summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-05-25 23:56:41 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-05-25 23:56:41 +0000
commit6ace723c44f61c1166b90666ca6f5b2546ced46b (patch)
tree2a961fe1bc7b54efd37336f74de8acd7fa51263f /source3/auth
parenta3938d8d704b1be76239ecf88112972bc8973a88 (diff)
downloadsamba-6ace723c44f61c1166b90666ca6f5b2546ced46b.tar.gz
samba-6ace723c44f61c1166b90666ca6f5b2546ced46b.tar.bz2
samba-6ace723c44f61c1166b90666ca6f5b2546ced46b.zip
Get 'add user script' working again for Samba 3.0.
I'm still not convinced that sharing the option name with the administrative code is the best idea, but anyway... Tested by vl, bug #41. Andrew Bartlett (This used to be commit 9d78f064c5e4e6b340f994204977aaac6513320b)
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth.c6
-rw-r--r--source3/auth/auth_server.c11
-rw-r--r--source3/auth/auth_util.c82
3 files changed, 52 insertions, 47 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index dea97a7190..02c7eb6d84 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -262,12 +262,6 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
break;
}
- /* This is one of the few places the *relies* (rather than just sets defaults
- on the value of lp_security(). This needs to change. A new paramater
- perhaps? */
- if (lp_security() >= SEC_SERVER)
- smb_user_control(user_info, *server_info, nt_status);
-
if (NT_STATUS_IS_OK(nt_status)) {
pdb_username = pdb_get_username((*server_info)->sam_account);
if (!(*server_info)->guest) {
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 73af290af2..18c5216137 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -372,12 +372,19 @@ use this machine as the password server.\n"));
cli_ulogoff(cli);
- if NT_STATUS_IS_OK(nt_status) {
+ if (NT_STATUS_IS_OK(nt_status)) {
struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
if (pass) {
nt_status = make_server_info_pw(server_info, pass);
} else {
- nt_status = NT_STATUS_NO_SUCH_USER;
+ auth_add_user_script(user_info->domain.str, user_info->internal_username.str);
+ pass = Get_Pwnam(user_info->internal_username.str);
+
+ if (pass) {
+ nt_status = make_server_info_pw(server_info, pass);
+ } else {
+ nt_status = NT_STATUS_NO_SUCH_USER;
+ }
}
}
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index e8f2af41f3..d57619942c 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -36,7 +36,7 @@ extern DOM_SID global_sid_Authenticated_Users;
Create a UNIX user on demand.
****************************************************************************/
-static int smb_create_user(const char *unix_user, const char *homedir)
+static int smb_create_user(const char *domain, const char *unix_username, const char *homedir)
{
pstring add_script;
int ret;
@@ -44,7 +44,9 @@ static int smb_create_user(const char *unix_user, const char *homedir)
pstrcpy(add_script, lp_adduser_script());
if (! *add_script)
return -1;
- all_string_sub(add_script, "%u", unix_user, sizeof(pstring));
+ all_string_sub(add_script, "%u", unix_username, sizeof(pstring));
+ if (domain)
+ all_string_sub(add_script, "%D", domain, sizeof(pstring));
if (homedir)
all_string_sub(add_script, "%H", homedir, sizeof(pstring));
ret = smbrun(add_script,NULL);
@@ -56,24 +58,18 @@ static int smb_create_user(const char *unix_user, const char *homedir)
Add and Delete UNIX users on demand, based on NTSTATUS codes.
****************************************************************************/
-void smb_user_control(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info, NTSTATUS nt_status)
+void auth_add_user_script(const char *domain, const char *username)
{
struct passwd *pwd=NULL;
- if (NT_STATUS_IS_OK(nt_status)) {
-
- if (!(server_info->sam_fill_level & SAM_FILL_UNIX)) {
-
- /*
- * User validated ok against Domain controller.
- * If the admin wants us to try and create a UNIX
- * user on the fly, do so.
- */
-
- if(lp_adduser_script() && !(pwd = Get_Pwnam(user_info->internal_username.str))) {
- smb_create_user(user_info->internal_username.str, NULL);
- }
- }
+ /*
+ * User validated ok against Domain controller.
+ * If the admin wants us to try and create a UNIX
+ * user on the fly, do so.
+ */
+
+ if(lp_adduser_script() && !(pwd = Get_Pwnam(username))) {
+ smb_create_user(domain, username, NULL);
}
}
@@ -914,30 +910,38 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
nt_status = pdb_init_sam_pw(&sam_account, passwd);
passwd_free(&passwd);
} else {
- char *dom_user;
- dom_user = talloc_asprintf(mem_ctx, "%s%s%s",
- nt_domain,
- lp_winbind_separator(),
- internal_username);
-
- if (!dom_user) {
- DEBUG(0, ("talloc_asprintf failed!\n"));
- return NT_STATUS_NO_MEMORY;
- } else {
-
- if (!(passwd = Get_Pwnam(dom_user))
- /* Only lookup local for the local
- domain, we don't want this for
- trusted domains */
- && strequal(nt_domain, lp_workgroup())) {
- passwd = Get_Pwnam(internal_username);
+ int try = 0;
+ while (try < 2) {
+ char *dom_user;
+ dom_user = talloc_asprintf(mem_ctx, "%s%s%s",
+ nt_domain,
+ lp_winbind_separator(),
+ internal_username);
+
+ if (!dom_user) {
+ DEBUG(0, ("talloc_asprintf failed!\n"));
+ nt_status = NT_STATUS_NO_MEMORY;
+ } else {
+
+ if (!(passwd = Get_Pwnam(dom_user))
+ /* Only lookup local for the local
+ domain, we don't want this for
+ trusted domains */
+ && strequal(nt_domain, lp_workgroup())) {
+ passwd = Get_Pwnam(internal_username);
+ }
+
+ if (!passwd) {
+ nt_status = NT_STATUS_NO_SUCH_USER;
+ } else {
+ nt_status = pdb_init_sam_pw(&sam_account, passwd);
+ break;
+ }
}
-
- if (!passwd) {
- return NT_STATUS_NO_SUCH_USER;
- } else {
- nt_status = pdb_init_sam_pw(&sam_account, passwd);
+ if (try == 0) {
+ auth_add_user_script(nt_domain, internal_username);
}
+ try++;
}
}