Get 'add user script' working again for Samba 3.0.

I'm still not convinced that sharing the option name with the administrative
code is the best idea, but anyway...

Tested by vl, bug #41.

Andrew Bartlett
(This used to be commit 9d78f064c5e4e6b340f994204977aaac6513320b)

3 files changed, 52 insertions, 47 deletions

diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index dea97a7190..02c7eb6d84 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -262,12 +262,6 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 			break;
 	}
 
-	/* This is one of the few places the *relies* (rather than just sets defaults
-	   on the value of lp_security().  This needs to change.  A new paramater 
-	   perhaps? */
-	if (lp_security() >= SEC_SERVER)
-		smb_user_control(user_info, *server_info, nt_status);
-
 	if (NT_STATUS_IS_OK(nt_status)) {
 		pdb_username = pdb_get_username((*server_info)->sam_account);
 		if (!(*server_info)->guest) {
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 73af290af2..18c5216137 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -372,12 +372,19 @@ use this machine as the password server.\n"));
 
 	cli_ulogoff(cli);
 
-	if NT_STATUS_IS_OK(nt_status) {
+	if (NT_STATUS_IS_OK(nt_status)) {
 		struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
 		if (pass) {
 			nt_status = make_server_info_pw(server_info, pass);
 		} else {
-			nt_status = NT_STATUS_NO_SUCH_USER;
+			auth_add_user_script(user_info->domain.str, user_info->internal_username.str);
+			pass = Get_Pwnam(user_info->internal_username.str);
+
+			if (pass) {
+				nt_status = make_server_info_pw(server_info, pass);
+			} else {
+				nt_status = NT_STATUS_NO_SUCH_USER;
+			}
 		}
 	}
 
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index e8f2af41f3..d57619942c 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -36,7 +36,7 @@ extern DOM_SID global_sid_Authenticated_Users;
  Create a UNIX user on demand.
 ****************************************************************************/
 
-static int smb_create_user(const char *unix_user, const char *homedir)
+static int smb_create_user(const char *domain, const char *unix_username, const char *homedir)
 {
 	pstring add_script;
 	int ret;
@@ -44,7 +44,9 @@ static int smb_create_user(const char *unix_user, const char *homedir)
 	pstrcpy(add_script, lp_adduser_script());
 	if (! *add_script)
 		return -1;
-	all_string_sub(add_script, "%u", unix_user, sizeof(pstring));
+	all_string_sub(add_script, "%u", unix_username, sizeof(pstring));
+	if (domain)
+		all_string_sub(add_script, "%D", domain, sizeof(pstring));
 	if (homedir)
 		all_string_sub(add_script, "%H", homedir, sizeof(pstring));
 	ret = smbrun(add_script,NULL);
@@ -56,24 +58,18 @@ static int smb_create_user(const char *unix_user, const char *homedir)
  Add and Delete UNIX users on demand, based on NTSTATUS codes.
 ****************************************************************************/
 
-void smb_user_control(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info, NTSTATUS nt_status)
+void auth_add_user_script(const char *domain, const char *username)
 {
 	struct passwd *pwd=NULL;
 
-	if (NT_STATUS_IS_OK(nt_status)) {
-
-		if (!(server_info->sam_fill_level & SAM_FILL_UNIX)) {
-			
-			/*
-			 * User validated ok against Domain controller.
-			 * If the admin wants us to try and create a UNIX
-			 * user on the fly, do so.
-			 */
-			
-			if(lp_adduser_script() && !(pwd = Get_Pwnam(user_info->internal_username.str))) {
-				smb_create_user(user_info->internal_username.str, NULL);
-			}
-		}
+	/*
+	 * User validated ok against Domain controller.
+	 * If the admin wants us to try and create a UNIX
+	 * user on the fly, do so.
+	 */
+	
+	if(lp_adduser_script() && !(pwd = Get_Pwnam(username))) {
+		smb_create_user(domain, username, NULL);
 	}
 }
 
@@ -914,30 +910,38 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 		nt_status = pdb_init_sam_pw(&sam_account, passwd);
 		passwd_free(&passwd);
 	} else {
-		char *dom_user;
-		dom_user = talloc_asprintf(mem_ctx, "%s%s%s", 
-					   nt_domain,
-					   lp_winbind_separator(),
-					   internal_username);
-		
-		if (!dom_user) {
-			DEBUG(0, ("talloc_asprintf failed!\n"));
-			return NT_STATUS_NO_MEMORY;
-		} else { 
-		
-			if (!(passwd = Get_Pwnam(dom_user))
-				/* Only lookup local for the local
-				   domain, we don't want this for
-				   trusted domains */
-			    && strequal(nt_domain, lp_workgroup())) {
-				passwd = Get_Pwnam(internal_username);
+		int try = 0;
+		while (try < 2) {
+			char *dom_user;
+			dom_user = talloc_asprintf(mem_ctx, "%s%s%s", 
+						   nt_domain,
+						   lp_winbind_separator(),
+						   internal_username);
+			
+			if (!dom_user) {
+				DEBUG(0, ("talloc_asprintf failed!\n"));
+				nt_status = NT_STATUS_NO_MEMORY;
+			} else { 
+				
+				if (!(passwd = Get_Pwnam(dom_user))
+				    /* Only lookup local for the local
+				       domain, we don't want this for
+				       trusted domains */
+				    && strequal(nt_domain, lp_workgroup())) {
+					passwd = Get_Pwnam(internal_username);
+				}
+				
+				if (!passwd) {
+					nt_status = NT_STATUS_NO_SUCH_USER;
+				} else {
+					nt_status = pdb_init_sam_pw(&sam_account, passwd);
+					break;
+				}
 			}
-			    
-			if (!passwd) {
-				return NT_STATUS_NO_SUCH_USER;
-			} else {
-				nt_status = pdb_init_sam_pw(&sam_account, passwd);
+			if (try == 0) {
+				auth_add_user_script(nt_domain, internal_username);
 			}
+			try++;
 		}
 	}