diff --git a/source3/Makefile.in b/source3/Makefile.in index c657786..2717b81 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -487,7 +487,7 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \ libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \ libsmb/clitrans.o libsmb/clisecdesc.o libsmb/clidgram.o \ libsmb/clistr.o libsmb/cliquota.o libsmb/clifsinfo.o libsmb/clidfs.o \ - libsmb/credentials.o ../libcli/auth/credentials.o \ + $(WBCOMMON_OBJ) libsmb/credentials.o ../libcli/auth/credentials.o \ libsmb/clioplock.o libsmb/clirap2.o \ libsmb/smb_seal.o libsmb/async_smb.o \ $(LIBSAMBA_OBJ) \ diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 7726611..0e2997b 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -37,6 +37,59 @@ static const struct { {PROTOCOL_NT1, "NT LM 0.12"}, }; +/*get sid of the user by uid*/ +static bool get_sid(uid_t uid,fstring sid) +{ + + struct winbindd_request request; + struct winbindd_response response; + + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (!sid) + return False; + + memset(sid,0,sizeof(fstring)); + + if (uid == -1) + return False; + /* Send request */ + request.data.uid = uid; + if (winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response) != NSS_STATUS_SUCCESS) + return False; + + memcpy(sid,response.data.sid.sid,sizeof(fstring)-1); + + return True; +} + +/*get the sam account of the user by sid*/ +static bool get_sam_account(fstring sid,fstring sam) +{ + struct winbindd_request request; + struct winbindd_response response; + + memset(sam,0,sizeof(fstring)); + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (!sam) + return False; + if (!sid||!sid[0]) + return False; + + fstrcpy(request.data.sid, sid); + if (winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response) != NSS_STATUS_SUCCESS) + return False; + + memcpy(sam, response.data.name.name, sizeof(fstring) -1); + + return True; +} + + #define STAR_SMBSERVER "*SMBSERVER" /** @@ -1124,7 +1177,54 @@ ntlmssp: account[PTR_DIFF(p,user)] = '\0'; } - return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, account, pass, user_domain)); + /* + * We are here because: + * 1. Kerberos authentication failed , now trying to authenticate again using NTLM, + * 2. We are told to do NTLM authentication, + * and NTLM authentication require user's samAccountName. + * We must get it first. + */ + { + fstring sid; + fstring samAccountName; + + /*get userinfo*/ + struct passwd *unpasswd = NULL; + + unpasswd = getpwnam(account); + + if (unpasswd) + { + DEBUG(10,("Get user info success.")); + DEBUGADD(10, ("user name=%s,uid=%u,gid=%u\n",unpasswd->pw_name,unpasswd->pw_uid,unpasswd->pw_gid)); + + /*get sid*/ + if (get_sid(unpasswd->pw_uid,sid)) + { + DEBUG(10,("Get user sid success.sid=%s",sid)); + /*get sam account*/ + if (get_sam_account(sid,samAccountName)) + { + DEBUG(10,("Get user samAccountName success.samAccountName=%s",samAccountName)); + return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, samAccountName, pass, user_domain)); + } + else + { + DEBUG(3,("Get user samAccountName failed.sid=%s",sid)); + } + } + else + { + DEBUG(3,("Get user sid failed: user name=%s,uid=%u,gid=%u",unpasswd->pw_name,unpasswd->pw_uid,unpasswd->pw_gid)); + } + } + else + { + DEBUG(3,("Get user info failed.user name=%s",user)); + } + return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, account, pass, + user_domain)); + } } /****************************************************************************