Get 'add user script' working again for Samba 3.0.

I'm still not convinced that sharing the option name with the administrative
code is the best idea, but anyway...

Tested by vl, bug #41.

Andrew Bartlett

diff --git a/source/auth/auth.c b/source/auth/auth.c
index dea97a7190b9c7cd5d6e42e12b4c8ade53466eae..02c7eb6d84a6745c478907f548cc8e24a9c36211 100644 (file)
--- a/source/auth/auth.c
+++ b/source/auth/auth.c
@@ -262,12 +262,6 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
                        break;
        }
 
-       /* This is one of the few places the *relies* (rather than just sets defaults
-          on the value of lp_security().  This needs to change.  A new paramater 
-          perhaps? */
-       if (lp_security() >= SEC_SERVER)
-               smb_user_control(user_info, *server_info, nt_status);
-
        if (NT_STATUS_IS_OK(nt_status)) {
                pdb_username = pdb_get_username((*server_info)->sam_account);
                if (!(*server_info)->guest) {

diff --git a/source/auth/auth_server.c b/source/auth/auth_server.c
index 73af290af2aaeca6840d8c92f42326358358ba6b..18c52161374baec91225af352293713bcb489fc9 100644 (file)
--- a/source/auth/auth_server.c
+++ b/source/auth/auth_server.c
@@ -372,12 +372,19 @@ use this machine as the password server.\n"));
 
        cli_ulogoff(cli);
 
-       if NT_STATUS_IS_OK(nt_status) {
+       if (NT_STATUS_IS_OK(nt_status)) {
                struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
                if (pass) {
                        nt_status = make_server_info_pw(server_info, pass);
                } else {
-                       nt_status = NT_STATUS_NO_SUCH_USER;
+                       auth_add_user_script(user_info->domain.str, user_info->internal_username.str);
+                       pass = Get_Pwnam(user_info->internal_username.str);
+
+                       if (pass) {
+                               nt_status = make_server_info_pw(server_info, pass);
+                       } else {
+                               nt_status = NT_STATUS_NO_SUCH_USER;
+                       }
                }
        }
 

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index e8f2af41f32cfe96761a356309489ae5eba78d2f..d57619942c4222311ad5ac5c2aae7f53ac429ab5 100644 (file)
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -36,7 +36,7 @@ extern DOM_SID global_sid_Authenticated_Users;
  Create a UNIX user on demand.
 ****************************************************************************/
 
-static int smb_create_user(const char *unix_user, const char *homedir)
+static int smb_create_user(const char *domain, const char *unix_username, const char *homedir)
 {
        pstring add_script;
        int ret;
@@ -44,7 +44,9 @@ static int smb_create_user(const char *unix_user, const char *homedir)
        pstrcpy(add_script, lp_adduser_script());
        if (! *add_script)
                return -1;
-       all_string_sub(add_script, "%u", unix_user, sizeof(pstring));
+       all_string_sub(add_script, "%u", unix_username, sizeof(pstring));
+       if (domain)
+               all_string_sub(add_script, "%D", domain, sizeof(pstring));
        if (homedir)
                all_string_sub(add_script, "%H", homedir, sizeof(pstring));
        ret = smbrun(add_script,NULL);
@@ -56,24 +58,18 @@ static int smb_create_user(const char *unix_user, const char *homedir)
  Add and Delete UNIX users on demand, based on NTSTATUS codes.
 ****************************************************************************/
 
-void smb_user_control(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info, NTSTATUS nt_status)
+void auth_add_user_script(const char *domain, const char *username)
 {
        struct passwd *pwd=NULL;
 
-       if (NT_STATUS_IS_OK(nt_status)) {
-
-               if (!(server_info->sam_fill_level & SAM_FILL_UNIX)) {
-                       
-                       /*
-                        * User validated ok against Domain controller.
-                        * If the admin wants us to try and create a UNIX
-                        * user on the fly, do so.
-                        */
-                       
-                       if(lp_adduser_script() && !(pwd = Get_Pwnam(user_info->internal_username.str))) {
-                               smb_create_user(user_info->internal_username.str, NULL);
-                       }
-               }
+       /*
+        * User validated ok against Domain controller.
+        * If the admin wants us to try and create a UNIX
+        * user on the fly, do so.
+        */
+       
+       if(lp_adduser_script() && !(pwd = Get_Pwnam(username))) {
+               smb_create_user(domain, username, NULL);
        }
 }
 
@@ -914,30 +910,38 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
                nt_status = pdb_init_sam_pw(&sam_account, passwd);
                passwd_free(&passwd);
        } else {
-               char *dom_user;
-               dom_user = talloc_asprintf(mem_ctx, "%s%s%s", 
-                                          nt_domain,
-                                          lp_winbind_separator(),
-                                          internal_username);
-               
-               if (!dom_user) {
-                       DEBUG(0, ("talloc_asprintf failed!\n"));
-                       return NT_STATUS_NO_MEMORY;
-               } else { 
-               
-                       if (!(passwd = Get_Pwnam(dom_user))
-                               /* Only lookup local for the local
-                                  domain, we don't want this for
-                                  trusted domains */
-                           && strequal(nt_domain, lp_workgroup())) {
-                               passwd = Get_Pwnam(internal_username);
+               int try = 0;
+               while (try < 2) {
+                       char *dom_user;
+                       dom_user = talloc_asprintf(mem_ctx, "%s%s%s", 
+                                                  nt_domain,
+                                                  lp_winbind_separator(),
+                                                  internal_username);
+                       
+                       if (!dom_user) {
+                               DEBUG(0, ("talloc_asprintf failed!\n"));
+                               nt_status = NT_STATUS_NO_MEMORY;
+                       } else { 
+                               
+                               if (!(passwd = Get_Pwnam(dom_user))
+                                   /* Only lookup local for the local
+                                      domain, we don't want this for
+                                      trusted domains */
+                                   && strequal(nt_domain, lp_workgroup())) {
+                                       passwd = Get_Pwnam(internal_username);
+                               }
+                               
+                               if (!passwd) {
+                                       nt_status = NT_STATUS_NO_SUCH_USER;
+                               } else {
+                                       nt_status = pdb_init_sam_pw(&sam_account, passwd);
+                                       break;
+                               }
                        }
-                           
-                       if (!passwd) {
-                               return NT_STATUS_NO_SUCH_USER;
-                       } else {
-                               nt_status = pdb_init_sam_pw(&sam_account, passwd);
+                       if (try == 0) {
+                               auth_add_user_script(nt_domain, internal_username);
                        }
+                       try++;
                }
        }