diff options
author | Jeremy Allison <jra@samba.org> | 2006-08-04 20:35:52 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2006-08-04 20:35:52 +0000 |
commit | 94d7e3f93d7b73fddd35785af2061a418b6eeabf (patch) | |
tree | 56b34acf27ba3157f5d5c4af729077f07db317a7 /source/passdb | |
parent | 7748542e6bf20b1e64fba4f935d36f7407ff7fd0 (diff) | |
download | samba-94d7e3f93d7b73fddd35785af2061a418b6eeabf.tar.gz samba-94d7e3f93d7b73fddd35785af2061a418b6eeabf.tar.xz samba-94d7e3f93d7b73fddd35785af2061a418b6eeabf.zip |
r17402: Added lookup_name_smbconf() to be called when looking
up names from smb.conf. If the name is unqualified it
causes the lookup to be done in WORKGROUP\name, then
"Unix [users|groups]"\name rather than searching the
domain. Should fix the problems with "force user"
selecting a domain user by preference.
Jeremy.
Diffstat (limited to 'source/passdb')
-rw-r--r-- | source/passdb/lookup_sid.c | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index ea08c37dd0e..f8580ecf594 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -353,6 +353,56 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, return True; } +/************************************************************************ + Names from smb.conf can be unqualified. eg. valid users = foo + These names should never map to a remote name. Try lp_workgroup()\foo, + and then "Unix Users"\foo (or "Unix Groups"\foo). +************************************************************************/ + +BOOL lookup_name_smbconf(TALLOC_CTX *mem_ctx, + const char *full_name, int flags, + const char **ret_domain, const char **ret_name, + DOM_SID *ret_sid, enum SID_NAME_USE *ret_type) +{ + char *qualified_name; + + /* NB. No winbindd_separator here as lookup_name needs \\' */ + if (strchr_m(full_name, '\\')) { + /* The name is already qualified with a domain. */ + return lookup_name(mem_ctx, full_name, flags, + ret_domain, ret_name, + ret_sid, ret_type); + } + + /* Try with our own domain name. */ + qualified_name = talloc_asprintf(mem_ctx, "%s\\%s", + lp_workgroup(), + full_name ); + if (!qualified_name) { + return False; + } + + if (lookup_name(mem_ctx, qualified_name, flags, + ret_domain, ret_name, + ret_sid, ret_type)) { + return True; + } + + /* Finally try with "Unix Users" or "Unix Group" */ + qualified_name = talloc_asprintf(mem_ctx, "%s\\%s", + flags & LOOKUP_NAME_GROUP ? + unix_groups_domain_name() : + unix_users_domain_name(), + full_name ); + if (!qualified_name) { + return False; + } + + return lookup_name(mem_ctx, qualified_name, flags, + ret_domain, ret_name, + ret_sid, ret_type); +} + static BOOL winbind_lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, int num_rids, uint32 *rids, |