summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-10-07 16:35:03 +0000
committerGerald Carter <jerry@samba.org>2003-10-07 16:35:03 +0000
commit4e4bf2de31b0e45bdb3a0d68548fc6bcee886aa7 (patch)
treeffcc3747a9235d8a3a6b7500d652ffd87ee84881
parent261a31dcc5c8b78d6b8f476dc217732aaa8258bd (diff)
downloadsamba-4e4bf2de31b0e45bdb3a0d68548fc6bcee886aa7.tar.gz
samba-4e4bf2de31b0e45bdb3a0d68548fc6bcee886aa7.tar.bz2
samba-4e4bf2de31b0e45bdb3a0d68548fc6bcee886aa7.zip
make sure to call get_user_groups() with the full winbindd name for a user if he;she has one; bug 406
(This used to be commit 19925e3a04f421f4dcc469b701f3cc51ef98ac2c)
-rw-r--r--source3/auth/auth_util.c17
-rw-r--r--source3/auth/auth_winbind.c16
2 files changed, 22 insertions, 11 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 952aa8ba59..3803741466 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -644,6 +644,9 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups,
*
* currently this is a hack, as there is no sam implementation that is capable
* of groups.
+ *
+ * NOTE!! This function will fail if you pass in a winbind user without
+ * the domain --jerry
******************************************************************************/
static NTSTATUS get_user_groups(const char *username, uid_t uid, gid_t gid,
@@ -926,8 +929,10 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx,
with just 'username'. This is need for accessing the server
as a trust user that actually maps to a local account */
- if ( !passwd )
- passwd = Get_Pwnam(username);
+ if ( !passwd ) {
+ fstrcpy( dom_user, username );
+ passwd = Get_Pwnam( dom_user );
+ }
if (passwd == NULL)
return NT_STATUS_NO_SUCH_USER;
@@ -935,7 +940,13 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx,
*uid = passwd->pw_uid;
*gid = passwd->pw_gid;
- *found_username = talloc_strdup(mem_ctx, passwd->pw_name);
+ /* This is pointless -- there is no suport for differeing
+ unix and windows names. Make sure to always store the
+ one we actuall looked up and succeeded. Have I mentioned
+ why I hate the 'winbind use default domain' parameter?
+ --jerry */
+
+ *found_username = talloc_strdup(mem_ctx, dom_user);
return pdb_init_sam_pw(sam_account, passwd);
}
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index cae7aadd0c..d09987ba37 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -126,15 +126,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
if (result == NSS_STATUS_SUCCESS && response.extra_data) {
if (NT_STATUS_IS_OK(nt_status)) {
- if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3))) {
- nt_status =
- make_server_info_info3(mem_ctx,
- user_info->internal_username.str,
- user_info->smb_name.str,
- user_info->domain.str,
- server_info,
- &info3);
+
+ if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3)))
+ {
+ nt_status = make_server_info_info3(mem_ctx,
+ user_info->internal_username.str,
+ user_info->smb_name.str, user_info->domain.str,
+ server_info, &info3);
}
+
}
} else if (NT_STATUS_IS_OK(nt_status)) {
nt_status = NT_STATUS_NO_LOGON_SERVERS;