diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-06-12 15:35:41 +0200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-12-13 20:34:23 +0100 |
| commit | e7bc23e44c014645964539aaf19892a8a187c4a4 (patch) | |
| tree | dc0e45f12a64a0a4f7fcad47bf43f2af2767bd26 /source3/auth | |
| parent | 16316e157ba74db4201a36877721a288590c98e6 (diff) | |
| download | samba-e7bc23e44c014645964539aaf19892a8a187c4a4.tar.gz | |
s3:auth: remove "map untrusted to domain" handling
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_util.c | 37 |
1 files changed, 4 insertions, 33 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 8e7fa914748..fbc36423e2b 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -110,12 +110,6 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx, NTSTATUS result; bool was_mapped; char *internal_username = NULL; - bool upn_form = false; - int map_untrusted = lp_map_untrusted_to_domain(); - - if (client_domain[0] == '\0' && strchr(smb_name, '@')) { - upn_form = true; - } was_mapped = map_username(talloc_tos(), smb_name, &internal_username); if (!internal_username) { @@ -125,35 +119,12 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx, DEBUG(5, ("Mapping user [%s]\\[%s] from workstation [%s]\n", client_domain, smb_name, workstation_name)); + /* + * We let the auth stack canonicalize, username + * and domain. + */ domain = client_domain; - /* If you connect to a Windows domain member using a bogus domain name, - * the Windows box will map the BOGUS\user to SAMNAME\user. Thus, if - * the Windows box is a DC the name will become DOMAIN\user and be - * authenticated against AD, if the Windows box is a member server but - * not a DC the name will become WORKSTATION\user. A standalone - * non-domain member box will also map to WORKSTATION\user. - * This also deals with the client passing in a "" domain */ - - if (map_untrusted != Auto && !upn_form && - !strequal(domain, my_sam_name()) && - !strequal(domain, get_global_sam_name()) && - !is_trusted_domain(domain)) - { - if (map_untrusted) { - domain = my_sam_name(); - } else { - domain = get_global_sam_name(); - } - DEBUG(5, ("Mapped domain from [%s] to [%s] for user [%s] from " - "workstation [%s]\n", - client_domain, domain, smb_name, workstation_name)); - } - - /* We know that the given domain is trusted (and we are allowing them), - * it is our global SAM name, or for legacy behavior it is our - * primary domain name */ - result = make_user_info(mem_ctx, user_info, smb_name, internal_username, client_domain, domain, workstation_name, remote_address, local_address, |