summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2013-08-23 14:56:17 +0200
committerGünther Deschner <gd@samba.org>2013-08-29 16:57:51 +0200
commitb66ce754a327a5bdb7600fb67ffb7aaac03cb7db (patch)
tree537c87c557787da9fa9c288cca5665d8d92a902d /source3
parent576c597ae38e788bc3c16efc5417e7481c673add (diff)
downloadsamba-b66ce754a327a5bdb7600fb67ffb7aaac03cb7db.tar.gz
samba-b66ce754a327a5bdb7600fb67ffb7aaac03cb7db.tar.bz2
samba-b66ce754a327a5bdb7600fb67ffb7aaac03cb7db.zip
s3-winbindd: make sure also the idmap code can deal with trusted domains.
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/winbindd/winbindd_ads.c40
1 files changed, 31 insertions, 9 deletions
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 7aa936bfa1..fc44158211 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -136,6 +136,7 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name)
{
char *ldap_server, *realm, *password;
struct winbindd_domain *wb_dom;
+ ADS_STATUS status;
ads_cached_connection_reuse(adsp);
if (*adsp != NULL) {
@@ -154,19 +155,40 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name)
wb_dom = find_domain_from_name(dom_name);
if (wb_dom == NULL) {
DEBUG(10, ("could not find domain '%s'\n", dom_name));
- realm = NULL;
- } else {
- DEBUG(10, ("find_domain_from_name found realm '%s' for "
+ return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
+ }
+
+ DEBUG(10, ("find_domain_from_name found realm '%s' for "
" domain '%s'\n", wb_dom->alt_name, dom_name));
- realm = wb_dom->alt_name;
+
+ if (!get_trust_pw_clear(dom_name, &password, NULL, NULL)) {
+ return ADS_ERROR_NT(NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
}
- /* the machine acct password might have change - fetch it every time */
- password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
- realm = SMB_STRDUP(lp_realm());
+ if (IS_DC) {
+ realm = SMB_STRDUP(wb_dom->alt_name);
+ } else {
+ struct winbindd_domain *our_domain = wb_dom;
- return ads_cached_connection_connect(adsp, realm, dom_name, ldap_server,
- password, realm, 0);
+ /* always give preference to the alt_name in our
+ primary domain if possible */
+
+ if (!wb_dom->primary) {
+ our_domain = find_our_domain();
+ }
+
+ if (our_domain->alt_name != NULL) {
+ realm = SMB_STRDUP(our_domain->alt_name);
+ } else {
+ realm = SMB_STRDUP(lp_realm());
+ }
+ }
+
+ status = ads_cached_connection_connect(adsp, realm, dom_name, ldap_server,
+ password, realm, 0);
+ SAFE_FREE(realm);
+
+ return status;
}
/*