BUG 9817: Fix 'map untrusted to domain' with NTLMv2.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104

diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index d4ace2c9193c9ddcb59eadd89a3be1317843650b..2b5c84d2760e1a0205b04da1a8117abc808c4fec 100644 (file)
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
        }
 
        /* Send off request */
-
        params.account_name     = user_info->client.account_name;
-       params.domain_name      = user_info->mapped.domain_name;
+       /*
+        * We need to send the domain name from the client to the DC. With
+        * NTLMv2 the domain name is part of the hashed second challenge,
+        * if we change the domain name, the DC will fail to verify the
+        * challenge cause we changed the domain name, this is like a
+        * man in the middle attack.
+        */
+       params.domain_name      = user_info->client.domain_name;
        params.workstation_name = user_info->workstation_name;
 
        params.flags            = 0;