diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-06-24 16:26:23 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-06-24 16:26:23 +1000 |
commit | 6da26870e0ae5acd6ff49a30ec2f6886b44d095e (patch) | |
tree | 850c71039563c16a5d563c47e7ba2ab645baf198 /source3/passdb/machine_account_secrets.c | |
parent | 6925a799d04c6fa59dd2ddef1f5510f9bb7d17d1 (diff) | |
parent | 2610c05b5b95cc7036b3d6dfb894c6cfbdb68483 (diff) | |
download | samba-6da26870e0ae5acd6ff49a30ec2f6886b44d095e.tar.gz samba-6da26870e0ae5acd6ff49a30ec2f6886b44d095e.tar.bz2 samba-6da26870e0ae5acd6ff49a30ec2f6886b44d095e.zip |
Merge 2610c05b5b95cc7036b3d6dfb894c6cfbdb68483 as Samba-4.0alpha16
Diffstat (limited to 'source3/passdb/machine_account_secrets.c')
-rw-r--r-- | source3/passdb/machine_account_secrets.c | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c index a51a99c9a2..665e2f89a4 100644 --- a/source3/passdb/machine_account_secrets.c +++ b/source3/passdb/machine_account_secrets.c @@ -28,6 +28,7 @@ #include "secrets.h" #include "dbwrap.h" #include "../librpc/ndr/libndr.h" +#include "util_tdb.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -56,6 +57,17 @@ bool secrets_store_domain_sid(const char *domain, const struct dom_sid *sid) { bool ret; +#ifdef _SAMBA_WAF_BUILD_ + if (strequal(domain, get_global_sam_name()) && + (pdb_capabilities() & PDB_CAP_ADS)) { + /* If we have a ADS-capable passdb backend, we + * must never make up our own SID, it will + * already be in the directory */ + DEBUG(0, ("Refusing to store a Domain SID, this should be read from the directory not stored here\n")); + return false; + } +#endif + ret = secrets_store(domain_sid_keystr(domain), sid, sizeof(struct dom_sid )); /* Force a re-query, in case we modified our domain */ @@ -69,6 +81,24 @@ bool secrets_fetch_domain_sid(const char *domain, struct dom_sid *sid) struct dom_sid *dyn_sid; size_t size = 0; +#ifdef _SAMBA_WAF_BUILD_ + if (strequal(domain, get_global_sam_name()) && + (pdb_capabilities() & PDB_CAP_ADS)) { + struct pdb_domain_info *domain_info; + domain_info = pdb_get_domain_info(talloc_tos()); + if (!domain_info) { + /* If we have a ADS-capable passdb backend, we + * must never make up our own SID, it will + * already be in the directory */ + DEBUG(0, ("Unable to fetch a Domain SID from the directory!\n")); + return false; + } + + *sid = domain_info->sid; + return true; + } +#endif + dyn_sid = (struct dom_sid *)secrets_fetch(domain_sid_keystr(domain), &size); if (dyn_sid == NULL) @@ -88,6 +118,17 @@ bool secrets_store_domain_guid(const char *domain, struct GUID *guid) { fstring key; +#ifdef _SAMBA_WAF_BUILD_ + if (strequal(domain, get_global_sam_name()) && + (pdb_capabilities() & PDB_CAP_ADS)) { + /* If we have a ADS-capable passdb backend, we + * must never make up our own GUID, it will + * already be in the directory */ + DEBUG(0, ("Refusing to store a Domain GUID, this should be read from the directory not stored here\n")); + return false; + } +#endif + slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain); strupper_m(key); return secrets_store(key, guid, sizeof(struct GUID)); @@ -100,6 +141,24 @@ bool secrets_fetch_domain_guid(const char *domain, struct GUID *guid) size_t size = 0; struct GUID new_guid; +#ifdef _SAMBA_WAF_BUILD_ + if (strequal(domain, get_global_sam_name()) && + (pdb_capabilities() & PDB_CAP_ADS)) { + struct pdb_domain_info *domain_info; + domain_info = pdb_get_domain_info(talloc_tos()); + if (!domain_info) { + /* If we have a ADS-capable passdb backend, we + * must never make up our own SID, it will + * already be in the directory */ + DEBUG(0, ("Unable to fetch a Domain GUID from the directory!\n")); + return false; + } + + *guid = domain_info->guid; + return true; + } +#endif + slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain); strupper_m(key); dyn_guid = (struct GUID *)secrets_fetch(key, &size); |