summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2009-04-28 11:07:51 -0700
committerJeremy Allison <jra@samba.org>2009-04-28 11:07:51 -0700
commitd47669684dd072b796ebfeb630342456346f449f (patch)
treef055cdd307a6e2532872baf3312f618e1741a9da
parent46bbdbd8c7e2c1116c2704fcbaa7b7bccf98b5f2 (diff)
downloadsamba-d47669684dd072b796ebfeb630342456346f449f.tar.gz
samba-d47669684dd072b796ebfeb630342456346f449f.tar.bz2
samba-d47669684dd072b796ebfeb630342456346f449f.zip
Fix bug #6291 - force user stop working.
A previous fix broke the invariant that *uid is always initialized on return from create_token_from_username(). Restore it. Jeremy.
-rw-r--r--source3/auth/auth_util.c38
1 files changed, 37 insertions, 1 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index c55fb70ef2..35998f79f9 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -902,6 +902,33 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
*found_username = talloc_strdup(mem_ctx,
pdb_get_username(sam_acct));
+ /*
+ * If the SID from lookup_name() was the guest sid, passdb knows
+ * about the mapping of guest sid to lp_guestaccount()
+ * username and will return the unix_pw info for a guest
+ * user. Use it if it's there, else lookup the *uid details
+ * using getpwnam_alloc(). See bug #6291 for details. JRA.
+ */
+
+ /* We must always assign the *uid. */
+ if (sam_acct->unix_pw == NULL) {
+ struct passwd *pwd = getpwnam_alloc(sam_acct, *found_username );
+ if (!pwd) {
+ DEBUG(10, ("getpwnam_alloc failed for %s\n",
+ *found_username));
+ result = NT_STATUS_NO_SUCH_USER;
+ goto done;
+ }
+ result = samu_set_unix(sam_acct, pwd );
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(10, ("samu_set_unix failed for %s\n",
+ *found_username));
+ result = NT_STATUS_NO_SUCH_USER;
+ goto done;
+ }
+ }
+ *uid = sam_acct->unix_pw->pw_uid;
+
} else if (sid_check_is_in_unix_users(&user_sid)) {
/* This is a unix user not in passdb. We need to ask nss
@@ -918,8 +945,9 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
unix_user:
if (!sid_to_uid(&user_sid, uid)) {
- DEBUG(1, ("sid_to_uid for %s (%s) failed\n",
+ DEBUG(1, ("unix_user case, sid_to_uid for %s (%s) failed\n",
username, sid_string_dbg(&user_sid)));
+ result = NT_STATUS_NO_SUCH_USER;
goto done;
}
@@ -972,6 +1000,14 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
uint32 dummy;
+ /* We must always assign the *uid. */
+ if (!sid_to_uid(&user_sid, uid)) {
+ DEBUG(1, ("winbindd case, sid_to_uid for %s (%s) failed\n",
+ username, sid_string_dbg(&user_sid)));
+ result = NT_STATUS_NO_SUCH_USER;
+ goto done;
+ }
+
num_group_sids = 1;
group_sids = TALLOC_ARRAY(tmp_ctx, DOM_SID, num_group_sids);
if (group_sids == NULL) {