svn commit: samba r17402 - in branches: SAMBA_3_0/source/auth SAMBA_3_0/source/passdb SAMBA_3_0/source/smbd SAMBA_3_0_23/source/auth SAMBA_3_0_23/source/passdb SAMBA_3_0_23/source/smbd

jra at samba.org jra at samba.org
Fri Aug 4 20:35:53 GMT 2006


Author: jra
Date: 2006-08-04 20:35:52 +0000 (Fri, 04 Aug 2006)
New Revision: 17402

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17402

Log:
Added lookup_name_smbconf() to be called when looking
up names from smb.conf. If the name is unqualified it
causes the lookup to be done in WORKGROUP\name, then
"Unix [users|groups]"\name rather than searching the
domain. Should fix the problems with "force user"
selecting a domain user by preference.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/auth/auth_util.c
   branches/SAMBA_3_0/source/passdb/lookup_sid.c
   branches/SAMBA_3_0/source/smbd/service.c
   branches/SAMBA_3_0_23/source/auth/auth_util.c
   branches/SAMBA_3_0_23/source/passdb/lookup_sid.c
   branches/SAMBA_3_0_23/source/smbd/service.c


Changeset:
Modified: branches/SAMBA_3_0/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_0/source/auth/auth_util.c	2006-08-04 17:36:31 UTC (rev 17401)
+++ branches/SAMBA_3_0/source/auth/auth_util.c	2006-08-04 20:35:52 UTC (rev 17402)
@@ -1053,9 +1053,9 @@
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!lookup_name(tmp_ctx, username, LOOKUP_NAME_ALL,
+	if (!lookup_name_smbconf(tmp_ctx, username, LOOKUP_NAME_ALL,
 			 NULL, NULL, &user_sid, &type)) {
-		DEBUG(1, ("lookup_name for %s failed\n", username));
+		DEBUG(1, ("lookup_name_smbconf for %s failed\n", username));
 		goto done;
 	}
 

Modified: branches/SAMBA_3_0/source/passdb/lookup_sid.c
===================================================================
--- branches/SAMBA_3_0/source/passdb/lookup_sid.c	2006-08-04 17:36:31 UTC (rev 17401)
+++ branches/SAMBA_3_0/source/passdb/lookup_sid.c	2006-08-04 20:35:52 UTC (rev 17402)
@@ -378,6 +378,56 @@
 	return True;
 }
 
+/************************************************************************
+ Names from smb.conf can be unqualified. eg. valid users = foo
+ These names should never map to a remote name. Try lp_workgroup()\foo,
+ and then "Unix Users"\foo (or "Unix Groups"\foo).
+************************************************************************/
+
+BOOL lookup_name_smbconf(TALLOC_CTX *mem_ctx,
+		 const char *full_name, int flags,
+		 const char **ret_domain, const char **ret_name,
+		 DOM_SID *ret_sid, enum SID_NAME_USE *ret_type)
+{
+	char *qualified_name;
+
+	/* NB. No winbindd_separator here as lookup_name needs \\' */
+	if (strchr_m(full_name, '\\')) {
+		/* The name is already qualified with a domain. */
+		return lookup_name(mem_ctx, full_name, flags,
+				ret_domain, ret_name,
+				ret_sid, ret_type);
+	}
+
+	/* Try with our own domain name. */
+	qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+				lp_workgroup(),
+				full_name );
+	if (!qualified_name) {
+		return False;
+	}
+
+	if (lookup_name(mem_ctx, qualified_name, flags,
+				ret_domain, ret_name,
+				ret_sid, ret_type)) {
+		return True;
+	}
+	
+	/* Finally try with "Unix Users" or "Unix Group" */
+	qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+				flags & LOOKUP_NAME_GROUP ?
+					unix_groups_domain_name() :
+					unix_users_domain_name(),
+				full_name );
+	if (!qualified_name) {
+		return False;
+	}
+
+	return lookup_name(mem_ctx, qualified_name, flags,
+				ret_domain, ret_name,
+				ret_sid, ret_type);
+}
+
 static BOOL wb_lookup_rids(TALLOC_CTX *mem_ctx,
 			   const DOM_SID *domain_sid,
 			   int num_rids, uint32 *rids,

Modified: branches/SAMBA_3_0/source/smbd/service.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/service.c	2006-08-04 17:36:31 UTC (rev 17401)
+++ branches/SAMBA_3_0/source/smbd/service.c	2006-08-04 20:35:52 UTC (rev 17402)
@@ -446,10 +446,10 @@
 	groupname = talloc_string_sub(mem_ctx, groupname,
 				      "%S", lp_servicename(snum));
 
