summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2006-03-06 20:18:18 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:10:59 -0500
commit0382d3c26b004ff4f850e6d683fccc3c55f77641 (patch)
tree4234addf99fdbed5bb2950fd6484d17f8146ed3f
parent2d3946b8c4bb9ecf151df09775c0a5f23e80bd67 (diff)
downloadsamba-0382d3c26b004ff4f850e6d683fccc3c55f77641.tar.gz
samba-0382d3c26b004ff4f850e6d683fccc3c55f77641.tar.bz2
samba-0382d3c26b004ff4f850e6d683fccc3c55f77641.zip
r13895: As agreed upon with gd on the phone, remove WBFLAG_PAM_CONTACT_TRUSTDOM. This
can not work for NTLM auth, where we only have a workstation account for our own domain. For the PAM Kerberos login we need to find a better way to do this, probably using Dsr_GetDCName and some winbind-crafted krb5.conf. Volker (This used to be commit bf7c608147bcbbedd89b3dcd24a929ea3e601bc8)
-rw-r--r--source3/nsswitch/pam_winbind.c6
-rw-r--r--source3/nsswitch/winbindd_pam.c12
2 files changed, 3 insertions, 15 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index 35f0efbcbd..df5fc11d3e 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -321,7 +321,7 @@ static int winbind_auth_request(pam_handle_t * pamh,
request.data.auth.krb5_cc_type[0] = '\0';
request.data.auth.uid = -1;
- request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_CONTACT_TRUSTDOM;
+ request.flags = WBFLAG_PAM_INFO3_TEXT;
if (ctrl & WINBIND_KRB5_AUTH) {
@@ -498,7 +498,7 @@ static int winbind_chauthtok_request(pam_handle_t * pamh,
}
if (ctrl & WINBIND_KRB5_AUTH) {
- request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM;
+ request.flags = WBFLAG_PAM_KRB5;
}
ret = pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_CHAUTHTOK, &request, &response, user);
@@ -1098,7 +1098,7 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags,
}
request.data.logoff.uid = pwd->pw_uid;
- request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM;
+ request.flags = WBFLAG_PAM_KRB5;
return pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_LOGOFF, &request, &response, user);
}
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index aa759af09a..dc8a5c47d9 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -221,18 +221,6 @@ static struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state
return NULL;
}
- /* we can auth against trusted domains */
- if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) {
- domain = find_domain_from_name_noinit(domain_name);
- if (domain == NULL) {
- DEBUG(3, ("Authentication for domain [%s] skipped "
- "as it is not a trusted domain\n",
- domain_name));
- } else {
- return domain;
- }
- }
-
return find_our_domain();
}