6 files changed, 125 insertions, 31 deletions

diff --git a/source3/lib/username.c b/source3/lib/username.c
index 6c65d5d8cb..d5ecfe9166 100644
--- a/source3/lib/username.c
+++ b/source3/lib/username.c
@@ -22,18 +22,18 @@
 #include "includes.h"
 extern int DEBUGLEVEL;
 
-/* internal functions - modified versions of the ones in password.c */
+/* internal functions */
 static struct passwd *uname_string_combinations(char *s, struct passwd * (*fn) (char *), int N);
 static struct passwd *uname_string_combinations2(char *s, int offset, struct passwd * (*fn) (char *), int N);
 
 /****************************************************************************
-get a users home directory. tries as-is then lower case
+get a users home directory.
 ****************************************************************************/
 char *get_home_dir(char *user)
 {
   static struct passwd *pass;
 
-  pass = Get_Pwnam(user,False);
+  pass = Get_Pwnam(user, False);
 
   if (!pass) return(NULL);
   return(pass->pw_dir);      
@@ -42,26 +42,34 @@ char *get_home_dir(char *user)
 
 /*******************************************************************
 map a username from a dos name to a unix name by looking in the username
-map
+map. Note that this modifies the name in place.
+This is the main function that should be called *once* on
+any incoming or new username - in order to canonicalize the name.
+This is being done to de-couple the case conversions from the user mapping
+function. Previously, the map_username was being called
+every time Get_Pwnam was called.
 ********************************************************************/
 void map_username(char *user)
 {
-  static int depth=0;
   static BOOL initialised=False;
   static fstring last_from,last_to;
   FILE *f;
   char *s;
   char *mapfile = lp_username_map();
-  if (!*mapfile || depth) return;
 
   if (!*user) return;
 
+  if (!*mapfile) {
+    return;
+  }
+
   if (!initialised) {
     *last_from = *last_to = 0;
     initialised = True;
   }
 
-  if (strequal(user,last_to)) return;
+  if (strequal(user,last_to))
+    return;
 
   if (strequal(user,last_from)) {
     DEBUG(3,("Mapped user %s to %s\n",user,last_to));
@@ -77,20 +85,17 @@ void map_username(char *user)
 
   DEBUG(4,("Scanning username map %s\n",mapfile));
 
-  depth++;
-
   for (; (s=fgets_slash(NULL,80,f)); free(s)) {
     char *unixname = s;
     char *dosname = strchr(unixname,'=');
-    BOOL break_if_mapped = False;
+    BOOL return_if_mapped = False;
 
     if (!dosname) continue;
     *dosname++ = 0;
 
     while (isspace(*unixname)) unixname++;
-    if ('!' == *unixname)
-    {
-      break_if_mapped = True;
+    if ('!' == *unixname) {
+      return_if_mapped = True;
       unixname++;
       while (*unixname && isspace(*unixname)) unixname++;
     }
@@ -100,30 +105,29 @@ void map_username(char *user)
     {
       int l = strlen(unixname);
       while (l && isspace(unixname[l-1])) {
-	unixname[l-1] = 0;
-	l--;
+        unixname[l-1] = 0;
+        l--;
       }
     }
 
     if (strchr(dosname,'*') || user_in_list(user,dosname)) {
       DEBUG(3,("Mapped user %s to %s\n",user,unixname));
-      StrnCpy(last_from,user,sizeof(last_from)-1);
+      fstrcpy(last_from,user);
       sscanf(unixname,"%s",user);
-      StrnCpy(last_to,user,sizeof(last_to)-1);
-      if(break_if_mapped) { 
+      fstrcpy(last_to,user);
+      if(return_if_mapped) { 
         free(s);
-        break;
+        fclose(f);
+        return;
       }
     }
   }
 
   fclose(f);
-
-  depth--;
 }
 
 /****************************************************************************
-internals of Get_Pwnam wrapper
+Get_Pwnam wrapper
 ****************************************************************************/
 static struct passwd *_Get_Pwnam(char *s)
 {
@@ -151,7 +155,7 @@ static struct passwd *_Get_Pwnam(char *s)
 /****************************************************************************
 a wrapper for getpwnam() that tries with all lower and all upper case 
 if the initial name fails. Also tried with first letter capitalised
-Note that this changes user!
+Note that this can change user!
 ****************************************************************************/
 struct passwd *Get_Pwnam(char *user,BOOL allow_change)
 {
@@ -170,8 +174,6 @@ struct passwd *Get_Pwnam(char *user,BOOL allow_change)
     user = &user2[0];
   }
 
-  map_username(user);
-
   ret = _Get_Pwnam(user);
   if (ret) return(ret);
 
@@ -208,7 +210,6 @@ struct passwd *Get_Pwnam(char *user,BOOL allow_change)
   return(NULL);
 }
 
