diff options
author | Stefan Metzmacher <metze@samba.org> | 2022-03-03 23:23:21 +0100 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2022-03-16 14:27:12 +0000 |
commit | 8fa656cdeed16e24803ecae840397f94412821c2 (patch) | |
tree | 2a20bcbcd9b3e92056073576d11c71ba9e5655a2 | |
parent | 9b631f4efebd45b921a7d0461fe2b548698003aa (diff) | |
download | samba-8fa656cdeed16e24803ecae840397f94412821c2.tar.gz |
winbindd: don't set mapped_state in winbindd_dual_auth_passdb()
mapped_state is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in authsam_check_password_internals()
This doesn't apply here. We should also handle wbinfo -a
authentication UPN names, e.g. administrator@DOMAIN,
even if the account belongs to the local sam.
With this change the behavior is consistent also locally on DCs and
also an RODC can handle these requests locally for cached accounts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8dfdbe095a4c8a7bedd29341656a7c3164517713)
-rw-r--r-- | selftest/knownfail.d/samba.blackbox.wbinfo | 2 | ||||
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 3 |
2 files changed, 0 insertions, 5 deletions
diff --git a/selftest/knownfail.d/samba.blackbox.wbinfo b/selftest/knownfail.d/samba.blackbox.wbinfo deleted file mode 100644 index fa71377ffde..00000000000 --- a/selftest/knownfail.d/samba.blackbox.wbinfo +++ /dev/null @@ -1,2 +0,0 @@ -^samba.blackbox.wbinfo.ad_dc.*.wbinfo.-a.against.*.with.domain.upn.creds -^samba.blackbox.wbinfo.promoted_dc.*.wbinfo.-a.against.*.with.domain.upn.creds diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index d50439de424..4f371bebeee 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1430,9 +1430,6 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - /* We don't want any more mapping of the username */ - user_info->mapped_state = True; - /* We don't want to come back to winbindd or to do PAM account checks */ user_info->flags |= USER_INFO_INFO3_AND_NO_AUTHZ; |