-	if (!lookup_name(mem_ctx, groupname,
+	if (!lookup_name_smbconf(mem_ctx, groupname,
 			 LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP,
 			 NULL, NULL, &group_sid, &type)) {
-		DEBUG(10, ("lookup_name(%s) failed\n",
+		DEBUG(10, ("lookup_name_smbconf(%s) failed\n",
 			   groupname));
 		goto done;
 	}

Modified: branches/SAMBA_3_0_23/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_0_23/source/auth/auth_util.c	2006-08-04 17:36:31 UTC (rev 17401)
+++ branches/SAMBA_3_0_23/source/auth/auth_util.c	2006-08-04 20:35:52 UTC (rev 17402)
@@ -1052,9 +1052,9 @@
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!lookup_name(tmp_ctx, username, LOOKUP_NAME_ALL,
+	if (!lookup_name_smbconf(tmp_ctx, username, LOOKUP_NAME_ALL,
 			 NULL, NULL, &user_sid, &type)) {
-		DEBUG(1, ("lookup_name for %s failed\n", username));
+		DEBUG(1, ("lookup_name_smbconf for %s failed\n", username));
 		goto done;
 	}
 

Modified: branches/SAMBA_3_0_23/source/passdb/lookup_sid.c
===================================================================
--- branches/SAMBA_3_0_23/source/passdb/lookup_sid.c	2006-08-04 17:36:31 UTC (rev 17401)
+++ branches/SAMBA_3_0_23/source/passdb/lookup_sid.c	2006-08-04 20:35:52 UTC (rev 17402)
@@ -353,6 +353,56 @@
 	return True;
 }
 
+/************************************************************************
+ Names from smb.conf can be unqualified. eg. valid users = foo
+ These names should never map to a remote name. Try lp_workgroup()\foo,
+ and then "Unix Users"\foo (or "Unix Groups"\foo).
+************************************************************************/
+
+BOOL lookup_name_smbconf(TALLOC_CTX *mem_ctx,
+		 const char *full_name, int flags,
+		 const char **ret_domain, const char **ret_name,
+		 DOM_SID *ret_sid, enum SID_NAME_USE *ret_type)
+{
+	char *qualified_name;
+
+	/* NB. No winbindd_separator here as lookup_name needs \\' */
+	if (strchr_m(full_name, '\\')) {
+		/* The name is already qualified with a domain. */
+		return lookup_name(mem_ctx, full_name, flags,
+				ret_domain, ret_name,
+				ret_sid, ret_type);
+	}
+
+	/* Try with our own domain name. */
+	qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+				lp_workgroup(),
+				full_name );
+	if (!qualified_name) {
+		return False;
+	}
+
+	if (lookup_name(mem_ctx, qualified_name, flags,
+				ret_domain, ret_name,
+				ret_sid, ret_type)) {
+		return True;
+	}
+
+	/* Finally try with "Unix Users" or "Unix Group" */
+	qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+				flags & LOOKUP_NAME_GROUP ?
+					unix_groups_domain_name() :
+					unix_users_domain_name(),
+				full_name );
+	if (!qualified_name) {
+		return False;
+	}
+
+	return lookup_name(mem_ctx, qualified_name, flags,
+				ret_domain, ret_name,
+				ret_sid, ret_type);
+}
+
 static BOOL winbind_lookup_rids(TALLOC_CTX *mem_ctx,
 				const DOM_SID *domain_sid,
 				int num_rids, uint32 *rids,

Modified: branches/SAMBA_3_0_23/source/smbd/service.c
===================================================================
--- branches/SAMBA_3_0_23/source/smbd/service.c	2006-08-04 17:36:31 UTC (rev 17401)
+++ branches/SAMBA_3_0_23/source/smbd/service.c	2006-08-04 20:35:52 UTC (rev 17402)
@@ -443,10 +443,10 @@
 	groupname = talloc_string_sub(mem_ctx, groupname,
 				      "%S", lp_servicename(snum));
 
-	if (!lookup_name(mem_ctx, groupname,
+	if (!lookup_name_smbconf(mem_ctx, groupname,
 			 LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP,
 			 NULL, NULL, &group_sid, &type)) {
-		DEBUG(10, ("lookup_name(%s) failed\n",
+		DEBUG(10, ("lookup_name_smbconf(%s) failed\n",
 			   groupname));
 		goto done;
 	}



More information about the samba-cvs mailing list