summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_pam.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/nsswitch/winbindd_pam.c')
-rw-r--r--source3/nsswitch/winbindd_pam.c47
1 files changed, 9 insertions, 38 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index 8931b1373e..c93f4c98b6 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -6,7 +6,7 @@
Copyright (C) Andrew Tridgell 2000
Copyright (C) Tim Potter 2001
Copyright (C) Andrew Bartlett 2001-2002
- Copyright (C) Guenther Deschner 2005-2006
+ Copyright (C) Guenther Deschner 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -222,44 +222,18 @@ struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state,
return NULL;
}
- if (strequal(domain_name, lp_workgroup())) {
- return find_our_domain();
- }
-
-#ifdef HAVE_ADS
-
- /* when trying to login using krb5 with a trusted domain account, we
- * need to make sure that our and the remote domain are AD */
-
- if ((state->request.flags & WBFLAG_PAM_KRB5) &&
- (lp_security() == SEC_ADS)) {
-
- struct winbindd_domain *our_domain = find_our_domain();
-
- if (!our_domain->active_directory) {
- DEBUG(3,("find_auth_domain: out domain is not AD\n"));
- return NULL;
- }
-
- if ((domain = find_domain_from_name_noinit(domain_name)) == NULL) {
- return NULL;
- }
-
- /* do we already know it's AD ? */
- if (domain->active_directory) {
+ /* we can auth against trusted domains */
+ if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) {
+ domain = find_domain_from_name_noinit(domain_name);
+ if (domain == NULL) {
+ DEBUG(3, ("Authentication for domain [%s] skipped "
+ "as it is not a trusted domain\n",
+ domain_name));
+ } else {
return domain;
}
-
- set_dc_type_and_flags(domain);
-
- if (!domain->active_directory) {
- DEBUG(3,("find_auth_domain: remote domain is not AD\n"));
- return NULL;
}
- return domain;
- }
-#endif
return find_our_domain();
}
@@ -1306,15 +1280,12 @@ process_result:
}
- /* this is required to provide password expiry warning */
- if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) {
result = fillup_password_policy(domain, state);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result)));
goto done;
}
- }
}
generated by cgit (git 2.34.1) at 2024-08-05 13:50:28 +0000