diff --git a/source/auth/auth.c b/source/auth/auth.c index dea97a7190b..02c7eb6d84a 100644 --- a/source/auth/auth.c +++ b/source/auth/auth.c @@ -262,12 +262,6 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, break; } - /* This is one of the few places the *relies* (rather than just sets defaults - on the value of lp_security(). This needs to change. A new paramater - perhaps? */ - if (lp_security() >= SEC_SERVER) - smb_user_control(user_info, *server_info, nt_status); - if (NT_STATUS_IS_OK(nt_status)) { pdb_username = pdb_get_username((*server_info)->sam_account); if (!(*server_info)->guest) { diff --git a/source/auth/auth_server.c b/source/auth/auth_server.c index 73af290af2a..18c52161374 100644 --- a/source/auth/auth_server.c +++ b/source/auth/auth_server.c @@ -372,12 +372,19 @@ use this machine as the password server.\n")); cli_ulogoff(cli); - if NT_STATUS_IS_OK(nt_status) { + if (NT_STATUS_IS_OK(nt_status)) { struct passwd *pass = Get_Pwnam(user_info->internal_username.str); if (pass) { nt_status = make_server_info_pw(server_info, pass); } else { - nt_status = NT_STATUS_NO_SUCH_USER; + auth_add_user_script(user_info->domain.str, user_info->internal_username.str); + pass = Get_Pwnam(user_info->internal_username.str); + + if (pass) { + nt_status = make_server_info_pw(server_info, pass); + } else { + nt_status = NT_STATUS_NO_SUCH_USER; + } } } diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index e8f2af41f32..d57619942c4 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -36,7 +36,7 @@ extern DOM_SID global_sid_Authenticated_Users; Create a UNIX user on demand. ****************************************************************************/ -static int smb_create_user(const char *unix_user, const char *homedir) +static int smb_create_user(const char *domain, const char *unix_username, const char *homedir) { pstring add_script; int ret; @@ -44,7 +44,9 @@ static int smb_create_user(const char *unix_user, const char *homedir) pstrcpy(add_script, lp_adduser_script()); if (! *add_script) return -1; - all_string_sub(add_script, "%u", unix_user, sizeof(pstring)); + all_string_sub(add_script, "%u", unix_username, sizeof(pstring)); + if (domain) + all_string_sub(add_script, "%D", domain, sizeof(pstring)); if (homedir) all_string_sub(add_script, "%H", homedir, sizeof(pstring)); ret = smbrun(add_script,NULL); @@ -56,24 +58,18 @@ static int smb_create_user(const char *unix_user, const char *homedir) Add and Delete UNIX users on demand, based on NTSTATUS codes. ****************************************************************************/ -void smb_user_control(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info, NTSTATUS nt_status) +void auth_add_user_script(const char *domain, const char *username) { struct passwd *pwd=NULL; - if (NT_STATUS_IS_OK(nt_status)) { - - if (!(server_info->sam_fill_level & SAM_FILL_UNIX)) { - - /* - * User validated ok against Domain controller. - * If the admin wants us to try and create a UNIX - * user on the fly, do so. - */ - - if(lp_adduser_script() && !(pwd = Get_Pwnam(user_info->internal_username.str))) { - smb_create_user(user_info->internal_username.str, NULL); - } - } + /* + * User validated ok against Domain controller. + * If the admin wants us to try and create a UNIX + * user on the fly, do so. + */ + + if(lp_adduser_script() && !(pwd = Get_Pwnam(username))) { + smb_create_user(domain, username, NULL); } } @@ -914,30 +910,38 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, nt_status = pdb_init_sam_pw(&sam_account, passwd); passwd_free(&passwd); } else { - char *dom_user; - dom_user = talloc_asprintf(mem_ctx, "%s%s%s", - nt_domain, - lp_winbind_separator(), - internal_username); - - if (!dom_user) { - DEBUG(0, ("talloc_asprintf failed!\n")); - return NT_STATUS_NO_MEMORY; - } else { - - if (!(passwd = Get_Pwnam(dom_user)) - /* Only lookup local for the local - domain, we don't want this for - trusted domains */ - && strequal(nt_domain, lp_workgroup())) { - passwd = Get_Pwnam(internal_username); + int try = 0; + while (try < 2) { + char *dom_user; + dom_user = talloc_asprintf(mem_ctx, "%s%s%s", + nt_domain, + lp_winbind_separator(), + internal_username); + + if (!dom_user) { + DEBUG(0, ("talloc_asprintf failed!\n")); + nt_status = NT_STATUS_NO_MEMORY; + } else { + + if (!(passwd = Get_Pwnam(dom_user)) + /* Only lookup local for the local + domain, we don't want this for + trusted domains */ + && strequal(nt_domain, lp_workgroup())) { + passwd = Get_Pwnam(internal_username); + } + + if (!passwd) { + nt_status = NT_STATUS_NO_SUCH_USER; + } else { + nt_status = pdb_init_sam_pw(&sam_account, passwd); + break; + } } - - if (!passwd) { - return NT_STATUS_NO_SUCH_USER; - } else { - nt_status = pdb_init_sam_pw(&sam_account, passwd); + if (try == 0) { + auth_add_user_script(nt_domain, internal_username); } + try++; } }