From: Stefan Metzmacher Date: Thu, 7 Dec 2017 09:54:21 +0000 (+0100) Subject: winbindd: remove 'winbind trusted domains only' handling X-Git-Tag: talloc-2.1.11~25 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6d339b480051b5efc80b895e97c2eaaf8dea6893;p=thirdparty%2Fsamba.git winbindd: remove 'winbind trusted domains only' handling This parameter is already deprecated in favor of the newer idmap_nss backend. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c index b210645ea5a..fa26ea805ee 100644 --- a/source3/winbindd/wb_getgrsid.c +++ b/source3/winbindd/wb_getgrsid.c @@ -60,17 +60,6 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } - if (lp_winbind_trusted_domains_only()) { - struct winbindd_domain *our_domain = find_our_domain(); - - if (dom_sid_compare_domain(group_sid, &our_domain->sid) == 0) { - DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting " - "getgrsid() for %s\n", sid_string_tos(group_sid))); - tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP); - return tevent_req_post(req, ev); - } - } - subreq = wb_lookupsid_send(state, ev, &state->sid); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); diff --git a/source3/winbindd/wb_queryuser.c b/source3/winbindd/wb_queryuser.c index 1c91949c255..17170c3352a 100644 --- a/source3/winbindd/wb_queryuser.c +++ b/source3/winbindd/wb_queryuser.c @@ -50,18 +50,6 @@ struct tevent_req *wb_queryuser_send(TALLOC_CTX *mem_ctx, } state->ev = ev; - if (lp_winbind_trusted_domains_only()) { - struct winbindd_domain *our_domain = find_our_domain(); - - if (dom_sid_compare_domain(user_sid, &our_domain->sid) == 0) { - char buf[DOM_SID_STR_BUFLEN]; - dom_sid_string_buf(user_sid, buf, sizeof(buf)); - DBG_NOTICE("My domain -- rejecting %s\n", buf); - tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER); - return tevent_req_post(req, ev); - } - } - state->info = talloc_zero(state, struct wbint_userinfo); if (tevent_req_nomem(state->info, req)) { return tevent_req_post(req, ev); diff --git a/source3/winbindd/winbindd_getpwnam.c b/source3/winbindd/winbindd_getpwnam.c index f2c93362ca8..73d3b3317ad 100644 --- a/source3/winbindd/winbindd_getpwnam.c +++ b/source3/winbindd/winbindd_getpwnam.c @@ -71,15 +71,6 @@ struct tevent_req *winbindd_getpwnam_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } - if (lp_winbind_trusted_domains_only() - && strequal(state->domname, lp_workgroup())) { - DEBUG(7,("winbindd_getpwnam: My domain -- " - "rejecting getpwnam() for %s\\%s.\n", - state->domname, state->username)); - tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER); - return tevent_req_post(req, ev); - } - subreq = wb_lookupname_send(state, ev, state->domname, state->username, LOOKUP_NAME_NO_NSS); if (tevent_req_nomem(subreq, req)) { diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 34f38e5fbbb..b3439d078a3 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -1085,7 +1085,7 @@ static bool assume_domain(const char *domain) if ( !strequal(lp_workgroup(), domain) ) return False; - if ( lp_winbind_use_default_domain() || lp_winbind_trusted_domains_only() ) + if ( lp_winbind_use_default_domain() ) return True; } @@ -1166,9 +1166,6 @@ bool canonicalize_username(fstring username_inout, fstring domain, fstring user) If we are a PDC or BDC, and this is for our domain, do likewise. - Also, if omit DOMAIN if 'winbind trusted domains only = true', as the - username is then unqualified in unix - On an AD DC we always fill DOMAIN\\USERNAME. We always canonicalize as UPPERCASE DOMAIN, lowercase username.