summaryrefslogtreecommitdiffstats
path: root/source3/auth/auth.c
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2001-12-19 09:53:30 +0000
committerAndrew Tridgell <tridge@samba.org>2001-12-19 09:53:30 +0000
commit9126a40e2c33e0eb4cd57ab381634e08fa59e7a7 (patch)
tree3e3d6b90df016a7bf98225d49269977e88f1cb0f /source3/auth/auth.c
parenta062e58d9e47f95ac7c66668b3cfe1f72386f6e0 (diff)
downloadsamba-9126a40e2c33e0eb4cd57ab381634e08fa59e7a7.tar.gz
samba-9126a40e2c33e0eb4cd57ab381634e08fa59e7a7.tar.xz
samba-9126a40e2c33e0eb4cd57ab381634e08fa59e7a7.zip
added trusted realm support to ADS authentication
the method used for checking if a domain is a trusted domain is very crude, we should really call a backend fn of some sort. For now I'm using winbindd to do the dirty work. (This used to be commit adf44a9bd0d997ba4dcfadc564a29149531525af)
Diffstat (limited to 'source3/auth/auth.c')
-rw-r--r--source3/auth/auth.c28
1 files changed, 15 insertions, 13 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index fc5a88ad64a..710b5f27fbf 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -29,19 +29,21 @@
static BOOL check_domain_match(char *user, char *domain)
{
- /*
- * If we aren't serving to trusted domains, we must make sure that
- * the validation request comes from an account in the same domain
- * as the Samba server
- */
-
- if (!lp_allow_trusted_domains() &&
- !(strequal("", domain) || strequal(lp_workgroup(), domain) || is_netbios_alias_or_name(domain))) {
- DEBUG(1, ("check_domain_match: Attempt to connect as user %s from domain %s denied.\n", user, domain));
- return False;
- } else {
- return True;
- }
+ /*
+ * If we aren't serving to trusted domains, we must make sure that
+ * the validation request comes from an account in the same domain
+ * as the Samba server
+ */
+
+ if (!lp_allow_trusted_domains() &&
+ !(strequal("", domain) ||
+ strequal(lp_workgroup(), domain) ||
+ is_netbios_alias_or_name(domain))) {
+ DEBUG(1, ("check_domain_match: Attempt to connect as user %s from domain %s denied.\n", user, domain));
+ return False;
+ } else {
+ return True;
+ }
}
/****************************************************************************