summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2010-02-16 23:29:48 +0100
committerVolker Lendecke <vl@samba.org>2010-02-17 11:32:30 +0100
commit8aef63d2430a3e96b1dbf3f6595bdf78f703c778 (patch)
tree77922e9ed20a2ad878710abd2ce12f38a4e02d40 /source3/smbd
parent3a9dc490b459514c2117572824dca3830c3a9951 (diff)
downloadsamba-8aef63d2430a3e96b1dbf3f6595bdf78f703c778.tar.gz
samba-8aef63d2430a3e96b1dbf3f6595bdf78f703c778.tar.bz2
samba-8aef63d2430a3e96b1dbf3f6595bdf78f703c778.zip
s3: Fix bug 7139
To provide the user with the same SID when doing Kerberos logins, attempt to do a make_server_info_sam instead of a make_server_info_pw.
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/sesssetup.c34
1 files changed, 32 insertions, 2 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index ae99127db2..289055cc6b 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -486,10 +486,40 @@ static void reply_spnego_kerberos(struct smb_request *req,
}
} else {
- ret = make_server_info_pw(&server_info, real_username, pw);
+ /*
+ * We didn't get a PAC, we have to make up the user
+ * ourselves. Try to ask the pdb backend to provide
+ * SID consistency with ntlmssp session setup
+ */
+ struct samu *sampass;
+
+ sampass = samu_new(talloc_tos());
+ if (sampass == NULL) {
+ ret = NT_STATUS_NO_MEMORY;
+ data_blob_free(&ap_rep);
+ data_blob_free(&session_key);
+ TALLOC_FREE(mem_ctx);
+ reply_nterror(req, nt_status_squash(ret));
+ return;
+ }
+
+ if (pdb_getsampwnam(sampass, real_username)) {
+ DEBUG(10, ("found user %s in passdb, calling "
+ "make_server_info_sam\n", real_username));
+ ret = make_server_info_sam(&server_info, sampass);
+ } else {
+ /*
+ * User not in passdb, make it up artificially
+ */
+ TALLOC_FREE(sampass);
+ DEBUG(10, ("didn't find user %s in passdb, calling "
+ "make_server_info_pw\n", real_username));
+ ret = make_server_info_pw(&server_info, real_username,
+ pw);
+ }
if ( !NT_STATUS_IS_OK(ret) ) {
- DEBUG(1,("make_server_info_pw failed: %s!\n",
+ DEBUG(1,("make_server_info_[sam|pw] failed: %s!\n",
nt_errstr(ret)));
data_blob_free(&ap_rep);
data_blob_free(&session_key);