From a9833941715472ece747bce69ef53ba8ad98d7a5 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 30 Aug 2006 18:48:49 +0000
Subject: [PATCH] r17937: Move the saf_ cache into the tcp ad connection code.
 Cause winbindd to set site support before doing the generic AD server lookup.
 Jeremy.

---
 source/libads/ldap.c          | 10 +++++-----
 source/nsswitch/winbindd_cm.c | 18 ++++++++++++++++--
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/source/libads/ldap.c b/source/libads/ldap.c
index c943558bd36..947f58a8fd5 100644
--- a/source/libads/ldap.c
+++ b/source/libads/ldap.c
@@ -169,10 +169,6 @@ BOOL ads_try_connect(ADS_STRUCT *ads, const char *server )
 	ads->ldap_ip = *interpret_addr2(srv);
 	SAFE_FREE(srv);
 	
-	/* cache the successful connection */
-
-	saf_store( ads->server.workgroup, server );
-
 	/* Store our site name. */
 	sitename_store( cldap_reply.client_site_name );
 
@@ -243,7 +239,7 @@ again:
 		
 		return status;
 	}
-			
+
 	/* if we fail this loop, then giveup since all the IP addresses returned were dead */
 	for ( i=0; i<count; i++ ) {
 		fstring server;
@@ -338,6 +334,10 @@ got_connection:
 	{
 		return ADS_ERROR(LDAP_OPERATIONS_ERROR);
 	}
+
+	/* cache the successful connection */
+	saf_store( ads->server.workgroup, inet_ntoa(ads->ldap_ip));
+
 	ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
 
 	status = ADS_ERROR(smb_ldap_start_tls(ads->ld, version));
diff --git a/source/nsswitch/winbindd_cm.c b/source/nsswitch/winbindd_cm.c
index cea30f730d6..2f2bfb60ee8 100644
--- a/source/nsswitch/winbindd_cm.c
+++ b/source/nsswitch/winbindd_cm.c
@@ -652,7 +652,7 @@ static BOOL get_dcs(TALLOC_CTX *mem_ctx, const struct winbindd_domain *domain,
 	int     iplist_size = 0;
 	int     i;
 	BOOL    is_our_domain;
-
+	enum security_types sec = (enum security_types)lp_security();
 
 	is_our_domain = strequal(domain->name, lp_workgroup());
 
@@ -665,13 +665,27 @@ static BOOL get_dcs(TALLOC_CTX *mem_ctx, const struct winbindd_domain *domain,
 		return True;
 	}
 
+#ifdef WITH_ADS
+	if (sec == SEC_ADS) {
+		/* We need to make sure we know the local site before
+		   doing any DNS queries, as this will restrict the
+		   get_sorted_dc_list() call below to only fetching
+		   DNS records for the correct site. */
+
+		/* Find any DC to get the site record.
+		   We deliberately don't care about the
+		   return here. */
+		get_dc_name(domain->name, lp_realm(), dcname, &ip);
+        }
+#endif
+
 	/* try standard netbios queries first */
 
 	get_sorted_dc_list(domain->name, &ip_list, &iplist_size, False);
 
 	/* check for security = ads and use DNS if we can */
 
-	if ( iplist_size==0 && lp_security() == SEC_ADS ) 
+	if ( iplist_size==0 && sec == SEC_ADS ) 
 		get_sorted_dc_list(domain->alt_name, &ip_list, &iplist_size, True);
 
 	/* FIXME!! this is where we should re-insert the GETDC requests --jerry */
-- 
2.11.4.GIT