diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-06-19 10:43:25 +0200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-12-13 20:34:24 +0100 |
| commit | ec646089f28338a505295aa56c2ebabaf30995b1 (patch) | |
| tree | f51184682686101d6a02af0620f8d38f75fb85cc | |
| parent | e2a052b3bb8569df97aede7bcea08f69839fe7fa (diff) | |
| download | samba-ec646089f28338a505295aa56c2ebabaf30995b1.tar.gz | |
s3:auth: is_trusted_domain() is now only useful (and used as DC)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| -rw-r--r-- | source3/auth/auth_util.c | 59 |
1 files changed, 10 insertions, 49 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index fbc36423e2b..464fe25abcc 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1505,6 +1505,8 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, /** * Verify whether or not given domain is trusted. * + * This should only be used on a DC. + * * @param domain_name name of the domain to be verified * @return true if domain is one of the trusted ones or * false if otherwise @@ -1512,13 +1514,11 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, bool is_trusted_domain(const char* dom_name) { - struct dom_sid trustdom_sid; bool ret; - /* no trusted domains for a standalone server */ - - if ( lp_server_role() == ROLE_STANDALONE ) + if (!IS_DC) { return false; + } if (dom_name == NULL || dom_name[0] == '\0') { return false; @@ -1528,52 +1528,13 @@ bool is_trusted_domain(const char* dom_name) return false; } - /* if we are a DC, then check for a direct trust relationships */ - - if ( IS_DC ) { - become_root(); - DEBUG (5,("is_trusted_domain: Checking for domain trust with " - "[%s]\n", dom_name )); - ret = pdb_get_trusteddom_pw(dom_name, NULL, NULL, NULL); - unbecome_root(); - if (ret) - return true; - } - else { - wbcErr result; - - /* If winbind is around, ask it */ - - result = wb_is_trusted_domain(dom_name); - - if (result == WBC_ERR_SUCCESS) { - return true; - } - - if (result == WBC_ERR_DOMAIN_NOT_FOUND) { - /* winbind could not find the domain */ - return false; - } - - DEBUG(10, ("wb_is_trusted_domain returned error: %s\n", - wbcErrorString(result))); - - /* The only other possible result is that winbind is not up - and running. We need to update the trustdom_cache - ourselves */ - - update_trustdom_cache(); - } - - /* now the trustdom cache should be available a DC could still - * have a transitive trust so fall back to the cache of trusted - * domains (like a domain member would use */ + become_root(); + DEBUG (5,("is_trusted_domain: Checking for domain trust with " + "[%s]\n", dom_name )); + ret = pdb_get_trusteddom_pw(dom_name, NULL, NULL, NULL); + unbecome_root(); - if ( trustdom_cache_fetch(dom_name, &trustdom_sid) ) { - return true; - } - - return false; + return ret; } |