]>
Commit | Line | Data |
---|---|---|
1d13e637 AF |
1 | commit 9dd0bb462b613a5f6f41d4130bfd31c0a64debd7 |
2 | Author: Jeremy Allison <jra@samba.org> | |
3 | AuthorDate: Mon Jan 13 15:23:00 2014 +0100 | |
4 | Commit: Andreas Schneider <asn@samba.org> | |
5 | CommitDate: Wed Feb 5 11:45:44 2014 +0100 | |
6 | ||
7 | s3-winbind: Move setup_domain_child() into add_trusted_domain(). | |
8 | ||
9 | Ensure it only gets called when a new domain is allocated | |
10 | and added to the list. | |
11 | ||
12 | This should fix problems with the previous logic where | |
13 | setup_domain_child() was called in places where an existing | |
14 | domain was returned. | |
15 | ||
16 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358 | |
17 | --- | |
18 | source3/winbindd/winbindd_util.c | 74 ++++++++++++++++++---------------------- | |
19 | 1 file changed, 33 insertions(+), 41 deletions(-) | |
20 | ||
21 | diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c | |
22 | index 37b6578..353722e 100644 | |
23 | --- a/source3/winbindd/winbindd_util.c | |
24 | +++ b/source3/winbindd/winbindd_util.c | |
25 | @@ -89,7 +89,10 @@ static bool is_in_internal_domain(const struct dom_sid *sid) | |
26 | } | |
27 | ||
28 | ||
29 | -/* Add a trusted domain to our list of domains */ | |
30 | +/* Add a trusted domain to our list of domains. | |
31 | + If the domain already exists in the list, | |
32 | + return it and don't re-initialize. | |
33 | + */ | |
34 | static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name, | |
35 | struct winbindd_methods *methods, | |
36 | const struct dom_sid *sid) | |
37 | @@ -99,6 +102,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const | |
38 | char *idmap_config_option; | |
39 | const char *param; | |
40 | const char **ignored_domains, **dom; | |
41 | + int role = lp_server_role(); | |
42 | ||
43 | ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL); | |
44 | for (dom=ignored_domains; dom && *dom; dom++) { | |
45 | @@ -146,7 +150,10 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const | |
46 | ||
47 | if (domain != NULL) { | |
48 | /* | |
49 | - * We found a match. Possibly update the SID | |
50 | + * We found a match on domain->name or | |
51 | + * domain->alt_name. Possibly update the SID | |
52 | + * if the stored SID was the NULL SID | |
53 | + * and return the matching entry. | |
54 | */ | |
55 | if ((sid != NULL) | |
56 | && dom_sid_equal(&domain->sid, &global_sid_NULL)) { | |
57 | @@ -192,6 +199,15 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const | |
58 | sid_copy(&domain->sid, sid); | |
59 | } | |
60 | ||
61 | + /* Is this our primary domain ? */ | |
62 | + if (strequal(domain_name, get_global_sam_name()) && | |
63 | + (role != ROLE_DOMAIN_MEMBER)) { | |
64 | + domain->primary = true; | |
65 | + } else if (strequal(domain_name, lp_workgroup()) && | |
66 | + (role == ROLE_DOMAIN_MEMBER)) { | |
67 | + domain->primary = true; | |
68 | + } | |
69 | + | |
70 | /* Link to domain list */ | |
71 | DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *); | |
72 | ||
73 | @@ -228,6 +244,8 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const | |
74 | ||
75 | done: | |
76 | ||
77 | + setup_domain_child(domain); | |
78 | + | |
79 | DEBUG(2,("Added domain %s %s %s\n", | |
80 | domain->name, domain->alt_name, | |
81 | &domain->sid?sid_string_dbg(&domain->sid):"")); | |
82 | @@ -341,18 +359,10 @@ static void trustdom_list_done(struct tevent_req *req) | |
83 | necessary. This is important because we need the | |
84 | SID for sibling domains */ | |
