diff options
Diffstat (limited to 'source3/nsswitch/winbindd_pam.c')
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 47 |
1 files changed, 9 insertions, 38 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 8931b1373e..c93f4c98b6 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -6,7 +6,7 @@ Copyright (C) Andrew Tridgell 2000 Copyright (C) Tim Potter 2001 Copyright (C) Andrew Bartlett 2001-2002 - Copyright (C) Guenther Deschner 2005-2006 + Copyright (C) Guenther Deschner 2005 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -222,44 +222,18 @@ struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state, return NULL; } - if (strequal(domain_name, lp_workgroup())) { - return find_our_domain(); - } - -#ifdef HAVE_ADS - - /* when trying to login using krb5 with a trusted domain account, we - * need to make sure that our and the remote domain are AD */ - - if ((state->request.flags & WBFLAG_PAM_KRB5) && - (lp_security() == SEC_ADS)) { - - struct winbindd_domain *our_domain = find_our_domain(); - - if (!our_domain->active_directory) { - DEBUG(3,("find_auth_domain: out domain is not AD\n")); - return NULL; - } - - if ((domain = find_domain_from_name_noinit(domain_name)) == NULL) { - return NULL; - } - - /* do we already know it's AD ? */ - if (domain->active_directory) { + /* we can auth against trusted domains */ + if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) { + domain = find_domain_from_name_noinit(domain_name); + if (domain == NULL) { + DEBUG(3, ("Authentication for domain [%s] skipped " + "as it is not a trusted domain\n", + domain_name)); + } else { return domain; } - - set_dc_type_and_flags(domain); - - if (!domain->active_directory) { - DEBUG(3,("find_auth_domain: remote domain is not AD\n")); - return NULL; } - return domain; - } -#endif return find_our_domain(); } @@ -1306,15 +1280,12 @@ process_result: } - /* this is required to provide password expiry warning */ - if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) { result = fillup_password_policy(domain, state); if (!NT_STATUS_IS_OK(result)) { DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result))); goto done; } - } } |