summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/Makefile.in3
-rw-r--r--source3/nsswitch/winbindd_group.c18
-rw-r--r--source3/nsswitch/winbindd_sid.c5
-rw-r--r--source3/nsswitch/winbindd_util.c5
4 files changed, 27 insertions, 4 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 0441fedfc1..2556658bc3 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -139,8 +139,7 @@ EVERYTHING_PROGS = bin/debug2html@EXEEXT@ bin/smbfilter@EXEEXT@ bin/talloctort@E
SHLIBS = @SHLIB_PROGS@ @LIBSMBCLIENT@
-SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/addtosmbpass $(srcdir)/script/convert_smbpasswd \
- $(builddir)/script/findsmb
+SCRIPTS = $(srcdir)/script/smbtar $(builddir)/script/findsmb
QUOTAOBJS=@QUOTAOBJS@
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index d06db5943c..b3ded2a2f4 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -210,6 +210,11 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
if (!parse_domain_user(tmp, name_domain, name_group))
return WINBINDD_ERROR;
+ /* fail if we are a PDC and this is our domain; should be done by passdb */
+
+ if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( domain->name, lp_workgroup()) )
+ return WINBINDD_ERROR;
+
/* Get info for the domain */
if ((domain = find_domain_from_name(name_domain)) == NULL) {
@@ -405,6 +410,9 @@ static BOOL get_sam_group_entries(struct getent_state *ent)
if (ent->got_sam_entries)
return False;
+
+ if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp(lp_workgroup(), ent->domain_name))
+ return False;
if (!(mem_ctx = talloc_init("get_sam_group_entries(%s)",
ent->domain_name))) {
@@ -741,6 +749,11 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state)
for (domain = domain_list(); domain; domain = domain->next) {
struct getent_state groups;
+
+ /* fail if we are a PDC and this is our domain; should be done by passdb */
+
+ if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( domain->name, lp_workgroup()) )
+ continue;
ZERO_STRUCT(groups);
@@ -833,6 +846,11 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
name_user))
goto done;
+ /* fail if we are a PDC and this is our domain; should be done by passdb */
+
+ if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( name_domain, lp_workgroup()) )
+ return WINBINDD_ERROR;
+
/* Get info for the domain */
if ((domain = find_domain_from_name(name_domain)) == NULL) {
diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c
index 6ab2eaa646..41bda7e5bc 100644
--- a/source3/nsswitch/winbindd_sid.c
+++ b/source3/nsswitch/winbindd_sid.c
@@ -98,6 +98,11 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state)
name_domain = state->request.data.name.dom_name;
name_user = state->request.data.name.name;
+ /* fail if we are a PDC and this is our domain; should be done by passdb */
+
+ if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( name_domain, lp_workgroup()) )
+ return WINBINDD_ERROR;
+
if ((domain = find_domain_from_name(name_domain)) == NULL) {
DEBUG(0, ("could not find domain entry for domain %s\n",
name_domain));
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index b033380206..ef030e2c7b 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -126,7 +126,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
/* see if this is a native mode win2k domain, but only for our own domain */
- if ( strequal( lp_workgroup(), domain_name) ) {
+ if ( lp_server_role() != ROLE_DOMAIN_PDC && strequal( lp_workgroup(), domain_name) ) {
domain->native_mode = cm_check_for_native_mode_win2k( domain_name );
DEBUG(3,("add_trusted_domain: %s is a %s mode domain\n", domain_name,
domain->native_mode ? "native" : "mixed" ));
@@ -211,6 +211,7 @@ BOOL init_domain_list(void)
/* Add ourselves as the first entry */
domain = add_trusted_domain(lp_workgroup(), NULL, &cache_methods, NULL);
+
if (!secrets_fetch_domain_sid(domain->name, &domain->sid)) {
DEBUG(1, ("Could not fetch sid for our domain %s\n",
domain->name));
@@ -219,7 +220,7 @@ BOOL init_domain_list(void)
/* get any alternate name for the primary domain */
cache_methods.alternate_name(domain);
-
+
/* do an initial scan for trusted domains */
rescan_trusted_domains(True);