From: Andreas Schneider <asn@samba.org>
Date: Tue, 31 Mar 2015 16:15:51 +0000 (+0200)
Subject: s3-passdb: Fix 'force user' with winbind default domain
X-Git-Tag: samba-4.1.18~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc4bdf5a6024eed64ea96aa974c8d253a9a35ebc;p=thirdparty%2Fsamba.git

s3-passdb: Fix 'force user' with winbind default domain

If we set 'winbind use default domain' and specify 'force user = user'
without a domain name we fail to log in. In this case we need to try a
lookup with the domain name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11185

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

(cherry picked from commit cd4442c7ac93e165862c9195a7c345472646aa59)
---

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index e4d41c44dcb..f10ebb7fd22 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -395,6 +395,30 @@ bool lookup_name_smbconf(TALLOC_CTX *mem_ctx,
 				ret_sid, ret_type);
 	}
 
+	/* Try with winbind default domain name. */
+	if (lp_winbind_use_default_domain()) {
+		bool ok;
+
+		qualified_name = talloc_asprintf(mem_ctx,
+						 "%s\\%s",
+						 lp_workgroup(),
+						 full_name);
+		if (qualified_name == NULL) {
+			return false;
+		}
+
+		ok = lookup_name(mem_ctx,
+				 qualified_name,
+				 flags,
+				 ret_domain,
+				 ret_name,
+				 ret_sid,
+				 ret_type);
+		if (ok) {
+			return true;
+		}
+	}
+
 	/* Try with our own SAM name. */
 	qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
 				get_global_sam_name(),