1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

* fixed volker's wbinfo -a lockup again. This one was my fault.

It was caused by the winbind_ping() call in is_trusted_domain()

  o if we are a DC then we check our own direct trust relationships
    we have to rely on winbindd to update the truatdom_cache
  o if we are a domain member, then we can update the trustdom_cache
    ourselves if winbindd is not there
(This used to be commit 22dfcafb37)
This commit is contained in:
Gerald Carter 2003-07-01 17:51:52 +00:00
parent 125ab5463b
commit 814968d41b
2 changed files with 63 additions and 61 deletions

View File

@ -1,4 +1,4 @@
/*
/*
Unix SMB/CIFS implementation.
Authentication utility functions
Copyright (C) Andrew Tridgell 1992-1998
@ -1258,4 +1258,47 @@ NTSTATUS nt_status_squash(NTSTATUS nt_status)
}
/**
* Verify whether or not given domain is trusted.
*
* @param domain_name name of the domain to be verified
* @return true if domain is one of the trusted once or
* false if otherwise
**/
BOOL is_trusted_domain(const char* dom_name)
{
DOM_SID trustdom_sid;
char *pass = NULL;
time_t lct;
BOOL ret;
/* if we are a DC, then check for a direct trust relationships */
if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
become_root();
ret = secrets_fetch_trusted_domain_password(dom_name, &pass, &trustdom_sid, &lct);
unbecome_root();
SAFE_FREE(pass);
if (ret)
return True;
}
else {
/* if winbindd is not up and we are a domain member) then we need to update the
trustdom_cache ourselves */
if ( !winbind_ping() )
update_trustdom_cache();
}
/* now the trustdom cache should be available a DC could still
* have a transitive trust so fall back to the cache of trusted
* domains (like a domain member would use */
if ( trustdom_cache_fetch(dom_name, &trustdom_sid) ) {
return True;
}
return False;
}

View File

@ -1,4 +1,4 @@
/*
/*
* Unix SMB/CIFS implementation.
* Routines to operate on various trust relationships
* Copyright (C) Andrew Bartlett 2001
@ -127,8 +127,8 @@ NTSTATUS trust_pw_find_change_and_store_it(struct cli_state *cli,
Enumerate the list of trusted domains from a DC
*********************************************************************/
BOOL enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
char ***domain_names, uint32 *num_domains,
BOOL enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
char ***domain_names, uint32 *num_domains,
DOM_SID **sids )
{
POLICY_HND pol;
@ -138,36 +138,36 @@ BOOL enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
uint32 enum_ctx = 0;
struct cli_state *cli = NULL;
BOOL retry;
*domain_names = NULL;
*num_domains = 0;
*sids = NULL;
/* lookup a DC first */
if ( !get_dc_name(domain, dc_name, &dc_ip) ) {
DEBUG(3,("enumerate_domain_trusts: can't locate a DC for domain %s\n",
domain));
return False;
}
/* setup the anonymous connection */
result = cli_full_connection( &cli, global_myname(), dc_name, &dc_ip, 0, "IPC$", "IPC",
result = cli_full_connection( &cli, global_myname(), dc_name, &dc_ip, 0, "IPC$", "IPC",
"", "", "", 0, &retry);
if ( !NT_STATUS_IS_OK(result) )
goto done;
/* open the LSARPC_PIPE */
if ( !cli_nt_session_open( cli, PI_LSARPC ) ) {
result = NT_STATUS_UNSUCCESSFUL;
goto done;
}
/* get a handle */
result = cli_lsa_open_policy(cli, mem_ctx, True,
result = cli_lsa_open_policy(cli, mem_ctx, True,
POLICY_VIEW_LOCAL_INFORMATION, &pol);
if ( !NT_STATUS_IS_OK(result) )
goto done;
@ -176,56 +176,15 @@ BOOL enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
num_domains, domain_names, sids);
if ( !NT_STATUS_IS_OK(result) )
if ( !NT_STATUS_IS_OK(result) )
goto done;
done:
done:
/* cleanup */
cli_nt_session_close( cli );
cli_shutdown( cli );
return NT_STATUS_IS_OK(result);
}
/**
* Verify whether or not given domain is trusted.
*
* @param domain_name name of the domain to be verified
* @return true if domain is one of the trusted once or
* false if otherwise
**/
BOOL is_trusted_domain(const char* dom_name)
{
DOM_SID trustdom_sid;
char *pass = NULL;
time_t lct;
BOOL ret;
/* if we are a DC, then check for a direct trust relationships */
if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
ret = secrets_fetch_trusted_domain_password(dom_name, &pass, &trustdom_sid, &lct);
SAFE_FREE(pass);
if (ret)
return True;
}
/* if winbindd is not up then we need to update the trustdom_cache ourselves */
if ( !winbind_ping() )
update_trustdom_cache();
/* now the trustdom cache should be available a DC could still
* have a transitive trust so fall back to the cache of trusted
* domains (like a domain member would use */
if ( trustdom_cache_fetch(dom_name, &trustdom_sid) ) {
return True;
}
return False;
}