svn commit: samba r12352 - in trunk/source/nsswitch: .
gd at samba.org
gd at samba.org
Mon Dec 19 04:27:46 GMT 2005
Author: gd
Date: 2005-12-19 04:27:46 +0000 (Mon, 19 Dec 2005)
New Revision: 12352
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12352
Log:
Allow to auth against trusted domains when the
WBFLAG_PAM_CONTACT_TRUSTDOM flag is set.
Guenther
Modified:
trunk/source/nsswitch/winbindd_pam.c
Changeset:
Modified: trunk/source/nsswitch/winbindd_pam.c
===================================================================
--- trunk/source/nsswitch/winbindd_pam.c 2005-12-19 04:26:14 UTC (rev 12351)
+++ trunk/source/nsswitch/winbindd_pam.c 2005-12-19 04:27:46 UTC (rev 12352)
@@ -6,6 +6,7 @@
Copyright (C) Andrew Tridgell 2000
Copyright (C) Tim Potter 2001
Copyright (C) Andrew Bartlett 2001-2002
+ Copyright (C) Guenther Deschner 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -209,14 +210,15 @@
return NT_STATUS_LOGON_FAILURE;
}
-static struct winbindd_domain *find_auth_domain(const char *domain_name)
+static struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state,
+ const char *domain_name)
{
struct winbindd_domain *domain;
if (IS_DC) {
domain = find_domain_from_name_noinit(domain_name);
if (domain == NULL) {
- DEBUG(3, ("Authentication for domain [%s] "
+ DEBUG(3, ("Authentication for domain [%s] refused"
"as it is not a trusted domain\n",
domain_name));
}
@@ -230,6 +232,18 @@
return NULL;
}
+ /* we can auth against trusted domains */
+ if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) {
+ domain = find_domain_from_name_noinit(domain_name);
+ if (domain == NULL) {
+ DEBUG(3, ("Authentication for domain [%s] skipped "
+ "as it is not a trusted domain\n",
+ domain_name));
+ } else {
+ return domain;
+ }
+ }
+
return find_our_domain();
}
@@ -633,7 +647,7 @@
parse_domain_user(state->request.data.auth.user,
name_domain, name_user);
- domain = find_auth_domain(name_domain);
+ domain = find_auth_domain(state, name_domain);
if (domain == NULL) {
set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
@@ -1290,7 +1304,7 @@
}
if (domain_name != NULL)
- domain = find_auth_domain(domain_name);
+ domain = find_auth_domain(state, domain_name);
if (domain != NULL) {
sendto_domain(state, domain);
@@ -1439,6 +1453,7 @@
} while ( (attempts < 2) && retry );
if (NT_STATUS_IS_OK(result)) {
+
netsamlogon_cache_store(name_user, &info3);
wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
More information about the samba-cvs
mailing list