From 9421a0a9cd38a39757e805c817c681f2cefe3bf3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Oct 2006 19:20:21 +0000 Subject: r19207: Properly canonicalize incoming names to the NSS protocols auth, chauthtok, logoff, ccache_ntlm_auth. That way we ensure winbindd only deals with fully qualified names internally. The NSS protocols auth_crap and chng_pswd_auth_crap should be fixed to do the same thing. Jeremy. (This used to be commit dbd2454d3337f64cddbdaf39e9efd6505e6b2590) --- source3/nsswitch/winbindd_util.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'source3/nsswitch/winbindd_util.c') diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index a6d6959446..53fa3da536 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -888,6 +888,26 @@ BOOL parse_domain_user_talloc(TALLOC_CTX *mem_ctx, const char *domuser, return ((*domain != NULL) && (*user != NULL)); } +/* Ensure an incoming username from NSS is fully qualified. Replace the + incoming fstring with DOMAIN user. Returns the same + values as parse_domain_user() but also replaces the incoming username. + Used to ensure all names are fully qualified within winbindd. + Used by the NSS protocols of auth, chauthtok, logoff and ccache_ntlm_auth. + The protocol definitions of auth_crap, chng_pswd_auth_crap + really should be changed to use this instead of doing things + by hand. JRA. */ + +BOOL canonicalize_username(fstring username_inout, fstring domain, fstring user) +{ + if (!parse_domain_user(username_inout, domain, user)) { + return False; + } + slprintf(username_inout, sizeof(fstring) - 1, "%s%c%s", + domain, *lp_winbind_separator(), + user); + return True; +} + /* Fill DOMAIN\\USERNAME entry accounting 'winbind use default domain' and 'winbind separator' options. -- cgit