diff options
author | Gerald Carter <jerry@samba.org> | 2003-10-20 16:50:14 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2003-10-20 16:50:14 +0000 |
commit | bfcb776abd1ead323963912efef2641e0bc41a03 (patch) | |
tree | 5b493e2b7f6e1bc4078fca8a452ceff03c9df17e | |
parent | 1db4a703a8aa1caf53da68a9dd085b6ff0a25505 (diff) | |
download | samba-bfcb776abd1ead323963912efef2641e0bc41a03.tar.gz samba-bfcb776abd1ead323963912efef2641e0bc41a03.tar.bz2 samba-bfcb776abd1ead323963912efef2641e0bc41a03.zip |
more 2.2.x compatibility fixes - allow user looksup in the kerb5
sesssetup to fall back to 'user' instaed of failing is REA.LM\user
doesn't exist.
also fix include line in smb_acls.h as requested by metze
(This used to be commit 5ccf6baad7ffb1f992aaf24b41ef5c83362cf613)
-rw-r--r-- | source3/auth/auth_util.c | 26 | ||||
-rw-r--r-- | source3/include/smb_acls.h | 2 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 23 |
3 files changed, 36 insertions, 15 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 3803741466..71634f08ed 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -942,7 +942,7 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx, /* This is pointless -- there is no suport for differeing unix and windows names. Make sure to always store the - one we actuall looked up and succeeded. Have I mentioned + one we actually looked up and succeeded. Have I mentioned why I hate the 'winbind use default domain' parameter? --jerry */ @@ -951,6 +951,30 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx, return pdb_init_sam_pw(sam_account, passwd); } +/**************************************************************************** + Wrapper to allow the getpwnam() call to styrip the domain name and + try again in case a local UNIX user is already there. + ****************************************************************************/ + +struct passwd *smb_getpwnam( char *domuser ) +{ + struct passwd *pw; + char *p; + + pw = Get_Pwnam( domuser ); + if ( pw ) + return pw; + + /* fallback to looking up just the username */ + + p = strchr( domuser, *lp_winbind_separator() ); + + if ( p ) + return Get_Pwnam(p+1); + + return NULL; +} + /*************************************************************************** Make a server_info struct from the info3 returned by a domain logon ***************************************************************************/ diff --git a/source3/include/smb_acls.h b/source3/include/smb_acls.h index e7edb62bde..2bde6caeda 100644 --- a/source3/include/smb_acls.h +++ b/source3/include/smb_acls.h @@ -195,7 +195,7 @@ typedef struct SMB_ACL_T { /* Donated by Medha Date, mdate@austin.ibm.com, for IBM */ -#include "/usr/include/acl.h" +#include <acl.h> typedef uint *SMB_ACL_PERMSET_T; diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 427caa3ba1..945855b832 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -198,28 +198,25 @@ static int reply_spnego_kerberos(connection_struct *conn, /* this gives a fully qualified user name (ie. with full realm). that leads to very long usernames, but what else can we do? */ - asprintf(&user, "%s%s%s", p+1, lp_winbind_separator(), client); + + asprintf(&user, "%s%c%s", p+1, *lp_winbind_separator(), client); - pw = Get_Pwnam(user); - if (!pw && !foreign) { - pw = Get_Pwnam(client); - SAFE_FREE(user); - user = smb_xstrdup(client); - } - + pw = smb_getpwnam( user ); + + SAFE_FREE(user); SAFE_FREE(client); - /* setup the string used by %U */ - sub_set_smb_name(user); - - reload_services(True); - if (!pw) { DEBUG(1,("Username %s is invalid on this system\n",user)); data_blob_free(&ap_rep); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } + /* setup the string used by %U */ + + sub_set_smb_name(pw->pw_name); + reload_services(True); + if (!NT_STATUS_IS_OK(ret = make_server_info_pw(&server_info,pw))) { DEBUG(1,("make_server_info_from_pw failed!\n")); data_blob_free(&ap_rep); |