From: Günther Deschner <gd@samba.org>
Date: Tue, 15 May 2007 13:46:26 +0000 (+0000)
Subject: r22903: Now that we have the on-disc trustdomaincache with type flags we can better
X-Git-Tag: samba-misc-tags/initial-v3-0-unstable~451
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=203391623b31bce71268c6e8fc955eab348e92f0;p=thirdparty%2Fsamba.git

r22903: Now that we have the on-disc trustdomaincache with type flags we can better
decide whether it's worth to register a krb5 ticket gain handler while users
logon offline.

Guenther
---

diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c
index c82ac2b0bad..c7c18fb7029 100644
--- a/source/nsswitch/winbindd_pam.c
+++ b/source/nsswitch/winbindd_pam.c
@@ -784,6 +784,9 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 	NET_USER_INFO_3 *my_info3;
 	time_t kickoff_time, must_change_time;
 	BOOL password_good = False;
+#ifdef HAVE_KRB5
+	struct winbindd_tdc_domain *tdc_domain = NULL;
+#endif
 
 	*info3 = NULL;
 
@@ -894,9 +897,9 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 		}
 	
 #ifdef HAVE_KRB5
-		/* FIXME: what else points out that the remote domain is AD ? */
-		if (!strequal(domain->name, domain->alt_name) &&
-		    (state->request.flags & WBFLAG_PAM_KRB5)) {
+		if ((state->request.flags & WBFLAG_PAM_KRB5) &&
+		    ((tdc_domain = wcache_tdc_fetch_domain(state->mem_ctx, name_domain)) != NULL) &&
+		    (tdc_domain->trust_type & DS_DOMAIN_TRUST_TYPE_UPLEVEL)) {
 
 			uid_t uid = -1;
 			const char *cc = NULL;