r22705: Implement new set_dc_type_and_flags() called based on the

information return from our DC in the DsEnumerateDomainTrusts()
call.   If the fails, we callback ot the older
connect-to-the-remote-domain method.

Note that this means we can only reliably expect the native_mode
flag to be set for our own domain as this information in not
available outside our primary domain from the trusted information.
This is ok as we only really need the flag when trying to
determine to enumerate domain local groups via RPC.

Use the AD flag rather than the native_mode flag when using
ldap to obtain the seq_num for a domain.
(This used to be commit 4b4148a9642f03b8f27dda2132708bcc0cbb3b8e)

1 files changed, 30 insertions, 0 deletions

diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index 56de808c2d..d58fffd0db 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -1233,3 +1233,33 @@ void ws_name_return( char *name, char replace )
 
 	return;	
 }
+
+/*********************************************************************
+ ********************************************************************/
+
+BOOL winbindd_can_contact_domain( struct winbindd_domain *domain )
+{
+	/* We can contact the domain if it is our primary domain */
+
+	if ( domain->primary )
+		return True;
+
+	/* Can always contact a domain that is in out forest */
+
+	if ( domain->domain_flags & DS_DOMAIN_IN_FOREST )
+		return True;	
+
+	/* We cannot contact the domain if it is running AD and
+	   we have no inbound trust */
+
+	if ( domain->active_directory && 
+	     ((domain->domain_flags&DS_DOMAIN_DIRECT_INBOUND) != DS_DOMAIN_DIRECT_INBOUND) ) 
+	{
+		return False;
+	}
+	
+	/* Assume everything else is ok (probably not true but what
+	   can you do?) */
+	
+	return True;	
+}