[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1086-g22b9d9d

Steven Danneman sdanneman at samba.org
Thu May 28 20:24:25 GMT 2009

The branch, v3-4-test has been updated
       via  22b9d9d28d9acd68a9bc492530fcd0a565ff0aa3 (commit)
      from  4ca03e3bb96518665c296ba2cf5aa1d91916897e (commit)


- Log -----------------------------------------------------------------
commit 22b9d9d28d9acd68a9bc492530fcd0a565ff0aa3
Author: Steven Danneman <steven.danneman at isilon.com>
Date:   Wed May 27 17:14:49 2009 -0700

    s3/auth map NULL domains to our global sam name
    This is an addendum to d8c54fdd, which made make_user_info_map() match
    Windows behavior by mapping untrusted domains given to smbd on the wire
    with the users credentials to smbd's global sam name.
    This fix was being circumvented in the case where the client passed
    a NULL domain.  Vista clients do this.  In that case smbd was always
    remapping the name to the machine workgroup.  The NULL domain case
    should also be mapped to the global sam name.
    Removing the code in this patch, causes us to fall down to the logic
    added in d8c54fdd and properly map the domain.
    (cherry picked from commit fbca26923915a70031f561b198cfe2cc0d9c3aa6)


Summary of changes:
 source3/auth/auth_util.c |   12 +++---------
 1 files changed, 3 insertions(+), 9 deletions(-)

Changeset truncated at 500 lines:

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 24c5a82..4a8fc95 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -207,21 +207,15 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
 	DEBUG(5, ("Mapping user [%s]\\[%s] from workstation [%s]\n",
 		 client_domain, smb_name, wksta_name));
-	/* don't allow "" as a domain, fixes a Win9X bug
-	   where it doens't supply a domain for logon script
-	   'net use' commands.                                 */
-	if ( *client_domain )
-		domain = client_domain;
-	else
-		domain = lp_workgroup();
+	domain = client_domain;
 	/* If you connect to a Windows domain member using a bogus domain name,
 	 * the Windows box will map the BOGUS\user to SAMNAME\user.  Thus, if
 	 * the Windows box is a DC the name will become DOMAIN\user and be
 	 * authenticated against AD, if the Windows box is a member server but
 	 * not a DC the name will become WORKSTATION\user.  A standalone
-	 * non-domain member box will also map to WORKSTATION\user. */
+	 * non-domain member box will also map to WORKSTATION\user.
+	 * This also deals with the client passing in a "" domain */
 	if (!is_trusted_domain(domain) &&
 	    !strequal(domain, get_global_sam_name()) )

Samba Shared Repository

More information about the samba-cvs mailing list