diff options
author | Gerald Carter <jerry@samba.org> | 2003-10-07 16:34:23 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2003-10-07 16:34:23 +0000 |
commit | e7f41de758a39e6ad242ecbd8162cbf5117ad5a7 (patch) | |
tree | 27e17ab5deec7a1beba056da8241805077a48158 /source3 | |
parent | 764c03b9b8f552c187aad327fc857535ee322036 (diff) | |
download | samba-e7f41de758a39e6ad242ecbd8162cbf5117ad5a7.tar.gz samba-e7f41de758a39e6ad242ecbd8162cbf5117ad5a7.tar.bz2 samba-e7f41de758a39e6ad242ecbd8162cbf5117ad5a7.zip |
make sure to call get_user_groups() with the full winbindd name for a user if he;she has one; bug 406
(This used to be commit 1737b36e9193e30285c598ad75d90f610bab47fe)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/auth/auth_util.c | 17 | ||||
-rw-r--r-- | source3/auth/auth_winbind.c | 16 |
2 files changed, 22 insertions, 11 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 952aa8ba59..3803741466 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -644,6 +644,9 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, * * currently this is a hack, as there is no sam implementation that is capable * of groups. + * + * NOTE!! This function will fail if you pass in a winbind user without + * the domain --jerry ******************************************************************************/ static NTSTATUS get_user_groups(const char *username, uid_t uid, gid_t gid, @@ -926,8 +929,10 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx, with just 'username'. This is need for accessing the server as a trust user that actually maps to a local account */ - if ( !passwd ) - passwd = Get_Pwnam(username); + if ( !passwd ) { + fstrcpy( dom_user, username ); + passwd = Get_Pwnam( dom_user ); + } if (passwd == NULL) return NT_STATUS_NO_SUCH_USER; @@ -935,7 +940,13 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx, *uid = passwd->pw_uid; *gid = passwd->pw_gid; - *found_username = talloc_strdup(mem_ctx, passwd->pw_name); + /* This is pointless -- there is no suport for differeing + unix and windows names. Make sure to always store the + one we actuall looked up and succeeded. Have I mentioned + why I hate the 'winbind use default domain' parameter? + --jerry */ + + *found_username = talloc_strdup(mem_ctx, dom_user); return pdb_init_sam_pw(sam_account, passwd); } diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index cae7aadd0c..d09987ba37 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -126,15 +126,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, if (result == NSS_STATUS_SUCCESS && response.extra_data) { if (NT_STATUS_IS_OK(nt_status)) { - if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3))) { - nt_status = - make_server_info_info3(mem_ctx, - user_info->internal_username.str, - user_info->smb_name.str, - user_info->domain.str, - server_info, - &info3); + + if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3))) + { + nt_status = make_server_info_info3(mem_ctx, + user_info->internal_username.str, + user_info->smb_name.str, user_info->domain.str, + server_info, &info3); } + } } else if (NT_STATUS_IS_OK(nt_status)) { nt_status = NT_STATUS_NO_LOGON_SERVERS; |