r17159: Bug 3920: Restore wnibind use default domain behavior for domain groups.

This break local users and 'winbind nested groups' on domain members.
Cannot be helped.

My plans is to move the default domain crud to the client code (pam and
nss libraries) in 3.0.24.
(This used to be commit 8ee22eeab5d06008b363f8bb250dc767ddfbb86a)

1 files changed, 21 insertions, 7 deletions

diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index 25ba20bb9f..27a00ef0fc 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -812,14 +812,28 @@ BOOL is_in_gid_range(gid_t gid)
 
 /* Is this a domain which we may assume no DOMAIN\ prefix? */
 
-static BOOL assume_domain(const char *domain) {
-	if ((lp_winbind_use_default_domain()  
-		  || lp_winbind_trusted_domains_only()) &&
-	    strequal(lp_workgroup(), domain)) 
-		return True;
+static BOOL assume_domain(const char *domain)
+{
+	/* never assume the domain on a standalone server */
+
+	if ( lp_server_role() == ROLE_STANDALONE )
+		return False;
+
+	/* domain member servers may possibly assume for the domain name */
+
+	if ( lp_server_role() == ROLE_DOMAIN_MEMBER ) {
+		if ( !strequal(lp_workgroup(), domain) )
+			return False;
+
+		if ( lp_winbind_use_default_domain() || lp_winbind_trusted_domains_only() )
+			return True;
+	} 
+
+	/* only left with a domain controller */
 
-	if (strequal(get_global_sam_name(), domain)) 
+	if ( strequal(get_global_sam_name(), domain) )  {
 		return True;
+	}
 	
 	return False;
 }
@@ -832,7 +846,7 @@ BOOL parse_domain_user(const char *domuser, fstring domain, fstring user)
 
 	if ( !p ) {
 		fstrcpy(user, domuser);
-		
+
 		if ( assume_domain(lp_workgroup())) {
 			fstrcpy(domain, lp_workgroup());
 		} else {