s4-winbind: Add special case for BUILTIN domain

This should mean that lookups for the BUILTIN domain cause less trouble
then they have in the past, because they will no longer go via the
trusted domain handler.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 20 15:30:00 CEST 2013 on sn-devel-104

diff --git a/source4/winbind/wb_dom_info.c b/source4/winbind/wb_dom_info.c
index e2b5defa525bbeb96397a94b0143e12ede02d08a..8c08c73a8f2dd85a20ca089f6b4e7dda5801b60a 100644 (file)
--- a/source4/winbind/wb_dom_info.c
+++ b/source4/winbind/wb_dom_info.c
@@ -67,9 +67,10 @@ struct composite_context *wb_get_dom_info_send(TALLOC_CTX *mem_ctx,
        state->info->sid = dom_sid_dup(state->info, sid);
        if (state->info->sid == NULL) goto failed;
 
-       if ((lpcfg_server_role(service->task->lp_ctx) != ROLE_DOMAIN_MEMBER) &&
+       if (dom_sid_equal(sid, &global_sid_Builtin) || 
+           ((lpcfg_server_role(service->task->lp_ctx) != ROLE_DOMAIN_MEMBER) &&
            dom_sid_equal(sid, service->primary_sid) &&
-           service->sec_channel_type != SEC_CHAN_RODC) {
+            service->sec_channel_type != SEC_CHAN_RODC)) {
                struct interface *ifaces = NULL;
 
                load_interface_list(state, service->task->lp_ctx, &ifaces);

diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c
index 70dbaa9ce8101548f2f2fc9479d13ab96437f281..db5eb1d3b6c0f3ef516e8fa7fd430a80cbb85fab 100644 (file)
--- a/source4/winbind/wb_init_domain.c
+++ b/source4/winbind/wb_init_domain.c
@@ -369,24 +369,26 @@ static void init_domain_recv_queryinfo(struct tevent_req *subreq)
        state->ctx->status = state->queryinfo.out.result;
        if (!composite_is_ok(state->ctx)) return;
 
-       dominfo = &(*state->queryinfo.out.info)->account_domain;
-
-       if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) {
-               DEBUG(2, ("Expected domain name %s, DC %s said %s\n",
-                         state->domain->info->name,
-                         dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe),
-                         dominfo->name.string));
-               composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
-               return;
-       }
-
-       if (!dom_sid_equal(state->domain->info->sid, dominfo->sid)) {
-               DEBUG(2, ("Expected domain sid %s, DC %s said %s\n",
-                         dom_sid_string(state, state->domain->info->sid),
-                         dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe),
-                         dom_sid_string(state, dominfo->sid)));
-               composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
-               return;
+       if (!dom_sid_equal(state->domain->info->sid, &global_sid_Builtin)) {
+               dominfo = &(*state->queryinfo.out.info)->account_domain;
+               
+               if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) {
+                       DEBUG(2, ("Expected domain name %s, DC %s said %s\n",
+                                 state->domain->info->name,
+                                 dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe),
+                                 dominfo->name.string));
+                       composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
+                       return;
+               }
+               
+               if (!dom_sid_equal(state->domain->info->sid, dominfo->sid)) {
+                       DEBUG(2, ("Expected domain sid %s, DC %s said %s\n",
+                                 dom_sid_string(state, state->domain->info->sid),
+                                 dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe),
+                                 dom_sid_string(state, dominfo->sid)));
+                       composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
+                       return;
+               }
        }
 
        state->domain->samr_binding = init_domain_binding(state, &ndr_table_samr);

diff --git a/source4/winbind/wb_sid2domain.c b/source4/winbind/wb_sid2domain.c
index 637fe1d8afcc208c0c4b8af55414d54e95627eb9..172a6d0a09aeec2da6f37993cb21e5801dde88e1 100644 (file)
--- a/source4/winbind/wb_sid2domain.c
+++ b/source4/winbind/wb_sid2domain.c
@@ -98,6 +98,20 @@ static struct tevent_req *_wb_sid2domain_send(TALLOC_CTX *mem_ctx,
                return req;
        }
 
+       if (dom_sid_equal(&global_sid_Builtin, sid) ||
+           dom_sid_in_domain(&global_sid_Builtin, sid)) {
+               ctx = wb_get_dom_info_send(state, service,
+                                          "BUILTIN", NULL,
+                                          &global_sid_Builtin);
+               if (tevent_req_nomem(ctx, req)) {
+                       return tevent_req_post(req, ev);
+               }
+               ctx->async.fn = wb_sid2domain_recv_dom_info;
+               ctx->async.private_data = req;
+
+               return req;
+       }
+
        ctx = wb_cmd_lookupsid_send(state, service, &state->sid);
        if (tevent_req_nomem(ctx, req)) {
                return tevent_req_post(req, ev);