From c6ad04b8fb4ee5cbf862a35b4c143a6f75555718 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 30 Nov 1998 22:42:13 +0000 Subject: attempting to fix "domain user map" up, but it's a bit complicated. i may simply go for a response in the NetSamLogon returning the unix username, forcing the NT user to appear to be a unix user, however even that is fraught with implications. might just have to go the whole hog and do this tuple thing, "unix_name + nt_name" always associated together... issue with api_net_sam_logon, getsam21pwent() being called twice, the second time overwriting static buffer data (argh) so had to make a copy. noticed a nested "become_root()"/"unbecome_root()" which will have to be tracked down... (This used to be commit 474f94f419a531e33b475249da7efb99ac22f454) --- source3/smbd/reply.c | 90 ++++++++++++++++++++++++++++++++-------------------- 1 file changed, 56 insertions(+), 34 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 1abb084124..505067c83e 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -60,6 +60,49 @@ static void overflow_attack(int len) } +/**************************************************************************** + does _both_ nt->unix and unix->unix username remappings. +****************************************************************************/ +static BOOL map_nt_and_unix_username(const char *domain, char *user) +{ + DOM_NAME_MAP gmep; + fstring nt_username; + + /* + * Pass the user through the NT -> unix user mapping + * function. + */ + + memset(nt_username, 0, sizeof(nt_username)); + if (domain != NULL) + { + slprintf(nt_username, sizeof(nt_username)-1, "%s\\%s", + domain, user); + } + else + { + fstrcpy(nt_username, user); + } + if (!lookupsmbpwntnam(nt_username, &gmep)) + { + return False; + } + + fstrcpy(user, gmep.unix_name); + + /* + * Pass the user through the unix -> unix user mapping + * function. + */ + + (void)map_username(user); + + /* + * Do any UNIX username case mangling. + */ + return Get_Pwnam( user, True) != NULL; +} + /**************************************************************************** reply to an special message ****************************************************************************/ @@ -220,17 +263,10 @@ int reply_tcon(connection_struct *conn, parse_connect(smb_buf(inbuf)+1,service,user,password,&pwlen,dev); - /* - * Pass the user through the NT -> unix user mapping - * function. - */ - - (void)map_username(user); - - /* - * Do any UNIX username case mangling. - */ - (void)Get_Pwnam( user, True); + if (!map_nt_and_unix_username(global_myworkgroup, user)) + { + return(connection_error(inbuf,outbuf,ERRbadpw)); + } conn = make_connection(service,user,password,pwlen,dev,vuid,&ecode); @@ -300,18 +336,11 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt StrnCpy(devicename,path + strlen(path) + 1,6); DEBUG(4,("Got device type %s\n",devicename)); - /* - * Pass the user through the NT -> unix user mapping - * function. - */ - - (void)map_username(user); - - /* - * Do any UNIX username case mangling. - */ - (void)Get_Pwnam(user, True); - + if (!map_nt_and_unix_username(global_myworkgroup, user)) + { + return(connection_error(inbuf,outbuf,ERRbadpw)); + } + conn = make_connection(service,user,password,passlen,devicename,vuid,&ecode); if (!conn) @@ -642,17 +671,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int pstrcpy( orig_user, user); - /* - * Pass the user through the NT -> unix user mapping - * function. - */ - - (void)map_username(user); - - /* - * Do any UNIX username case mangling. - */ - (void)Get_Pwnam( user, True); + if (!map_nt_and_unix_username(domain, user)) + { + return(ERROR(ERRSRV,ERRbadpw)); + } add_session_user(user); -- cgit