can't find the domain I just added! [%s]\n",
+						names[i]));
+					break;
+				}
+				 
+				/* call the cache method; which will operate on the winbindd_domain \
+				   passed in and choose either rpc or ads as appropriate */
+
+				result = domain->methods->domain_sid( new_domain, &new_domain->sid );
+				 
+				if ( NT_STATUS_IS_OK(result) )
+				 	sid_copy( &dom_sids[i], &domain->sid );
+			}
 			
 			/* store trusted domain in the cache */
 			trustdom_cache_store(names[i], alt_names ? alt_names[i] : NULL,
@@ -209,7 +234,7 @@ BOOL init_domain_list(void)
 	free_domain_list();
 
 	/* Add ourselves as the first entry */
-	domain = add_trusted_domain(lp_workgroup(), NULL, &cache_methods, NULL);
+	domain = add_trusted_domain( lp_workgroup(), NULL, &cache_methods, NULL);
 	if (!secrets_fetch_domain_sid(domain->name, &domain->sid)) {
 		DEBUG(1, ("Could not fetch sid for our domain %s\n",
 			  domain->name));
@@ -782,3 +807,53 @@ BOOL winbindd_upgrade_idmap(void)
 
 	return idmap_convert(idmap_name);
 }
+
+/*******************************************************************
+ wrapper around retrieving the trust account password
+*******************************************************************/
+
+BOOL get_trust_pw(const char *domain, uint8 ret_pwd[16],
+                          time_t *pass_last_set_time, uint32 *channel)
+{
+	DOM_SID sid;
+	char *pwd;
+
+	/* if we are a DC and this is not our domain, then lookup an account
+	   for the domain trust */
+	   
+	if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains() ) 
+	{
+		if ( !secrets_fetch_trusted_domain_password(domain, &pwd, &sid, 
+			pass_last_set_time) ) 
+		{
+			DEBUG(0, ("get_trust_pw: could not fetch trust account "
+				  "password for trusted domain %s\n", domain));
+			return False;
+		}
+		
+		*channel = SEC_CHAN_DOMAIN;
+		E_md4hash(pwd, ret_pwd);
+		SAFE_FREE(pwd);
+
+		return True;
+	}
+	else 	/* just get the account for our domain (covers 
+		   ROLE_DOMAIN_MEMBER as well */
+	{
+		/* get the machine trust account for our domain */
+
+		if ( !secrets_fetch_trust_account_password (lp_workgroup(), ret_pwd,
+			pass_last_set_time, channel) ) 
+		{
+			DEBUG(0, ("get_trust_pw: could not fetch trust account "
+				  "password for my domain %s\n", domain));
+			return False;
+		}
+		
+		return True;
+	}
+	
+	/* Failure */
+	return False;
+}
+