diff options
author | Andrew Tridgell <tridge@samba.org> | 2001-12-19 09:53:30 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2001-12-19 09:53:30 +0000 |
commit | 9126a40e2c33e0eb4cd57ab381634e08fa59e7a7 (patch) | |
tree | 3e3d6b90df016a7bf98225d49269977e88f1cb0f /source3/auth/auth_util.c | |
parent | a062e58d9e47f95ac7c66668b3cfe1f72386f6e0 (diff) | |
download | samba-9126a40e2c33e0eb4cd57ab381634e08fa59e7a7.tar.gz samba-9126a40e2c33e0eb4cd57ab381634e08fa59e7a7.tar.bz2 samba-9126a40e2c33e0eb4cd57ab381634e08fa59e7a7.zip |
added trusted realm support to ADS authentication
the method used for checking if a domain is a trusted domain is very
crude, we should really call a backend fn of some sort. For now I'm
using winbindd to do the dirty work.
(This used to be commit adf44a9bd0d997ba4dcfadc564a29149531525af)
Diffstat (limited to 'source3/auth/auth_util.c')
-rw-r--r-- | source3/auth/auth_util.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 60495ad23b..3e480b4fd1 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -215,7 +215,26 @@ BOOL make_user_info_map(auth_usersupplied_info **user_info, map_username(internal_username); if (lp_allow_trusted_domains()) { - domain = client_domain; + char *user; + /* the client could have given us a workstation name + or other crap for the workgroup - we really need a + way of telling if this domain name is one of our + trusted domain names + + The way I do it here is by checking if the fully + qualified username exists. This is rather reliant + on winbind, but until we have a better method this + will have to do + */ + asprintf(&user, "%s%s%s", + client_domain, lp_winbind_separator(), + smb_name); + if (Get_Pwnam(user) != NULL) { + domain = client_domain; + } else { + domain = lp_workgroup(); + } + free(user); } else { domain = lp_workgroup(); } |