CVE-2020-25717: s3:auth: don't let create_local_token depend on !winbind_ping()

[vlendec/samba-autobuild/.git] / source3 / auth / auth_util.c

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 26fa227e9b0590ceccd1ac357f6a4f8b93eaa6de..dec854d85c34f562ef13d1cf4271f2fd05863247 100644 (file)
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -570,13 +570,11 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
        }
 
        /*
-        * If winbind is not around, we can not make much use of the SIDs the
-        * domain controller provided us with. Likewise if the user name was
-        * mapped to some local unix user.
+        * If the user name was mapped to some local unix user,
+        * we can not make much use of the SIDs the
+        * domain controller provided us with.
         */
-
-       if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) ||
-           (server_info->nss_token)) {
+       if (server_info->nss_token) {
                char *found_username = NULL;
                status = create_token_from_username(session_info,
                                                    server_info->unix_name,