summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-10-20 16:50:14 +0000
committerGerald Carter <jerry@samba.org>2003-10-20 16:50:14 +0000
commitbfcb776abd1ead323963912efef2641e0bc41a03 (patch)
tree5b493e2b7f6e1bc4078fca8a452ceff03c9df17e
parent1db4a703a8aa1caf53da68a9dd085b6ff0a25505 (diff)
downloadsamba-bfcb776abd1ead323963912efef2641e0bc41a03.tar.gz
samba-bfcb776abd1ead323963912efef2641e0bc41a03.tar.bz2
samba-bfcb776abd1ead323963912efef2641e0bc41a03.zip
more 2.2.x compatibility fixes - allow user looksup in the kerb5
sesssetup to fall back to 'user' instaed of failing is REA.LM\user doesn't exist. also fix include line in smb_acls.h as requested by metze (This used to be commit 5ccf6baad7ffb1f992aaf24b41ef5c83362cf613)
-rw-r--r--source3/auth/auth_util.c26
-rw-r--r--source3/include/smb_acls.h2
-rw-r--r--source3/smbd/sesssetup.c23
3 files changed, 36 insertions, 15 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 3803741466..71634f08ed 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -942,7 +942,7 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx,
/* This is pointless -- there is no suport for differeing
unix and windows names. Make sure to always store the
- one we actuall looked up and succeeded. Have I mentioned
+ one we actually looked up and succeeded. Have I mentioned
why I hate the 'winbind use default domain' parameter?
--jerry */
@@ -951,6 +951,30 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx,
return pdb_init_sam_pw(sam_account, passwd);
}
+/****************************************************************************
+ Wrapper to allow the getpwnam() call to styrip the domain name and
+ try again in case a local UNIX user is already there.
+ ****************************************************************************/
+
+struct passwd *smb_getpwnam( char *domuser )
+{
+ struct passwd *pw;
+ char *p;
+
+ pw = Get_Pwnam( domuser );
+ if ( pw )
+ return pw;
+
+ /* fallback to looking up just the username */
+
+ p = strchr( domuser, *lp_winbind_separator() );
+
+ if ( p )
+ return Get_Pwnam(p+1);
+
+ return NULL;
+}
+
/***************************************************************************
Make a server_info struct from the info3 returned by a domain logon
***************************************************************************/
diff --git a/source3/include/smb_acls.h b/source3/include/smb_acls.h
index e7edb62bde..2bde6caeda 100644
--- a/source3/include/smb_acls.h
+++ b/source3/include/smb_acls.h
@@ -195,7 +195,7 @@ typedef struct SMB_ACL_T {
/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
-#include "/usr/include/acl.h"
+#include <acl.h>
typedef uint *SMB_ACL_PERMSET_T;
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 427caa3ba1..945855b832 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -198,28 +198,25 @@ static int reply_spnego_kerberos(connection_struct *conn,
/* this gives a fully qualified user name (ie. with full realm).
that leads to very long usernames, but what else can we do? */
- asprintf(&user, "%s%s%s", p+1, lp_winbind_separator(), client);
+
+ asprintf(&user, "%s%c%s", p+1, *lp_winbind_separator(), client);
- pw = Get_Pwnam(user);
- if (!pw && !foreign) {
- pw = Get_Pwnam(client);
- SAFE_FREE(user);
- user = smb_xstrdup(client);
- }
-
+ pw = smb_getpwnam( user );
+
+ SAFE_FREE(user);
SAFE_FREE(client);
- /* setup the string used by %U */
- sub_set_smb_name(user);
-
- reload_services(True);
-
if (!pw) {
DEBUG(1,("Username %s is invalid on this system\n",user));
data_blob_free(&ap_rep);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
+ /* setup the string used by %U */
+
+ sub_set_smb_name(pw->pw_name);
+ reload_services(True);
+
if (!NT_STATUS_IS_OK(ret = make_server_info_pw(&server_info,pw))) {
DEBUG(1,("make_server_info_from_pw failed!\n"));
data_blob_free(&ap_rep);