diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-02-20 10:50:09 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-02-20 10:50:09 +0000 |
commit | 512405321ac60ae8b1d6dd80139ff9a50add8714 (patch) | |
tree | b69973fe93493baf79ca634032a3ea988ab783a7 | |
parent | 215ff67a039d3dea516d70d538083db8833f7b7e (diff) | |
download | samba-512405321ac60ae8b1d6dd80139ff9a50add8714.tar.gz samba-512405321ac60ae8b1d6dd80139ff9a50add8714.tar.bz2 samba-512405321ac60ae8b1d6dd80139ff9a50add8714.zip |
Like for NTLM logins, lookup the 'winbind' user first, then the 'local' user.
This needs to change, to be a SID->UID lookup from the PAC.
Andrew Bartlett
(This used to be commit 4071ed06a051f87f27e10510427a69fcdf45ddac)
-rw-r--r-- | source3/smbd/sesssetup.c | 32 |
1 files changed, 14 insertions, 18 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index e408cc88e9..3a3209f172 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -148,6 +148,7 @@ static int reply_spnego_kerberos(connection_struct *conn, DATA_BLOB auth_data; auth_serversupplied_info *server_info = NULL; ADS_STRUCT *ads; + BOOL foreign = False; if (!spnego_parse_krb5_wrap(*secblob, &ticket)) { return ERROR_NT(NT_STATUS_LOGON_FAILURE); @@ -185,12 +186,20 @@ static int reply_spnego_kerberos(connection_struct *conn, if (!lp_allow_trusted_domains()) { return ERROR_NT(NT_STATUS_LOGON_FAILURE); } - /* this gives a fully qualified user name (ie. with full realm). - that leads to very long usernames, but what else can we do? */ - asprintf(&user, "%s%s%s", p+1, lp_winbind_separator(), client); - } else { - user = strdup(client); + foreign = True; + } + + /* this gives a fully qualified user name (ie. with full realm). + that leads to very long usernames, but what else can we do? */ + asprintf(&user, "%s%s%s", p+1, lp_winbind_separator(), client); + + pw = Get_Pwnam(user); + if (!pw && !foreign) { + pw = Get_Pwnam(client); + SAFE_FREE(user); + user = smb_xstrdup(client); } + ads_destroy(&ads); /* setup the string used by %U */ @@ -198,19 +207,6 @@ static int reply_spnego_kerberos(connection_struct *conn, reload_services(True); - /* the password is good - let them in */ - pw = Get_Pwnam(user); - if (!pw && !strstr(user, lp_winbind_separator())) { - char *user2; - /* try it with a winbind domain prefix */ - asprintf(&user2, "%s%s%s", lp_workgroup(), lp_winbind_separator(), user); - pw = Get_Pwnam(user2); - if (pw) { - free(user); - user = user2; - } - } - if (!pw) { DEBUG(1,("Username %s is invalid on this system\n",user)); return ERROR_NT(NT_STATUS_NO_SUCH_USER); |