svn commit: samba r17402 - in branches: SAMBA_3_0/source/auth
SAMBA_3_0/source/passdb SAMBA_3_0/source/smbd
SAMBA_3_0_23/source/auth SAMBA_3_0_23/source/passdb
SAMBA_3_0_23/source/smbd
jra at samba.org
jra at samba.org
Fri Aug 4 20:35:53 GMT 2006
Author: jra
Date: 2006-08-04 20:35:52 +0000 (Fri, 04 Aug 2006)
New Revision: 17402
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17402
Log:
Added lookup_name_smbconf() to be called when looking
up names from smb.conf. If the name is unqualified it
causes the lookup to be done in WORKGROUP\name, then
"Unix [users|groups]"\name rather than searching the
domain. Should fix the problems with "force user"
selecting a domain user by preference.
Jeremy.
Modified:
branches/SAMBA_3_0/source/auth/auth_util.c
branches/SAMBA_3_0/source/passdb/lookup_sid.c
branches/SAMBA_3_0/source/smbd/service.c
branches/SAMBA_3_0_23/source/auth/auth_util.c
branches/SAMBA_3_0_23/source/passdb/lookup_sid.c
branches/SAMBA_3_0_23/source/smbd/service.c
Changeset:
Modified: branches/SAMBA_3_0/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_0/source/auth/auth_util.c 2006-08-04 17:36:31 UTC (rev 17401)
+++ branches/SAMBA_3_0/source/auth/auth_util.c 2006-08-04 20:35:52 UTC (rev 17402)
@@ -1053,9 +1053,9 @@
return NT_STATUS_NO_MEMORY;
}
- if (!lookup_name(tmp_ctx, username, LOOKUP_NAME_ALL,
+ if (!lookup_name_smbconf(tmp_ctx, username, LOOKUP_NAME_ALL,
NULL, NULL, &user_sid, &type)) {
- DEBUG(1, ("lookup_name for %s failed\n", username));
+ DEBUG(1, ("lookup_name_smbconf for %s failed\n", username));
goto done;
}
Modified: branches/SAMBA_3_0/source/passdb/lookup_sid.c
===================================================================
--- branches/SAMBA_3_0/source/passdb/lookup_sid.c 2006-08-04 17:36:31 UTC (rev 17401)
+++ branches/SAMBA_3_0/source/passdb/lookup_sid.c 2006-08-04 20:35:52 UTC (rev 17402)
@@ -378,6 +378,56 @@
return True;
}
+/************************************************************************
+ Names from smb.conf can be unqualified. eg. valid users = foo
+ These names should never map to a remote name. Try lp_workgroup()\foo,
+ and then "Unix Users"\foo (or "Unix Groups"\foo).
+************************************************************************/
+
+BOOL lookup_name_smbconf(TALLOC_CTX *mem_ctx,
+ const char *full_name, int flags,
+ const char **ret_domain, const char **ret_name,
+ DOM_SID *ret_sid, enum SID_NAME_USE *ret_type)
+{
+ char *qualified_name;
+
+ /* NB. No winbindd_separator here as lookup_name needs \\' */
+ if (strchr_m(full_name, '\\')) {
+ /* The name is already qualified with a domain. */
+ return lookup_name(mem_ctx, full_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type);
+ }
+
+ /* Try with our own domain name. */
+ qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+ lp_workgroup(),
+ full_name );
+ if (!qualified_name) {
+ return False;
+ }
+
+ if (lookup_name(mem_ctx, qualified_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type)) {
+ return True;
+ }
+
+ /* Finally try with "Unix Users" or "Unix Group" */
+ qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+ flags & LOOKUP_NAME_GROUP ?
