if (sid == NULL)
return False;
- if ( IS_DC )
- return sid_check_is_builtin(sid);
-
return (sid_check_is_domain(sid) || sid_check_is_builtin(sid));
}
if (sid == NULL)
return False;
- if ( IS_DC )
- return sid_check_is_in_builtin(sid);
-
return (sid_check_is_in_our_domain(sid) || sid_check_is_in_builtin(sid));
}
TALLOC_CTX *mem_ctx;
struct winbindd_request *request;
struct winbindd_response *response;
- uint32 fr_flags = (DS_DOMAIN_TREE_ROOT|DS_DOMAIN_IN_FOREST);
+ uint32 fr_flags = (NETR_TRUST_FLAG_TREEROOT|NETR_TRUST_FLAG_IN_FOREST);
struct trustdom_state *state;
the domain_list() as our primary domain may not
have been initialized. */
- if ( !(dom_list[i].trust_flags & DS_DOMAIN_TREE_ROOT) ) {
- continue;
+ if ( !(dom_list[i].trust_flags & NETR_TRUST_FLAG_TREEROOT) ) {
+ continue;
}
/* Here's the forest root */
if ( d && (d->internal || d->primary ) )
continue;
-
- if ( (flags & DS_DOMAIN_DIRECT_INBOUND) &&
- (type == DS_DOMAIN_TRUST_TYPE_UPLEVEL) &&
- (attribs == DS_DOMAIN_TRUST_ATTRIB_FOREST_TRANSITIVE) )
+
+ if ( (flags & NETR_TRUST_FLAG_INBOUND) &&
+ (type == NETR_TRUST_TYPE_UPLEVEL) &&
+ (attribs == NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) )
{
/* add the trusted domain if we don't know
about it */
forest trust */
domain->active_directory = True;
- domain->domain_flags = DS_DOMAIN_DIRECT_OUTBOUND;
- domain->domain_type = DS_DOMAIN_TRUST_TYPE_UPLEVEL;
+ domain->domain_flags = NETR_TRUST_FLAG_OUTBOUND;
+ domain->domain_type = NETR_TRUST_TYPE_UPLEVEL;
domain->internal = False;
domain->online = True;
/*********************************************************************
********************************************************************/
-bool winbindd_can_contact_domain( struct winbindd_domain *domain )
+bool winbindd_can_contact_domain(struct winbindd_domain *domain)
{
+ struct winbindd_tdc_domain *tdc = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+ bool ret = false;
+
/* We can contact the domain if it is our primary domain */
- if ( domain->primary )
- return True;
+ if (domain->primary) {
+ return true;
+ }
- /* Can always contact a domain that is in out forest */
+ /* Trust the TDC cache and not the winbindd_domain flags */
- if ( domain->domain_flags & DS_DOMAIN_IN_FOREST )
- return True;
+ if ((tdc = wcache_tdc_fetch_domain(frame, domain->name)) == NULL) {
+ DEBUG(10,("winbindd_can_contact_domain: %s not found in cache\n",
+ domain->name));
+ return false;
+ }
+ /* Can always contact a domain that is in out forest */
+
+ if (tdc->trust_flags & NETR_TRUST_FLAG_IN_FOREST) {
+ ret = true;
+ goto done;
+ }
+
/*
* On a _member_ server, we cannot contact the domain if it
* is running AD and we have no inbound trust.
*/
- if ( !IS_DC &&
+ if (!IS_DC &&
domain->active_directory &&
- ((domain->domain_flags&DS_DOMAIN_DIRECT_INBOUND) != DS_DOMAIN_DIRECT_INBOUND) )
+ ((tdc->trust_flags & NETR_TRUST_FLAG_INBOUND) != NETR_TRUST_FLAG_INBOUND))
{
- DEBUG(10, ("Domain is an AD domain and we have no inbound "
- "trust.\n"));
- return False;
+ DEBUG(10, ("winbindd_can_contact_domain: %s is an AD domain "
+ "and we have no inbound trust.\n", domain->name));
+ goto done;
}
-
+
/* Assume everything else is ok (probably not true but what
can you do?) */
+
+ ret = true;
+
+done:
+ talloc_destroy(frame);
- return True;
+ return ret;
}
/*********************************************************************
git.samba.org / samba.git / blobdiff