summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_util.c82
1 files changed, 39 insertions, 43 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 8ea1f410f1..f937a9bb60 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -581,6 +581,45 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
enum lsa_SidType type;
struct auth_serversupplied_info *result;
+ /*
+ * The SID returned in server_info->sam_account is based
+ * on our SAM sid even though for a pure UNIX account this should
+ * not be the case as it doesn't really exist in the SAM db.
+ * This causes lookups on "[in]valid users" to fail as they
+ * will lookup this name as a "Unix User" SID to check against
+ * the user token. Fix this by adding the "Unix User"\unix_username
+ * SID to the sid array. The correct fix should probably be
+ * changing the server_info->sam_account user SID to be a
+ * S-1-22 Unix SID, but this might break old configs where
+ * plaintext passwords were used with no SAM backend.
+ */
+
+ mem_ctx = talloc_init("make_server_info_pw_tmp");
+ if (!mem_ctx) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+ unix_users_domain_name(),
+ unix_username );
+ if (!qualified_name) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL,
+ NULL, NULL,
+ &u_sid, &type)) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ TALLOC_FREE(mem_ctx);
+
+ if (type != SID_NAME_USER) {
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
if ( !(sampass = samu_new( NULL )) ) {
return NT_STATUS_NO_MEMORY;
}
@@ -639,49 +678,6 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
TALLOC_FREE(sampass);
- /*
- * The SID returned in server_info->sam_account is based
- * on our SAM sid even though for a pure UNIX account this should
- * not be the case as it doesn't really exist in the SAM db.
- * This causes lookups on "[in]valid users" to fail as they
- * will lookup this name as a "Unix User" SID to check against
- * the user token. Fix this by adding the "Unix User"\unix_username
- * SID to the sid array. The correct fix should probably be
- * changing the server_info->sam_account user SID to be a
- * S-1-22 Unix SID, but this might break old configs where
- * plaintext passwords were used with no SAM backend.
- */
-
- mem_ctx = talloc_init("make_server_info_pw_tmp");
- if (!mem_ctx) {
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
- }
-
- qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
- unix_users_domain_name(),
- unix_username );
- if (!qualified_name) {
- TALLOC_FREE(result);
- TALLOC_FREE(mem_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL,
- NULL, NULL,
- &u_sid, &type)) {
- TALLOC_FREE(result);
- TALLOC_FREE(mem_ctx);
- return NT_STATUS_NO_SUCH_USER;
- }
-
- TALLOC_FREE(mem_ctx);
-
- if (type != SID_NAME_USER) {
- TALLOC_FREE(result);
- return NT_STATUS_NO_SUCH_USER;
- }
-
/* FIXME: add to info3 too ? */
status = add_sid_to_array_unique(result, &u_sid,
&result->sids,