diff options
| author | Volker Lendecke <vlendec@samba.org> | 2004-01-04 11:59:11 +0000 |
|---|---|---|
| committer | Volker Lendecke <vlendec@samba.org> | 2004-01-04 11:59:11 +0000 |
| commit | 612a97f84535c2d2b397f7a1b3941f7f6f602b27 (patch) | |
| tree | e8158166910bd9be81912eb18bdd1f9821b59c88 /source3/smbd/sesssetup.c | |
| parent | 60639680195015739909ea7a2be032bdbab4f76c (diff) | |
| download | samba-612a97f84535c2d2b397f7a1b3941f7f6f602b27.tar.gz samba-612a97f84535c2d2b397f7a1b3941f7f6f602b27.tar.bz2 samba-612a97f84535c2d2b397f7a1b3941f7f6f602b27.zip | |
Commit the translation of the realm to the netbios domain name in the kerberos
session setup. After talking to jht and abartlet I made this unconditional, no
additional parameter.
Jerry: This is a change in behaviour, but I think it is necessary.
Volker
(This used to be commit d32f47fedcff3fdf46f42926d1cd84433e7ab487)
Diffstat (limited to 'source3/smbd/sesssetup.c')
| -rw-r--r-- | source3/smbd/sesssetup.c | 44 |
1 files changed, 41 insertions, 3 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index e9cfa47d0c..2c38cd3eb3 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -141,7 +141,8 @@ static int reply_spnego_kerberos(connection_struct *conn, DATA_BLOB *secblob) { DATA_BLOB ticket; - char *client, *p; + char *client, *p, *domain; + fstring netbios_domain_name; const struct passwd *pw; char *user; int sess_vuid; @@ -198,8 +199,45 @@ static int reply_spnego_kerberos(connection_struct *conn, /* this gives a fully qualified user name (ie. with full realm). that leads to very long usernames, but what else can we do? */ - - asprintf(&user, "%s%c%s", p+1, *lp_winbind_separator(), client); + + domain = p+1; + + { + /* If we have winbind running, we can (and must) shorten the + username by using the short netbios name. Otherwise we will + have inconsistent user names. With Kerberos, we get the + fully qualified realm, with ntlmssp we get the short + name. And even w2k3 does use ntlmssp if you for example + connect to an ip address. */ + + struct winbindd_request wb_request; + struct winbindd_response wb_response; + NSS_STATUS wb_result; + + ZERO_STRUCT(wb_request); + ZERO_STRUCT(wb_response); + + DEBUG(10, ("Mapping [%s] to short name\n", domain)); + + fstrcpy(wb_request.domain_name, domain); + + wb_result = winbindd_request(WINBINDD_DOMAIN_INFO, + &wb_request, &wb_response); + + if (wb_result == NSS_STATUS_SUCCESS) { + + fstrcpy(netbios_domain_name, + wb_response.data.domain_info.name); + domain = netbios_domain_name; + + DEBUG(10, ("Mapped to [%s]\n", domain)); + } else { + DEBUG(3, ("Could not find short name -- winbind " + "not running?\n")); + } + } + + asprintf(&user, "%s%c%s", domain, *lp_winbind_separator(), client); pw = smb_getpwnam( user ); |