+ unix_groups_domain_name() :
+ unix_users_domain_name(),
+ full_name );
+ if (!qualified_name) {
+ return False;
+ }
+
+ return lookup_name(mem_ctx, qualified_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type);
+}
+
static BOOL wb_lookup_rids(TALLOC_CTX *mem_ctx,
const DOM_SID *domain_sid,
int num_rids, uint32 *rids,
Modified: branches/SAMBA_3_0/source/smbd/service.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/service.c 2006-08-04 17:36:31 UTC (rev 17401)
+++ branches/SAMBA_3_0/source/smbd/service.c 2006-08-04 20:35:52 UTC (rev 17402)
@@ -446,10 +446,10 @@
groupname = talloc_string_sub(mem_ctx, groupname,
"%S", lp_servicename(snum));
- if (!lookup_name(mem_ctx, groupname,
+ if (!lookup_name_smbconf(mem_ctx, groupname,
LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP,
NULL, NULL, &group_sid, &type)) {
- DEBUG(10, ("lookup_name(%s) failed\n",
+ DEBUG(10, ("lookup_name_smbconf(%s) failed\n",
groupname));
goto done;
}
Modified: branches/SAMBA_3_0_23/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_0_23/source/auth/auth_util.c 2006-08-04 17:36:31 UTC (rev 17401)
+++ branches/SAMBA_3_0_23/source/auth/auth_util.c 2006-08-04 20:35:52 UTC (rev 17402)
@@ -1052,9 +1052,9 @@
return NT_STATUS_NO_MEMORY;
}
- if (!lookup_name(tmp_ctx, username, LOOKUP_NAME_ALL,
+ if (!lookup_name_smbconf(tmp_ctx, username, LOOKUP_NAME_ALL,
NULL, NULL, &user_sid, &type)) {
- DEBUG(1, ("lookup_name for %s failed\n", username));
+ DEBUG(1, ("lookup_name_smbconf for %s failed\n", username));
goto done;
}
Modified: branches/SAMBA_3_0_23/source/passdb/lookup_sid.c
===================================================================
--- branches/SAMBA_3_0_23/source/passdb/lookup_sid.c 2006-08-04 17:36:31 UTC (rev 17401)
+++ branches/SAMBA_3_0_23/source/passdb/lookup_sid.c 2006-08-04 20:35:52 UTC (rev 17402)
@@ -353,6 +353,56 @@
return True;
}
+/************************************************************************
+ Names from smb.conf can be unqualified. eg. valid users = foo
+ These names should never map to a remote name. Try lp_workgroup()\foo,
+ and then "Unix Users"\foo (or "Unix Groups"\foo).
+************************************************************************/
+
+BOOL lookup_name_smbconf(TALLOC_CTX *mem_ctx,
+ const char *full_name, int flags,
+ const char **ret_domain, const char **ret_name,
+ DOM_SID *ret_sid, enum SID_NAME_USE *ret_type)
+{
+ char *qualified_name;
+
+ /* NB. No winbindd_separator here as lookup_name needs \\' */
+ if (strchr_m(full_name, '\\')) {
+ /* The name is already qualified with a domain. */
+ return lookup_name(mem_ctx, full_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type);
+ }
+
+ /* Try with our own domain name. */
+ qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+ lp_workgroup(),
+ full_name );
+ if (!qualified_name) {
+ return False;
+ }
+
+ if (lookup_name(mem_ctx, qualified_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type)) {
+ return True;
+ }
+
+ /* Finally try with "Unix Users" or "Unix Group" */
+ qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+ flags & LOOKUP_NAME_GROUP ?
+ unix_groups_domain_name() :
+ unix_users_domain_name(),
+ full_name );
+ if (!qualified_name) {
+ return False;
+ }
+
+ return lookup_name(mem_ctx, qualified_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type);
+}
+
static BOOL winbind_lookup_rids(TALLOC_CTX *mem_ctx,
const DOM_SID *domain_sid,
int num_rids, uint32 *rids,
Modified: branches/SAMBA_3_0_23/source/smbd/service.c
===================================================================
--- branches/SAMBA_3_0_23/source/smbd/service.c 2006-08-04 17:36:31 UTC (rev 17401)
+++ branches/SAMBA_3_0_23/source/smbd/service.c 2006-08-04 20:35:52 UTC (rev 17402)
@@ -443,10 +443,10 @@
groupname = talloc_string_sub(mem_ctx, groupname,
"%S", lp_servicename(snum));
- if (!lookup_name(mem_ctx, groupname,
+ if (!lookup_name_smbconf(mem_ctx, groupname,
LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP,
NULL, NULL, &group_sid, &type)) {
- DEBUG(10, ("lookup_name(%s) failed\n",
+ DEBUG(10, ("lookup_name_smbconf(%s) failed\n",
groupname));
goto done;
}
More information about the samba-cvs
mailing list