svn commit: samba r12352 - in trunk/source/nsswitch: .

Mon Dec 19 04:27:46 GMT 2005

Author: gd
Date: 2005-12-19 04:27:46 +0000 (Mon, 19 Dec 2005)
New Revision: 12352

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12352

Log:
Allow to auth against trusted domains when the
WBFLAG_PAM_CONTACT_TRUSTDOM flag is set.

Guenther

Modified:
   trunk/source/nsswitch/winbindd_pam.c


Changeset:
Modified: trunk/source/nsswitch/winbindd_pam.c
===================================================================

--- trunk/source/nsswitch/winbindd_pam.c	2005-12-19 04:26:14 UTC (rev 12351)
+++ trunk/source/nsswitch/winbindd_pam.c	2005-12-19 04:27:46 UTC (rev 12352)
@@ -6,6 +6,7 @@
    Copyright (C) Andrew Tridgell 2000
    Copyright (C) Tim Potter 2001
    Copyright (C) Andrew Bartlett 2001-2002
+   Copyright (C) Guenther Deschner 2005
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -209,14 +210,15 @@
 	return NT_STATUS_LOGON_FAILURE;
 }
 
-static struct winbindd_domain *find_auth_domain(const char *domain_name)
+static struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state, 
+						const char *domain_name)
 {
 	struct winbindd_domain *domain;
 
 	if (IS_DC) {
 		domain = find_domain_from_name_noinit(domain_name);
 		if (domain == NULL) {
-			DEBUG(3, ("Authentication for domain [%s] "
+			DEBUG(3, ("Authentication for domain [%s] refused"
 				  "as it is not a trusted domain\n", 
 				  domain_name));
 		}
@@ -230,6 +232,18 @@
 		return NULL;
 	}
 
+	/* we can auth against trusted domains */
+	if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) {
+		domain = find_domain_from_name_noinit(domain_name);
+		if (domain == NULL) {
+			DEBUG(3, ("Authentication for domain [%s] skipped " 
+				  "as it is not a trusted domain\n", 
+				  domain_name));
+		} else {
+			return domain;
+		}
+	}
+
 	return find_our_domain();
 }
 
@@ -633,7 +647,7 @@
 	parse_domain_user(state->request.data.auth.user,
 			  name_domain, name_user);
 
-	domain = find_auth_domain(name_domain);
+	domain = find_auth_domain(state, name_domain);
 
 	if (domain == NULL) {
 		set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
@@ -1290,7 +1304,7 @@
 	}
 
 	if (domain_name != NULL)
-		domain = find_auth_domain(domain_name);
+		domain = find_auth_domain(state, domain_name);
 
 	if (domain != NULL) {
 		sendto_domain(state, domain);
@@ -1439,6 +1453,7 @@
 	} while ( (attempts < 2) && retry );
 
 	if (NT_STATUS_IS_OK(result)) {
+
 		netsamlogon_cache_store(name_user, &info3);
 		wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
 

