diff options
author | Luke Leighton <lkcl@samba.org> | 1998-11-30 22:42:13 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1998-11-30 22:42:13 +0000 |
commit | c6ad04b8fb4ee5cbf862a35b4c143a6f75555718 (patch) | |
tree | 1440c27af960d14067e46535959a0906deeed333 /source3/smbd | |
parent | 279923efd357059c463544fb469851ecbc0d1133 (diff) | |
download | samba-c6ad04b8fb4ee5cbf862a35b4c143a6f75555718.tar.gz samba-c6ad04b8fb4ee5cbf862a35b4c143a6f75555718.tar.bz2 samba-c6ad04b8fb4ee5cbf862a35b4c143a6f75555718.zip |
attempting to fix "domain user map" up, but it's a bit complicated.
i may simply go for a response in the NetSamLogon returning the
unix username, forcing the NT user to appear to be a unix user,
however even that is fraught with implications.
might just have to go the whole hog and do this tuple thing,
"unix_name + nt_name" always associated together...
issue with api_net_sam_logon, getsam21pwent() being called twice,
the second time overwriting static buffer data (argh) so had to
make a copy.
noticed a nested "become_root()"/"unbecome_root()" which will have
to be tracked down...
(This used to be commit 474f94f419a531e33b475249da7efb99ac22f454)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/reply.c | 90 |
1 files changed, 56 insertions, 34 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 1abb084124..505067c83e 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -61,6 +61,49 @@ static void overflow_attack(int len) /**************************************************************************** + does _both_ nt->unix and unix->unix username remappings. +****************************************************************************/ +static BOOL map_nt_and_unix_username(const char *domain, char *user) +{ + DOM_NAME_MAP gmep; + fstring nt_username; + + /* + * Pass the user through the NT -> unix user mapping + * function. + */ + + memset(nt_username, 0, sizeof(nt_username)); + if (domain != NULL) + { + slprintf(nt_username, sizeof(nt_username)-1, "%s\\%s", + domain, user); + } + else + { + fstrcpy(nt_username, user); + } + if (!lookupsmbpwntnam(nt_username, &gmep)) + { + return False; + } + + fstrcpy(user, gmep.unix_name); + + /* + * Pass the user through the unix -> unix user mapping + * function. + */ + + (void)map_username(user); + + /* + * Do any UNIX username case mangling. + */ + return Get_Pwnam( user, True) != NULL; +} + +/**************************************************************************** reply to an special message ****************************************************************************/ int reply_special(char *inbuf,char *outbuf) @@ -220,17 +263,10 @@ int reply_tcon(connection_struct *conn, parse_connect(smb_buf(inbuf)+1,service,user,password,&pwlen,dev); - /* - * Pass the user through the NT -> unix user mapping - * function. - */ - - (void)map_username(user); - - /* - * Do any UNIX username case mangling. - */ - (void)Get_Pwnam( user, True); + if (!map_nt_and_unix_username(global_myworkgroup, user)) + { + return(connection_error(inbuf,outbuf,ERRbadpw)); + } conn = make_connection(service,user,password,pwlen,dev,vuid,&ecode); @@ -300,18 +336,11 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt StrnCpy(devicename,path + strlen(path) + 1,6); DEBUG(4,("Got device type %s\n",devicename)); - /* - * Pass the user through the NT -> unix user mapping - * function. - */ - - (void)map_username(user); - - /* - * Do any UNIX username case mangling. - */ - (void)Get_Pwnam(user, True); - + if (!map_nt_and_unix_username(global_myworkgroup, user)) + { + return(connection_error(inbuf,outbuf,ERRbadpw)); + } + conn = make_connection(service,user,password,passlen,devicename,vuid,&ecode); if (!conn) @@ -642,17 +671,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int pstrcpy( orig_user, user); - /* - * Pass the user through the NT -> unix user mapping - * function. - */ - - (void)map_username(user); - - /* - * Do any UNIX username case mangling. - */ - (void)Get_Pwnam( user, True); + if (!map_nt_and_unix_username(domain, user)) + { + return(ERROR(ERRSRV,ERRbadpw)); + } add_session_user(user); |