[SCM] Samba Shared Repository - branch master updated

[Jeremy Allison]

On Thu, Jul 29, 2010 at 10:14:06PM +0200, Volker Lendecke wrote:
> On Thu, Jul 29, 2010 at 02:53:34PM -0500, Jeremy Allison wrote:
> >     Fix bug #7589 - ntlm_auth fails to use cached credentials.
> >     
> >     In handling the WINBINDD_PAM_AUTH message winbindd canonicalizes a *copy*
> >     of the mapped username, but fails to canonicalize the actual username
> >     sent to the backend domain process. When "winbind default domain"
> >     is set this can lead to credentials being cached with an index of
> >     user: user, not DOMAIN\user. All other code paths that use
> >     canonicalize_username() (WINBINDD_PAM_CHAUTHTOK, WINBINDD_PAM_LOGOFF)
> >     correctly canonicalize the data sent to the backend. All calls
> >     the can cause credentials to be looked up (PAM_CHAUTHTOK etc.)
> >     correctly call canonicalize_username() to create the credential
> >     lookup key.
> 
> That was mine, right? Thanks for fixing! :-)

I think so (maybe :-). I'd appreciate you checking it as well
(even though I'm 100% certain on this one, I could still be
wrong :-).

It still needs some tidyup. The call to normalize_name_unmap()
makes *no* sense as it's called with what is passed in from
the client, which could be DOMAIN\user. This call should only
ever act on the last component, not the domain portion (I think,
the semantics of normalize_name_unmap() seem idiotic and
insane to me :-). I can't imagine anyone actually has :

winbind normalize names = yes

set in their smb.conf.

Jeremy.