From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 16 Mar 2017 14:09:26 +0000 (+0100)
Subject: auth3: call is_trusted_domain() as the last condition make_user_info_map()
X-Git-Tag: tevent-0.9.32~102
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4839defc2000d4d18e1f5d479e4e2048c4fab0a;p=thirdparty%2Fsamba.git

auth3: call is_trusted_domain() as the last condition make_user_info_map()

We should avoid contacting winbind if we already know the domain is our
local sam or our primary domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index ffd60e0b467..ec597e8884f 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -134,9 +134,11 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx,
 	 * non-domain member box will also map to WORKSTATION\user.
 	 * This also deals with the client passing in a "" domain */
 
-	if (!upn_form && !is_trusted_domain(domain) &&
+	if (!upn_form &&
 	    !strequal(domain, my_sam_name()) &&
-	    !strequal(domain, get_global_sam_name())) {
+	    !strequal(domain, get_global_sam_name()) &&
+	    !is_trusted_domain(domain))
+	{
 		if (lp_map_untrusted_to_domain())
 			domain = my_sam_name();
 		else