diff options
| author | Stefan Metzmacher <metze@samba.org> | 2018-01-09 08:54:11 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2018-02-23 04:08:26 +0100 |
| commit | 57762229da971e837b923f09ca01bad6151f9419 (patch) | |
| tree | b2abb63941799cd873a18f8afc4625fea336d469 | |
| parent | 2e49a97777ebf5bffbeadca03517b4a21bca24c0 (diff) | |
| download | samba-57762229da971e837b923f09ca01bad6151f9419.tar.gz | |
s4:auth_sam: allow logons with an empty domain name
It turns out that an empty domain name maps to the local SAM.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 23 04:08:26 CET 2018 on sn-devel-144
| -rw-r--r-- | selftest/knownfail.d/empty-domain-bind | 1 | ||||
| -rw-r--r-- | selftest/knownfail.d/empty-domain-samlogon | 1 | ||||
| -rw-r--r-- | source4/auth/ntlm/auth_sam.c | 16 |
3 files changed, 10 insertions, 8 deletions
diff --git a/selftest/knownfail.d/empty-domain-bind b/selftest/knownfail.d/empty-domain-bind deleted file mode 100644 index 99d71c1cf39..00000000000 --- a/selftest/knownfail.d/empty-domain-bind +++ /dev/null @@ -1 +0,0 @@ -^samba4.ldap.bind\(fl2008r2dc\).__main__.BindTests.test_user_account_bind_no_domain.* diff --git a/selftest/knownfail.d/empty-domain-samlogon b/selftest/knownfail.d/empty-domain-samlogon deleted file mode 100644 index 925a03ad40f..00000000000 --- a/selftest/knownfail.d/empty-domain-samlogon +++ /dev/null @@ -1 +0,0 @@ -^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_SamLogonEx_no_domain diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index 5e2a5843fc4..8c5ebd747e7 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -739,6 +739,10 @@ static NTSTATUS authsam_want_check(struct auth_method_context *ctx, return NT_STATUS_NOT_IMPLEMENTED; } + if (effective_domain == NULL) { + effective_domain = ""; + } + is_local_name = lpcfg_is_myname(ctx->auth_ctx->lp_ctx, effective_domain); @@ -784,7 +788,7 @@ static NTSTATUS authsam_want_check(struct auth_method_context *ctx, return NT_STATUS_NOT_IMPLEMENTED; } - if (effective_domain != NULL && !strequal(effective_domain, "")) { + if (!strequal(effective_domain, "")) { DBG_DEBUG("%s is not one domain name (DC)\n", effective_domain); return NT_STATUS_NOT_IMPLEMENTED; @@ -792,11 +796,11 @@ static NTSTATUS authsam_want_check(struct auth_method_context *ctx, p = strchr_m(user_info->mapped.account_name, '@'); if (p == NULL) { - if (effective_domain == NULL) { - return NT_STATUS_OK; - } - DEBUG(6,("authsam_check_password: '' without upn not handled (DC)\n")); - return NT_STATUS_NOT_IMPLEMENTED; + /* + * An empty to domain name should be handled + * as the local domain name. + */ + return NT_STATUS_OK; } effective_domain = p + 1; |