-/*
+/*
Unix SMB/CIFS implementation.
Authentication utility functions
Copyright (C) Andrew Tridgell 1992-1998
}
+/**
+ * Verify whether or not given domain is trusted.
+ *
+ * @param domain_name name of the domain to be verified
+ * @return true if domain is one of the trusted once or
+ * false if otherwise
+ **/
+
+BOOL is_trusted_domain(const char* dom_name)
+{
+ DOM_SID trustdom_sid;
+ char *pass = NULL;
+ time_t lct;
+ BOOL ret;
+
+ /* if we are a DC, then check for a direct trust relationships */
+
+ if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
+ become_root();
+ ret = secrets_fetch_trusted_domain_password(dom_name, &pass, &trustdom_sid, &lct);
+ unbecome_root();
+ SAFE_FREE(pass);
+ if (ret)
+ return True;
+ }
+ else {
+ /* if winbindd is not up and we are a domain member) then we need to update the
+ trustdom_cache ourselves */
+
+ if ( !winbind_ping() )
+ update_trustdom_cache();
+ }
+
+ /* now the trustdom cache should be available a DC could still
+ * have a transitive trust so fall back to the cache of trusted
+ * domains (like a domain member would use */
+
+ if ( trustdom_cache_fetch(dom_name, &trustdom_sid) ) {
+ return True;
+ }
+
+ return False;
+}
-/*
+/*
* Unix SMB/CIFS implementation.
* Routines to operate on various trust relationships
* Copyright (C) Andrew Bartlett 2001
Enumerate the list of trusted domains from a DC
*********************************************************************/
-BOOL enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
- char ***domain_names, uint32 *num_domains,
+BOOL enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
+ char ***domain_names, uint32 *num_domains,
DOM_SID **sids )
{
POLICY_HND pol;
uint32 enum_ctx = 0;
struct cli_state *cli = NULL;
BOOL retry;
-
+
*domain_names = NULL;
*num_domains = 0;
*sids = NULL;
-
+
/* lookup a DC first */
-
+
if ( !get_dc_name(domain, dc_name, &dc_ip) ) {
DEBUG(3,("enumerate_domain_trusts: can't locate a DC for domain %s\n",
domain));
return False;
}
-
+
/* setup the anonymous connection */
-
- result = cli_full_connection( &cli, global_myname(), dc_name, &dc_ip, 0, "IPC$", "IPC",
+
+ result = cli_full_connection( &cli, global_myname(), dc_name, &dc_ip, 0, "IPC$", "IPC",
"", "", "", 0, &retry);
if ( !NT_STATUS_IS_OK(result) )
goto done;
-
+
/* open the LSARPC_PIPE */
-
+
if ( !cli_nt_session_open( cli, PI_LSARPC ) ) {
result = NT_STATUS_UNSUCCESSFUL;
goto done;
}
-
+
/* get a handle */
-
- result = cli_lsa_open_policy(cli, mem_ctx, True,
+
+ result = cli_lsa_open_policy(cli, mem_ctx, True,
POLICY_VIEW_LOCAL_INFORMATION, &pol);
if ( !NT_STATUS_IS_OK(result) )
goto done;
result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
num_domains, domain_names, sids);
- if ( !NT_STATUS_IS_OK(result) )
+ if ( !NT_STATUS_IS_OK(result) )
goto done;
-
-done:
+
+done:
/* cleanup */
-
+
cli_nt_session_close( cli );
cli_shutdown( cli );
-
- return NT_STATUS_IS_OK(result);
-}
-
-
-/**
- * Verify whether or not given domain is trusted.
- *
- * @param domain_name name of the domain to be verified
- * @return true if domain is one of the trusted once or
- * false if otherwise
- **/
-
-BOOL is_trusted_domain(const char* dom_name)
-{
- DOM_SID trustdom_sid;
- char *pass = NULL;
- time_t lct;
- BOOL ret;
- /* if we are a DC, then check for a direct trust relationships */
-
- if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
- ret = secrets_fetch_trusted_domain_password(dom_name, &pass, &trustdom_sid, &lct);
- SAFE_FREE(pass);
- if (ret)
- return True;
- }
-
- /* if winbindd is not up then we need to update the trustdom_cache ourselves */
-
- if ( !winbind_ping() )
- update_trustdom_cache();
-
- /* now the trustdom cache should be available a DC could still
- * have a transitive trust so fall back to the cache of trusted
- * domains (like a domain member would use */
-
- if ( trustdom_cache_fetch(dom_name, &trustdom_sid) ) {
- return True;
- }
-
- return False;
+ return NT_STATUS_IS_OK(result);
}
git.samba.org / kamenim / samba.git / commitdiff