From 5084d49052f47626b61e53add818fefaacc101b0 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Fri, 3 Jun 2005 15:42:03 +0000
Subject: r7243: Don't look at gencache.tdb for the trusted domains if winbind
 is around.

Volker
(This used to be commit 94acb93f57b963bf137c6ddd644a147f4d0b5175)
---
 source3/auth/auth_util.c     | 23 +++++++++++++++++++----
 source3/nsswitch/wb_client.c | 31 +++++++++++++++++++++++++++++++
 source3/script/mkproto.awk   |  2 +-
 3 files changed, 51 insertions(+), 5 deletions(-)

(limited to 'source3')

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 79205f1206..31bfa2fe01 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1532,11 +1532,26 @@ BOOL is_trusted_domain(const char* dom_name)
 			return True;
 	}
 	else {
-		/* if winbindd is not up and we are a domain member) then we need to update the
-		   trustdom_cache ourselves */
+		NSS_STATUS result;
 
-		if ( !winbind_ping() )
-			update_trustdom_cache();
+		/* If winbind is around, ask it */
+
+		result = wb_is_trusted_domain(dom_name);
+
+		if (result == NSS_STATUS_SUCCESS) {
+			return True;
+		}
+
+		if (result == NSS_STATUS_NOTFOUND) {
+			/* winbind could not find the domain */
+			return False;
+		}
+
+		/* The only other possible result is that winbind is not up
+		   and running. We need to update the trustdom_cache
+		   ourselves */
+		
+		update_trustdom_cache();
 	}
 
 	/* now the trustdom cache should be available a DC could still
diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c
index 6b184b568b..5005f72457 100644
--- a/source3/nsswitch/wb_client.c
+++ b/source3/nsswitch/wb_client.c
@@ -394,4 +394,35 @@ BOOL winbind_ping( void )
 	return result == NSS_STATUS_SUCCESS;
 }
 
+/**********************************************************************
+ Is a domain trusted?
+
+ result == NSS_STATUS_UNAVAIL: winbind not around
+ result == NSS_STATUS_NOTFOUND: winbind around, but domain missing
+
+ Due to a bad API NSS_STATUS_NOTFOUND is returned both when winbind_off and
+ when winbind return WINBINDD_ERROR. So the semantics of this routine depends
+ on winbind_on. Grepping for winbind_off I just found 3 places where winbind
+ is turned off, and this does not conflict (as far as I have seen) with the
+ callers of is_trusted_domains.
+
+ I *hate* global variables....
+
+ Volker
+
+**********************************************************************/
+
+NSS_STATUS wb_is_trusted_domain(const char *domain)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
 
+	/* Call winbindd */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	fstrcpy(request.domain_name, domain);
+
+	return winbindd_request(WINBINDD_DOMAIN_INFO, &request, &response);
+}
diff --git a/source3/script/mkproto.awk b/source3/script/mkproto.awk
index 45cc0821aa..d9223a1973 100644
--- a/source3/script/mkproto.awk
+++ b/source3/script/mkproto.awk
@@ -132,7 +132,7 @@ END {
     gotstart = 1;
   }
 
-  if( $0 ~ /^WINBINDD_PW|^WINBINDD_GR|^NT_PRINTER_INFO_LEVEL_2|^LOGIN_CACHE|^krb5_error_code|^LDAP|^u32|^LUID_ATTR/ ) {
+  if( $0 ~ /^WINBINDD_PW|^WINBINDD_GR|^NT_PRINTER_INFO_LEVEL_2|^LOGIN_CACHE|^krb5_error_code|^LDAP|^u32|^LUID_ATTR|^NSS_STATUS/ ) {
     gotstart = 1;
   }
 
-- 
cgit