r17402: Added lookup_name_smbconf() to be called when looking

up names from smb.conf. If the name is unqualified it
causes the lookup to be done in WORKGROUP\name, then
"Unix [users|groups]"\name rather than searching the
domain. Should fix the problems with "force user"
selecting a domain user by preference.
Jeremy.

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 90ec3ecaab280147c5753239768ed689be301a9b..45b3bcccef57b4e319e7d83296f5d5d3a0cce638 100644 (file)
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -1053,9 +1053,9 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
                return NT_STATUS_NO_MEMORY;
        }
 
-       if (!lookup_name(tmp_ctx, username, LOOKUP_NAME_ALL,
+       if (!lookup_name_smbconf(tmp_ctx, username, LOOKUP_NAME_ALL,
                         NULL, NULL, &user_sid, &type)) {
-               DEBUG(1, ("lookup_name for %s failed\n", username));
+               DEBUG(1, ("lookup_name_smbconf for %s failed\n", username));
                goto done;
        }
 

diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c
index 31bd4ab7623b1c88a4e7b4a011c92a977ef221d1..97cac8798424d98b5f5129a85bcbdfc561ee96fd 100644 (file)
--- a/source/passdb/lookup_sid.c
+++ b/source/passdb/lookup_sid.c
@@ -378,6 +378,56 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
        return True;
 }
 
+/************************************************************************
+ Names from smb.conf can be unqualified. eg. valid users = foo
+ These names should never map to a remote name. Try lp_workgroup()\foo,
+ and then "Unix Users"\foo (or "Unix Groups"\foo).
+************************************************************************/
+
+BOOL lookup_name_smbconf(TALLOC_CTX *mem_ctx,
+                const char *full_name, int flags,
+                const char **ret_domain, const char **ret_name,
+                DOM_SID *ret_sid, enum SID_NAME_USE *ret_type)
+{
+       char *qualified_name;
+
+       /* NB. No winbindd_separator here as lookup_name needs \\' */
+       if (strchr_m(full_name, '\\')) {
+               /* The name is already qualified with a domain. */
+               return lookup_name(mem_ctx, full_name, flags,
+                               ret_domain, ret_name,
+                               ret_sid, ret_type);
+       }
+
+       /* Try with our own domain name. */
+       qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+                               lp_workgroup(),
+                               full_name );
+       if (!qualified_name) {
+               return False;
+       }
+
+       if (lookup_name(mem_ctx, qualified_name, flags,
+                               ret_domain, ret_name,
+                               ret_sid, ret_type)) {
+               return True;
+       }
+       
+       /* Finally try with "Unix Users" or "Unix Group" */
+       qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+                               flags & LOOKUP_NAME_GROUP ?
+                                       unix_groups_domain_name() :
+                                       unix_users_domain_name(),
+                               full_name );
+       if (!qualified_name) {
+               return False;
+       }
+
+       return lookup_name(mem_ctx, qualified_name, flags,
+                               ret_domain, ret_name,
+                               ret_sid, ret_type);
+}
+
 static BOOL wb_lookup_rids(TALLOC_CTX *mem_ctx,
                           const DOM_SID *domain_sid,
                           int num_rids, uint32 *rids,

diff --git a/source/smbd/service.c b/source/smbd/service.c
index 395114592aaf3109dfd120c806b8373ae5905cb6..d0ad6fa7e6e20db7eef07f3f35923e08aa10603d 100644 (file)
--- a/source/smbd/service.c
+++ b/source/smbd/service.c
@@ -446,10 +446,10 @@ static NTSTATUS find_forced_group(BOOL force_user,
        groupname = talloc_string_sub(mem_ctx, groupname,
                                      "%S", lp_servicename(snum));
 
-       if (!lookup_name(mem_ctx, groupname,
+       if (!lookup_name_smbconf(mem_ctx, groupname,
                         LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP,
                         NULL, NULL, &group_sid, &type)) {
-               DEBUG(10, ("lookup_name(%s) failed\n",
+               DEBUG(10, ("lookup_name_smbconf(%s) failed\n",
                           groupname));
                goto done;
        }