-
 /****************************************************************************
 check if a user is in a user list
 ****************************************************************************/
diff --git a/source3/lsarpcd/srv_lsa.c b/source3/lsarpcd/srv_lsa.c
index e723b532b1..43f463a8ab 100644
--- a/source3/lsarpcd/srv_lsa.c
+++ b/source3/lsarpcd/srv_lsa.c
@@ -371,7 +371,18 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
 	/* convert received RIDs to strings, so we can do them. */
 	for (i = 0; i < q_l.num_entries; i++)
 	{
-		char *user_name = unistr2(q_l.lookup_name[i].str.buffer);
+        fstring user_name;
+		fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer));
+        /*
+         * Map to the UNIX username.
+         */
+        map_username(user_name);
+
+        /*
+         * Do any case conversions.
+         */
+        (void)Get_Pwnam(user_name, True);
+
 		if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid))
 		{
 			/* WHOOPS!  we should really do something about this... */
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index e723b532b1..43f463a8ab 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -371,7 +371,18 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
 	/* convert received RIDs to strings, so we can do them. */
 	for (i = 0; i < q_l.num_entries; i++)
 	{
-		char *user_name = unistr2(q_l.lookup_name[i].str.buffer);
+        fstring user_name;
+		fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer));
+        /*
+         * Map to the UNIX username.
+         */
+        map_username(user_name);
+
+        /*
+         * Do any case conversions.
+         */
+        (void)Get_Pwnam(user_name, True);
+
 		if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid))
 		{
 			/* WHOOPS!  we should really do something about this... */
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 38481cd2d3..8bcf1682bc 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -641,6 +641,16 @@ static void api_net_sam_logon( int uid,
 
     DEBUG(3,("User:[%s]\n", samlogon_user));
 
+    /*
+     * Convert to a UNIX username.
+     */
+    map_username(samlogon_user);
+
+    /*
+     * Do any case conversions.
+     */
+    (void)Get_Pwnam(samlogon_user, True);
+
     become_root(True);
     smb_pass = getsmbpwnam(samlogon_user);
     unbecome_root(True);
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index a9e0bec3ed..f92e376575 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -1633,6 +1633,18 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data,
   DEBUG(3,("Set password for <%s>\n",user));
 
   /*
+   * Pass the user through the NT -> unix user mapping
+   * function.
+   */
+
+  map_username(user);
+
+  /*
+   * Do any UNIX username case mangling.
+   */
+  (void)Get_Pwnam( user, True);
+
+  /*
    * Attempt the plaintext password change first.
    * Older versions of Windows seem to do this.
    */
@@ -1706,6 +1718,20 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat
   fstrcpy(user,p);
   p = skip_string(p,1);
 
+  DEBUG(3,("api_SamOEMChangePassword: Change password for <%s>\n",user));
+
+  /*
+   * Pass the user through the NT -> unix user mapping
+   * function.
+   */
+
+  map_username(user);
+
+  /*
+   * Do any UNIX username case mangling.
+   */
+  (void)Get_Pwnam( user, True);
+
   if(check_oem_password( user, (unsigned char *)data, &sampw, 
                          new_passwd, (int)sizeof(new_passwd)) == False) {
     return True;
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 5ed30a7e8f..c9b0c6852d 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -232,6 +232,18 @@ int reply_tcon(char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 
   parse_connect(smb_buf(inbuf)+1,service,user,password,&pwlen,dev);
 
+  /*
+   * Pass the user through the NT -> unix user mapping
+   * function.
+   */
+   
+  map_username(user);
+
+  /*
+   * Do any UNIX username case mangling.
+   */
+  (void)Get_Pwnam( user, True);
+
   connection_num = make_connection(service,user,password,pwlen,dev,vuid);
   
   if (connection_num < 0)
@@ -300,6 +312,18 @@ int reply_tcon_and_X(char *inbuf,char *outbuf,int length,int bufsize)
     DEBUG(4,("Got device type %s\n",devicename));
   }
 
+  /*
+   * Pass the user through the NT -> unix user mapping
+   * function.
+   */
+   
+  map_username(user);
+
+  /*
+   * Do any UNIX username case mangling.
+   */
+  (void)Get_Pwnam( user, True);
+
   connection_num = make_connection(service,user,password,passlen,devicename,vuid);
   
   if (connection_num < 0)
@@ -599,11 +623,22 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
 
   reload_services(True);
 
+  /*
+   * Pass the user through the NT -> unix user mapping
+   * function.
+   */
+   
+  map_username(user);
+
+  /*
+   * Do any UNIX username case mangling.
+   */
+  (void)Get_Pwnam( user, True);
+
   add_session_user(user);
 
-  /* Check if the given username was the guest user with no password.
-     We need to do this check after add_session_user() as that
-     call can potentially change the username (via map_user).
+  /*
+   * Check if the given username was the guest user with no password.
    */
 
   if(!guest && strequal(user,lp_guestaccount(-1)) && (*smb_apasswd == 0))