auth3: handle ROLE_ACTIVE_DIRECTORY_DC before lp_auth_methods() in make_auth_context_...

"auth methods" never works as AD DC at all, so there's not really a change.

This allows us to implement "auth methods" (temporary) for the auth4 stack.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 3d82f2b06cecb9d035f04d473a953d20ecb9b550..e2e99a1dfe58356939949499b0f146aeaa237179 100644 (file)
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -485,6 +485,15 @@ static NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx,
        const char *methods = NULL;
        NTSTATUS nt_status;
 
+       switch (lp_server_role()) {
+       case ROLE_ACTIVE_DIRECTORY_DC:
+               DEBUG(5,("Making default auth method list for server role = "
+                        "'active directory domain controller'\n"));
+               return make_auth_context_specific(mem_ctx, auth_context, "samba4");
+       default:
+               break;
+       }
+
        if (lp_auth_methods()) {
                DEBUG(5,("Using specified auth order\n"));
                nt_status = make_auth_context_text_list(
@@ -512,10 +521,6 @@ static NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx,
                        methods = "guest unix";
                }
                break;
-       case ROLE_ACTIVE_DIRECTORY_DC:
-               DEBUG(5,("Making default auth method list for server role = 'active directory domain controller'\n"));
-               methods = "samba4";
-               break;
        default:
                DEBUG(5,("Unknown auth method!\n"));
                return NT_STATUS_UNSUCCESSFUL;