diff options
| author | Gerald (Jerry) Carter <jerry@samba.org> | 2008-01-04 13:35:41 -0600 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2008-01-04 13:35:41 -0600 |
| commit | 84a50e21541e4c3a0bfb70d5d501dc4b7e6f9714 (patch) | |
| tree | 2f7eee765a9828b3ab96aceeb670234b98a6f4b5 /source3/winbindd | |
| parent | 4093b0632cda821f331f9ff50c51aa63c799292f (diff) | |
| download | samba-84a50e21541e4c3a0bfb70d5d501dc4b7e6f9714.tar.gz samba-84a50e21541e4c3a0bfb70d5d501dc4b7e6f9714.tar.bz2 samba-84a50e21541e4c3a0bfb70d5d501dc4b7e6f9714.zip | |
Fix the inherited trust flags when spidering the trust heirarchy.
Also *do not* clear the trust list when rescanning or else it is possible
to suffer from a race condition where no trusted domains can be found.
(This used to be commit e7164a252bf213a74d6eeac5aa04645eed5be241)
Diffstat (limited to 'source3/winbindd')
| -rw-r--r-- | source3/winbindd/winbindd_ads.c | 12 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_util.c | 10 |
2 files changed, 19 insertions, 3 deletions
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index c9b2a52388..3aba824b0b 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -1270,12 +1270,24 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, d.domain_type = domains[i].trust_type; d.domain_trust_attribs = domains[i].trust_attributes; } else { + /* Look up the record in the cache */ + struct winbindd_tdc_domain *parent; + DEBUG(10,("trusted_domains(ads): Inheriting trust " "flags for domain %s\n", d.alt_name)); + + parent = wcache_tdc_fetch_domain(NULL, domain->name); + if (parent) { + d.domain_flags = parent->trust_flags; + d.domain_type = parent->trust_type; + d.domain_trust_attribs = parent->trust_attribs; + } else { d.domain_flags = domain->domain_flags; d.domain_type = domain->domain_type; d.domain_trust_attribs = domain->domain_trust_attribs; } + TALLOC_FREE(parent); + } wcache_tdc_add_domain( &d ); diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 70468b6bcd..cc12d4b7ea 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -500,9 +500,13 @@ void rescan_trusted_domains( void ) ((now-last_trustdom_scan) < WINBINDD_RESCAN_FREQ) ) return; - /* clear the TRUSTDOM cache first */ - - wcache_tdc_clear(); + /* I use to clear the cache here and start over but that + caused problems in child processes that needed the + trust dom list early on. Removing it means we + could have some trusted domains listed that have been + removed from our primary domain's DC until a full + restart. This should be ok since I think this is what + Windows does as well. */ /* this will only add new domains we didn't already know about in the domain_list()*/ |