sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
Code

more 2.2.x compatibility fixes - allow user looksup in the kerb5

Browse Source 
sesssetup to fall back to 'user' instaed of failing is REA.LM\user
doesn't exist.

also fix include line in smb_acls.h as requested by metze
This commit is contained in:
Gerald Carter 0001-01-01 00:00:00 +00:00
parent ccdcd88732
commit 62ed2598b3
3 changed files with 36 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
source/auth/auth_util.c
View File

@ -942,7 +942,7 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx,
/* This is pointless -- there is no suport for differeing /* This is pointless -- there is no suport for differeing
unix and windows names. Make sure to always store the unix and windows names. Make sure to always store the
one we actuall looked up and succeeded. Have I mentioned one we actually looked up and succeeded. Have I mentioned
why I hate the 'winbind use default domain' parameter? why I hate the 'winbind use default domain' parameter?
--jerry */ --jerry */
@ -951,6 +951,30 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx,
return pdb_init_sam_pw(sam_account, passwd); return pdb_init_sam_pw(sam_account, passwd);
} }
/****************************************************************************
Wrapper to allow the getpwnam() call to styrip the domain name and
try again in case a local UNIX user is already there.
****************************************************************************/
struct passwd *smb_getpwnam( char *domuser )
{
struct passwd *pw;
char *p;
pw = Get_Pwnam( domuser );
if ( pw )
return pw;
/* fallback to looking up just the username */
p = strchr( domuser, *lp_winbind_separator() );
if ( p )
return Get_Pwnam(p+1);
return NULL;
}
/*************************************************************************** /***************************************************************************
Make a server_info struct from the info3 returned by a domain logon Make a server_info struct from the info3 returned by a domain logon
***************************************************************************/ ***************************************************************************/

2
source/include/smb_acls.h
View File

@ -195,7 +195,7 @@ typedef struct SMB_ACL_T {
/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */ /* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
#include "/usr/include/acl.h" #include <acl.h>
typedef uint *SMB_ACL_PERMSET_T; typedef uint *SMB_ACL_PERMSET_T;

23
source/smbd/sesssetup.c
View File

@ -198,28 +198,25 @@ static int reply_spnego_kerberos(connection_struct *conn,
/* this gives a fully qualified user name (ie. with full realm). /* this gives a fully qualified user name (ie. with full realm).
that leads to very long usernames, but what else can we do? */ that leads to very long usernames, but what else can we do? */
asprintf(&user, "%s%s%s", p+1, lp_winbind_separator(), client);
asprintf(&user, "%s%c%s", p+1, *lp_winbind_separator(), client);
pw = Get_Pwnam(user); pw = smb_getpwnam( user );
if (!pw && !foreign) {
pw = Get_Pwnam(client); SAFE_FREE(user);
SAFE_FREE(user);
user = smb_xstrdup(client);
}
SAFE_FREE(client); SAFE_FREE(client);
/* setup the string used by %U */
sub_set_smb_name(user);
reload_services(True);
if (!pw) { if (!pw) {
DEBUG(1,("Username %s is invalid on this system\n",user)); DEBUG(1,("Username %s is invalid on this system\n",user));
data_blob_free(&ap_rep); data_blob_free(&ap_rep);
return ERROR_NT(NT_STATUS_LOGON_FAILURE); return ERROR_NT(NT_STATUS_LOGON_FAILURE);
} }
/* setup the string used by %U */
sub_set_smb_name(pw->pw_name);
reload_services(True);
if (!NT_STATUS_IS_OK(ret = make_server_info_pw(&server_info,pw))) { if (!NT_STATUS_IS_OK(ret = make_server_info_pw(&server_info,pw))) {
DEBUG(1,("make_server_info_from_pw failed!\n")); DEBUG(1,("make_server_info_from_pw failed!\n"));
data_blob_free(&ap_rep); data_blob_free(&ap_rep);