winbindd: prepare find_lookup_domain_from_{name,sid}() transitive trusts on a DC

author Stefan Metzmacher <metze@samba.org>

Mon, 15 Jan 2018 11:06:50 +0000 (12:06 +0100)

committer Ralph Boehme <slow@samba.org>

Sat, 10 Feb 2018 07:35:16 +0000 (08:35 +0100)
author Stefan Metzmacher <metze@samba.org>
Mon, 15 Jan 2018 11:06:50 +0000 (12:06 +0100)
committer Ralph Boehme <slow@samba.org>
Sat, 10 Feb 2018 07:35:16 +0000 (08:35 +0100)
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c

index 876ee69a4b6eb43e2ccd420ca1e32881ee1ad71c..c190ad26ddff08bc29fd94b7d31b6aed3ff0325a 100644 (file)
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1488,15 +1488,31 @@ struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid)
                 return find_domain_from_sid(get_global_sam_sid());
         }
  
-       /* A DC can't ask the local smbd for remote SIDs, here winbindd is the
-        * one to contact the external DC's. On member servers the internal
-        * domains are different: These are part of the local SAM. */
+       /*
+        * On member servers the internal domains are different: These are part
+        * of the local SAM.
+        */
  
-       if (IS_DC || is_internal_domain(sid) || is_in_internal_domain(sid)) {
+       if (is_internal_domain(sid) || is_in_internal_domain(sid)) {
                 DEBUG(10, ("calling find_domain_from_sid\n"));
                 return find_domain_from_sid(sid);
         }
  
+       if (IS_DC) {
+               struct winbindd_domain *domain = NULL;
+
+               domain = find_domain_from_sid_noinit(sid);
+               if (domain == NULL) {
+                       return NULL;
+               }
+
+               if (domain->secure_channel_type != SEC_CHAN_NULL) {
+                       return domain;
+               }
+
+               return domain->routing_domain;
+       }
+
         /* On a member server a query for SID or name can always go to our
          * primary DC. */
  
@@ -1516,10 +1532,24 @@ struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name)
                 return find_domain_from_name_noinit( get_global_sam_name() );
         }
  
-       if (IS_DC || strequal(domain_name, "BUILTIN") ||
+       if (strequal(domain_name, "BUILTIN") ||
             strequal(domain_name, get_global_sam_name()))
                 return find_domain_from_name_noinit(domain_name);
  
+       if (IS_DC) {
+               struct winbindd_domain *domain = NULL;
+
+               domain = find_domain_from_name_noinit(domain_name);
+               if (domain == NULL) {
+                       return NULL;
+               }
+
+               if (domain->secure_channel_type != SEC_CHAN_NULL) {
+                       return domain;
+               }
+
+               return domain->routing_domain;
+       }
  
         return find_our_domain();
  }
author	Stefan Metzmacher <metze@samba.org>
	Mon, 15 Jan 2018 11:06:50 +0000 (12:06 +0100)
committer	Ralph Boehme <slow@samba.org>
	Sat, 10 Feb 2018 07:35:16 +0000 (08:35 +0100)