diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2003-12-30 13:20:39 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2003-12-30 13:20:39 +0000 |
| commit | 829188b34fd46644ea65316943a0d61ce717b8e9 (patch) | |
| tree | 548b88cd676d7ee9b5cdfbf6c812a05377c89631 /source3/nsswitch | |
| parent | 43772e1d4adbcee49d64a1d09c6494e8e2a4aa92 (diff) | |
| download | samba-829188b34fd46644ea65316943a0d61ce717b8e9.tar.gz samba-829188b34fd46644ea65316943a0d61ce717b8e9.tar.bz2 samba-829188b34fd46644ea65316943a0d61ce717b8e9.zip | |
Try to gain a bit more consistancy in the output of usernames from ntlm_auth:
Instead of returning a name in DOMAIN\user format, we now return it in the
same way that nsswtich does - following the rules of 'winbind use default
domain', in the correct case and with the correct seperator.
This should help sites who are using Squid or the new SASL code I'm working
on, to match back to their unix usernames.
Andrew Bartlett
(This used to be commit 7a3a5a63612b2698a39f784859496c395505a79b)
Diffstat (limited to 'source3/nsswitch')
| -rw-r--r-- | source3/nsswitch/winbindd_nss.h | 1 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_pam.c | 26 |
2 files changed, 27 insertions, 0 deletions
diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h index 76243c57ef..77384a7748 100644 --- a/source3/nsswitch/winbindd_nss.h +++ b/source3/nsswitch/winbindd_nss.h @@ -152,6 +152,7 @@ typedef struct winbindd_gr { #define WBFLAG_PAM_CONTACT_TRUSTDOM 0x0010 #define WBFLAG_QUERY_ONLY 0x0020 #define WBFLAG_ALLOCATE_RID 0x0040 +#define WBFLAG_PAM_UNIX_NAME 0x0080 /* Winbind request structure */ diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 6e386760b4..7c4cb53dbf 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -366,6 +366,32 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) if (state->request.flags & WBFLAG_PAM_INFO3_NDR) { result = append_info3_as_ndr(mem_ctx, state, &info3); + } else if (state->request.flags & WBFLAG_PAM_UNIX_NAME) { + /* ntlm_auth should return the unix username, per + 'winbind use default domain' settings and the like */ + + fstring username_out; + const char *nt_username, *nt_domain; + if (!(nt_username = unistr2_tdup(mem_ctx, &(info3.uni_user_name)))) { + /* If the server didn't give us one, just use the one we sent them */ + nt_username = user; + } + + if (!(nt_domain = unistr2_tdup(mem_ctx, &(info3.uni_logon_dom)))) { + /* If the server didn't give us one, just use the one we sent them */ + nt_domain = domain; + } + + fill_domain_username(username_out, nt_username, nt_domain); + + DEBUG(5, ("Setting unix username to [%s]\n", username_out)); + + state->response.extra_data = strdup(username_out); + if (!state->response.extra_data) { + result = NT_STATUS_NO_MEMORY; + goto done; + } + state->response.length += strlen(state->response.extra_data)+1; } if (state->request.flags & WBFLAG_PAM_NTKEY) { |