summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/smbd/sesssetup.c34
1 files changed, 32 insertions, 2 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index ae99127db2..289055cc6b 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -486,10 +486,40 @@ static void reply_spnego_kerberos(struct smb_request *req,
}
} else {
- ret = make_server_info_pw(&server_info, real_username, pw);
+ /*
+ * We didn't get a PAC, we have to make up the user
+ * ourselves. Try to ask the pdb backend to provide
+ * SID consistency with ntlmssp session setup
+ */
+ struct samu *sampass;
+
+ sampass = samu_new(talloc_tos());
+ if (sampass == NULL) {
+ ret = NT_STATUS_NO_MEMORY;
+ data_blob_free(&ap_rep);
+ data_blob_free(&session_key);
+ TALLOC_FREE(mem_ctx);
+ reply_nterror(req, nt_status_squash(ret));
+ return;
+ }
+
+ if (pdb_getsampwnam(sampass, real_username)) {
+ DEBUG(10, ("found user %s in passdb, calling "
+ "make_server_info_sam\n", real_username));
+ ret = make_server_info_sam(&server_info, sampass);
+ } else {
+ /*
+ * User not in passdb, make it up artificially
+ */
+ TALLOC_FREE(sampass);
+ DEBUG(10, ("didn't find user %s in passdb, calling "
+ "make_server_info_pw\n", real_username));
+ ret = make_server_info_pw(&server_info, real_username,
+ pw);
+ }
if ( !NT_STATUS_IS_OK(ret) ) {
- DEBUG(1,("make_server_info_pw failed: %s!\n",
+ DEBUG(1,("make_server_info_[sam|pw] failed: %s!\n",
nt_errstr(ret)));
data_blob_free(&ap_rep);
data_blob_free(&session_key);