From: Stefan Metzmacher Date: Wed, 22 Mar 2017 11:08:20 +0000 (+0100) Subject: auth3: prepare the logic for "map untrusted to domain = auto" X-Git-Tag: tevent-0.9.32~101 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd69a3e2e9a57713c6641de4f92e7e23488e457b;p=thirdparty%2Fsamba.git auth3: prepare the logic for "map untrusted to domain = auto" This implements the same behavior as Windows, we should pass the domain and account names given by the client directly to the auth backends, they can decide if they are able to process the authentication pass it to the next backend. BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index ec597e8884f..1021f2a6fef 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -111,6 +111,7 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx, bool was_mapped; char *internal_username = NULL; bool upn_form = false; + int map_untrusted = lp_map_untrusted_to_domain(); if (client_domain[0] == '\0' && strchr(smb_name, '@')) { upn_form = true; @@ -134,15 +135,16 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx, * non-domain member box will also map to WORKSTATION\user. * This also deals with the client passing in a "" domain */ - if (!upn_form && + if (map_untrusted != Auto && !upn_form && !strequal(domain, my_sam_name()) && !strequal(domain, get_global_sam_name()) && !is_trusted_domain(domain)) { - if (lp_map_untrusted_to_domain()) + if (map_untrusted) { domain = my_sam_name(); - else + } else { domain = get_global_sam_name(); + } DEBUG(5, ("Mapped domain from [%s] to [%s] for user [%s] from " "workstation [%s]\n", client_domain, domain, smb_name, workstation_name));