diff options
Diffstat (limited to 'source3/nsswitch/winbindd_util.c')
| -rw-r--r-- | source3/nsswitch/winbindd_util.c | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index 403ba399c8..1a01f1c05e 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -83,6 +83,20 @@ void free_domain_list(void) } } +static BOOL is_internal_domain(const DOM_SID *sid) +{ + DOM_SID tmp_sid; + + if (sid_equal(sid, get_global_sam_sid())) + return True; + + string_to_sid(&tmp_sid, "S-1-5-32"); + if (sid_equal(sid, &tmp_sid)) + return True; + + return False; +} + /* Add a trusted domain to our list of domains */ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name, @@ -143,6 +157,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const domain->methods = methods; domain->backend = NULL; + domain->internal = is_internal_domain(sid); domain->sequence_number = DOM_SEQUENCE_NONE; domain->last_seq_check = 0; if (sid) { @@ -150,8 +165,9 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const } /* set flags about native_mode, active_directory */ - - set_dc_type_and_flags( domain ); + + if (!domain->internal) + set_dc_type_and_flags( domain ); DEBUG(3,("add_trusted_domain: %s is an %s %s domain\n", domain->name, domain->active_directory ? "ADS" : "NT4", @@ -303,6 +319,29 @@ BOOL init_domain_list(void) /* do an initial scan for trusted domains */ add_trusted_domains(domain); + + /* Don't expand aliases if not explicitly activated -- for now */ + /* we don't support windows local nested groups if we are a DC. + refer to to sid_to_gid() in the smbd server code to see why + -- jerry */ + + + if (lp_winbind_nested_groups() || IS_DC) { + + /* Add our local SAM domains */ + DOM_SID sid; + extern struct winbindd_methods passdb_methods; + struct winbindd_domain *dom; + + string_to_sid(&sid, "S-1-5-32"); + + dom = add_trusted_domain("BUILTIN", NULL, &passdb_methods, + &sid); + + dom = add_trusted_domain(get_global_sam_name(), NULL, + &passdb_methods, + get_global_sam_sid()); + } /* avoid rescanning this right away */ last_trustdom_scan = time(NULL); |