diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index 24b05a5..78b66d0 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -867,6 +867,27 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, *found_username = talloc_strdup(mem_ctx, pdb_get_username(sam_acct)); + /* + * If the SID from lookup_name() was the guest sid, passdb knows + * about the mapping of guest sid to lp_guestaccount() + * username and will return the unix_pw info for a guest + * user. Use it if it's there, else lookup the *uid details + * using sid_to_uid(). See bug #6291 for details. JRA. + */ + + /* We must always assign the *uid. */ + if (sam_acct->unix_pw != NULL) { + /* Probably guest, use what we already have.. */ + *uid = sam_acct->unix_pw->pw_uid; + } else { + if (!sid_to_uid(&user_sid, uid)) { + DEBUG(1, ("passdb user case, sid_to_uid for %s (%s) failed\n", + username, sid_string_dbg(&user_sid))); + result = NT_STATUS_NO_SUCH_USER; + goto done; + } + } + } else if (sid_check_is_in_unix_users(&user_sid)) { /* This is a unix user not in passdb. We need to ask nss @@ -882,9 +903,11 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, unix_user: + /* We must always assign the *uid. */ if (!sid_to_uid(&user_sid, uid)) { - DEBUG(1, ("sid_to_uid for %s (%s) failed\n", + DEBUG(1, ("unix_user case, sid_to_uid for %s (%s) failed\n", username, sid_string_dbg(&user_sid))); + result = NT_STATUS_NO_SUCH_USER; goto done; } @@ -937,6 +960,14 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, uint32 dummy; + /* We must always assign the *uid. */ + if (!sid_to_uid(&user_sid, uid)) { + DEBUG(1, ("winbindd case, sid_to_uid for %s (%s) failed\n", + username, sid_string_dbg(&user_sid))); + result = NT_STATUS_NO_SUCH_USER; + goto done; + } + num_group_sids = 1; group_sids = TALLOC_ARRAY(tmp_ctx, DOM_SID, num_group_sids); if (group_sids == NULL) {