From b2c46516d3ed101d5afbebd96677f6232a026e78 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 24 Apr 2013 15:27:21 +0200
Subject: [PATCH] BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104
---
 source3/auth/auth_winbind.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index d4ace2c..2b5c84d 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 	}
 
 	/* Send off request */
-
 	params.account_name	= user_info->client.account_name;
-	params.domain_name	= user_info->mapped.domain_name;
+	/*
+	 * We need to send the domain name from the client to the DC. With
+	 * NTLMv2 the domain name is part of the hashed second challenge,
+	 * if we change the domain name, the DC will fail to verify the
+	 * challenge cause we changed the domain name, this is like a
+	 * man in the middle attack.
+	 */
+	params.domain_name	= user_info->client.domain_name;
 	params.workstation_name	= user_info->workstation_name;
 
 	params.flags		= 0;
-- 
1.8.2.1