From 4bce271e4fe239a8b4aac2bb65a52165d68d8ea5 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 14 Nov 2000 21:56:32 +0000
Subject: Merge from appliance head of JR's changes for driver versioning.
 Jeremy. (This used to be commit cdbd2e99775642dc2e92004be9014bf38a92d80f)

---
 source3/smbd/uid.c | 50 +++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 37 insertions(+), 13 deletions(-)

(limited to 'source3/smbd/uid.c')

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index d82edcbfae..008765cde1 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -243,8 +243,8 @@ BOOL unbecome_authenticated_pipe_user(pipes_struct *p)
 	return pop_sec_ctx();
 }
 
-
 /* Temporarily become a root user.  Must match with unbecome_root(). */
+
 void become_root(void)
 {
 	push_sec_ctx();
@@ -267,25 +267,49 @@ BOOL lookup_name(char *name, DOM_SID *psid, enum SID_NAME_USE *name_type)
 {
 	extern pstring global_myname;
 	fstring sid;
+	char *sep = lp_winbind_separator();
 
 	if (!winbind_lookup_name(name, psid, name_type)) {
 		BOOL ret;
 
-		DEBUG(10,("lookup_name: winbind lookup for %s failed - trying local\n", name ));
+		DEBUG(10, ("lookup_name: winbind lookup for %s failed - trying local\n", name));
+
+		/* If we are looking up a domain user, make sure it is
+		   for the local machine only */
+
+		if (strchr(name, sep[0]) || strchr(name, '\\')) {
+			fstring domain, username;
+
+			split_domain_name(name, domain, username);
+
+			if (strcasecmp(global_myname, domain) != 0) {
+				DEBUG(5, ("domain %s is not local\n", domain));
+				return False;
+			}
+
+			ret = local_lookup_name(domain, username, psid, 
+						name_type);
+		} else {
+
+			ret = local_lookup_name(global_myname, name, psid, 
+						name_type);
+		}
+
+		if (ret) {
+			DEBUG(10,
+			      ("lookup_name: (local) %s -> SID %s (type %u)\n",
+			       name, sid_to_string(sid,psid),
+			       (unsigned int)*name_type ));
+		} else {
+			DEBUG(10,("lookup name: (local) %s failed.\n", name));
+		}
 
-		ret = local_lookup_name(global_myname, name, psid, name_type);
-		if (ret)
-			DEBUG(10,("lookup_name : (local) %s -> SID %s (type %u)\n",
-				name, sid_to_string(sid,psid),
-				(unsigned int)*name_type ));
-		else
-			DEBUG(10,("lookup name : (local) %s failed.\n",
-					name ));
 		return ret;
 	}
 
-	DEBUG(10,("lookup_name (winbindd): %s -> SID %s (type %u)\n",
-		name, sid_to_string(sid,psid), (unsigned int)*name_type ));
+		DEBUG(10,("lookup_name (winbindd): %s -> SID %s (type %u)\n",
+			  name, sid_to_string(sid, psid), 
+			  (unsigned int)*name_type));
 	return True;
 }
 
@@ -300,7 +324,7 @@ BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE
 		return False;
 
 	/* Check if this is our own sid.  This should perhaps be done by
-		winbind?  For the moment handle it here. */
+	   winbind?  For the moment handle it here. */
 
 	if (sid->num_auths == 5) {
 		DOM_SID tmp_sid;
-- 
cgit