diff options
author | Steven Danneman <steven.danneman@isilon.com> | 2009-05-27 17:14:49 -0700 |
---|---|---|
committer | Steven Danneman <steven.danneman@isilon.com> | 2009-05-28 13:21:15 -0700 |
commit | fbca26923915a70031f561b198cfe2cc0d9c3aa6 (patch) | |
tree | a471770c51b0944545c3000fe894c7cddd7cb532 /source3/auth | |
parent | d74e42e0eca0bb15c12fa51f125d905a6cee5db5 (diff) | |
download | samba-fbca26923915a70031f561b198cfe2cc0d9c3aa6.tar.gz samba-fbca26923915a70031f561b198cfe2cc0d9c3aa6.tar.bz2 samba-fbca26923915a70031f561b198cfe2cc0d9c3aa6.zip |
s3/auth map NULL domains to our global sam name
This is an addendum to d8c54fdd, which made make_user_info_map() match
Windows behavior by mapping untrusted domains given to smbd on the wire
with the users credentials to smbd's global sam name.
This fix was being circumvented in the case where the client passed
a NULL domain. Vista clients do this. In that case smbd was always
remapping the name to the machine workgroup. The NULL domain case
should also be mapped to the global sam name.
Removing the code in this patch, causes us to fall down to the logic
added in d8c54fdd and properly map the domain.
Diffstat (limited to 'source3/auth')
-rw-r--r-- | source3/auth/auth_util.c | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index a27025fc8d..9d29987c0d 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -208,21 +208,15 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, DEBUG(5, ("Mapping user [%s]\\[%s] from workstation [%s]\n", client_domain, smb_name, wksta_name)); - /* don't allow "" as a domain, fixes a Win9X bug - where it doens't supply a domain for logon script - 'net use' commands. */ - - if ( *client_domain ) - domain = client_domain; - else - domain = lp_workgroup(); + domain = client_domain; /* If you connect to a Windows domain member using a bogus domain name, * the Windows box will map the BOGUS\user to SAMNAME\user. Thus, if * the Windows box is a DC the name will become DOMAIN\user and be * authenticated against AD, if the Windows box is a member server but * not a DC the name will become WORKSTATION\user. A standalone - * non-domain member box will also map to WORKSTATION\user. */ + * non-domain member box will also map to WORKSTATION\user. + * This also deals with the client passing in a "" domain */ if (!is_trusted_domain(domain) && !strequal(domain, get_global_sam_name()) ) |