svn commit: samba r13895 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch

[vlendec at samba.org]

Author: vlendec
Date: 2006-03-06 20:18:18 +0000 (Mon, 06 Mar 2006)
New Revision: 13895

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13895

Log:
As agreed upon with gd on the phone, remove WBFLAG_PAM_CONTACT_TRUSTDOM. This
can not work for NTLM auth, where we only have a workstation account for our
own domain. For the PAM Kerberos login we need to find a better way to do
this, probably using Dsr_GetDCName and some winbind-crafted krb5.conf.

Volker


Modified:
   branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
   trunk/source/nsswitch/pam_winbind.c
   trunk/source/nsswitch/winbindd_pam.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c	2006-03-06 20:16:57 UTC (rev 13894)
+++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c	2006-03-06 20:18:18 UTC (rev 13895)
@@ -321,7 +321,7 @@
 	request.data.auth.krb5_cc_type[0] = '\0';
 	request.data.auth.uid = -1;
 	
-	request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_CONTACT_TRUSTDOM;
+	request.flags = WBFLAG_PAM_INFO3_TEXT;
 
 	if (ctrl & WINBIND_KRB5_AUTH) {
 
@@ -498,7 +498,7 @@
 	}
 
 	if (ctrl & WINBIND_KRB5_AUTH) {
-		request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM;
+		request.flags = WBFLAG_PAM_KRB5;
 	}
 
 	ret = pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_CHAUTHTOK, &request, &response, user);
@@ -1098,7 +1098,7 @@
 		}
 		request.data.logoff.uid = pwd->pw_uid;
 
-		request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM;
+		request.flags = WBFLAG_PAM_KRB5;
 
 	        return pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_LOGOFF, &request, &response, user);
 	}

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c	2006-03-06 20:16:57 UTC (rev 13894)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c	2006-03-06 20:18:18 UTC (rev 13895)
@@ -221,18 +221,6 @@
 		return NULL;
 	}
 
-	/* we can auth against trusted domains */
-	if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) {
-		domain = find_domain_from_name_noinit(domain_name);
-		if (domain == NULL) {
-			DEBUG(3, ("Authentication for domain [%s] skipped " 
-				  "as it is not a trusted domain\n", 
-				  domain_name));
-		} else {
-			return domain;
-		}
-	}
-
 	return find_our_domain();
 }
 

Modified: trunk/source/nsswitch/pam_winbind.c
===================================================================
--- trunk/source/nsswitch/pam_winbind.c	2006-03-06 20:16:57 UTC (rev 13894)
+++ trunk/source/nsswitch/pam_winbind.c	2006-03-06 20:18:18 UTC (rev 13895)
@@ -321,7 +321,7 @@
 	request.data.auth.krb5_cc_type[0] = '\0';
 	request.data.auth.uid = -1;
 	
-	request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_CONTACT_TRUSTDOM;
+	request.flags = WBFLAG_PAM_INFO3_TEXT;
 
 	if (ctrl & WINBIND_KRB5_AUTH) {
 
@@ -498,7 +498,7 @@
 	}
 
 	if (ctrl & WINBIND_KRB5_AUTH) {
-		request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM;
+		request.flags = WBFLAG_PAM_KRB5;
 	}
 
 	ret = pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_CHAUTHTOK, &request, &response, user);
@@ -1098,7 +1098,7 @@
 		}
 		request.data.logoff.uid = pwd->pw_uid;
 
-		request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM;
+		request.flags = WBFLAG_PAM_KRB5;
 
 	        return pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_LOGOFF, &request, &response, user);
 	}

Modified: trunk/source/nsswitch/winbindd_pam.c
===================================================================
--- trunk/source/nsswitch/winbindd_pam.c	2006-03-06 20:16:57 UTC (rev 13894)
+++ trunk/source/nsswitch/winbindd_pam.c	2006-03-06 20:18:18 UTC (rev 13895)
@@ -221,18 +221,6 @@
 		return NULL;
 	}
 
-	/* we can auth against trusted domains */
-	if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) {
-		domain = find_domain_from_name_noinit(domain_name);
-		if (domain == NULL) {
-			DEBUG(3, ("Authentication for domain [%s] skipped " 
-				  "as it is not a trusted domain\n", 
-				  domain_name));
-		} else {
-			return domain;
-		}
-	}
-
 	return find_our_domain();
 }