Fix bug #9039 'map untrusted to domain' treats WORKSTATION as bogus domain.

[metze/samba/wip.git] / source3 / auth / auth_util.c

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 28d934add37ca8ee33a109d94b40d8459a68e22f..ceaa7064d5908d19347f696ee013c0b9a34a5d77 100644 (file)
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -125,7 +125,8 @@ NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
         * This also deals with the client passing in a "" domain */
 
        if (!is_trusted_domain(domain) &&
-           !strequal(domain, my_sam_name()))
+           !strequal(domain, my_sam_name()) &&
+           !strequal(domain, get_global_sam_name()))
        {
                if (lp_map_untrusted_to_domain())
                        domain = my_sam_name();
@@ -207,16 +208,12 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
                                         uint32 logon_parameters,
                                         const uchar chal[8], 
                                         const uchar lm_interactive_pwd[16], 
-                                        const uchar nt_interactive_pwd[16], 
-                                        const uchar *dc_sess_key)
+                                        const uchar nt_interactive_pwd[16])
 {
        struct samr_Password lm_pwd;
        struct samr_Password nt_pwd;
        unsigned char local_lm_response[24];
        unsigned char local_nt_response[24];
-       unsigned char key[16];
-
-       memcpy(key, dc_sess_key, 16);
 
        if (lm_interactive_pwd)
                memcpy(lm_pwd.hash, lm_interactive_pwd, sizeof(lm_pwd.hash));
@@ -224,31 +221,6 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
        if (nt_interactive_pwd)
                memcpy(nt_pwd.hash, nt_interactive_pwd, sizeof(nt_pwd.hash));
 
-#ifdef DEBUG_PASSWORD
-       DEBUG(100,("key:"));
-       dump_data(100, key, sizeof(key));
-
-       DEBUG(100,("lm owf password:"));
-       dump_data(100, lm_pwd.hash, sizeof(lm_pwd.hash));
-
-       DEBUG(100,("nt owf password:"));
-       dump_data(100, nt_pwd.hash, sizeof(nt_pwd.hash));
-#endif
-
-       if (lm_interactive_pwd)
-               arcfour_crypt(lm_pwd.hash, key, sizeof(lm_pwd.hash));
-
-       if (nt_interactive_pwd)
-               arcfour_crypt(nt_pwd.hash, key, sizeof(nt_pwd.hash));
-
-#ifdef DEBUG_PASSWORD
-       DEBUG(100,("decrypt of lm owf password:"));
-       dump_data(100, lm_pwd.hash, sizeof(lm_pwd));
-
-       DEBUG(100,("decrypt of nt owf password:"));
-       dump_data(100, nt_pwd.hash, sizeof(nt_pwd));
-#endif
-
        if (lm_interactive_pwd)
                SMBOWFencrypt(lm_pwd.hash, chal,
                              local_lm_response);
@@ -257,14 +229,11 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
                SMBOWFencrypt(nt_pwd.hash, chal,
                              local_nt_response);
 
-       /* Password info paranoia */
-       ZERO_STRUCT(key);
-
        {
                bool ret;
                NTSTATUS nt_status;
-               DATA_BLOB local_lm_blob;
-               DATA_BLOB local_nt_blob;
+               DATA_BLOB local_lm_blob = data_blob_null;
+               DATA_BLOB local_nt_blob = data_blob_null;
 
                if (lm_interactive_pwd) {
                        local_lm_blob = data_blob(local_lm_response,
@@ -1252,7 +1221,9 @@ static NTSTATUS check_account(TALLOC_CTX *mem_ctx, const char *domain,
        if (!lower_username) {
                return NT_STATUS_NO_MEMORY;
        }
-       strlower_m( lower_username );
+       if (!strlower_m( lower_username )) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
 
        orig_dom_user = talloc_asprintf(mem_ctx,
                                "%s%c%s",
@@ -1329,7 +1300,8 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
                        /* make sure we get the case of the username correct */
                        /* work around 'winbind use default domain = yes' */
 
-                       if ( !strchr_m( pw->pw_name, *lp_winbind_separator() ) ) {
+                       if ( lp_winbind_use_default_domain() &&
+                            !strchr_m( pw->pw_name, *lp_winbind_separator() ) ) {
                                char *domain;
 
                                /* split the domain and username into 2 strings */