diff options
author | Andrew Bartlett <abartlet@samba.org> | 2002-01-18 02:37:55 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2002-01-18 02:37:55 +0000 |
commit | 1fb9ccc4e2a91bf7124fba076ffa5458a1cbf404 (patch) | |
tree | e62b44816d89c4b8ad6ce5ccaf3050afc148ce20 /source3/nsswitch/winbindd_pam.c | |
parent | 9d05373a767cef2e841640f192e74da37fbb099f (diff) | |
download | samba-1fb9ccc4e2a91bf7124fba076ffa5458a1cbf404.tar.gz samba-1fb9ccc4e2a91bf7124fba076ffa5458a1cbf404.tar.bz2 samba-1fb9ccc4e2a91bf7124fba076ffa5458a1cbf404.zip |
This is the 'winbind default domain' patch from Alexander Bokovoy
<a.bokovoy@sam-solutions.net>.
The idea is the domain\username is rather harsh for unix systems - people don't
expect to have to FTP, SSH and (in particular) e-mail with a username like
that.
This 'corrects' that - but is not without its own problems.
As you can see from the changes to files like username.c and wb_client.c (smbd's
winbind client code) a lot of assumptions are made in a lot of places about
lp_winbind_seperator determining a users's status as a domain or local user.
The main change I will shortly be making is to investigate and kill off
winbind_initgroups() - as far as I know it was a workaround for an old bug in
winbind itself (and a bug in RH 5.2) and should no longer be relevent.
I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters
to determine a user/groups's 'local' status, rather than the presence of the
seperator.
As such, this functionality is recommended for servers providing unix services,
but is currently less than optimal for windows clients.
(TODO: remove all references to lp_winbind_seperator() and
lp_winbind_use_default_domain() from smbd)
Andrew Bartlett
(This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
Diffstat (limited to 'source3/nsswitch/winbindd_pam.c')
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 95f0d527bb..87c5d0fb4b 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -56,7 +56,7 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) if (!parse_domain_user(state->request.data.auth.user, name_domain, name_user)) { - DEBUG(5,("no domain seperator (%s) in username (%s) - failing fauth\n", lp_winbind_separator(), state->request.data.auth.user)); + DEBUG(5,("no domain seperator (%s) in username (%s) - failing auth\n", lp_winbind_separator(), state->request.data.auth.user)); talloc_destroy(mem_ctx); return WINBINDD_ERROR; } @@ -131,6 +131,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) NET_USER_INFO_3 info3; struct cli_state *cli = NULL; TALLOC_CTX *mem_ctx; + const char *domain = NULL; DATA_BLOB lm_resp, nt_resp; @@ -144,6 +145,22 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) return WINBINDD_ERROR; } + if (*state->request.data.auth_crap.domain) { + domain = talloc_strdup(mem_ctx, state->request.data.auth_crap.domain); + } else if (lp_winbind_use_default_domain()) { + domain = talloc_strdup(mem_ctx, lp_workgroup()); + } else { + DEBUG(5,("no domain specified with username (%s) - failing auth\n", state->request.data.auth.user)); + talloc_destroy(mem_ctx); + return WINBINDD_ERROR; + } + + if (!domain) { + DEBUG(0,("winbindd_pam_auth_crap: talloc_strdup failed!\n")); + talloc_destroy(mem_ctx); + return WINBINDD_ERROR; + } + lm_resp = data_blob_talloc(mem_ctx, state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len); nt_resp = data_blob_talloc(mem_ctx, state->request.data.auth_crap.nt_resp, state->request.data.auth_crap.nt_resp_len); @@ -169,7 +186,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) } result = cli_netlogon_sam_network_logon(cli, mem_ctx, - state->request.data.auth_crap.user, state->request.data.auth_crap.domain, + state->request.data.auth_crap.user, domain, global_myname, state->request.data.auth_crap.chal, lm_resp, nt_resp, &info3); |