svn commit: samba r16480 - branches/SAMBA_3_0/source/nsswitch
trunk/source/nsswitch
gd at samba.org
gd at samba.org
Fri Jun 23 01:17:35 GMT 2006
Author: gd
Date: 2006-06-23 01:17:33 +0000 (Fri, 23 Jun 2006)
New Revision: 16480
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16480
Log:
(Ugly) workaround before the set_dc_type_flags & friends cleanup:
When trying to login using krb5 with a trusted domain account, we
need to make sure that our and the remote domain are AD.
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
trunk/source/nsswitch/winbindd_pam.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-06-22 23:56:20 UTC (rev 16479)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-06-23 01:17:33 UTC (rev 16480)
@@ -6,7 +6,7 @@
Copyright (C) Andrew Tridgell 2000
Copyright (C) Tim Potter 2001
Copyright (C) Andrew Bartlett 2001-2002
- Copyright (C) Guenther Deschner 2005
+ Copyright (C) Guenther Deschner 2005-2006
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -221,6 +221,44 @@
return NULL;
}
+ if (strequal(domain_name, lp_workgroup())) {
+ return find_our_domain();
+ }
+
+#ifdef HAVE_ADS
+
+ /* when trying to login using krb5 with a trusted domain account, we
+ * need to make sure that our and the remote domain are AD */
+
+ if ((state->request.flags & WBFLAG_PAM_KRB5) &&
+ (lp_security() == SEC_ADS)) {
+
+ struct winbindd_domain *our_domain = find_our_domain();
+
+ if (!our_domain->active_directory) {
+ DEBUG(3,("find_auth_domain: out domain is not AD\n"));
+ return NULL;
+ }
+
+ if ((domain = find_domain_from_name_noinit(domain_name)) == NULL) {
+ return NULL;
+ }
+
+ /* do we already know it's AD ? */
+ if (domain->active_directory) {
+ return domain;
+ }
+
+ set_dc_type_and_flags(domain);
+
+ if (!domain->active_directory) {
+ DEBUG(3,("find_auth_domain: remote domain is not AD\n"));
+ return NULL;
+ }
+
+ return domain;
+ }
+#endif
return find_our_domain();
}
Modified: trunk/source/nsswitch/winbindd_pam.c
===================================================================
--- trunk/source/nsswitch/winbindd_pam.c 2006-06-22 23:56:20 UTC (rev 16479)
+++ trunk/source/nsswitch/winbindd_pam.c 2006-06-23 01:17:33 UTC (rev 16480)
@@ -6,7 +6,7 @@
Copyright (C) Andrew Tridgell 2000
Copyright (C) Tim Potter 2001
Copyright (C) Andrew Bartlett 2001-2002
- Copyright (C) Guenther Deschner 2005
+ Copyright (C) Guenther Deschner 2005-2006
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -221,6 +221,44 @@
return NULL;
}
+ if (strequal(domain_name, lp_workgroup())) {
+ return find_our_domain();
+ }
+
+#ifdef HAVE_ADS
+
+ /* when trying to login using krb5 with a trusted domain account, we
+ * need to make sure that our and the remote domain are AD */
+
+ if ((state->request.flags & WBFLAG_PAM_KRB5) &&
+ (lp_security() == SEC_ADS)) {
+
+ struct winbindd_domain *our_domain = find_our_domain();
+
+ if (!our_domain->active_directory) {
+ DEBUG(3,("find_auth_domain: out domain is not AD\n"));
+ return NULL;
+ }
+
+ if ((domain = find_domain_from_name_noinit(domain_name)) == NULL) {
+ return NULL;
+ }
+
+ /* do we already know it's AD ? */
+ if (domain->active_directory) {
+ return domain;
+ }
+
+ set_dc_type_and_flags(domain);
+
+ if (!domain->active_directory) {
+ DEBUG(3,("find_auth_domain: remote domain is not AD\n"));
+ return NULL;
+ }
+
+ return domain;
+ }
+#endif
return find_our_domain();
}
More information about the samba-cvs
mailing list