diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2013-06-15 23:01:44 +1000 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2013-07-29 21:36:18 +0200 |
| commit | a629507db95f3d5842f83408708bdd04340e52df (patch) | |
| tree | 600882a866348c91899fae8ba5c4775b144139c3 /source4 | |
| parent | 7ded0ceec146e6283f3b3917888957ee8054d82e (diff) | |
| download | samba-a629507db95f3d5842f83408708bdd04340e52df.tar.gz | |
s4-winbind: Add special case for BUILTIN domain
This should mean that lookups for the BUILTIN domain cause less trouble
then they have in the past, because they will no longer go via the
trusted domain handler.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 20 15:30:00 CEST 2013 on sn-devel-104
(cherry picked from commit 88c72fceb1c86752c52651bdea5b116806dd92c5)
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/winbind/wb_dom_info.c | 5 | ||||
| -rw-r--r-- | source4/winbind/wb_init_domain.c | 38 | ||||
| -rw-r--r-- | source4/winbind/wb_sid2domain.c | 14 |
3 files changed, 37 insertions, 20 deletions
diff --git a/source4/winbind/wb_dom_info.c b/source4/winbind/wb_dom_info.c index e2b5defa525..8c08c73a8f2 100644 --- a/source4/winbind/wb_dom_info.c +++ b/source4/winbind/wb_dom_info.c @@ -67,9 +67,10 @@ struct composite_context *wb_get_dom_info_send(TALLOC_CTX *mem_ctx, state->info->sid = dom_sid_dup(state->info, sid); if (state->info->sid == NULL) goto failed; - if ((lpcfg_server_role(service->task->lp_ctx) != ROLE_DOMAIN_MEMBER) && + if (dom_sid_equal(sid, &global_sid_Builtin) || + ((lpcfg_server_role(service->task->lp_ctx) != ROLE_DOMAIN_MEMBER) && dom_sid_equal(sid, service->primary_sid) && - service->sec_channel_type != SEC_CHAN_RODC) { + service->sec_channel_type != SEC_CHAN_RODC)) { struct interface *ifaces = NULL; load_interface_list(state, service->task->lp_ctx, &ifaces); diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index 70dbaa9ce81..db5eb1d3b6c 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -369,24 +369,26 @@ static void init_domain_recv_queryinfo(struct tevent_req *subreq) state->ctx->status = state->queryinfo.out.result; if (!composite_is_ok(state->ctx)) return; - dominfo = &(*state->queryinfo.out.info)->account_domain; - - if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) { - DEBUG(2, ("Expected domain name %s, DC %s said %s\n", - state->domain->info->name, - dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe), - dominfo->name.string)); - composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE); - return; - } - - if (!dom_sid_equal(state->domain->info->sid, dominfo->sid)) { - DEBUG(2, ("Expected domain sid %s, DC %s said %s\n", - dom_sid_string(state, state->domain->info->sid), - dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe), - dom_sid_string(state, dominfo->sid))); - composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE); - return; + if (!dom_sid_equal(state->domain->info->sid, &global_sid_Builtin)) { + dominfo = &(*state->queryinfo.out.info)->account_domain; + + if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) { + DEBUG(2, ("Expected domain name %s, DC %s said %s\n", + state->domain->info->name, + dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe), + dominfo->name.string)); + composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE); + return; + } + + if (!dom_sid_equal(state->domain->info->sid, dominfo->sid)) { + DEBUG(2, ("Expected domain sid %s, DC %s said %s\n", + dom_sid_string(state, state->domain->info->sid), + dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe), + dom_sid_string(state, dominfo->sid))); + composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE); + return; + } } state->domain->samr_binding = init_domain_binding(state, &ndr_table_samr); diff --git a/source4/winbind/wb_sid2domain.c b/source4/winbind/wb_sid2domain.c index 637fe1d8afc..172a6d0a09a 100644 --- a/source4/winbind/wb_sid2domain.c +++ b/source4/winbind/wb_sid2domain.c @@ -98,6 +98,20 @@ static struct tevent_req *_wb_sid2domain_send(TALLOC_CTX *mem_ctx, return req; } + if (dom_sid_equal(&global_sid_Builtin, sid) || + dom_sid_in_domain(&global_sid_Builtin, sid)) { + ctx = wb_get_dom_info_send(state, service, + "BUILTIN", NULL, + &global_sid_Builtin); + if (tevent_req_nomem(ctx, req)) { + return tevent_req_post(req, ev); + } + ctx->async.fn = wb_sid2domain_recv_dom_info; + ctx->async.private_data = req; + + return req; + } + ctx = wb_cmd_lookupsid_send(state, service, &state->sid); if (tevent_req_nomem(ctx, req)) { return tevent_req_post(req, ev); |