85 | ||
86 | - if ( find_domain_from_name_noinit(p) != NULL ) { | |
87 | - domain = add_trusted_domain(p, alternate_name, | |
88 | - &cache_methods, | |
89 | - &sid); | |
90 | - } else { | |
91 | - domain = add_trusted_domain(p, alternate_name, | |
92 | - &cache_methods, | |
93 | - &sid); | |
94 | - if (domain) { | |
95 | - setup_domain_child(domain); | |
96 | - } | |
97 | - } | |
98 | + (void)add_trusted_domain(p, alternate_name, | |
99 | + &cache_methods, | |
100 | + &sid); | |
101 | + | |
102 | p=q; | |
103 | if (p != NULL) | |
104 | p += 1; | |
105 | @@ -422,13 +432,10 @@ static void rescan_forest_root_trusts( void ) | |
106 | d = find_domain_from_name_noinit( dom_list[i].domain_name ); | |
107 | ||
108 | if ( !d ) { | |
109 | - d = add_trusted_domain( dom_list[i].domain_name, | |
110 | + (void)add_trusted_domain( dom_list[i].domain_name, | |
111 | dom_list[i].dns_name, | |
112 | &cache_methods, | |
113 | - &dom_list[i].sid ); | |
114 | - if (d != NULL) { | |
115 | - setup_domain_child(d); | |
116 | - } | |
117 | + &dom_list[i].sid); | |
118 | } | |
119 | ||
120 | if (d == NULL) { | |
121 | @@ -494,13 +501,10 @@ static void rescan_forest_trusts( void ) | |
122 | about it */ | |
123 | ||
124 | if ( !d ) { | |
125 | - d = add_trusted_domain( dom_list[i].domain_name, | |
126 | + (void)add_trusted_domain( dom_list[i].domain_name, | |
127 | dom_list[i].dns_name, | |
128 | &cache_methods, | |
129 | - &dom_list[i].sid ); | |
130 | - if (d != NULL) { | |
131 | - setup_domain_child(d); | |
132 | - } | |
133 | + &dom_list[i].sid); | |
134 | } | |
135 | ||
136 | if (d == NULL) { | |
137 | @@ -601,7 +605,6 @@ enum winbindd_result winbindd_dual_init_connection(struct winbindd_domain *domai | |
138 | /* Look up global info for the winbind daemon */ | |
139 | bool init_domain_list(void) | |
140 | { | |
141 | - struct winbindd_domain *domain; | |
142 | int role = lp_server_role(); | |
143 | ||
144 | /* Free existing list */ | |
145 | @@ -609,26 +612,18 @@ bool init_domain_list(void) | |
146 | ||
147 | /* BUILTIN domain */ | |
148 | ||
149 | - domain = add_trusted_domain("BUILTIN", NULL, &cache_methods, | |
150 | - &global_sid_Builtin); | |
151 | - if (domain) { | |
152 | - setup_domain_child(domain); | |
153 | - } | |
154 | + (void)add_trusted_domain("BUILTIN", NULL, &cache_methods, | |
155 | + &global_sid_Builtin); | |
156 | ||
157 | /* Local SAM */ | |
158 | ||
159 | - domain = add_trusted_domain(get_global_sam_name(), NULL, | |
160 | - &cache_methods, get_global_sam_sid()); | |
161 | - if (domain) { | |
162 | - if ( role != ROLE_DOMAIN_MEMBER ) { | |
163 | - domain->primary = True; | |
164 | - } | |
165 | - setup_domain_child(domain); | |
166 | - } | |
167 | + (void)add_trusted_domain(get_global_sam_name(), NULL, | |
168 | + &cache_methods, get_global_sam_sid()); | |
169 | ||
170 | /* Add ourselves as the first entry. */ | |
171 | ||
172 | if ( role == ROLE_DOMAIN_MEMBER ) { | |
173 | + struct winbindd_domain *domain; | |
174 | struct dom_sid our_sid; | |
175 | ||
176 | if (!secrets_fetch_domain_sid(lp_workgroup(), &our_sid)) { | |
177 | @@ -639,9 +634,6 @@ bool init_domain_list(void) | |
178 | domain = add_trusted_domain( lp_workgroup(), lp_realm(), | |
179 | &cache_methods, &our_sid); | |
180 | if (domain) { | |
181 | - domain->primary = True; | |
182 | - setup_domain_child(domain); | |
183 | - | |
184 | /* Even in the parent winbindd we'll need to | |
185 | talk to the DC, so try and see if we can | |
186 | contact it. Theoretically this isn't neccessary |