diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/Makefile.in | 3 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_group.c | 18 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_sid.c | 5 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_util.c | 5 |
4 files changed, 27 insertions, 4 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 0441fedfc1..2556658bc3 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -139,8 +139,7 @@ EVERYTHING_PROGS = bin/debug2html@EXEEXT@ bin/smbfilter@EXEEXT@ bin/talloctort@E SHLIBS = @SHLIB_PROGS@ @LIBSMBCLIENT@ -SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/addtosmbpass $(srcdir)/script/convert_smbpasswd \ - $(builddir)/script/findsmb +SCRIPTS = $(srcdir)/script/smbtar $(builddir)/script/findsmb QUOTAOBJS=@QUOTAOBJS@ diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index d06db5943c..b3ded2a2f4 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -210,6 +210,11 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) if (!parse_domain_user(tmp, name_domain, name_group)) return WINBINDD_ERROR; + /* fail if we are a PDC and this is our domain; should be done by passdb */ + + if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( domain->name, lp_workgroup()) ) + return WINBINDD_ERROR; + /* Get info for the domain */ if ((domain = find_domain_from_name(name_domain)) == NULL) { @@ -405,6 +410,9 @@ static BOOL get_sam_group_entries(struct getent_state *ent) if (ent->got_sam_entries) return False; + + if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp(lp_workgroup(), ent->domain_name)) + return False; if (!(mem_ctx = talloc_init("get_sam_group_entries(%s)", ent->domain_name))) { @@ -741,6 +749,11 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state) for (domain = domain_list(); domain; domain = domain->next) { struct getent_state groups; + + /* fail if we are a PDC and this is our domain; should be done by passdb */ + + if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( domain->name, lp_workgroup()) ) + continue; ZERO_STRUCT(groups); @@ -833,6 +846,11 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) name_user)) goto done; + /* fail if we are a PDC and this is our domain; should be done by passdb */ + + if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( name_domain, lp_workgroup()) ) + return WINBINDD_ERROR; + /* Get info for the domain */ if ((domain = find_domain_from_name(name_domain)) == NULL) { diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index 6ab2eaa646..41bda7e5bc 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -98,6 +98,11 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state) name_domain = state->request.data.name.dom_name; name_user = state->request.data.name.name; + /* fail if we are a PDC and this is our domain; should be done by passdb */ + + if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( name_domain, lp_workgroup()) ) + return WINBINDD_ERROR; + if ((domain = find_domain_from_name(name_domain)) == NULL) { DEBUG(0, ("could not find domain entry for domain %s\n", name_domain)); diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index b033380206..ef030e2c7b 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -126,7 +126,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const /* see if this is a native mode win2k domain, but only for our own domain */ - if ( strequal( lp_workgroup(), domain_name) ) { + if ( lp_server_role() != ROLE_DOMAIN_PDC && strequal( lp_workgroup(), domain_name) ) { domain->native_mode = cm_check_for_native_mode_win2k( domain_name ); DEBUG(3,("add_trusted_domain: %s is a %s mode domain\n", domain_name, domain->native_mode ? "native" : "mixed" )); @@ -211,6 +211,7 @@ BOOL init_domain_list(void) /* Add ourselves as the first entry */ domain = add_trusted_domain(lp_workgroup(), NULL, &cache_methods, NULL); + if (!secrets_fetch_domain_sid(domain->name, &domain->sid)) { DEBUG(1, ("Could not fetch sid for our domain %s\n", domain->name)); @@ -219,7 +220,7 @@ BOOL init_domain_list(void) /* get any alternate name for the primary domain */ cache_methods.alternate_name(domain); - + /* do an initial scan for trusted domains */ rescan_trusted_domains(True); |