summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/winbindd/winbindd_ads.c81
-rw-r--r--source3/winbindd/winbindd_util.c6
2 files changed, 54 insertions, 33 deletions
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 0900d56987..ae8ad9dd1a 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1249,32 +1249,55 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
fstrcpy( d.alt_name, trusts.array[i].dns_name);
sid_copy( &d.sid, trusts.array[i].sid);
- /* This gets a little tricky. If we are
- following a transitive forest trust, then
- innerit the flags, type, and attrins from
- the domain we queried to make sure we don't
- record the view of the trust from the wrong
- side. Always view it from the side of our
- primary domain. --jerry */
- if ( domain->primary ||
- ((domain->domain_flags&fr_flags) == fr_flags) )
- {
- DEBUG(10,("trusted_domains(ads): Storing trust "
- "flags for domain %s\n", d.alt_name));
-
- /* Look this up in cache to make sure
- we have the current trust flags and
- attributes */
+ if ( domain->primary ) {
+ DEBUG(10,("trusted_domains(ads): Searching "
+ "trusted domain list of %s and storing "
+ "trust flags for domain %s\n",
+ domain->name, d.alt_name));
d.domain_flags = trusts.array[i].trust_flags;
d.domain_type = trusts.array[i].trust_type;
d.domain_trust_attribs = trusts.array[i].trust_attributes;
- } else {
- /* Look up the record in the cache */
- struct winbindd_tdc_domain *parent;
- DEBUG(10,("trusted_domains(ads): Inheriting trust "
- "flags for domain %s\n", d.alt_name));
+ wcache_tdc_add_domain( &d );
+ ret_count++;
+ } else if ( (domain->domain_flags&fr_flags) == fr_flags ) {
+ /* Check if we already have this record. If
+ * we are following our forest root that is not
+ * our primary domain, we want to keep trust
+ * flags from the perspective of our primary
+ * domain not our forest root. */
+ struct winbindd_tdc_domain *exist = NULL;
+
+ exist =
+ wcache_tdc_fetch_domain(NULL, trusts.array[i].netbios_name);
+ if (!exist) {
+ DEBUG(10,("trusted_domains(ads): Searching "
+ "trusted domain list of %s and storing "
+ "trust flags for domain %s\n",
+ domain->name, d.alt_name));
+ d.domain_flags = trusts.array[i].trust_flags;
+ d.domain_type = trusts.array[i].trust_type;
+ d.domain_trust_attribs = trusts.array[i].trust_attributes;
+
+ wcache_tdc_add_domain( &d );
+ ret_count++;
+ }
+ TALLOC_FREE(exist);
+ } else {
+ /* This gets a little tricky. If we are
+ following a transitive forest trust, then
+ innerit the flags, type, and attribs from
+ the domain we queried to make sure we don't
+ record the view of the trust from the wrong
+ side. Always view it from the side of our
+ primary domain. --jerry */
+ struct winbindd_tdc_domain *parent = NULL;
+
+ DEBUG(10,("trusted_domains(ads): Searching "
+ "trusted domain list of %s and inheriting "
+ "trust flags for domain %s\n",
+ domain->name, d.alt_name));
parent = wcache_tdc_fetch_domain(NULL, domain->name);
if (parent) {
@@ -1282,17 +1305,15 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
d.domain_type = parent->trust_type;
d.domain_trust_attribs = parent->trust_attribs;
} else {
- d.domain_flags = domain->domain_flags;
- d.domain_type = domain->domain_type;
- d.domain_trust_attribs = domain->domain_trust_attribs;
- }
+ d.domain_flags = domain->domain_flags;
+ d.domain_type = domain->domain_type;
+ d.domain_trust_attribs = domain->domain_trust_attribs;
+ }
TALLOC_FREE(parent);
+
+ wcache_tdc_add_domain( &d );
+ ret_count++;
}
-
- wcache_tdc_add_domain( &d );
-
- ret_count++;
-
}
*num_domains = ret_count;
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 038bafbe4e..641fd5a9f5 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -339,7 +339,7 @@ static void trustdom_recv(void *private_data, bool success)
*/
if ( state->primary ) {
- /* If this is our primary domain and we are not the in the
+ /* If this is our primary domain and we are not in the
forest root, we have to scan the root trusts first */
if ( !state->forest_root )
@@ -349,7 +349,7 @@ static void trustdom_recv(void *private_data, bool success)
} else if ( state->forest_root ) {
/* Once we have done root forest trust search, we can
- go on to search thing trusted forests */
+ go on to search the trusted forests */
rescan_forest_trusts();
}
@@ -419,7 +419,7 @@ static void rescan_forest_root_trusts( void )
}
/********************************************************************
- scan the transitive forest trists (not our own)
+ scan the transitive forest trusts (not our own)
********************************************************************/