Fwd: cvs_head and winbind problems (possible bug)

[Andrew Bartlett]

Tim Potter wrote:
> 
> Simon Travers-Jones writes:
> 
> > I know this probably isnt the right place to forward, but havnt had any
> > response for a couple of days from the samba list and is getting pretty
> > urgent.
> > Any help is appreciated.
> 
> OK - I think this is an introduced bug in the authentication.
> Following the logic through on an old version of smbd/reply.c the
> logic goes something like this:
> 
>  - look up user in password database
>  - if it isn't there look up domain\user in password database
>  - check domain password against *original* username (i.e without
>    the domain prefix)
> 
> I think the last step was inadvertently changed.
> 

Yep, thats my bug!

I'll look into it shortly, but fixing it isn't as trivial as it should
be due to the abstraction of the new check_password() interface.  I
should be able to get a proper solution when I get the next round of
authentication stuff merged.  If sombody else wants to propose an easy
fix then I'll certainly look over the changes for them.

The way I want to solve this properly is to have a
fill_unix_user(&user_info, &server_info) function that would to all the
various crazies needed to support mapping smb users to unix users (like
adding them on demand, and this kind of stuff), and doing it in the
right places :-).  

Futher thoughts anybody?

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Samba Team member, Build Farm maintainer        abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net