From 21a738b8d08da7581b7ce7d498d89a6c5d651d2b Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Thu, 12 Sep 2002 05:39:55 +0000
Subject: Merge undone cleanups. (This used to be commit
 d87c1f507d38444e627bce59b6c765d9c9479ac6)

---
 source3/nsswitch/wbinfo.c       | 18 +++++-------------
 source3/nsswitch/winbindd_nss.h |  4 +++-
 source3/nsswitch/winbindd_pam.c | 31 +++++++++++++++++++------------
 3 files changed, 27 insertions(+), 26 deletions(-)

(limited to 'source3/nsswitch')

diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index 7a1aee44cd..875df231dc 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -422,7 +422,6 @@ static BOOL wbinfo_auth(char *username)
 	struct winbindd_request request;
 	struct winbindd_response response;
         NSS_STATUS result;
-	fstring name_user, name_domain;
         char *p;
 
 	/* Send off request */
@@ -434,16 +433,11 @@ static BOOL wbinfo_auth(char *username)
 
         if (p) {
                 *p = 0;
+                fstrcpy(request.data.auth.user, username);
                 fstrcpy(request.data.auth.pass, p + 1);
-        } 
-
-	parse_wbinfo_domain_user(username, name_domain, name_user);
-
-	if (p)
-		*p = '%';
-
-	fstrcpy(request.data.auth.user, name_user);
-	fstrcpy(request.data.auth.domain, name_domain);
+                *p = '%';
+        } else
+                fstrcpy(request.data.auth.user, username);
 
 	result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
 
@@ -486,10 +480,8 @@ static BOOL wbinfo_auth_crap(char *username)
 		
 	parse_wbinfo_domain_user(username, name_domain, name_user);
 
-	if (p)
-		*p = '%';
-
 	fstrcpy(request.data.auth_crap.user, name_user);
+
 	fstrcpy(request.data.auth_crap.domain, name_domain);
 
 	generate_random_buffer(request.data.auth_crap.chal, 8, False);
diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h
index 21081cb09c..368bf10cea 100644
--- a/source3/nsswitch/winbindd_nss.h
+++ b/source3/nsswitch/winbindd_nss.h
@@ -127,8 +127,10 @@ struct winbindd_request {
 		uid_t uid;           /* getpwuid, uid_to_sid */
 		gid_t gid;           /* getgrgid, gid_to_sid */
 		struct {
+			/* We deliberatedly don't split into domain/user to
+                           avoid having the client know what the separator
+                           character is. */	
 			fstring user;
-			fstring domain;
 			fstring pass;
 		} auth;              /* pam_winbind auth module */
                 struct {
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index c3ab6615f6..3e7a8ad971 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -57,6 +57,7 @@ static NTSTATUS append_info3_as_ndr(TALLOC_CTX *mem_ctx,
 enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) 
 {
 	NTSTATUS result;
+	fstring name_domain, name_user;
 	unsigned char trust_passwd[16];
 	time_t last_change_time;
         uint32 smb_uid_low;
@@ -75,8 +76,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
 	/* Ensure null termination */
 	state->request.data.auth.pass[sizeof(state->request.data.auth.pass)-1]='\0';
 
-	DEBUG(3, ("[%5d]: pam auth domain: %s user: %s\n", state->pid,
-		  state->request.data.auth.domain, state->request.data.auth.user));
+	DEBUG(3, ("[%5d]: pam auth %s\n", state->pid,
+		  state->request.data.auth.user));
 
 	if (!(mem_ctx = talloc_init_named("winbind pam auth for %s", state->request.data.auth.user))) {
 		DEBUG(0, ("winbindd_pam_auth: could not talloc_init()!\n"));
@@ -86,6 +87,13 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
 
 	/* Parse domain and username */
 	
+	if (!parse_domain_user(state->request.data.auth.user, name_domain, 
+			       name_user)) {
+		DEBUG(5,("no domain separator (%s) in username (%s) - failing auth\n", lp_winbind_separator(), state->request.data.auth.user));
+		result = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
 	{
 		unsigned char local_lm_response[24];
 		unsigned char local_nt_response[24];
@@ -125,10 +133,11 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
                 goto done;
         }
 
-	result = cli_netlogon_sam_network_logon(
-		cli, mem_ctx, state->request.data.auth.user,
-		state->request.data.auth.domain, 
-		global_myname, chal, lm_resp, nt_resp, &info3);
+	result = cli_netlogon_sam_network_logon(cli, mem_ctx,
+						name_user, name_domain, 
+						global_myname, chal, 
+						lm_resp, nt_resp, 
+						&info3);
         
 	uni_group_cache_store_netlogon(mem_ctx, &info3);
 done:
@@ -138,12 +147,10 @@ done:
 	fstrcpy(state->response.data.auth.error_string, nt_errstr(result));
 	state->response.data.auth.pam_error = nt_status_to_pam(result);
 
-	DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, 
-	      ("Plain-text authentication for user %s/%s returned %s (PAM: %d)\n", 
-	       state->request.data.auth.domain, 
-	       state->request.data.auth.user, 
-	       state->response.data.auth.nt_status_string,
-	       state->response.data.auth.pam_error));	      
+	DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authentication for user %s returned %s (PAM: %d)\n", 
+	      state->request.data.auth.user, 
+	      state->response.data.auth.nt_status_string,
+	      state->response.data.auth.pam_error));	      
 
 	if (mem_ctx) 
 		talloc_destroy(mem_ctx);
-- 
cgit