Merge undone cleanups.

(This used to be commit d87c1f507d38444e627bce59b6c765d9c9479ac6)

diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index 7a1aee44cd9d7c7ea9b693fe14258dc50ca69e32..875df231dca56694e5d98b2b702579c557213ca4 100644 (file)
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -422,7 +422,6 @@ static BOOL wbinfo_auth(char *username)
        struct winbindd_request request;
        struct winbindd_response response;
         NSS_STATUS result;
-       fstring name_user, name_domain;
         char *p;
 
        /* Send off request */
@@ -434,16 +433,11 @@ static BOOL wbinfo_auth(char *username)
 
         if (p) {
                 *p = 0;
+                fstrcpy(request.data.auth.user, username);
                 fstrcpy(request.data.auth.pass, p + 1);
-        } 
-
-       parse_wbinfo_domain_user(username, name_domain, name_user);
-
-       if (p)
-               *p = '%';
-
-       fstrcpy(request.data.auth.user, name_user);
-       fstrcpy(request.data.auth.domain, name_domain);
+                *p = '%';
+        } else
+                fstrcpy(request.data.auth.user, username);
 
        result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
 
@@ -486,10 +480,8 @@ static BOOL wbinfo_auth_crap(char *username)
                
        parse_wbinfo_domain_user(username, name_domain, name_user);
 
-       if (p)
-               *p = '%';
-
        fstrcpy(request.data.auth_crap.user, name_user);
+
        fstrcpy(request.data.auth_crap.domain, name_domain);
 
        generate_random_buffer(request.data.auth_crap.chal, 8, False);

diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h
index 21081cb09c79c3c1fa943a56a1073367d06d10fc..368bf10cea5b40770a71fdf973bffb9dfe0e15a2 100644 (file)
--- a/source3/nsswitch/winbindd_nss.h
+++ b/source3/nsswitch/winbindd_nss.h
@@ -127,8 +127,10 @@ struct winbindd_request {
                uid_t uid;           /* getpwuid, uid_to_sid */
                gid_t gid;           /* getgrgid, gid_to_sid */
                struct {
+                       /* We deliberatedly don't split into domain/user to
+                           avoid having the client know what the separator
+                           character is. */    
                        fstring user;
-                       fstring domain;
                        fstring pass;
                } auth;              /* pam_winbind auth module */
                 struct {

diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index c3ab6615f61b46723a82f8799c604a9d814dc8ac..3e7a8ad97139fada6e6423df24b476a09e67846f 100644 (file)
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -57,6 +57,7 @@ static NTSTATUS append_info3_as_ndr(TALLOC_CTX *mem_ctx,
 enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) 
 {
        NTSTATUS result;
+       fstring name_domain, name_user;
        unsigned char trust_passwd[16];
        time_t last_change_time;
         uint32 smb_uid_low;
@@ -75,8 +76,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
        /* Ensure null termination */
        state->request.data.auth.pass[sizeof(state->request.data.auth.pass)-1]='\0';
 
-       DEBUG(3, ("[%5d]: pam auth domain: %s user: %s\n", state->pid,
-                 state->request.data.auth.domain, state->request.data.auth.user));
+       DEBUG(3, ("[%5d]: pam auth %s\n", state->pid,
+                 state->request.data.auth.user));
 
        if (!(mem_ctx = talloc_init_named("winbind pam auth for %s", state->request.data.auth.user))) {
                DEBUG(0, ("winbindd_pam_auth: could not talloc_init()!\n"));
@@ -86,6 +87,13 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
 
        /* Parse domain and username */
        
+       if (!parse_domain_user(state->request.data.auth.user, name_domain, 
+                              name_user)) {
+               DEBUG(5,("no domain separator (%s) in username (%s) - failing auth\n", lp_winbind_separator(), state->request.data.auth.user));
+               result = NT_STATUS_INVALID_PARAMETER;
+               goto done;
+       }
+
        {
                unsigned char local_lm_response[24];
                unsigned char local_nt_response[24];
@@ -125,10 +133,11 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
                 goto done;
         }
 
-       result = cli_netlogon_sam_network_logon(
-               cli, mem_ctx, state->request.data.auth.user,
-               state->request.data.auth.domain, 
-               global_myname, chal, lm_resp, nt_resp, &info3);
+       result = cli_netlogon_sam_network_logon(cli, mem_ctx,
+                                               name_user, name_domain, 
+                                               global_myname, chal, 
+                                               lm_resp, nt_resp, 
+                                               &info3);
         
        uni_group_cache_store_netlogon(mem_ctx, &info3);
 done:
@@ -138,12 +147,10 @@ done:
        fstrcpy(state->response.data.auth.error_string, nt_errstr(result));
        state->response.data.auth.pam_error = nt_status_to_pam(result);
 
-       DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, 
-             ("Plain-text authentication for user %s/%s returned %s (PAM: %d)\n", 
-              state->request.data.auth.domain, 
-              state->request.data.auth.user, 
-              state->response.data.auth.nt_status_string,
-              state->response.data.auth.pam_error));         
+       DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authentication for user %s returned %s (PAM: %d)\n", 
+             state->request.data.auth.user, 
+             state->response.data.auth.nt_status_string,
+             state->response.data.auth.pam_error));          
 
        if (mem_ctx) 
                talloc_destroy(mem_ctx);