diff options
-rw-r--r-- | source3/auth/auth_domain.c | 4 | ||||
-rw-r--r-- | source3/auth/auth_ntlmssp.c | 2 | ||||
-rw-r--r-- | source3/auth/auth_sam.c | 2 | ||||
-rw-r--r-- | source3/auth/auth_util.c | 6 | ||||
-rw-r--r-- | source3/auth/auth_winbind.c | 4 | ||||
-rw-r--r-- | source3/include/auth.h | 6 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 4 |
7 files changed, 13 insertions, 15 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index f526677eca..f483718552 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -270,9 +270,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, info3); if (NT_STATUS_IS_OK(nt_status)) { - if (user_info->was_mapped) { - (*server_info)->was_mapped = user_info->was_mapped; - } + (*server_info)->nss_token |= user_info->was_mapped; if ( ! (*server_info)->guest) { /* if a real user check pam account restrictions */ diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index b6c26a1fc8..0d46b14f97 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -122,7 +122,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, return nt_status; } - auth_ntlmssp_state->server_info->was_mapped |= username_was_mapped; + auth_ntlmssp_state->server_info->nss_token |= username_was_mapped; nt_status = create_local_token(auth_ntlmssp_state->server_info); diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 4d25d31b56..5e393f7220 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -367,7 +367,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, lm_sess_key.length); data_blob_free(&lm_sess_key); - (*server_info)->was_mapped |= user_info->was_mapped; + (*server_info)->nss_token |= user_info->was_mapped; return nt_status; } diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 5116425606..5e9da4eaff 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -634,7 +634,7 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) */ if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) || - (server_info->was_mapped)) { + (server_info->nss_token)) { status = create_token_from_username(server_info, server_info->unix_name, server_info->guest, @@ -1626,7 +1626,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, sizeof(info3->base.LMSessKey.key)); } - result->was_mapped = username_was_mapped; + result->nss_token |= username_was_mapped; *server_info = result; @@ -1859,7 +1859,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, sizeof(info->lm_session_key)); } - result->was_mapped = username_was_mapped; + result->nss_token |= username_was_mapped; *server_info = result; diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index 20faa95b01..d1b00a3268 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -120,9 +120,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, return nt_status; } - if (user_info->was_mapped) { - (*server_info)->was_mapped = user_info->was_mapped; - } + (*server_info)->nss_token |= user_info->was_mapped; return nt_status; } diff --git a/source3/include/auth.h b/source3/include/auth.h index df2bed8756..56b8144a24 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -67,7 +67,11 @@ typedef struct auth_serversupplied_info { void *pam_handle; - bool was_mapped; /* Did the username map match? */ + /* + * This is a token from /etc/passwd and /etc/group + */ + bool nss_token; + char *unix_name; /* diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index b9219ab302..9076949a81 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -530,9 +530,7 @@ static void reply_spnego_kerberos(struct smb_request *req, } } - if (username_was_mapped) { - server_info->was_mapped = username_was_mapped; - } + server_info->nss_token |= username_was_mapped; /* we need to build the token for the user. make_server_info_guest() already does this */ |