summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_util.c57
-rw-r--r--source3/include/proto.h1
-rw-r--r--source3/passdb/passdb.c19
3 files changed, 35 insertions, 42 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 502d06fad3..f942b2e50a 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -186,13 +186,15 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
Create an auth_usersupplied_data structure after appropriate mapping.
****************************************************************************/
-NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
- const char *smb_name,
- const char *client_domain,
- const char *wksta_name,
- DATA_BLOB *lm_pwd, DATA_BLOB *nt_pwd,
- DATA_BLOB *lm_interactive_pwd, DATA_BLOB *nt_interactive_pwd,
- DATA_BLOB *plaintext,
+NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
+ const char *smb_name,
+ const char *client_domain,
+ const char *wksta_name,
+ DATA_BLOB *lm_pwd,
+ DATA_BLOB *nt_pwd,
+ DATA_BLOB *lm_interactive_pwd,
+ DATA_BLOB *nt_interactive_pwd,
+ DATA_BLOB *plaintext,
bool encrypted)
{
const char *domain;
@@ -200,12 +202,12 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
bool was_mapped;
fstring internal_username;
fstrcpy(internal_username, smb_name);
- was_mapped = map_username(internal_username);
-
- DEBUG(5, ("make_user_info_map: Mapping user [%s]\\[%s] from workstation [%s]\n",
- client_domain, smb_name, wksta_name));
-
- /* don't allow "" as a domain, fixes a Win9X bug
+ was_mapped = map_username(internal_username);
+
+ DEBUG(5, ("Mapping user [%s]\\[%s] from workstation [%s]\n",
+ client_domain, smb_name, wksta_name));
+
+ /* don't allow "" as a domain, fixes a Win9X bug
where it doens't supply a domain for logon script
'net use' commands. */
@@ -214,16 +216,27 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
else
domain = lp_workgroup();
- /* do what win2k does. Always map unknown domains to our own
- and let the "passdb backend" handle unknown users. */
+ /* If you connect to a Windows domain member using a bogus domain name,
+ * the Windows box will map the BOGUS\user to SAMNAME\user. Thus, if
+ * the Windows box is a DC the name will become DOMAIN\user and be
+ * authenticated against AD, if the Windows box is a member server but
+ * not a DC the name will become WORKSTATION\user. A standalone
+ * non-domain member box will also map to WORKSTATION\user. */
- if ( !is_trusted_domain(domain) && !strequal(domain, get_global_sam_name()) )
- domain = my_sam_name();
-
- /* we know that it is a trusted domain (and we are allowing them) or it is our domain */
-
- result = make_user_info(user_info, smb_name, internal_username,
- client_domain, domain, wksta_name,
+ if (!is_trusted_domain(domain) &&
+ !strequal(domain, get_global_sam_name()) )
+ {
+ domain = get_global_sam_name();
+ DEBUG(5, ("Mapped domain from [%s] to [%s] for user [%s] on "
+ "workstation [%s]\n",
+ client_domain, domain, smb_name, wksta_name));
+ }
+
+ /* we know that it is a trusted domain (and we are allowing them) or it
+ * is our domain */
+
+ result = make_user_info(user_info, smb_name, internal_username,
+ client_domain, domain, wksta_name,
lm_pwd, nt_pwd,
lm_interactive_pwd, nt_interactive_pwd,
plaintext, encrypted);
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 6246be6b1c..3478ea4f85 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4420,7 +4420,6 @@ bool sid_check_is_in_our_domain(const DOM_SID *sid);
/* The following definitions come from passdb/passdb.c */
-const char *my_sam_name(void);
struct samu *samu_new( TALLOC_CTX *ctx );
NTSTATUS samu_set_unix(struct samu *user, const struct passwd *pwd);
NTSTATUS samu_alloc_rid_unix(struct samu *user, const struct passwd *pwd);
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index d26a667f44..c526a175f2 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -27,25 +27,6 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
-/******************************************************************
- get the default domain/netbios name to be used when
- testing authentication. For example, if you connect
- to a Windows member server using a bogus domain name, the
- Windows box will map the BOGUS\user to DOMAIN\user. A
- standalone box will map to WKS\user.
-******************************************************************/
-
-const char *my_sam_name(void)
-{
- /* standalone servers can only use the local netbios name */
- if ( lp_server_role() == ROLE_STANDALONE )
- return global_myname();
-
- /* Windows domain members default to the DOMAIN
- name when not specified */
- return lp_workgroup();
-}
-
/**********************************************************************
***********************************************************************/