From 8fba1740fe1584524f97a1c8c4bb97712c95f2e0 Mon Sep 17 00:00:00 2001 From: David Disseldorp Date: Thu, 10 Nov 2011 18:34:23 +0100 Subject: [PATCH] s3-auth: fix force user for AD user Do not add a unix_users_domain_name() username prefix prior to the lookup. This ensures winbind is consulted before a unix user SID is manually composed. Use get_primary_group_sid() only if gid_to_sid() fails lookup. https://bugzilla.samba.org/show_bug.cgi?id=8598 --- source3/auth/auth_util.c | 18 ++++++++---------- source3/passdb/lookup_sid.c | 3 +-- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index fcfed83..f21cbe1 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -677,9 +677,9 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, { NTSTATUS status; struct samu *sampass = NULL; - char *qualified_name = NULL; TALLOC_CTX *mem_ctx = NULL; struct dom_sid u_sid; + struct dom_sid g_sid; enum lsa_SidType type; struct auth_serversupplied_info *result; @@ -701,15 +701,7 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, return NT_STATUS_NO_MEMORY; } - qualified_name = talloc_asprintf(mem_ctx, "%s\\%s", - unix_users_domain_name(), - unix_username ); - if (!qualified_name) { - TALLOC_FREE(mem_ctx); - return NT_STATUS_NO_MEMORY; - } - - if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL, + if (!lookup_name(mem_ctx, unix_username, LOOKUP_NAME_ALL, NULL, NULL, &u_sid, &type)) { TALLOC_FREE(mem_ctx); @@ -739,6 +731,12 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, /* set the user sid to be the calculated u_sid */ pdb_set_user_sid(sampass, &u_sid, PDB_SET); + /* samu_to_SamInfo3() calls get_primary_group_sid() if mapping fails */ + gid_to_sid(&g_sid, pwd->pw_gid); + if (!is_null_sid(&g_sid)) { + pdb_set_group_sid(sampass, &g_sid, PDB_SET); + } + result = make_server_info(NULL); if (result == NULL) { TALLOC_FREE(sampass); diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index cfc78ad..3939fee 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -55,8 +55,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, return false; } - p = strchr_m(full_name, '\\'); - + p = strchr_m(full_name, *lp_winbind_separator()); if (p != NULL) { domain = talloc_strndup(tmp_ctx, full_name, PTR_DIFF(p, full_name)); -- 1.7.3.4