summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/sam/idmap_rid.c70
1 files changed, 42 insertions, 28 deletions
diff --git a/source3/sam/idmap_rid.c b/source3/sam/idmap_rid.c
index 16784da12e..48b38fb0d8 100644
--- a/source3/sam/idmap_rid.c
+++ b/source3/sam/idmap_rid.c
@@ -152,13 +152,32 @@ static NTSTATUS rid_idmap_get_domains(uint32 *num_domains, fstring **domain_name
char *domain = NULL;
uint32 info_class = 5;
char *domain_name = NULL;
- DOM_SID *domain_sid;
+ DOM_SID *domain_sid, sid;
fstring sid_str;
int i;
uint32 trusted_num_domains = 0;
char **trusted_domain_names;
DOM_SID *trusted_domain_sids;
-
+ uint32 enum_ctx = 0;
+
+ /* put the results together */
+ *num_domains = 1;
+ *domain_names = (fstring *) malloc(sizeof(fstring) * *num_domains);
+ *domain_sids = (DOM_SID *) malloc(sizeof(DOM_SID) * *num_domains);
+
+ /* avoid calling a DC when trusted domains are not allowed anyway */
+ if (!lp_allow_trusted_domains()) {
+
+ fstrcpy((*domain_names)[0], lp_workgroup());
+ if (!secrets_fetch_domain_sid(lp_workgroup(), &sid)) {
+ DEBUG(0,("rid_idmap_get_domains: failed to retrieve domain sid\n"));
+ return status;
+ }
+ sid_copy(&(*domain_sids)[0], &sid);
+
+ return NT_STATUS_OK;
+ }
+
/* create mem_ctx */
if (!(mem_ctx = talloc_init("rid_idmap_get_trusted_domains"))) {
DEBUG(0, ("rid_idmap_get_domains: talloc_init() failed\n"));
@@ -229,37 +248,32 @@ static NTSTATUS rid_idmap_get_domains(uint32 *num_domains, fstring **domain_name
sid_to_string(sid_str, domain_sid);
DEBUG(10,("rid_idmap_get_domains: my domain: [%s], sid: [%s]\n", domain_name, sid_str));
- if (lp_allow_trusted_domains()) {
-
- uint32 enum_ctx = 0;
-
- /* scan trusted domains */
- DEBUG(10, ("rid_idmap_get_domains: enumerating trusted domains\n"));
- status = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
- &trusted_num_domains,
- &trusted_domain_names,
- &trusted_domain_sids);
-
- if (!NT_STATUS_IS_OK(status) &&
- !NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES) &&
- !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
- DEBUG(1, ("rid_idmap_get_domains: could not enumerate trusted domains\n"));
- goto out;
- }
+ /* scan trusted domains */
+ DEBUG(10, ("rid_idmap_get_domains: enumerating trusted domains\n"));
+ status = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
+ &trusted_num_domains,
+ &trusted_domain_names,
+ &trusted_domain_sids);
+
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES) &&
+ !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
+ DEBUG(1, ("rid_idmap_get_domains: could not enumerate trusted domains\n"));
+ goto out;
+ }
- /* show trusted domains */
- DEBUG(10,("rid_idmap_get_domains: scan for trusted domains gave %d results:\n", trusted_num_domains));
- for (i=0; i<trusted_num_domains; i++) {
- sid_to_string(sid_str, &trusted_domain_sids[i]);
- DEBUGADD(10,("rid_idmap_get_domains:\t#%d\tDOMAIN: [%s], SID: [%s]\n",
- i, trusted_domain_names[i], sid_str));
- }
+ /* show trusted domains */
+ DEBUG(10,("rid_idmap_get_domains: scan for trusted domains gave %d results:\n", trusted_num_domains));
+ for (i=0; i<trusted_num_domains; i++) {
+ sid_to_string(sid_str, &trusted_domain_sids[i]);
+ DEBUGADD(10,("rid_idmap_get_domains:\t#%d\tDOMAIN: [%s], SID: [%s]\n",
+ i, trusted_domain_names[i], sid_str));
}
/* put the results together */
*num_domains = trusted_num_domains + 1;
- *domain_names = (fstring *) malloc(sizeof(fstring) * *num_domains);
- *domain_sids = (DOM_SID *) malloc(sizeof(DOM_SID) * *num_domains);
+ *domain_names = (fstring *) realloc(domain_names, sizeof(fstring) * *num_domains);
+ *domain_sids = (DOM_SID *) realloc(domain_sids, sizeof(DOM_SID) * *num_domains);
/* first add myself at the end*/
fstrcpy((*domain_names)[0], domain_name);