svn commit: samba r17937 - in branches/SAMBA_3_0/source: libads nsswitch

Wed Aug 30 18:48:49 GMT 2006

Author: jra
Date: 2006-08-30 18:48:49 +0000 (Wed, 30 Aug 2006)
New Revision: 17937

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17937

Log:
Move the saf_ cache into the tcp ad connection code.
Cause winbindd to set site support before doing the
generic AD server lookup.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/libads/ldap.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c


Changeset:
Modified: branches/SAMBA_3_0/source/libads/ldap.c
===================================================================

--- branches/SAMBA_3_0/source/libads/ldap.c	2006-08-30 18:25:28 UTC (rev 17936)
+++ branches/SAMBA_3_0/source/libads/ldap.c	2006-08-30 18:48:49 UTC (rev 17937)
@@ -169,10 +169,6 @@
 	ads->ldap_ip = *interpret_addr2(srv);
 	SAFE_FREE(srv);
 	
-	/* cache the successful connection */
-
-	saf_store( ads->server.workgroup, server );
-
 	/* Store our site name. */
 	sitename_store( cldap_reply.client_site_name );
 
@@ -243,7 +239,7 @@
 		
 		return status;
 	}
-			
+
 	/* if we fail this loop, then giveup since all the IP addresses returned were dead */
 	for ( i=0; i<count; i++ ) {
 		fstring server;
@@ -338,6 +334,10 @@
 	{
 		return ADS_ERROR(LDAP_OPERATIONS_ERROR);
 	}
+
+	/* cache the successful connection */
+	saf_store( ads->server.workgroup, inet_ntoa(ads->ldap_ip));
+
 	ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
 
 	status = ADS_ERROR(smb_ldap_start_tls(ads->ld, version));

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c	2006-08-30 18:25:28 UTC (rev 17936)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c	2006-08-30 18:48:49 UTC (rev 17937)
@@ -652,8 +652,8 @@
 	int     iplist_size = 0;
 	int     i;
 	BOOL    is_our_domain;
+	enum security_types sec = (enum security_types)lp_security();
 
-
 	is_our_domain = strequal(domain->name, lp_workgroup());
 
 	if ( !is_our_domain 
@@ -665,13 +665,27 @@
 		return True;
 	}
 
+#ifdef WITH_ADS
+	if (sec == SEC_ADS) {
+		/* We need to make sure we know the local site before
+		   doing any DNS queries, as this will restrict the
+		   get_sorted_dc_list() call below to only fetching
+		   DNS records for the correct site. */
+
+		/* Find any DC to get the site record.
+		   We deliberately don't care about the
+		   return here. */
+		get_dc_name(domain->name, lp_realm(), dcname, &ip);
+        }
+#endif
+
 	/* try standard netbios queries first */
 
 	get_sorted_dc_list(domain->name, &ip_list, &iplist_size, False);
 
 	/* check for security = ads and use DNS if we can */
 
-	if ( iplist_size==0 && lp_security() == SEC_ADS ) 
+	if ( iplist_size==0 && sec == SEC_ADS ) 
 		get_sorted_dc_list(domain->alt_name, &ip_list, &iplist_size, True);
 
 	/* FIXME!! this is where we should re-insert the GETDC requests --jerry */

