summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_domain.c4
-rw-r--r--source3/auth/auth_ntlmssp.c2
-rw-r--r--source3/auth/auth_sam.c2
-rw-r--r--source3/auth/auth_util.c6
-rw-r--r--source3/auth/auth_winbind.c4
-rw-r--r--source3/include/auth.h6
-rw-r--r--source3/smbd/sesssetup.c4
7 files changed, 13 insertions, 15 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index f526677eca..f483718552 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -270,9 +270,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
info3);
if (NT_STATUS_IS_OK(nt_status)) {
- if (user_info->was_mapped) {
- (*server_info)->was_mapped = user_info->was_mapped;
- }
+ (*server_info)->nss_token |= user_info->was_mapped;
if ( ! (*server_info)->guest) {
/* if a real user check pam account restrictions */
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index b6c26a1fc8..0d46b14f97 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -122,7 +122,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
return nt_status;
}
- auth_ntlmssp_state->server_info->was_mapped |= username_was_mapped;
+ auth_ntlmssp_state->server_info->nss_token |= username_was_mapped;
nt_status = create_local_token(auth_ntlmssp_state->server_info);
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 4d25d31b56..5e393f7220 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -367,7 +367,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
lm_sess_key.length);
data_blob_free(&lm_sess_key);
- (*server_info)->was_mapped |= user_info->was_mapped;
+ (*server_info)->nss_token |= user_info->was_mapped;
return nt_status;
}
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 5116425606..5e9da4eaff 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -634,7 +634,7 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
*/
if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) ||
- (server_info->was_mapped)) {
+ (server_info->nss_token)) {
status = create_token_from_username(server_info,
server_info->unix_name,
server_info->guest,
@@ -1626,7 +1626,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
sizeof(info3->base.LMSessKey.key));
}
- result->was_mapped = username_was_mapped;
+ result->nss_token |= username_was_mapped;
*server_info = result;
@@ -1859,7 +1859,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
sizeof(info->lm_session_key));
}
- result->was_mapped = username_was_mapped;
+ result->nss_token |= username_was_mapped;
*server_info = result;
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index 20faa95b01..d1b00a3268 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -120,9 +120,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
return nt_status;
}
- if (user_info->was_mapped) {
- (*server_info)->was_mapped = user_info->was_mapped;
- }
+ (*server_info)->nss_token |= user_info->was_mapped;
return nt_status;
}
diff --git a/source3/include/auth.h b/source3/include/auth.h
index df2bed8756..56b8144a24 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -67,7 +67,11 @@ typedef struct auth_serversupplied_info {
void *pam_handle;
- bool was_mapped; /* Did the username map match? */
+ /*
+ * This is a token from /etc/passwd and /etc/group
+ */
+ bool nss_token;
+
char *unix_name;
/*
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index b9219ab302..9076949a81 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -530,9 +530,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
}
}
- if (username_was_mapped) {
- server_info->was_mapped = username_was_mapped;
- }
+ server_info->nss_token |= username_was_mapped;
/* we need to build the token for the user. make_server_info_guest()
already does this */