added trusted realm support to ADS authentication

the method used for checking if a domain is a trusted domain is very
crude, we should really call a backend fn of some sort. For now I'm
using winbindd to do the dirty work.
(This used to be commit adf44a9bd0d997ba4dcfadc564a29149531525af)

1 files changed, 15 insertions, 13 deletions

diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index fc5a88ad64a..710b5f27fbf 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -29,19 +29,21 @@
 
 static BOOL check_domain_match(char *user, char *domain) 
 {
-  /*
-   * If we aren't serving to trusted domains, we must make sure that
-   * the validation request comes from an account in the same domain
-   * as the Samba server
-   */
-
-  if (!lp_allow_trusted_domains() &&
-      !(strequal("", domain) || strequal(lp_workgroup(), domain) || is_netbios_alias_or_name(domain))) {
-      DEBUG(1, ("check_domain_match: Attempt to connect as user %s from domain %s denied.\n", user, domain));
-      return False;
-  } else {
-      return True;
-  }
+	/*
+	 * If we aren't serving to trusted domains, we must make sure that
+	 * the validation request comes from an account in the same domain
+	 * as the Samba server
+	 */
+
+	if (!lp_allow_trusted_domains() &&
+	    !(strequal("", domain) || 
+	      strequal(lp_workgroup(), domain) || 
+	      is_netbios_alias_or_name(domain))) {
+		DEBUG(1, ("check_domain_match: Attempt to connect as user %s from domain %s denied.\n", user, domain));
+		return False;
+	} else {
+		return True;
+	}
 }
 
 /****************************************************************************