diff options
| author | Stefan Metzmacher <metze@samba.org> | 2008-12-04 15:09:21 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2008-12-04 15:45:16 +0100 |
| commit | 180245fce0f0d73d924ca6a25db3fc78934c40d1 (patch) | |
| tree | f516ef075f5e2852a4998cf24bffb307f5880bc9 /source4/auth | |
| parent | 0f38bd90722469c6dbf1bcc7f56d3fbf6db3a8e8 (diff) | |
| download | samba-180245fce0f0d73d924ca6a25db3fc78934c40d1.tar.gz | |
s4:kdc: allow a trusted domain to get kerberos tickets
metze
Diffstat (limited to 'source4/auth')
| -rw-r--r-- | source4/auth/auth.h | 3 | ||||
| -rw-r--r-- | source4/auth/ntlm/auth_sam.c | 3 | ||||
| -rw-r--r-- | source4/auth/sam.c | 12 |
3 files changed, 11 insertions, 7 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h index af9ed52f782..360da50f70a 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -204,7 +204,8 @@ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct ldb_message *msg_domain_ref, const char *logon_workstation, - const char *name_for_logs); + const char *name_for_logs, + bool allow_domain_trust); struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, const char *netbios_name, diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index d1be5b6e30f..384d342e00d 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -262,7 +262,8 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context, msgs[0], msgs_domain_ref[0], user_info->workstation_name, - user_info->mapped.account_name); + user_info->mapped.account_name, + false); return nt_status; } diff --git a/source4/auth/sam.c b/source4/auth/sam.c index f6a998ae0f1..4b848cffe0a 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -144,7 +144,8 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct ldb_message *msg_domain_ref, const char *logon_workstation, - const char *name_for_logs) + const char *name_for_logs, + bool allow_domain_trust) { uint16_t acct_flags; const char *workstation_list; @@ -231,11 +232,12 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_LOGON_HOURS; } - if (acct_flags & ACB_DOMTRUST) { - DEBUG(2,("sam_account_ok: Domain trust account %s denied by server\n", name_for_logs)); - return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT; + if (!allow_domain_trust) { + if (acct_flags & ACB_DOMTRUST) { + DEBUG(2,("sam_account_ok: Domain trust account %s denied by server\n", name_for_logs)); + return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT; + } } - if (!(logon_parameters & MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT)) { if (acct_flags & ACB_SVRTRUST) { DEBUG(2,("sam_account_ok: Server trust account %s denied by server\n", name_for_logs)); |