diff options
Diffstat (limited to 'source3/nsswitch')
| -rw-r--r-- | source3/nsswitch/winbindd.c | 4 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_cm.c | 61 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_misc.c | 3 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_util.c | 9 |
4 files changed, 58 insertions, 19 deletions
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 5b9c5418a1..d394a57837 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -521,10 +521,6 @@ static void process_loop(int accept_sock) message_dispatch(); - /* rescan the trusted domains list. This must be done - regularly to cope with transitive trusts */ - rescan_trusted_domains(); - /* Free up temporary memory */ lp_talloc_free(); diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index 3b83fde95b..5f477c78f7 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -140,31 +140,80 @@ static BOOL cm_ads_find_dc(const char *domain, struct in_addr *dc_ip, fstring sr */ static BOOL cm_rpc_find_dc(const char *domain, struct in_addr *dc_ip, fstring srv_name) { - struct in_addr *ip_list = NULL; + struct in_addr *ip_list = NULL, exclude_ip; int count, i; - if (!get_dc_list(False, domain, &ip_list, &count) && - !get_dc_list(True, domain, &ip_list, &count)) { + zero_ip(&exclude_ip); + + /* Lookup domain controller name. Try the real PDC first to avoid + SAM sync delays */ + + if (get_dc_list(True, domain, &ip_list, &count)) { + if (name_status_find(domain, 0x1c, 0x20, ip_list[0], srv_name)) { + *dc_ip = ip_list[0]; + SAFE_FREE(ip_list); + return True; + } + /* Didn't get name, remember not to talk to this DC. */ + exclude_ip = ip_list[0]; + SAFE_FREE(ip_list); + } + + if (!get_dc_list(False, domain, &ip_list, &count)) { DEBUG(3, ("Could not look up dc's for domain %s\n", domain)); return False; } - /* Pick a nice close server */ - if (count > 1) { - qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare); + /* Remove the entry we've already failed with (should be the PDC). */ + for (i = 0; i < count; i++) { + if (ip_equal( exclude_ip, ip_list[i])) + zero_ip(&ip_list[i]); } + /* Pick a nice close server */ + /* Look for DC on local net */ for (i = 0; i < count; i++) { if (is_zero_ip(ip_list[i])) continue; + if (!is_local_net(ip_list[i])) + continue; + if (name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) { *dc_ip = ip_list[i]; SAFE_FREE(ip_list); return True; } + zero_ip(&ip_list[i]); + } + + /* + * Secondly try and contact a random PDC/BDC. + */ + + i = (sys_random() % count); + + if (!is_zero_ip(ip_list[i]) && + name_status_find(domain, 0x1c, 0x20, + ip_list[i], srv_name)) { + *dc_ip = ip_list[i]; + SAFE_FREE(ip_list); + return True; } + zero_ip(&ip_list[i]); /* Tried and failed. */ + + /* Finally return first DC that we can contact using a node + status */ + for (i = 0; i < count; i++) { + if (is_zero_ip(ip_list[i])) + continue; + if (name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) { + *dc_ip = ip_list[i]; + SAFE_FREE(ip_list); + return True; + } + } SAFE_FREE(ip_list); diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c index c2e744c0a7..45f2d42f98 100644 --- a/source3/nsswitch/winbindd_misc.c +++ b/source3/nsswitch/winbindd_misc.c @@ -182,8 +182,7 @@ enum winbindd_result winbindd_show_sequence(struct winbindd_cli_state *state) } state->response.extra_data = extra_data; - /* must add one to length to copy the 0 for string termination */ - state->response.length += strlen(extra_data) + 1; + state->response.length += strlen(extra_data); return WINBINDD_OK; } diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index fd3e547afb..00354187aa 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -153,17 +153,12 @@ void rescan_trusted_domains(void) static time_t last_scan; time_t t = time(NULL); - /* trusted domains might be disabled */ - if (!lp_allow_trusted_domains()) { - return; - } - /* ony rescan every few minutes */ if ((unsigned)(t - last_scan) < WINBINDD_RESCAN_FREQ) { return; } - last_scan = t; - + last_scan = time(NULL); + DEBUG(1, ("scanning trusted domain list\n")); if (!(mem_ctx = talloc_init_named("init_domain_list"))) |