char *username,
struct passwd *pw,
struct PAC_LOGON_INFO *logon_info,
- bool mapped_to_guest,
- struct auth_serversupplied_info **server_info);
+ bool mapped_to_guest, bool username_was_mapped,
+ struct auth_serversupplied_info **server_info);
char *username,
struct passwd *pw,
struct PAC_LOGON_INFO *logon_info,
- bool mapped_to_guest,
+ bool mapped_to_guest, bool username_was_mapped,
struct auth_serversupplied_info **server_info)
{
NTSTATUS status;
(*server_info)->info3->base.domain.string =
talloc_strdup((*server_info)->info3, ntdomain);
}
+ }
+
+ (*server_info)->nss_token |= username_was_mapped;
+ if (!mapped_to_guest) {
+ status = create_local_token(*server_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("failed to create local token: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
}
return NT_STATUS_OK;
status = make_server_info_krb5(mem_ctx,
ntuser, ntdomain, username, pw,
- logon_info, is_guest, server_info);
+ logon_info, is_guest, is_mapped, server_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n",
nt_errstr(status)));
return status;
}
- if ((*session_info)->security_token == NULL) {
- status = create_local_token(*session_info);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Failed to create local user token (%s)\n",
- nt_errstr(status)));
- status = NT_STATUS_ACCESS_DENIED;
- return status;
- }
- }
-
/* TODO: this is what the ntlmssp code does with the session_key, check
* it is ok with gssapi too */
/*
ret = make_server_info_krb5(mem_ctx,
user, domain, real_username, pw,
logon_info, map_domainuser_to_guest,
+ username_was_mapped,
&server_info);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1, ("make_server_info_krb5 failed!\n"));
return;
}
- server_info->nss_token |= username_was_mapped;
-
- /* we need to build the token for the user. make_server_info_guest()
- already does this */
-
- if ( !server_info->security_token ) {
- ret = create_local_token( server_info );
- if ( !NT_STATUS_IS_OK(ret) ) {
- DEBUG(10,("failed to create local token: %s\n",
- nt_errstr(ret)));
- data_blob_free(&ap_rep);
- data_blob_free(&session_key);
- TALLOC_FREE( mem_ctx );
- TALLOC_FREE( server_info );
- reply_nterror(req, nt_status_squash(ret));
- return;
- }
- }
-
if (!is_partial_auth_vuid(sconn, sess_vuid)) {
sess_vuid = register_initial_vuid(sconn);
}
reload_services(smb2req->sconn->msg_ctx, smb2req->sconn->sock, true);
status = make_server_info_krb5(session,
- user, domain, real_username, pw,
- logon_info, map_domainuser_to_guest,
- &session->session_info);
+ user, domain, real_username, pw,
+ logon_info, map_domainuser_to_guest,
+ username_was_mapped,
+ &session->session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("smb2: make_server_info_krb5 failed\n"));
goto fail;
}
-
- session->session_info->nss_token |= username_was_mapped;
-
- /* we need to build the token for the user. make_session_info_guest()
- already does this */
-
- if (!session->session_info->security_token ) {
- status = create_local_token(session->session_info);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10,("smb2: failed to create local token: %s\n",
- nt_errstr(status)));
- goto fail;
- }
- }
-
if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
lp_server_signing() == Required) {
session->do_signing = true;