From b483f825562276581a667c34cf1fc2b46eefd470 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Wed, 29 Nov 2017 11:41:38 +0100
Subject: [PATCH 1/2] ntlm_auth: Honour "winbind use default domain" when empty
 domain is given

The ntlm_auth command line arguments parser only sets the domain to the
winbind domain when no domain argument is given or there is no domain part
in the user name.

If an empty domain is given (eg: --domain="" or --username="\user") when
"winbind use default domain" is set then the winbind domain has to be used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13126

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
---
 source3/utils/ntlm_auth.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 3f544902a24..84c71ef8782 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -2432,8 +2432,15 @@ enum {
 		}
 	}
 
-	/* Note: if opt_domain is "" then send no domain */
+	/* Note: if opt_domain is "" and "winbind use default domain" is not
+	 * set, then send no domain. */
 	if (opt_domain == NULL) {
+		/* If no domain given, use winbind domain. */
+		opt_domain = get_winbind_domain();
+	} else if (strlen(opt_domain) == 0 &&
+		   lp_winbind_use_default_domain()) {
+		/* If empty domain ("") is given but "winbind use default
+		 * domain" is set, use winbind domain. */
 		opt_domain = get_winbind_domain();
 	}
 
-- 
2.15.0