From: Stefan Metzmacher Date: Tue, 5 Jun 2018 03:24:03 +0000 (+0200) Subject: s4:rpc_server/lsa: let dcesrv_lsa_lookup_name_account() handle uPNSuffixes X-Git-Tag: tevent-0.17.0~671 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f672b125f4bda2410ecc1e1a2a84913f0e5fa74;p=thirdparty%2Fsamba.git s4:rpc_server/lsa: let dcesrv_lsa_lookup_name_account() handle uPNSuffixes Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- diff --git a/selftest/knownfail.d/upn_handling b/selftest/knownfail.d/upn_handling index bcbedb4f903..7527da4cc42 100644 --- a/selftest/knownfail.d/upn_handling +++ b/selftest/knownfail.d/upn_handling @@ -1,5 +1,3 @@ -^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.ad_member -^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.ad_member ^samba3\.wbinfo_user_info\.user_info\.domain\.alice.fl2008r2dc ^samba3\.wbinfo_user_info\.user_info\.upn\.alice.fl2008r2dc ^samba3\.wbinfo_user_info\.user_info\.domain\.jane.fl2008r2dc diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index b211d312d59..a5d62726a86 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -1819,7 +1819,6 @@ static NTSTATUS dcesrv_lsa_lookup_name_account( if (!try_lookup) { const struct lsa_TrustDomainInfoInfoEx *tdo = NULL; - const struct lsa_ForestTrustDomainInfo *di = NULL; if (state->routing_table == NULL) { status = dsdb_trust_routing_table_load(policy_state->sam_ldb, @@ -1830,9 +1829,19 @@ static NTSTATUS dcesrv_lsa_lookup_name_account( } } - tdo = dsdb_trust_domain_by_name(state->routing_table, - item->hints.namespace, - &di); + if (item->hints.domain != item->hints.namespace) { + /* + * This means the client asked for an UPN, + * we need to find the domain by toplevel + * name in order to handle uPNSuffixes too. + */ + tdo = dsdb_trust_routing_by_name(state->routing_table, + item->hints.namespace); + } else { + tdo = dsdb_trust_domain_by_name(state->routing_table, + item->hints.namespace, + NULL); + } if (tdo == NULL) { /* * The name is not resolvable at all...