make sure to call get_user_groups() with the full winbindd name for a user if he...

(This used to be commit 19925e3a04f421f4dcc469b701f3cc51ef98ac2c)

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 952aa8ba590c3d5669690bafb1eea3a19734d70e..380374146610460919caf3cde09d8a65b09b2516 100644 (file)
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -644,6 +644,9 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups,
  *
  * currently this is a hack, as there is no sam implementation that is capable
  * of groups.
+ *
+ * NOTE!! This function will fail if you pass in a winbind user without 
+ * the domain   --jerry
  ******************************************************************************/
 
 static NTSTATUS get_user_groups(const char *username, uid_t uid, gid_t gid,
@@ -926,8 +929,10 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx,
           with just 'username'.  This is need for accessing the server
           as a trust user that actually maps to a local account */
 
-       if ( !passwd ) 
-               passwd = Get_Pwnam(username);
+       if ( !passwd ) {
+               fstrcpy( dom_user, username );
+               passwd = Get_Pwnam( dom_user );
+       }
 
        if (passwd == NULL)
                return NT_STATUS_NO_SUCH_USER;
@@ -935,7 +940,13 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx,
        *uid = passwd->pw_uid;
        *gid = passwd->pw_gid;
 
-       *found_username = talloc_strdup(mem_ctx, passwd->pw_name);
+       /* This is pointless -- there is no suport for differeing 
+          unix and windows names.  Make sure to always store the 
+          one we actuall looked up and succeeded. Have I mentioned
+          why I hate the 'winbind use default domain' parameter?   
+                                        --jerry              */
+          
+       *found_username = talloc_strdup(mem_ctx, dom_user);
 
        return pdb_init_sam_pw(sam_account, passwd);
 }

diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index cae7aadd0c72fa48d6206a6650a10f9b6aa72c74..d09987ba37a5adcc8f32073b69fa6c24881a21d1 100644 (file)
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -126,15 +126,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 
        if (result == NSS_STATUS_SUCCESS && response.extra_data) {
                if (NT_STATUS_IS_OK(nt_status)) {
-                       if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3))) { 
-                               nt_status = 
-                                       make_server_info_info3(mem_ctx, 
-                                                              user_info->internal_username.str, 
-                                                              user_info->smb_name.str, 
-                                                              user_info->domain.str, 
-                                                              server_info, 
-                                                              &info3); 
+               
+                       if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3))) 
+                       { 
+                               nt_status = make_server_info_info3(mem_ctx, 
+                                       user_info->internal_username.str, 
+                                       user_info->smb_name.str, user_info->domain.str, 
+                                       server_info, &info3); 
                        }
+                       
                }
        } else if (NT_STATUS_IS_OK(nt_status)) {
                nt_status = NT_STATUS_NO_LOGON_SERVERS;