From 391a72f3dfc061d6d97752c7e8691f80b4990ba8 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sun, 6 May 2007 20:16:12 +0000 Subject: r22710: Support one-way trusts. * Rely on the fact that name2sid will work for any name in a trusted domain will work against our primary domain (even in the absense of an incoming trust path) * Only logons will reliably work and the idmap backend is responsible for being able to manage id's without contacting the trusted domain * "getent passwd" and "getent group" for trusted users and groups will work but we cannot get the group membership of a user in any fashion without the user first logging on (via NTLM or krb5) and the netsamlogon_cache being updated. (This used to be commit dee2bce2af6aab8308dcef4109cc5248cfba5ef5) --- source3/nsswitch/winbindd_cache.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch/winbindd_cache.c') diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index 7538cddbdf..ceeb4988c2 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -483,9 +483,17 @@ static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force) goto done; /* important! make sure that we know if this is a native - mode domain or not */ + mode domain or not. And that we can contact it. */ + + if ( winbindd_can_contact_domain( domain ) ) { + status = domain->backend->sequence_number(domain, + &domain->sequence_number); + } else { + /* just use the current time */ + status = NT_STATUS_OK; + domain->sequence_number = time(NULL); + } - status = domain->backend->sequence_number(domain, &domain->sequence_number); /* the above call could have set our domain->backend to NULL when * coming from offline to online mode, make sure to reinitialize the @@ -2197,7 +2205,7 @@ void wcache_invalidate_cache(void) } } -static BOOL init_wcache(void) +BOOL init_wcache(void) { if (wcache == NULL) { wcache = SMB_XMALLOC_P(struct winbind_cache); -- cgit