diff options
-rw-r--r-- | source3/winbindd/winbindd_ads.c | 81 | ||||
-rw-r--r-- | source3/winbindd/winbindd_util.c | 6 |
2 files changed, 54 insertions, 33 deletions
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 0900d56987..ae8ad9dd1a 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -1249,32 +1249,55 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, fstrcpy( d.alt_name, trusts.array[i].dns_name); sid_copy( &d.sid, trusts.array[i].sid); - /* This gets a little tricky. If we are - following a transitive forest trust, then - innerit the flags, type, and attrins from - the domain we queried to make sure we don't - record the view of the trust from the wrong - side. Always view it from the side of our - primary domain. --jerry */ - if ( domain->primary || - ((domain->domain_flags&fr_flags) == fr_flags) ) - { - DEBUG(10,("trusted_domains(ads): Storing trust " - "flags for domain %s\n", d.alt_name)); - - /* Look this up in cache to make sure - we have the current trust flags and - attributes */ + if ( domain->primary ) { + DEBUG(10,("trusted_domains(ads): Searching " + "trusted domain list of %s and storing " + "trust flags for domain %s\n", + domain->name, d.alt_name)); d.domain_flags = trusts.array[i].trust_flags; d.domain_type = trusts.array[i].trust_type; d.domain_trust_attribs = trusts.array[i].trust_attributes; - } else { - /* Look up the record in the cache */ - struct winbindd_tdc_domain *parent; - DEBUG(10,("trusted_domains(ads): Inheriting trust " - "flags for domain %s\n", d.alt_name)); + wcache_tdc_add_domain( &d ); + ret_count++; + } else if ( (domain->domain_flags&fr_flags) == fr_flags ) { + /* Check if we already have this record. If + * we are following our forest root that is not + * our primary domain, we want to keep trust + * flags from the perspective of our primary + * domain not our forest root. */ + struct winbindd_tdc_domain *exist = NULL; + + exist = + wcache_tdc_fetch_domain(NULL, trusts.array[i].netbios_name); + if (!exist) { + DEBUG(10,("trusted_domains(ads): Searching " + "trusted domain list of %s and storing " + "trust flags for domain %s\n", + domain->name, d.alt_name)); + d.domain_flags = trusts.array[i].trust_flags; + d.domain_type = trusts.array[i].trust_type; + d.domain_trust_attribs = trusts.array[i].trust_attributes; + + wcache_tdc_add_domain( &d ); + ret_count++; + } + TALLOC_FREE(exist); + } else { + /* This gets a little tricky. If we are + following a transitive forest trust, then + innerit the flags, type, and attribs from + the domain we queried to make sure we don't + record the view of the trust from the wrong + side. Always view it from the side of our + primary domain. --jerry */ + struct winbindd_tdc_domain *parent = NULL; + + DEBUG(10,("trusted_domains(ads): Searching " + "trusted domain list of %s and inheriting " + "trust flags for domain %s\n", + domain->name, d.alt_name)); parent = wcache_tdc_fetch_domain(NULL, domain->name); if (parent) { @@ -1282,17 +1305,15 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, d.domain_type = parent->trust_type; d.domain_trust_attribs = parent->trust_attribs; } else { - d.domain_flags = domain->domain_flags; - d.domain_type = domain->domain_type; - d.domain_trust_attribs = domain->domain_trust_attribs; - } + d.domain_flags = domain->domain_flags; + d.domain_type = domain->domain_type; + d.domain_trust_attribs = domain->domain_trust_attribs; + } TALLOC_FREE(parent); + + wcache_tdc_add_domain( &d ); + ret_count++; } - - wcache_tdc_add_domain( &d ); - - ret_count++; - } *num_domains = ret_count; diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 038bafbe4e..641fd5a9f5 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -339,7 +339,7 @@ static void trustdom_recv(void *private_data, bool success) */ if ( state->primary ) { - /* If this is our primary domain and we are not the in the + /* If this is our primary domain and we are not in the forest root, we have to scan the root trusts first */ if ( !state->forest_root ) @@ -349,7 +349,7 @@ static void trustdom_recv(void *private_data, bool success) } else if ( state->forest_root ) { /* Once we have done root forest trust search, we can - go on to search thing trusted forests */ + go on to search the trusted forests */ rescan_forest_trusts(); } @@ -419,7 +419,7 @@ static void rescan_forest_root_trusts( void ) } /******************************************************************** - scan the transitive forest trists (not our own) + scan the transitive forest trusts (not our own) ********************************************************************/ |