Lines 110-115
NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx,
|
Link Here
|
---|
|
110 |
NTSTATUS result; |
110 |
NTSTATUS result; |
111 |
bool was_mapped; |
111 |
bool was_mapped; |
112 |
char *internal_username = NULL; |
112 |
char *internal_username = NULL; |
|
|
113 |
bool upn_form = false; |
114 |
int map_untrusted = lp_map_untrusted_to_domain(); |
115 |
|
116 |
if (client_domain[0] == '\0' && strchr(smb_name, '@')) { |
117 |
upn_form = true; |
118 |
} |
113 |
|
119 |
|
114 |
was_mapped = map_username(talloc_tos(), smb_name, &internal_username); |
120 |
was_mapped = map_username(talloc_tos(), smb_name, &internal_username); |
115 |
if (!internal_username) { |
121 |
if (!internal_username) { |
Lines 119-130
NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx,
|
Link Here
|
---|
|
119 |
DEBUG(5, ("Mapping user [%s]\\[%s] from workstation [%s]\n", |
125 |
DEBUG(5, ("Mapping user [%s]\\[%s] from workstation [%s]\n", |
120 |
client_domain, smb_name, workstation_name)); |
126 |
client_domain, smb_name, workstation_name)); |
121 |
|
127 |
|
122 |
/* |
|
|
123 |
* We let the auth stack canonicalize, username |
124 |
* and domain. |
125 |
*/ |
126 |
domain = client_domain; |
128 |
domain = client_domain; |
127 |
|
129 |
|
|
|
130 |
/* If you connect to a Windows domain member using a bogus domain name, |
131 |
* the Windows box will map the BOGUS\user to SAMNAME\user. Thus, if |
132 |
* the Windows box is a DC the name will become DOMAIN\user and be |
133 |
* authenticated against AD, if the Windows box is a member server but |
134 |
* not a DC the name will become WORKSTATION\user. A standalone |
135 |
* non-domain member box will also map to WORKSTATION\user. |
136 |
* This also deals with the client passing in a "" domain */ |
137 |
|
138 |
if (map_untrusted != Auto && !upn_form && |
139 |
!strequal(domain, my_sam_name()) && |
140 |
!strequal(domain, get_global_sam_name()) && |
141 |
!is_trusted_domain(domain)) |
142 |
{ |
143 |
if (map_untrusted) { |
144 |
domain = my_sam_name(); |
145 |
} else { |
146 |
domain = get_global_sam_name(); |
147 |
} |
148 |
DEBUG(5, ("Mapped domain from [%s] to [%s] for user [%s] from " |
149 |
"workstation [%s]\n", |
150 |
client_domain, domain, smb_name, workstation_name)); |
151 |
} |
152 |
|
153 |
/* We know that the given domain is trusted (and we are allowing them), |
154 |
* it is our global SAM name, or for legacy behavior it is our |
155 |
* primary domain name */ |
156 |
|
128 |
result = make_user_info(mem_ctx, user_info, smb_name, internal_username, |
157 |
result = make_user_info(mem_ctx, user_info, smb_name, internal_username, |
129 |
client_domain, domain, workstation_name, |
158 |
client_domain, domain, workstation_name, |
130 |
remote_address, local_address, |
159 |
remote_address, local_address, |