auth3: call is_trusted_domain() as the last condition make_user_info_map()

We should avoid contacting winbind if we already know the domain is our
local sam or our primary domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index ffd60e0b4670c21c0e1c1013d0b2573f1af4535a..ec597e8884f0c4dcccc0dd0800f1105ac404bde3 100644 (file)
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -134,9 +134,11 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx,
         * non-domain member box will also map to WORKSTATION\user.
         * This also deals with the client passing in a "" domain */
 
-       if (!upn_form && !is_trusted_domain(domain) &&
+       if (!upn_form &&
            !strequal(domain, my_sam_name()) &&
-           !strequal(domain, get_global_sam_name())) {
+           !strequal(domain, get_global_sam_name()) &&
+           !is_trusted_domain(domain))
+       {
                if (lp_map_untrusted_to_domain())
                        domain = my_sam_name();
                else