diff options
author | Jeremy Allison <jra@samba.org> | 2009-04-28 11:07:51 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2009-04-28 11:07:51 -0700 |
commit | d47669684dd072b796ebfeb630342456346f449f (patch) | |
tree | f055cdd307a6e2532872baf3312f618e1741a9da | |
parent | 46bbdbd8c7e2c1116c2704fcbaa7b7bccf98b5f2 (diff) | |
download | samba-d47669684dd072b796ebfeb630342456346f449f.tar.gz samba-d47669684dd072b796ebfeb630342456346f449f.tar.bz2 samba-d47669684dd072b796ebfeb630342456346f449f.zip |
Fix bug #6291 - force user stop working.
A previous fix broke the invariant that *uid is always
initialized on return from create_token_from_username().
Restore it.
Jeremy.
-rw-r--r-- | source3/auth/auth_util.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index c55fb70ef2..35998f79f9 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -902,6 +902,33 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, *found_username = talloc_strdup(mem_ctx, pdb_get_username(sam_acct)); + /* + * If the SID from lookup_name() was the guest sid, passdb knows + * about the mapping of guest sid to lp_guestaccount() + * username and will return the unix_pw info for a guest + * user. Use it if it's there, else lookup the *uid details + * using getpwnam_alloc(). See bug #6291 for details. JRA. + */ + + /* We must always assign the *uid. */ + if (sam_acct->unix_pw == NULL) { + struct passwd *pwd = getpwnam_alloc(sam_acct, *found_username ); + if (!pwd) { + DEBUG(10, ("getpwnam_alloc failed for %s\n", + *found_username)); + result = NT_STATUS_NO_SUCH_USER; + goto done; + } + result = samu_set_unix(sam_acct, pwd ); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(10, ("samu_set_unix failed for %s\n", + *found_username)); + result = NT_STATUS_NO_SUCH_USER; + goto done; + } + } + *uid = sam_acct->unix_pw->pw_uid; + } else if (sid_check_is_in_unix_users(&user_sid)) { /* This is a unix user not in passdb. We need to ask nss @@ -918,8 +945,9 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, unix_user: if (!sid_to_uid(&user_sid, uid)) { - DEBUG(1, ("sid_to_uid for %s (%s) failed\n", + DEBUG(1, ("unix_user case, sid_to_uid for %s (%s) failed\n", username, sid_string_dbg(&user_sid))); + result = NT_STATUS_NO_SUCH_USER; goto done; } @@ -972,6 +1000,14 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, uint32 dummy; + /* We must always assign the *uid. */ + if (!sid_to_uid(&user_sid, uid)) { + DEBUG(1, ("winbindd case, sid_to_uid for %s (%s) failed\n", + username, sid_string_dbg(&user_sid))); + result = NT_STATUS_NO_SUCH_USER; + goto done; + } + num_group_sids = 1; group_sids = TALLOC_ARRAY(tmp_ctx, DOM_SID, num_group_sids); if (group_sids == NULL) { |