diff options
author | Volker Lendecke <vl@samba.org> | 2010-02-16 23:29:48 +0100 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2010-02-17 11:32:30 +0100 |
commit | 8aef63d2430a3e96b1dbf3f6595bdf78f703c778 (patch) | |
tree | 77922e9ed20a2ad878710abd2ce12f38a4e02d40 /source3/smbd | |
parent | 3a9dc490b459514c2117572824dca3830c3a9951 (diff) | |
download | samba-8aef63d2430a3e96b1dbf3f6595bdf78f703c778.tar.gz samba-8aef63d2430a3e96b1dbf3f6595bdf78f703c778.tar.bz2 samba-8aef63d2430a3e96b1dbf3f6595bdf78f703c778.zip |
s3: Fix bug 7139
To provide the user with the same SID when doing Kerberos logins, attempt to do
a make_server_info_sam instead of a make_server_info_pw.
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/sesssetup.c | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index ae99127db2..289055cc6b 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -486,10 +486,40 @@ static void reply_spnego_kerberos(struct smb_request *req, } } else { - ret = make_server_info_pw(&server_info, real_username, pw); + /* + * We didn't get a PAC, we have to make up the user + * ourselves. Try to ask the pdb backend to provide + * SID consistency with ntlmssp session setup + */ + struct samu *sampass; + + sampass = samu_new(talloc_tos()); + if (sampass == NULL) { + ret = NT_STATUS_NO_MEMORY; + data_blob_free(&ap_rep); + data_blob_free(&session_key); + TALLOC_FREE(mem_ctx); + reply_nterror(req, nt_status_squash(ret)); + return; + } + + if (pdb_getsampwnam(sampass, real_username)) { + DEBUG(10, ("found user %s in passdb, calling " + "make_server_info_sam\n", real_username)); + ret = make_server_info_sam(&server_info, sampass); + } else { + /* + * User not in passdb, make it up artificially + */ + TALLOC_FREE(sampass); + DEBUG(10, ("didn't find user %s in passdb, calling " + "make_server_info_pw\n", real_username)); + ret = make_server_info_pw(&server_info, real_username, + pw); + } if ( !NT_STATUS_IS_OK(ret) ) { - DEBUG(1,("make_server_info_pw failed: %s!\n", + DEBUG(1,("make_server_info_[sam|pw] failed: %s!\n", nt_errstr(ret))); data_blob_free(&ap_rep); data_blob_free(&session_key); |