svn commit: samba r3141 - in trunk/source: auth nsswitch printing

jerry at samba.org jerry at samba.org
Fri Oct 22 20:47:34 GMT 2004 

Author: jerry
Date: 2004-10-22 20:47:34 +0000 (Fri, 22 Oct 2004)
New Revision: 3141

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/trunk/source&rev=3141&nolog=1

Log:
* try to ensure consistent usage of the username map.
  Use the fully qualified DOMAIN\user format for 'security = domain|ads'
  and apply after authentication has succeeded.

* also change fill_domain_username() to only lowercase the username
  and not the domain+username.  This was a cosmetic fix only.
  makes the output more consistent with %D and %U.

Modified:
   trunk/source/auth/auth_util.c
   trunk/source/nsswitch/winbindd_util.c
   trunk/source/printing/print_generic.c
   trunk/source/printing/printing.c


Changeset:
Modified: trunk/source/auth/auth_util.c
===================================================================
--- trunk/source/auth/auth_util.c	2004-10-22 20:15:24 UTC (rev 3140)
+++ trunk/source/auth/auth_util.c	2004-10-22 20:47:34 UTC (rev 3141)
@@ -956,18 +956,23 @@
 				 uid_t *uid, gid_t *gid,
 				 SAM_ACCOUNT **sam_account)
 {
-	fstring dom_user;
+	fstring dom_user, lower_username;
 	fstring real_username;
 	struct passwd *passwd;
 
-	fstr_sprintf(dom_user, "%s%s%s", domain, lp_winbind_separator(), 
-		username);
+	fstrcpy( lower_username, username );
+	strlower_m( lower_username );
 
+	fstr_sprintf(dom_user, "%s%c%s", domain, *lp_winbind_separator(), 
+		lower_username);
+
 	/* get the passwd struct but don't create the user if he/she 
 	   does not exist.  We were explicitly called from a following
 	   a winbindd authentication request so we should assume that 
 	   nss_winbindd is working */
 
+	map_username( dom_user );
+
 	if ( !(passwd = smb_getpwnam( dom_user, real_username, True )) )
 		return NT_STATUS_NO_SUCH_USER;
 
@@ -1130,18 +1135,25 @@
 	}
 	
 	/* try to fill the SAM account..  If getpwnam() fails, then try the 
-	   add user script (2.2.x behavior) */
+	   add user script (2.2.x behavior).
+
+	   We use the _unmapped_ username here in an attempt to provide
+	   consistent username mapping behavior between kerberos and NTLM[SSP]
+	   authentication in domain mode security.  I.E. Username mapping should
+	   be applied to the fully qualified username (e.g. DOMAIN\user) and
+	   no just the login name.  Yes this mean swe called map_username()
+	   unnecessarily in make_user_info_map() but that is how the current
+	   code is designed.  Making the change here is the least disruptive 
+	   place.    -- jerry */
 	   
-	nt_status = fill_sam_account(mem_ctx, nt_domain, internal_username,
+	nt_status = fill_sam_account(mem_ctx, nt_domain, sent_nt_username,
 		&found_username, &uid, &gid, &sam_account);
 
 	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) {
-		DEBUG(3,("User %s does not exist, trying to add it\n", 
-			internal_username));
-		auth_add_user_script(nt_domain, internal_username);
-		nt_status = fill_sam_account(mem_ctx, nt_domain, 
-			internal_username, &found_username,
-			&uid, &gid, &sam_account);
+		DEBUG(3,("User %s does not exist, trying to add it\n", internal_username));
+		auth_add_user_script( nt_domain, sent_nt_username );
+		nt_status = fill_sam_account( mem_ctx, nt_domain, sent_nt_username, 
+			&found_username, &uid, &gid, &sam_account );
 	}
 	
 	if (!NT_STATUS_IS_OK(nt_status)) {

Modified: trunk/source/nsswitch/winbindd_util.c
===================================================================
--- trunk/source/nsswitch/winbindd_util.c	2004-10-22 20:15:24 UTC (rev 3140)
+++ trunk/source/nsswitch/winbindd_util.c	2004-10-22 20:47:34 UTC (rev 3141)
@@ -648,14 +648,15 @@
 */
 void fill_domain_username(fstring name, const char *domain, const char *user)
 {
+	strlower_m( name );
+
 	if (assume_domain(domain)) {
 		strlcpy(name, user, sizeof(fstring));
 	} else {
-		slprintf(name, sizeof(fstring) - 1, "%s%s%s",
-			 domain, lp_winbind_separator(),
+		slprintf(name, sizeof(fstring) - 1, "%s%c%s",
+			 domain, *lp_winbind_separator(),
 			 user);
 	}
-	strlower_m(name);
 }
 
 /*

Modified: trunk/source/printing/print_generic.c
===================================================================
--- trunk/source/printing/print_generic.c	2004-10-22 20:15:24 UTC (rev 3140)
+++ trunk/source/printing/print_generic.c	2004-10-22 20:47:34 UTC (rev 3141)
@@ -26,30 +26,6 @@
  * Generic printing interface definitions...
  */
 
-static int generic_job_delete(int snum, struct printjob *pjob);
-static int generic_job_pause(int snum, struct printjob *pjob);
-static int generic_job_resume(int snum, struct printjob *pjob);
-static int generic_job_submit(int snum, struct printjob *pjob);
-static int generic_queue_get(const char *printer_name,
-			     enum printing_types printing_type,
-			     const char *lpq_command,
-			     print_queue_struct **q,
-			     print_status_struct *status);
-static int generic_queue_pause(int snum);
-static int generic_queue_resume(int snum);
-
-
-struct printif	generic_printif =
-		{
-		  generic_queue_get,
-		  generic_queue_pause,
-		  generic_queue_resume,
-		  generic_job_delete,
-		  generic_job_pause,
-		  generic_job_resume,
-		  generic_job_submit,
-		};
-
 /****************************************************************************
 run a given print command 
 a null terminated list of value/substitute pairs is provided
@@ -254,3 +230,19 @@
 	return print_run_command(snum, PRINTERNAME(snum),
 				 lp_queueresumecommand(snum), NULL, NULL);
 }
+
+/****************************************************************************
+ * Generic printing interface definitions...
+ ***************************************************************************/
+
+struct printif	generic_printif =
+{
+	generic_queue_get,
+	generic_queue_pause,
+	generic_queue_resume,
+	generic_job_delete,
+	generic_job_pause,
+	generic_job_resume,
+	generic_job_submit,
+};
+

Modified: trunk/source/printing/printing.c
===================================================================
--- trunk/source/printing/printing.c	2004-10-22 20:15:24 UTC (rev 3140)
+++ trunk/source/printing/printing.c	2004-10-22 20:47:34 UTC (rev 3141)
@@ -602,7 +602,6 @@
 	/* Remove from printing.tdb */
 
 	tdb_delete(pdb->tdb, print_key(jobid));
-	remove_from_jobs_changed(snum, jobid);
 	release_print_db(pdb);
 	rap_jobid_delete(snum, jobid);
 }
@@ -1250,7 +1249,7 @@
 	fstrcpy(ctx.lpqcommand, lp_lpqcommand(snum));
 	
 	/* 
-	 * Make sure that the backgroup queue process exists.  
+	 * Make sure that the background queue process exists.  
 	 * Otherwise just do the update ourselves 
 	 */

More information about the samba-cvs mailing list