7 files changed, 32 insertions, 25 deletions

diff --git a/source3/lib/afs.c b/source3/lib/afs.c
index c4569d97bb..7193f0e46d 100644
--- a/source3/lib/afs.c
+++ b/source3/lib/afs.c
@@ -213,8 +213,6 @@ char *afs_createtoken_str(const char *username, const char *cell)
 
 bool afs_login(connection_struct *conn)
 {
-	extern userdom_struct current_user_info;
-	extern struct current_user current_user;
 	DATA_BLOB ticket;
 	char *afs_username = NULL;
 	char *cell = NULL;
@@ -234,14 +232,14 @@ bool afs_login(connection_struct *conn)
 	afs_username = talloc_sub_advanced(ctx,
 				SNUM(conn), conn->user,
 				conn->connectpath, conn->gid,
-				get_current_username(),
-				current_user_info.domain,
+				conn->server_info->sanitized_username,
+				pdb_get_domain(conn->server_info->sam_account),
 				afs_username);
 	if (!afs_username) {
 		return false;
 	}
 
-	user_sid = &current_user.nt_user_token->user_sids[0];
+	user_sid = &conn->server_info->ptok->user_sids[0];
 	afs_username = talloc_string_sub(talloc_tos(),
 					afs_username,
 					"%s",
diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c
index 133c5eb28b..9b85ad2dda 100644
--- a/source3/modules/vfs_expand_msdfs.c
+++ b/source3/modules/vfs_expand_msdfs.c
@@ -148,7 +148,7 @@ static char *expand_msdfs_target(TALLOC_CTX *ctx,
 				conn->server_info->unix_name,
 				conn->connectpath,
 				conn->server_info->gid,
-				get_current_username(),
+				conn->server_info->sanitized_username,
 				current_user_info.domain,
 				targethost);
 
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 31069c1669..8718dbd886 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -59,8 +59,6 @@
 
 #include "includes.h"
 
-extern userdom_struct current_user_info;
-
 static int vfs_full_audit_debug_level = DBGC_VFS;
 
 struct vfs_full_audit_private_data {
@@ -697,8 +695,8 @@ static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
 			conn->server_info->unix_name,
 			conn->connectpath,
 			conn->server_info->gid,
-			get_current_username(),
-			current_user_info.domain,
+			conn->server_info->sanitized_username,
+			pdb_get_domain(conn->server_info->sam_account),
 			prefix);
 }
 
diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index abfae78b72..e6028cebdd 100644
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -435,7 +435,7 @@ static int recycle_unlink(vfs_handle_struct *handle, const char *file_name)
 					conn->server_info->unix_name,
 					conn->connectpath,
 					conn->server_info->gid,
-					get_current_username(),
+					conn->server_info->sanitized_username,
 					current_user_info.domain,
 					recycle_repository(handle));
 	ALLOC_CHECK(repository, done);
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index fce58d069b..31d4a39842 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -103,7 +103,7 @@ static int CopyExpanded(connection_struct *conn,
 				conn->server_info->unix_name,
 				conn->connectpath,
 				conn->server_info->gid,
-				get_current_username(),
+				conn->server_info->sanitized_username,
 				pdb_get_domain(conn->server_info->sam_account),
 				buf);
 	if (!buf) {
@@ -154,7 +154,7 @@ static int StrlenExpanded(connection_struct *conn, int snum, char *s)
 				conn->server_info->unix_name,
 				conn->connectpath,
 				conn->server_info->gid,
-				get_current_username(),
+				conn->server_info->sanitized_username,
 				pdb_get_domain(conn->server_info->sam_account),
 				buf);
 	if (!buf) {
@@ -184,7 +184,7 @@ static char *Expand(connection_struct *conn, int snum, char *s)
 				conn->server_info->unix_name,
 				conn->connectpath,
 				conn->server_info->gid,
-				get_current_username(),
+				conn->server_info->sanitized_username,
 				pdb_get_domain(conn->server_info->sam_account),
 				buf);
 }
@@ -3010,7 +3010,7 @@ static bool api_RNetServerGetInfo(connection_struct *conn,uint16 vuid,
 				conn->server_info->unix_name,
 				conn->connectpath,
 				conn->server_info->gid,
-				get_current_username(),
+				conn->server_info->sanitized_username,
 				pdb_get_domain(conn->server_info->sam_account),
 				comment);
 			if (comment) {
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index e4760ec461..de57d8def2 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -672,6 +672,17 @@ static NTSTATUS dfs_redirect(TALLOC_CTX *ctx,
 		return NT_STATUS_OK;
 	}
 
+	if (!( strequal(pdp->servicename, lp_servicename(SNUM(conn)))
+			|| (strequal(pdp->servicename, HOMES_NAME)
+			&& strequal(lp_servicename(SNUM(conn)),
+				conn->server_info->sanitized_username) )) ) {
+
+		/* The given sharename doesn't match this connection. */
+		TALLOC_FREE(pdp);
+
+		return NT_STATUS_OBJECT_PATH_NOT_FOUND;
+	}
+
 	status = dfs_path_lookup(ctx, conn, path_in, pdp,
 			search_wcard_flag, NULL, NULL);
 	if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 4092928de1..fbce22e975 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -840,8 +840,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 					conn->server_info->unix_name,
 					conn->connectpath,
 					conn->server_info->gid,
-					get_current_username(),
-					current_user_info.domain,
+					conn->server_info->sanitized_username,
+					pdb_get_domain(conn->server_info->sam_account),
 					lp_pathname(snum));
 		if (!s) {
 			conn_free(conn);
@@ -962,8 +962,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 					conn->server_info->unix_name,
 					conn->connectpath,
 					conn->server_info->gid,
-					get_current_username(),
-					current_user_info.domain,
+					conn->server_info->sanitized_username,
+					pdb_get_domain(conn->server_info->sam_account),
 					lp_rootpreexec(snum));
 		DEBUG(5,("cmd=%s\n",cmd));
 		ret = smbrun(cmd,NULL);
@@ -1001,8 +1001,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 					conn->server_info->unix_name,
 					conn->connectpath,
 					conn->server_info->gid,
-					get_current_username(),
-					current_user_info.domain,
+					conn->server_info->sanitized_username,
+					pdb_get_domain(conn->server_info->sam_account),
 					lp_preexec(snum));
 		ret = smbrun(cmd,NULL);
 		TALLOC_FREE(cmd);
@@ -1324,8 +1324,8 @@ void close_cnum(connection_struct *conn, uint16 vuid)
 					conn->server_info->unix_name,
 					conn->connectpath,
 					conn->server_info->gid,
-					get_current_username(),
-					current_user_info.domain,
+					conn->server_info->sanitized_username,
+					pdb_get_domain(conn->server_info->sam_account),
 					lp_postexec(SNUM(conn)));
 		smbrun(cmd,NULL);
 		TALLOC_FREE(cmd);
@@ -1340,8 +1340,8 @@ void close_cnum(connection_struct *conn, uint16 vuid)
 					conn->server_info->unix_name,
 					conn->connectpath,
 					conn->server_info->gid,
-					get_current_username(),
-					current_user_info.domain,
+					conn->server_info->sanitized_username,
+					pdb_get_domain(conn->server_info->sam_account),
 					lp_rootpostexec(SNUM(conn)));
 		smbrun(cmd,NULL);
 		TALLOC_FREE(cmd);