diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-03-06 08:24:34 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:10:58 -0500 |
commit | 42031bc4be2516872ccf832b6b09d141cb13c76b (patch) | |
tree | 6075fee54b1619c21cf3722ed6b8937bdb21ea74 /source4/auth/auth_util.c | |
parent | 765832748b4ef6141802ff72e3dea99453bf23d8 (diff) | |
download | samba-42031bc4be2516872ccf832b6b09d141cb13c76b.tar.gz samba-42031bc4be2516872ccf832b6b09d141cb13c76b.tar.bz2 samba-42031bc4be2516872ccf832b6b09d141cb13c76b.zip |
r5668: Add tests to RPC-SAMLOGON to test for user@REALM style logins. These
need a NULL domain (or a "" domain, except this breaks NTLMv2, and I
need to look into it a bit more).
Add support to the Samba4 server for these logins. This will need
extension when we handle trusted domains as a DC, as it is a principal
name, not just another format for the username.
Andrew Bartlett
(This used to be commit de02c7c222a32d2b3fb8ee8b715749b96cb647f9)
Diffstat (limited to 'source4/auth/auth_util.c')
-rw-r--r-- | source4/auth/auth_util.c | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index d80e5fdb78..791d12fae6 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -68,7 +68,9 @@ static NTSTATUS make_user_info(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(user_info->account_name); user_info->client.domain_name = talloc_strdup(user_info, c_domain_name); - NT_STATUS_HAVE_NO_MEMORY(user_info->client.domain_name); + if (c_domain_name && !user_info->client.domain_name) { + return NT_STATUS_NO_MEMORY; + } user_info->domain_name = talloc_strdup(user_info, domain_name); NT_STATUS_HAVE_NO_MEMORY(user_info->domain_name); @@ -141,21 +143,38 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx, struct auth_usersupplied_info **user_info) { const char *domain; - + const char *account_name; + char *d; DEBUG(5,("make_user_info_map: Mapping user [%s]\\[%s] from workstation [%s]\n", c_domain_name, c_account_name, workstation_name)); + account_name = c_account_name; + /* don't allow "" as a domain, fixes a Win9X bug where it doens't supply a domain for logon script 'net use' commands. */ - if (*c_domain_name) { + + /* Split user@realm names into user and realm components. This is TODO to fix with proper userprincipalname support */ + if (c_domain_name && *c_domain_name) { domain = c_domain_name; + } else if (strchr_m(c_account_name, '@')) { + account_name = talloc_strdup(mem_ctx, c_account_name); + if (!account_name) { + return NT_STATUS_NO_MEMORY; + } + d = strchr_m(account_name, '@'); + if (!d) { + return NT_STATUS_INTERNAL_ERROR; + } + d[0] = '\0'; + d++; + domain = d; } else { domain = lp_workgroup(); } return make_user_info(mem_ctx, - c_account_name, c_account_name, + c_account_name, account_name, c_domain_name, domain, workstation_name, lm_password, nt_password, |