summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
authorGerald (Jerry) Carter <jerry@samba.org>2008-01-04 13:35:41 -0600
committerGerald (Jerry) Carter <jerry@samba.org>2008-01-04 13:35:41 -0600
commit84a50e21541e4c3a0bfb70d5d501dc4b7e6f9714 (patch)
tree2f7eee765a9828b3ab96aceeb670234b98a6f4b5 /source3/winbindd
parent4093b0632cda821f331f9ff50c51aa63c799292f (diff)
downloadsamba-84a50e21541e4c3a0bfb70d5d501dc4b7e6f9714.tar.gz
samba-84a50e21541e4c3a0bfb70d5d501dc4b7e6f9714.tar.bz2
samba-84a50e21541e4c3a0bfb70d5d501dc4b7e6f9714.zip
Fix the inherited trust flags when spidering the trust heirarchy.
Also *do not* clear the trust list when rescanning or else it is possible to suffer from a race condition where no trusted domains can be found. (This used to be commit e7164a252bf213a74d6eeac5aa04645eed5be241)
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/winbindd_ads.c12
-rw-r--r--source3/winbindd/winbindd_util.c10
2 files changed, 19 insertions, 3 deletions
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index c9b2a52388..3aba824b0b 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1270,12 +1270,24 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
d.domain_type = domains[i].trust_type;
d.domain_trust_attribs = domains[i].trust_attributes;
} else {
+ /* Look up the record in the cache */
+ struct winbindd_tdc_domain *parent;
+
DEBUG(10,("trusted_domains(ads): Inheriting trust "
"flags for domain %s\n", d.alt_name));
+
+ parent = wcache_tdc_fetch_domain(NULL, domain->name);
+ if (parent) {
+ d.domain_flags = parent->trust_flags;
+ d.domain_type = parent->trust_type;
+ d.domain_trust_attribs = parent->trust_attribs;
+ } else {
d.domain_flags = domain->domain_flags;
d.domain_type = domain->domain_type;
d.domain_trust_attribs = domain->domain_trust_attribs;
}
+ TALLOC_FREE(parent);
+ }
wcache_tdc_add_domain( &d );
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 70468b6bcd..cc12d4b7ea 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -500,9 +500,13 @@ void rescan_trusted_domains( void )
((now-last_trustdom_scan) < WINBINDD_RESCAN_FREQ) )
return;
- /* clear the TRUSTDOM cache first */
-
- wcache_tdc_clear();
+ /* I use to clear the cache here and start over but that
+ caused problems in child processes that needed the
+ trust dom list early on. Removing it means we
+ could have some trusted domains listed that have been
+ removed from our primary domain's DC until a full
+ restart. This should be ok since I think this is what
+ Windows does as well. */
/* this will only add new domains we didn't already know about
in the domain_list()*/