winbindd: remove 'winbind trusted domains only' handling

This parameter is already deprecated in favor of the newer idmap_nss backend.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c
index b210645ea5a0e02eb06b527a39832ee52ac0b650..fa26ea805ee1d600e63abc64bf747d218b97face 100644 (file)
--- a/source3/winbindd/wb_getgrsid.c
+++ b/source3/winbindd/wb_getgrsid.c
@@ -60,17 +60,6 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
                return tevent_req_post(req, ev);
        }
 
-       if (lp_winbind_trusted_domains_only()) {
-               struct winbindd_domain *our_domain = find_our_domain();
-
-               if (dom_sid_compare_domain(group_sid, &our_domain->sid) == 0) {
-                       DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting "
-                                 "getgrsid() for %s\n", sid_string_tos(group_sid)));
-                       tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
-                       return tevent_req_post(req, ev);
-               }
-       }
-
        subreq = wb_lookupsid_send(state, ev, &state->sid);
        if (tevent_req_nomem(subreq, req)) {
                return tevent_req_post(req, ev);

diff --git a/source3/winbindd/wb_queryuser.c b/source3/winbindd/wb_queryuser.c
index 1c91949c2558bc674966ab5d91e420dd1f1065e3..17170c3352ac189daf0055956fb0fa04fd165bf2 100644 (file)
--- a/source3/winbindd/wb_queryuser.c
+++ b/source3/winbindd/wb_queryuser.c
@@ -50,18 +50,6 @@ struct tevent_req *wb_queryuser_send(TALLOC_CTX *mem_ctx,
        }
        state->ev = ev;
 
-       if (lp_winbind_trusted_domains_only()) {
-               struct winbindd_domain *our_domain = find_our_domain();
-
-               if (dom_sid_compare_domain(user_sid, &our_domain->sid) == 0) {
-                       char buf[DOM_SID_STR_BUFLEN];
-                       dom_sid_string_buf(user_sid, buf, sizeof(buf));
-                       DBG_NOTICE("My domain -- rejecting %s\n", buf);
-                       tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
-                       return tevent_req_post(req, ev);
-               }
-       }
-
        state->info = talloc_zero(state, struct wbint_userinfo);
        if (tevent_req_nomem(state->info, req)) {
                return tevent_req_post(req, ev);

diff --git a/source3/winbindd/winbindd_getpwnam.c b/source3/winbindd/winbindd_getpwnam.c
index f2c93362ca8e67c5e772283d715de9cea70c40da..73d3b3317ad12fec63ef00ca3ff3e476047ad12b 100644 (file)
--- a/source3/winbindd/winbindd_getpwnam.c
+++ b/source3/winbindd/winbindd_getpwnam.c
@@ -71,15 +71,6 @@ struct tevent_req *winbindd_getpwnam_send(TALLOC_CTX *mem_ctx,
                return tevent_req_post(req, ev);
        }
 
-       if (lp_winbind_trusted_domains_only()
-           && strequal(state->domname, lp_workgroup())) {
-               DEBUG(7,("winbindd_getpwnam: My domain -- "
-                        "rejecting getpwnam() for %s\\%s.\n",
-                        state->domname, state->username));
-               tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
-               return tevent_req_post(req, ev);
-       }
-
        subreq = wb_lookupname_send(state, ev, state->domname, state->username,
                                    LOOKUP_NAME_NO_NSS);
        if (tevent_req_nomem(subreq, req)) {

diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 34f38e5fbbb574d6cf69b071fb7e04ce3c1cad4e..b3439d078a3ea6445edd5f41ce9d34a4629cb16a 100644 (file)
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1085,7 +1085,7 @@ static bool assume_domain(const char *domain)
                if ( !strequal(lp_workgroup(), domain) )
                        return False;
 
-               if ( lp_winbind_use_default_domain() || lp_winbind_trusted_domains_only() )
+               if ( lp_winbind_use_default_domain() )
                        return True;
        }
 
@@ -1166,9 +1166,6 @@ bool canonicalize_username(fstring username_inout, fstring domain, fstring user)
 
     If we are a PDC or BDC, and this is for our domain, do likewise.
 
-    Also, if omit DOMAIN if 'winbind trusted domains only = true', as the
-    username is then unqualified in unix
-
     On an AD DC we always fill DOMAIN\\USERNAME.
 
     We always canonicalize as UPPERCASE DOMAIN, lowercase username.