sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

winbindd: add add_trusted_domain_from_auth

Browse Source 
Function to add a new trusted domain to the domain list and TDC after an
successfull authentication. On Member servers only, not on DCs though.

Signed-off-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
Ralph Boehme 2017-11-29 10:10:38 +01:00 committed by Karolin Seeger
parent b2ea3606a7
commit f4d27f2bf9
2 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
source3/winbindd/winbindd_proto.h
View File

@ -440,6 +440,9 @@ struct winbindd_domain *domain_list(void);
struct winbindd_domain *wb_next_domain(struct winbindd_domain *domain);
bool set_routing_domain(struct winbindd_domain *domain,
const struct winbindd_domain *routing_domain);
bool add_trusted_domain_from_auth(uint16_t validation_level,
struct info3_text *info3,
struct info6_text *info6);
bool domain_is_forest_root(const struct winbindd_domain *domain);
void rescan_trusted_domains(struct tevent_context *ev, struct tevent_timer *te,
struct timeval now, void *private_data);

55
source3/winbindd/winbindd_util.c
View File

@ -303,6 +303,61 @@ bool set_routing_domain(struct winbindd_domain *domain,
return true;
}
bool add_trusted_domain_from_auth(uint16_t validation_level,
struct info3_text *info3,
struct info6_text *info6)
{
struct winbindd_domain *domain = NULL;
struct dom_sid domain_sid;
const char *dns_domainname = NULL;
NTSTATUS status;
bool ok;
/*
* We got a successfull auth from a domain that might not yet be in our
* domain list. If we're a member we trust our DC who authenticated the
* user from that domain and add the domain to our list on-the-fly. If
* we're a DC we rely on configured trusts and don't add on-the-fly.
*/
if (IS_DC) {
return true;
}
ok = dom_sid_parse(info3->dom_sid, &domain_sid);
if (!ok) {
DBG_NOTICE("dom_sid_parse [%s] failed\n", info3->dom_sid);
return false;
}
if (validation_level == 6) {
dns_domainname = &info6->dns_domainname[0];
}
status = add_trusted_domain(info3->logon_dom,
dns_domainname,
&domain_sid,
0,
NETR_TRUST_FLAG_OUTBOUND,
0,
SEC_CHAN_NULL,
&domain);
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_DOMAIN))
{
DBG_DEBUG("Adding domain [%s] with sid [%s] failed\n",
info3->logon_dom, info3->dom_sid);
return false;
}
ok = set_routing_domain(domain, find_default_route_domain());
if (!ok) {
return false;
}
return true;
}
bool domain_is_forest_root(const struct winbindd_domain *domain)
{
const uint32_t fr_flags =