summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-08-30 18:48:49 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:39:00 -0500
commit9d37ee52e0d616b60e6644050d259e884ee5870d (patch)
tree181f2127ff8f7adbdc6d04464530d748fe58a874 /source3
parentf2b3143cf72c9d8f391b867353757770d1f0b012 (diff)
downloadsamba-9d37ee52e0d616b60e6644050d259e884ee5870d.tar.gz
samba-9d37ee52e0d616b60e6644050d259e884ee5870d.tar.bz2
samba-9d37ee52e0d616b60e6644050d259e884ee5870d.zip
r17937: Move the saf_ cache into the tcp ad connection code.
Cause winbindd to set site support before doing the generic AD server lookup. Jeremy. (This used to be commit a9833941715472ece747bce69ef53ba8ad98d7a5)
Diffstat (limited to 'source3')
-rw-r--r--source3/libads/ldap.c10
-rw-r--r--source3/nsswitch/winbindd_cm.c18
2 files changed, 21 insertions, 7 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index c943558bd3..947f58a8fd 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -169,10 +169,6 @@ BOOL ads_try_connect(ADS_STRUCT *ads, const char *server )
ads->ldap_ip = *interpret_addr2(srv);
SAFE_FREE(srv);
- /* cache the successful connection */
-
- saf_store( ads->server.workgroup, server );
-
/* Store our site name. */
sitename_store( cldap_reply.client_site_name );
@@ -243,7 +239,7 @@ again:
return status;
}
-
+
/* if we fail this loop, then giveup since all the IP addresses returned were dead */
for ( i=0; i<count; i++ ) {
fstring server;
@@ -338,6 +334,10 @@ got_connection:
{
return ADS_ERROR(LDAP_OPERATIONS_ERROR);
}
+
+ /* cache the successful connection */
+ saf_store( ads->server.workgroup, inet_ntoa(ads->ldap_ip));
+
ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
status = ADS_ERROR(smb_ldap_start_tls(ads->ld, version));
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index cea30f730d..2f2bfb60ee 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -652,7 +652,7 @@ static BOOL get_dcs(TALLOC_CTX *mem_ctx, const struct winbindd_domain *domain,
int iplist_size = 0;
int i;
BOOL is_our_domain;
-
+ enum security_types sec = (enum security_types)lp_security();
is_our_domain = strequal(domain->name, lp_workgroup());
@@ -665,13 +665,27 @@ static BOOL get_dcs(TALLOC_CTX *mem_ctx, const struct winbindd_domain *domain,
return True;
}
+#ifdef WITH_ADS
+ if (sec == SEC_ADS) {
+ /* We need to make sure we know the local site before
+ doing any DNS queries, as this will restrict the
+ get_sorted_dc_list() call below to only fetching
+ DNS records for the correct site. */
+
+ /* Find any DC to get the site record.
+ We deliberately don't care about the
+ return here. */
+ get_dc_name(domain->name, lp_realm(), dcname, &ip);
+ }
+#endif
+
/* try standard netbios queries first */
get_sorted_dc_list(domain->name, &ip_list, &iplist_size, False);
/* check for security = ads and use DNS if we can */
- if ( iplist_size==0 && lp_security() == SEC_ADS )
+ if ( iplist_size==0 && sec == SEC_ADS )
get_sorted_dc_list(domain->alt_name, &ip_list, &iplist_size, True);
/* FIXME!! this is where we should re-insert the GETDC requests --jerry */