From e7bc23e44c014645964539aaf19892a8a187c4a4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 12 Jun 2017 15:35:41 +0200 Subject: [PATCH] s3:auth: remove "map untrusted to domain" handling Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source3/auth/auth_util.c | 37 ++++--------------------------------- 1 file changed, 4 insertions(+), 33 deletions(-) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 8e7fa914748..fbc36423e2b 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -110,12 +110,6 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx, NTSTATUS result; bool was_mapped; char *internal_username = NULL; - bool upn_form = false; - int map_untrusted = lp_map_untrusted_to_domain(); - - if (client_domain[0] == '\0' && strchr(smb_name, '@')) { - upn_form = true; - } was_mapped = map_username(talloc_tos(), smb_name, &internal_username); if (!internal_username) { @@ -125,35 +119,12 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx, DEBUG(5, ("Mapping user [%s]\\[%s] from workstation [%s]\n", client_domain, smb_name, workstation_name)); + /* + * We let the auth stack canonicalize, username + * and domain. + */ domain = client_domain; - /* If you connect to a Windows domain member using a bogus domain name, - * the Windows box will map the BOGUS\user to SAMNAME\user. Thus, if - * the Windows box is a DC the name will become DOMAIN\user and be - * authenticated against AD, if the Windows box is a member server but - * not a DC the name will become WORKSTATION\user. A standalone - * non-domain member box will also map to WORKSTATION\user. - * This also deals with the client passing in a "" domain */ - - if (map_untrusted != Auto && !upn_form && - !strequal(domain, my_sam_name()) && - !strequal(domain, get_global_sam_name()) && - !is_trusted_domain(domain)) - { - if (map_untrusted) { - domain = my_sam_name(); - } else { - domain = get_global_sam_name(); - } - DEBUG(5, ("Mapped domain from [%s] to [%s] for user [%s] from " - "workstation [%s]\n", - client_domain, domain, smb_name, workstation_name)); - } - - /* We know that the given domain is trusted (and we are allowing them), - * it is our global SAM name, or for legacy behavior it is our - * primary domain name */ - result = make_user_info(mem_ctx, user_info, smb_name, internal_username, client_domain, domain, workstation_name, remote_address, local_address, -- 2.11.4.GIT