From 96f590807f82b7f104661020432318e3739e0b30 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sun, 6 May 2007 19:37:13 +0000 Subject: r22705: Implement new set_dc_type_and_flags() called based on the information return from our DC in the DsEnumerateDomainTrusts() call. If the fails, we callback ot the older connect-to-the-remote-domain method. Note that this means we can only reliably expect the native_mode flag to be set for our own domain as this information in not available outside our primary domain from the trusted information. This is ok as we only really need the flag when trying to determine to enumerate domain local groups via RPC. Use the AD flag rather than the native_mode flag when using ldap to obtain the seq_num for a domain. (This used to be commit 4b4148a9642f03b8f27dda2132708bcc0cbb3b8e) --- source3/nsswitch/winbindd_util.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'source3/nsswitch/winbindd_util.c') diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index 56de808c2d..d58fffd0db 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -1233,3 +1233,33 @@ void ws_name_return( char *name, char replace ) return; } + +/********************************************************************* + ********************************************************************/ + +BOOL winbindd_can_contact_domain( struct winbindd_domain *domain ) +{ + /* We can contact the domain if it is our primary domain */ + + if ( domain->primary ) + return True; + + /* Can always contact a domain that is in out forest */ + + if ( domain->domain_flags & DS_DOMAIN_IN_FOREST ) + return True; + + /* We cannot contact the domain if it is running AD and + we have no inbound trust */ + + if ( domain->active_directory && + ((domain->domain_flags&DS_DOMAIN_DIRECT_INBOUND) != DS_DOMAIN_DIRECT_INBOUND) ) + { + return False; + } + + /* Assume everything else is ok (probably not true but what + can you do?) */ + + return True; +} -- cgit