From 644fbaaf9ba38a5f3d60f27f7110e755b20d31e7 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 15 Jun 1998 18:19:54 +0000
Subject: Makefile: smbumount.c: Added fixes to compile under Linux.
 includes.h: Added SunOS 4.x QSORT_CAST fix. reply.c: Fixed user name mapping
 function for security=server, security=domain. Jeremy. (This used to be
 commit 21ca6bfb3ba3927efaf7eeff4325976d41489be2)

---
 source3/smbd/reply.c | 28 ++++++++++++++++++++--------
 1 file changed, 20 insertions(+), 8 deletions(-)

(limited to 'source3/smbd/reply.c')

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index a9db0b3840..9177b3cde1 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -482,6 +482,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
   pstring smb_ntpasswd;
   BOOL valid_nt_password = False;
   pstring user;
+  pstring orig_user;
   BOOL guest=False;
   static BOOL done_sesssetup = False;
   BOOL doencrypt = SMBENCRYPT();
@@ -623,6 +624,14 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
 
   reload_services(True);
 
+  /*
+   * Save the username before mapping. We will use
+   * the original username sent to us for security=server
+   * and security=domain checking.
+   */
+
+  pstrcpy( orig_user, user);
+
   /*
    * Pass the user through the NT -> unix user mapping
    * function.
@@ -645,14 +654,17 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
     guest = True;
 
   if (!guest && !(lp_security() == SEC_SERVER && 
-		  server_validate(user, domain, 
-				  smb_apasswd, smb_apasslen, 
-				  smb_ntpasswd, smb_ntpasslen)) &&
-                !(lp_security() == SEC_DOMAIN &&
-                  domain_client_validate(user, domain,
-                                  smb_apasswd, smb_apasslen,
-                                  smb_ntpasswd, smb_ntpasslen)) &&
-      !check_hosts_equiv(user))
+      /* Check with orig_user for security=server and
+         security=domain. */
+      server_validate(orig_user, domain, 
+                      smb_apasswd, smb_apasslen, 
+                      smb_ntpasswd, smb_ntpasslen)) &&
+      !(lp_security() == SEC_DOMAIN &&
+      domain_client_validate(orig_user, domain,
+                             smb_apasswd, smb_apasslen,
+                            smb_ntpasswd, smb_ntpasslen)) &&
+      !check_hosts_equiv(user)
+     )
     {
 
       /* now check if it's a valid username/password */
-- 
cgit