The Samba-Bugzilla – Attachment 4288 Details for
Bug 6477
Get samAccount by uid first when we do NTLM authentication
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
cliconnect.c and Makefile.in
cliconnect.c.patch (text/plain), 4.13 KB, created by
Zhou Weikuan
on 2009-06-15 04:28:41 UTC
(
hide
)
Description:
cliconnect.c and Makefile.in
Filename:
MIME Type:
Creator:
Zhou Weikuan
Created:
2009-06-15 04:28:41 UTC
Size:
4.13 KB
patch
obsolete
>diff --git a/source3/Makefile.in b/source3/Makefile.in >index c657786..2717b81 100644 >--- a/source3/Makefile.in >+++ b/source3/Makefile.in >@@ -487,7 +487,7 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \ > libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \ > libsmb/clitrans.o libsmb/clisecdesc.o libsmb/clidgram.o \ > libsmb/clistr.o libsmb/cliquota.o libsmb/clifsinfo.o libsmb/clidfs.o \ >- libsmb/credentials.o ../libcli/auth/credentials.o \ >+ $(WBCOMMON_OBJ) libsmb/credentials.o ../libcli/auth/credentials.o \ > libsmb/clioplock.o libsmb/clirap2.o \ > libsmb/smb_seal.o libsmb/async_smb.o \ > $(LIBSAMBA_OBJ) \ >diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c >index 7726611..0e2997b 100644 >--- a/source3/libsmb/cliconnect.c >+++ b/source3/libsmb/cliconnect.c >@@ -37,6 +37,59 @@ static const struct { > {PROTOCOL_NT1, "NT LM 0.12"}, > }; > >+/*get sid of the user by uid*/ >+static bool get_sid(uid_t uid,fstring sid) >+{ >+ >+ struct winbindd_request request; >+ struct winbindd_response response; >+ >+ >+ ZERO_STRUCT(request); >+ ZERO_STRUCT(response); >+ >+ if (!sid) >+ return False; >+ >+ memset(sid,0,sizeof(fstring)); >+ >+ if (uid == -1) >+ return False; >+ /* Send request */ >+ request.data.uid = uid; >+ if (winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response) != NSS_STATUS_SUCCESS) >+ return False; >+ >+ memcpy(sid,response.data.sid.sid,sizeof(fstring)-1); >+ >+ return True; >+} >+ >+/*get the sam account of the user by sid*/ >+static bool get_sam_account(fstring sid,fstring sam) >+{ >+ struct winbindd_request request; >+ struct winbindd_response response; >+ >+ memset(sam,0,sizeof(fstring)); >+ ZERO_STRUCT(request); >+ ZERO_STRUCT(response); >+ >+ if (!sam) >+ return False; >+ if (!sid||!sid[0]) >+ return False; >+ >+ fstrcpy(request.data.sid, sid); >+ if (winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response) != NSS_STATUS_SUCCESS) >+ return False; >+ >+ memcpy(sam, response.data.name.name, sizeof(fstring) -1); >+ >+ return True; >+} >+ >+ > #define STAR_SMBSERVER "*SMBSERVER" > > /** >@@ -1124,7 +1177,54 @@ ntlmssp: > account[PTR_DIFF(p,user)] = '\0'; > } > >- return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, account, pass, user_domain)); >+ /* >+ * We are here because: >+ * 1. Kerberos authentication failed , now trying to authenticate again using NTLM, >+ * 2. We are told to do NTLM authentication, >+ * and NTLM authentication require user's samAccountName. >+ * We must get it first. >+ */ >+ { >+ fstring sid; >+ fstring samAccountName; >+ >+ /*get userinfo*/ >+ struct passwd *unpasswd = NULL; >+ >+ unpasswd = getpwnam(account); >+ >+ if (unpasswd) >+ { >+ DEBUG(10,("Get user info success.")); >+ DEBUGADD(10, ("user name=%s,uid=%u,gid=%u\n",unpasswd->pw_name,unpasswd->pw_uid,unpasswd->pw_gid)); >+ >+ /*get sid*/ >+ if (get_sid(unpasswd->pw_uid,sid)) >+ { >+ DEBUG(10,("Get user sid success.sid=%s",sid)); >+ /*get sam account*/ >+ if (get_sam_account(sid,samAccountName)) >+ { >+ DEBUG(10,("Get user samAccountName success.samAccountName=%s",samAccountName)); >+ return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, samAccountName, pass, user_domain)); >+ } >+ else >+ { >+ DEBUG(3,("Get user samAccountName failed.sid=%s",sid)); >+ } >+ } >+ else >+ { >+ DEBUG(3,("Get user sid failed: user name=%s,uid=%u,gid=%u",unpasswd->pw_name,unpasswd->pw_uid,unpasswd->pw_gid)); >+ } >+ } >+ else >+ { >+ DEBUG(3,("Get user info failed.user name=%s",user)); >+ } >+ return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, account, pass, >+ user_domain)); >+ } > } > > /****************************************************************************
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=4288">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 6477
: 4288