git.samba.org / ira / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ab7a9d2)
r22903: Now that we have the on-disc trustdomaincache with type flags we can better
authorGünther Deschner <gd@samba.org>
Tue, 15 May 2007 13:46:26 +0000 (13:46 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 17:22:06 +0000 (12:22 -0500)
decide whether it's worth to register a krb5 ticket gain handler while users
logon offline.

Guenther
(This used to be commit 203391623b31bce71268c6e8fc955eab348e92f0)

source3/nsswitch/winbindd_pam.c patch | blob | history

diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index c82ac2b0bad291f8f61294fa998d22c6cdb192b7..c7c18fb70291dde2f9b8e3918b15a95e782dbcac 100644 (file)
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -784,6 +784,9 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
        NET_USER_INFO_3 *my_info3;
        time_t kickoff_time, must_change_time;
        BOOL password_good = False;
+#ifdef HAVE_KRB5
+       struct winbindd_tdc_domain *tdc_domain = NULL;
+#endif
 
        *info3 = NULL;
 
@@ -894,9 +897,9 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
                }
        
 #ifdef HAVE_KRB5
-               /* FIXME: what else points out that the remote domain is AD ? */
-               if (!strequal(domain->name, domain->alt_name) &&
-                   (state->request.flags & WBFLAG_PAM_KRB5)) {
+               if ((state->request.flags & WBFLAG_PAM_KRB5) &&
+                   ((tdc_domain = wcache_tdc_fetch_domain(state->mem_ctx, name_domain)) != NULL) &&
+                   (tdc_domain->trust_type & DS_DOMAIN_TRUST_TYPE_UPLEVEL)) {
 
                        uid_t uid = -1;
                        const char *cc = NULL;
Unnamed repository; edit this file 'description' to name the repository.