From 948a1dab4d3bb014b438636208055c78206f8dbd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 3 Apr 2017 00:19:48 +0200 Subject: [PATCH] winbindd: allow wbinfo -a REALM\\user to work on a DC find_domain_from_name_noinit() find the correct domain based on domain->alt_name, but the child for the local domain fails to detect that winbindd_dual_auth_passdb() should be used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source3/winbindd/winbindd_pam.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index a466015bcbf..292f556e25b 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1564,7 +1564,16 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(TALLOC_CTX *mem_ctx, parse_domain_user(user, name_domain, name_user); - if (strequal(name_domain, get_global_sam_name())) { + /* + * We check against domain->name instead of + * name_domain, as find_auth_domain() -> + * find_domain_from_name_noinit() already decided + * that we are in a child for the correct domain. + * + * name_domain can also be lp_realm() + * we need to check against domain->name. + */ + if (strequal(domain->name, get_global_sam_name())) { DATA_BLOB chal_blob = data_blob_const(chal, sizeof(chal)); /* do password magic */ @@ -2004,7 +2013,16 @@ NTSTATUS winbind_dual_SamLogon(struct winbindd_domain *domain, { NTSTATUS result; - if (strequal(name_domain, get_global_sam_name())) { + /* + * We check against domain->name instead of + * name_domain, as find_auth_domain() -> + * find_domain_from_name_noinit() already decided + * that we are in a child for the correct domain. + * + * name_domain can also be lp_realm() + * we need to check against domain->name. + */ + if (strequal(domain->name, get_global_sam_name())) { DATA_BLOB chal_blob = data_blob_const( chal, 8); -- 2.11.4.GIT