From dc9f30b8b0ace8d6e2c8c0cbed537fde68d1556a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 6 May 2006 19:24:35 +0000 Subject: r15475: Ugly and disgusting patch to fix the username map problem I created by changing the token generation. I *hate* this code! Jerry, you have been looking at this as well, can you double-check that I did not screw it up? Thanks, Volker (This used to be commit 2765c4ff8d44c970db3e075b0a2412662f1936c6) --- source3/auth/auth_util.c | 51 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 38 insertions(+), 13 deletions(-) (limited to 'source3/auth/auth_util.c') diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 8822d3358c7..06fbe1b7e60 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -152,9 +152,11 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, BOOL encrypted) { const char *domain; + NTSTATUS result; + BOOL was_mapped; fstring internal_username; fstrcpy(internal_username, smb_name); - map_username(internal_username); + was_mapped = map_username(internal_username); DEBUG(5, ("make_user_info_map: Mapping user [%s]\\[%s] from workstation [%s]\n", client_domain, smb_name, wksta_name)); @@ -176,11 +178,15 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, /* we know that it is a trusted domain (and we are allowing them) or it is our domain */ - return make_user_info(user_info, smb_name, internal_username, + result = make_user_info(user_info, smb_name, internal_username, client_domain, domain, wksta_name, lm_pwd, nt_pwd, lm_interactive_pwd, nt_interactive_pwd, plaintext, encrypted); + if (NT_STATUS_IS_OK(result)) { + (*user_info)->was_mapped = was_mapped; + } + return result; } /**************************************************************************** @@ -923,15 +929,29 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) return NT_STATUS_NO_MEMORY; } - server_info->ptok = create_local_nt_token( - server_info, - pdb_get_user_sid(server_info->sam_account), - pdb_get_group_sid(server_info->sam_account), - server_info->guest, - server_info->num_sids, server_info->sids); + if (server_info->was_mapped) { + status = create_token_from_username(server_info, + server_info->unix_name, + server_info->guest, + &server_info->uid, + &server_info->gid, + &server_info->unix_name, + &server_info->ptok); + + } else { + server_info->ptok = create_local_nt_token( + server_info, + pdb_get_user_sid(server_info->sam_account), + pdb_get_group_sid(server_info->sam_account), + server_info->guest, + server_info->num_sids, server_info->sids); + status = server_info->ptok ? + NT_STATUS_OK : NT_STATUS_NO_SUCH_USER; + } - if ( !server_info->ptok ) { - return NT_STATUS_NO_SUCH_USER; + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(mem_ctx); + return status; } /* Convert the SIDs to gids. */ @@ -1366,7 +1386,8 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx, const char *username, char **found_username, uid_t *uid, gid_t *gid, - struct samu *account) + struct samu *account, + BOOL *username_was_mapped) { NTSTATUS nt_status; fstring dom_user, lower_username; @@ -1381,7 +1402,7 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx, /* Get the passwd struct. Try to create the account is necessary. */ - map_username( dom_user ); + *username_was_mapped = map_username( dom_user ); if ( !(passwd = smb_getpwnam( NULL, dom_user, real_username, True )) ) return NT_STATUS_NO_SUCH_USER; @@ -1510,6 +1531,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, struct samu *sam_account = NULL; DOM_SID user_sid; DOM_SID group_sid; + BOOL username_was_mapped; uid_t uid; gid_t gid; @@ -1565,7 +1587,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* this call will try to create the user if necessary */ nt_status = fill_sam_account(mem_ctx, nt_domain, sent_nt_username, - &found_username, &uid, &gid, sam_account); + &found_username, &uid, &gid, sam_account, + &username_was_mapped); /* if we still don't have a valid unix account check for @@ -1716,6 +1739,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, sizeof(info3->lm_sess_key)); } + result->was_mapped = username_was_mapped; + *server_info = result; return NT_STATUS_OK; -- cgit