domain->domain_trust_attribs = tdc->trust_attribs;
/* Is this our primary domain ? */
- if (strequal(domain_name, get_global_sam_name()) &&
- (role != ROLE_DOMAIN_MEMBER)) {
- domain->primary = true;
- } else if (strequal(domain_name, lp_workgroup()) &&
- (role == ROLE_DOMAIN_MEMBER)) {
- domain->primary = true;
+ if (role == ROLE_DOMAIN_MEMBER) {
+ domain->primary = strequal(domain_name, lp_workgroup());
+ } else {
+ domain->primary = strequal(domain_name, get_global_sam_name());
}
if (domain->primary) {
state->request.length = sizeof(state->request);
state->request.cmd = WINBINDD_LIST_TRUSTDOM;
- req = wb_domain_request_send(state, winbind_event_context(),
+ req = wb_domain_request_send(state, server_event_context(),
domain, &state->request);
if (req == NULL) {
DEBUG(1, ("wb_domain_request_send failed\n"));
bool init_domain_list(void)
{
int role = lp_server_role();
+ struct pdb_domain_info *pdb_domain_info = NULL;
NTSTATUS status;
/* Free existing list */
/* Local SAM */
+ /*
+ * In case the passdb backend is passdb_dsdb the domain SID comes from
+ * dsdb, not from secrets.tdb. As we use the domain SID in various
+ * places, we must ensure the domain SID is migrated from dsdb to
+ * secrets.tdb before get_global_sam_sid() is called the first time.
+ *
+ * The migration is done as part of the passdb_dsdb initialisation,
+ * calling pdb_get_domain_info() triggers it.
+ */
+ pdb_domain_info = pdb_get_domain_info(talloc_tos());
+
if ( role == ROLE_ACTIVE_DIRECTORY_DC ) {
struct winbindd_domain *domain;
enum netr_SchannelType sec_chan_type;
const char *account_name;
struct samr_Password current_nt_hash;
- struct pdb_domain_info *pdb_domain_info;
bool ok;
- pdb_domain_info = pdb_get_domain_info(talloc_tos());
if (pdb_domain_info == NULL) {
DEBUG(0, ("Failed to fetch our own, local AD "
"domain info from sam.ldb\n"));
*/
ok = migrate_secrets_tdb_to_ldb(domain);
- if (ok == false) {
+ if (!ok) {
DEBUG(0, ("Failed to migrate our own, "
"local AD domain join password for "
"winbindd's internal use into "
current_nt_hash.hash,
&account_name,
&sec_chan_type);
- if (ok == false) {
+ if (!ok) {
DEBUG(0, ("Failed to find our our own, just "
"written local AD domain join "
"password for winbindd's internal "
if ( !strequal(lp_workgroup(), domain) )
return False;
- if ( lp_winbind_use_default_domain() || lp_winbind_trusted_domains_only() )
+ if ( lp_winbind_use_default_domain() )
return True;
}
If we are a PDC or BDC, and this is for our domain, do likewise.
- Also, if omit DOMAIN if 'winbind trusted domains only = true', as the
- username is then unqualified in unix
-
On an AD DC we always fill DOMAIN\\USERNAME.
We always canonicalize as UPPERCASE DOMAIN, lowercase username.
********************************************************************/
NTSTATUS normalize_name_map(TALLOC_CTX *mem_ctx,
- struct winbindd_domain *domain,
+ const char *domain_name,
const char *name,
char **normalized)
{
+ struct winbindd_domain *domain = NULL;
NTSTATUS nt_status;
if (!name || !normalized) {
return NT_STATUS_PROCEDURE_NOT_FOUND;
}
+ domain = find_domain_from_name_noinit(domain_name);
+ if (domain == NULL) {
+ DBG_ERR("Failed to find domain '%s'\n", domain_name);
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+
/* Alias support and whitespace replacement are mutually
exclusive */
bool is_domain_offline(const struct winbindd_domain *domain)
{
- if (!lp_winbind_offline_logon()) {
- return false;
- }
if (get_global_winbindd_state_offline()) {
return true;
}