summaryrefslogtreecommitdiff
path: root/source3/auth/auth_util.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/auth/auth_util.c')
-rw-r--r--source3/auth/auth_util.c51
1 files changed, 38 insertions, 13 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 8822d3358c..06fbe1b7e6 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -152,9 +152,11 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
BOOL encrypted)
{
const char *domain;
+ NTSTATUS result;
+ BOOL was_mapped;
fstring internal_username;
fstrcpy(internal_username, smb_name);
- map_username(internal_username);
+ was_mapped = map_username(internal_username);
DEBUG(5, ("make_user_info_map: Mapping user [%s]\\[%s] from workstation [%s]\n",
client_domain, smb_name, wksta_name));
@@ -176,11 +178,15 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
/* we know that it is a trusted domain (and we are allowing them) or it is our domain */
- return make_user_info(user_info, smb_name, internal_username,
+ result = make_user_info(user_info, smb_name, internal_username,
client_domain, domain, wksta_name,
lm_pwd, nt_pwd,
lm_interactive_pwd, nt_interactive_pwd,
plaintext, encrypted);
+ if (NT_STATUS_IS_OK(result)) {
+ (*user_info)->was_mapped = was_mapped;
+ }
+ return result;
}
/****************************************************************************
@@ -923,15 +929,29 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
return NT_STATUS_NO_MEMORY;
}
- server_info->ptok = create_local_nt_token(
- server_info,
- pdb_get_user_sid(server_info->sam_account),
- pdb_get_group_sid(server_info->sam_account),
- server_info->guest,
- server_info->num_sids, server_info->sids);
+ if (server_info->was_mapped) {
+ status = create_token_from_username(server_info,
+ server_info->unix_name,
+ server_info->guest,
+ &server_info->uid,
+ &server_info->gid,
+ &server_info->unix_name,
+ &server_info->ptok);
+
+ } else {
+ server_info->ptok = create_local_nt_token(
+ server_info,
+ pdb_get_user_sid(server_info->sam_account),
+ pdb_get_group_sid(server_info->sam_account),
+ server_info->guest,
+ server_info->num_sids, server_info->sids);
+ status = server_info->ptok ?
+ NT_STATUS_OK : NT_STATUS_NO_SUCH_USER;
+ }
- if ( !server_info->ptok ) {
- return NT_STATUS_NO_SUCH_USER;
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(mem_ctx);
+ return status;
}
/* Convert the SIDs to gids. */
@@ -1366,7 +1386,8 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx,
const char *username,
char **found_username,
uid_t *uid, gid_t *gid,
- struct samu *account)
+ struct samu *account,
+ BOOL *username_was_mapped)
{
NTSTATUS nt_status;
fstring dom_user, lower_username;
@@ -1381,7 +1402,7 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx,
/* Get the passwd struct. Try to create the account is necessary. */
- map_username( dom_user );
+ *username_was_mapped = map_username( dom_user );
if ( !(passwd = smb_getpwnam( NULL, dom_user, real_username, True )) )
return NT_STATUS_NO_SUCH_USER;
@@ -1510,6 +1531,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
struct samu *sam_account = NULL;
DOM_SID user_sid;
DOM_SID group_sid;
+ BOOL username_was_mapped;
uid_t uid;
gid_t gid;
@@ -1565,7 +1587,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
/* this call will try to create the user if necessary */
nt_status = fill_sam_account(mem_ctx, nt_domain, sent_nt_username,
- &found_username, &uid, &gid, sam_account);
+ &found_username, &uid, &gid, sam_account,
+ &username_was_mapped);
/* if we still don't have a valid unix account check for
@@ -1716,6 +1739,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
sizeof(info3->lm_sess_key));
}
+ result->was_mapped = username_was_mapped;
+
*server_info = result;
return NT_STATUS_OK;
generated by cgit (git 2.34.1) at 2024-07-17 02:37:44 +0000