summaryrefslogtreecommitdiffstats
path: root/source/passdb
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-08-04 20:35:52 +0000
committerJeremy Allison <jra@samba.org>2006-08-04 20:35:52 +0000
commit94d7e3f93d7b73fddd35785af2061a418b6eeabf (patch)
tree56b34acf27ba3157f5d5c4af729077f07db317a7 /source/passdb
parent7748542e6bf20b1e64fba4f935d36f7407ff7fd0 (diff)
downloadsamba-94d7e3f93d7b73fddd35785af2061a418b6eeabf.tar.gz
samba-94d7e3f93d7b73fddd35785af2061a418b6eeabf.tar.xz
samba-94d7e3f93d7b73fddd35785af2061a418b6eeabf.zip
r17402: Added lookup_name_smbconf() to be called when looking
up names from smb.conf. If the name is unqualified it causes the lookup to be done in WORKGROUP\name, then "Unix [users|groups]"\name rather than searching the domain. Should fix the problems with "force user" selecting a domain user by preference. Jeremy.
Diffstat (limited to 'source/passdb')
-rw-r--r--source/passdb/lookup_sid.c50
1 files changed, 50 insertions, 0 deletions
diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c
index ea08c37dd0e..f8580ecf594 100644
--- a/source/passdb/lookup_sid.c
+++ b/source/passdb/lookup_sid.c
@@ -353,6 +353,56 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
return True;
}
+/************************************************************************
+ Names from smb.conf can be unqualified. eg. valid users = foo
+ These names should never map to a remote name. Try lp_workgroup()\foo,
+ and then "Unix Users"\foo (or "Unix Groups"\foo).
+************************************************************************/
+
+BOOL lookup_name_smbconf(TALLOC_CTX *mem_ctx,
+ const char *full_name, int flags,
+ const char **ret_domain, const char **ret_name,
+ DOM_SID *ret_sid, enum SID_NAME_USE *ret_type)
+{
+ char *qualified_name;
+
+ /* NB. No winbindd_separator here as lookup_name needs \\' */
+ if (strchr_m(full_name, '\\')) {
+ /* The name is already qualified with a domain. */
+ return lookup_name(mem_ctx, full_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type);
+ }
+
+ /* Try with our own domain name. */
+ qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+ lp_workgroup(),
+ full_name );
+ if (!qualified_name) {
+ return False;
+ }
+
+ if (lookup_name(mem_ctx, qualified_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type)) {
+ return True;
+ }
+
+ /* Finally try with "Unix Users" or "Unix Group" */
+ qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+ flags & LOOKUP_NAME_GROUP ?
+ unix_groups_domain_name() :
+ unix_users_domain_name(),
+ full_name );
+ if (!qualified_name) {
+ return False;
+ }
+
+ return lookup_name(mem_ctx, qualified_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type);
+}
+
static BOOL winbind_lookup_rids(TALLOC_CTX *mem_ctx,
const DOM_SID *domain_sid,
int num_rids, uint32 *rids,
generated by cgit (git 2.34.1) at 2024-07-02 15:13:26 +0000