more 2.2.x compatibility fixes - allow user looksup in the kerb5

sesssetup to fall back to 'user' instaed of failing is REA.LM\user
doesn't exist.

also fix include line in smb_acls.h as requested by metze
(This used to be commit 62ed2598b3441b3c198872df8eb55e594332807b)

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 380374146610460919caf3cde09d8a65b09b2516..71634f08ed84666af4c5dfe367837064a060131c 100644 (file)
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -942,7 +942,7 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx,
 
        /* This is pointless -- there is no suport for differeing 
           unix and windows names.  Make sure to always store the 
-          one we actuall looked up and succeeded. Have I mentioned
+          one we actually looked up and succeeded. Have I mentioned
           why I hate the 'winbind use default domain' parameter?   
                                         --jerry              */
           
@@ -951,6 +951,30 @@ static NTSTATUS fill_sam_account(TALLOC_CTX *mem_ctx,
        return pdb_init_sam_pw(sam_account, passwd);
 }
 
+/****************************************************************************
+ Wrapper to allow the getpwnam() call to styrip the domain name and 
+ try again in case a local UNIX user is already there.
+ ****************************************************************************/
+ 
+struct passwd *smb_getpwnam( char *domuser )
+{
+       struct passwd *pw;
+       char *p;
+
+       pw = Get_Pwnam( domuser );
+       if ( pw )
+               return pw;
+
+       /* fallback to looking up just the username */
+
+       p = strchr( domuser, *lp_winbind_separator() );
+
+       if ( p )
+               return Get_Pwnam(p+1);
+
+       return NULL;
+}
+
 /***************************************************************************
  Make a server_info struct from the info3 returned by a domain logon 
 ***************************************************************************/

diff --git a/source3/include/smb_acls.h b/source3/include/smb_acls.h
index e7edb62bde2ca23e97cbacd8fef3b011bdff3966..2bde6caeda1539918227ace5179016f7e8be7a9d 100644 (file)
--- a/source3/include/smb_acls.h
+++ b/source3/include/smb_acls.h
@@ -195,7 +195,7 @@ typedef struct SMB_ACL_T {
 
 /* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
 
-#include "/usr/include/acl.h"
+#include <acl.h>
 
 typedef uint                        *SMB_ACL_PERMSET_T;
  

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 427caa3ba11d407aef348c7c753477956792f204..945855b832b3a53703439e2048c7d032a927429f 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -198,28 +198,25 @@ static int reply_spnego_kerberos(connection_struct *conn,
 
        /* this gives a fully qualified user name (ie. with full realm).
           that leads to very long usernames, but what else can we do? */
-       asprintf(&user, "%s%s%s", p+1, lp_winbind_separator(), client);
+          
+       asprintf(&user, "%s%c%s", p+1, *lp_winbind_separator(), client);
        
-       pw = Get_Pwnam(user);
-       if (!pw && !foreign) {
-               pw = Get_Pwnam(client);
-               SAFE_FREE(user);
-               user = smb_xstrdup(client);
-       }
-
+       pw = smb_getpwnam( user );
+       
+       SAFE_FREE(user);
        SAFE_FREE(client);
 
-       /* setup the string used by %U */
-       sub_set_smb_name(user);
-
-       reload_services(True);
-
        if (!pw) {
                DEBUG(1,("Username %s is invalid on this system\n",user));
                data_blob_free(&ap_rep);
                return ERROR_NT(NT_STATUS_LOGON_FAILURE);
        }
 
+       /* setup the string used by %U */
+       
+       sub_set_smb_name(pw->pw_name);
+       reload_services(True);
+       
        if (!NT_STATUS_IS_OK(ret = make_server_info_pw(&server_info,pw))) {
                DEBUG(1,("make_server_info_from_pw failed!\n"));
                data_blob_free(&ap_rep);