winbindd: as DC we should try to get the target_domain from @SOMETHING part of the...

We still need a full routing table including all upn suffixes,
but this is a start to support NTLM authentication using user@REALM
against structed domains.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/selftest/knownfail b/selftest/knownfail
index c525447ccc412796a4d9c4468f7cb472e5a40acd..aa89dab93e42c77caf83396db4c159c431b8cc63 100644 (file)
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -324,14 +324,6 @@
 # rap password tests don't function in the ad_dc_ntvfs:local environment
 #
 ^samba.tests.auth_log_pass_change.samba.tests.auth_log_pass_change.AuthLogPassChangeTests.test_rap_change_password\(ad_dc_ntvfs:local\)
 # rap password tests don't function in the ad_dc_ntvfs:local environment
 #
 ^samba.tests.auth_log_pass_change.samba.tests.auth_log_pass_change.AuthLogPassChangeTests.test_rap_change_password\(ad_dc_ntvfs:local\)

-#
-# winbindd doesn't handle routing for domain="" and
-# account="Administrator@ADDOMAIN" yet.
-#
-^samba4.blackbox.trust_ntlm.Test09.*client.*with.Administrator@ADDOMAIN%locDCpass1\(fl2008r2dc:local\)
-^samba4.blackbox.trust_ntlm.Test10.*client.*with.Administrator@ADDOM.SAMBA.EXAMPLE.COM%locDCpass1\(fl2008r2dc:local\)
-^samba4.blackbox.trust_ntlm.Test09.*client.*with.Administrator@ADDOMAIN%locDCpass1\(fl2003dc:local\)
-^samba4.blackbox.trust_ntlm.Test10.*client.*with.Administrator@ADDOM.SAMBA.EXAMPLE.COM%locDCpass1\(fl2003dc:local\)

 # We currently don't send referrals for LDAP modify of non-replicated attrs
 ^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.*
 ^samba4.ldap.rodc_rwdc.python.*.__main__.RodcRwdcTests.test_change_password_reveal_on_demand_kerberos
 # We currently don't send referrals for LDAP modify of non-replicated attrs
 ^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.*
 ^samba4.ldap.rodc_rwdc.python.*.__main__.RodcRwdcTests.test_change_password_reveal_on_demand_kerberos

diff --git a/source3/winbindd/winbindd_irpc.c b/source3/winbindd/winbindd_irpc.c
index 36076439724c8defca1065de63069945fe027040..87b890b4a3f19d2cb97b3ac87390075d7d3e02f1 100644 (file)
--- a/source3/winbindd/winbindd_irpc.c
+++ b/source3/winbindd/winbindd_irpc.c
@@ -179,6 +179,15 @@ static NTSTATUS wb_irpc_SamLogon(struct irpc_message *msg,
                account_name = "";
        }
 
                account_name = "";
        }
 

+       if (IS_DC && target_domain_name[0] == '\0') {
+               const char *p = NULL;
+
+               p = strchr_m(account_name, '@');
+               if (p != NULL) {
+                       target_domain_name = p + 1;
+               }
+       }
+

        domain = find_auth_domain(0, target_domain_name);
        if (domain == NULL) {
                DBG_INFO("target_domain[%s] for account[%s] not known\n",
        domain = find_auth_domain(0, target_domain_name);
        if (domain == NULL) {
                DBG_INFO("target_domain[%s] for account[%s] not known\n",