Try to get security=domain at least slightly working.

The previous code both had basic logic flaws in it, and some subtle
issues regarding the Win2k info3 response.

I've tested this against Samba (it looks like that was missed last time
due to the 'called name' corruption - which broke my testsuite) and
accomidated what I've seen from a info3 printout jmcd gave me.

I'll get this tested fully as soon as I get my VMware going again.

Andrew Bartlett

diff --git a/source/auth/auth_domain.c b/source/auth/auth_domain.c
index 8c6bb8908fb52a7253ae1220267ee6c2c520653e..ee486d3f307314ff97961ee029fd87ff0079d88b 100644 (file)
--- a/source/auth/auth_domain.c
+++ b/source/auth/auth_domain.c
@@ -332,7 +332,8 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
                          user_info->domain.str, cli->srv_name_slash, 
                          nt_errstr(nt_status)));
        } else {
-               nt_status = make_server_info_info3(mem_ctx, domain, server_info, &info3);
+               nt_status = make_server_info_info3(mem_ctx, user_info->internal_username.str, 
+                                                  user_info->smb_name.str, domain, server_info, &info3);
 #if 0 
                /* The stuff doesn't work right yet */
                SMB_ASSERT(sizeof((*server_info)->session_key) == sizeof(info3.user_sess_key)); 

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index a66cd6ffc73909947090847b1430ebd2bcf006be..3ade220c0f02878dfb4dea7b244b3cbc9897a592 100644 (file)
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -570,14 +570,16 @@ BOOL make_server_info_guest(auth_serversupplied_info **server_info)
 ***************************************************************************/
 
 NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, 
+                               const char *internal_username,
+                               const char *sent_nt_username,
                                const char *domain,
                                auth_serversupplied_info **server_info, 
                                NET_USER_INFO_3 *info3) 
 {
        NTSTATUS nt_status = NT_STATUS_OK;
 
-       char *nt_domain;
-       char *nt_username;
+       const char *nt_domain;
+       const char *nt_username;
 
        SAM_ACCOUNT *sam_account = NULL;
        DOM_SID user_sid;
@@ -605,11 +607,13 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
        }
 
        if (!(nt_username = unistr2_tdup(mem_ctx, &(info3->uni_user_name)))) {
-               return NT_STATUS_NO_MEMORY;
+               /* If the server didn't give us one, just use the one we sent them */
+               nt_username = sent_nt_username;
        }
 
        if (!(nt_domain = unistr2_tdup(mem_ctx, &(info3->uni_logon_dom)))) {
-               return NT_STATUS_NO_MEMORY;
+               /* If the server didn't give us one, just use the one we sent them */
+               domain = domain;
        }
 
        if (winbind_sid_to_uid(&uid, &user_sid) 
@@ -622,7 +626,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
                dom_user = talloc_asprintf(mem_ctx, "%s%s%s", 
                                           nt_domain,
                                           lp_winbind_separator(),
-                                          nt_username);
+                                          internal_username);
                
                if (!dom_user) {
                        DEBUG(0, ("talloc_asprintf failed!\n"));
@@ -634,10 +638,10 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
                                   domain, we don't want this for
                                   trusted domains */
                            && strequal(nt_domain, lp_workgroup())) {
-                               passwd = Get_Pwnam(nt_username);
+                               passwd = Get_Pwnam(internal_username);
                        }
                            
-                       if (passwd) {
+                       if (!passwd) {
                                return NT_STATUS_NO_SUCH_USER;
                        } else {
                                nt_status = pdb_init_sam_pw(&sam_account, passwd);