From: Jeremy Allison <jra@samba.org>
Date: Tue, 28 Apr 2009 18:07:51 +0000 (-0700)
Subject: Fix bug #6291 - force user stop working. A previous fix broke the invariant that... 
X-Git-Tag: samba-3.2.12~41
X-Git-Url: http://git.samba.org/?p=samba.git;a=commitdiff_plain;h=dbc913bbed0a604b80d0388081733d584b457c84

Fix bug #6291 - force user stop working. A previous fix broke the invariant that *uid is always initialized on return from create_token_from_username(). Restore it. Jeremy.
(cherry picked from commit 09b76c57098ed4d11855000ae31cd346cb9a765d)
(cherry picked from commit 191e4c415e7008070110970ba51f3f82dc493a8b)
---

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 24b05a56641..175a234d93c 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -867,6 +867,33 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 		*found_username = talloc_strdup(mem_ctx,
 						pdb_get_username(sam_acct));
 
+		/*
+		 * If the SID from lookup_name() was the guest sid, passdb knows
+		 * about the mapping of guest sid to lp_guestaccount()
+		 * username and will return the unix_pw info for a guest
+		 * user. Use it if it's there, else lookup the *uid details
+		 * using getpwnam_alloc(). See bug #6291 for details. JRA.
+		 */
+
+		/* We must always assign the *uid. */
+		if (sam_acct->unix_pw == NULL) {
+			struct passwd *pwd = getpwnam_alloc(sam_acct, *found_username );
+			if (!pwd) {
+				DEBUG(10, ("getpwnam_alloc failed for %s\n",
+					*found_username));
+				result = NT_STATUS_NO_SUCH_USER;
+				goto done;
+			}
+			result = samu_set_unix(sam_acct, pwd );
+			if (!NT_STATUS_IS_OK(result)) {
+				DEBUG(10, ("samu_set_unix failed for %s\n",
+					*found_username));
+				result = NT_STATUS_NO_SUCH_USER;
+				goto done;
+			}
+		}
+		*uid = sam_acct->unix_pw->pw_uid;
+
 	} else 	if (sid_check_is_in_unix_users(&user_sid)) {
 
 		/* This is a unix user not in passdb. We need to ask nss
@@ -883,8 +910,9 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 	unix_user:
 
 		if (!sid_to_uid(&user_sid, uid)) {
-			DEBUG(1, ("sid_to_uid for %s (%s) failed\n",
+			DEBUG(1, ("unix_user case, sid_to_uid for %s (%s) failed\n",
 				  username, sid_string_dbg(&user_sid)));
+			result = NT_STATUS_NO_SUCH_USER;
 			goto done;
 		}
 
@@ -937,6 +965,14 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 
 		uint32 dummy;
 
+		/* We must always assign the *uid. */
+		if (!sid_to_uid(&user_sid, uid)) {
+			DEBUG(1, ("winbindd case, sid_to_uid for %s (%s) failed\n",
+				  username, sid_string_dbg(&user_sid)));
+			result = NT_STATUS_NO_SUCH_USER;
+			goto done;
+		}
+
 		num_group_sids = 1;
 		group_sids = TALLOC_ARRAY(tmp_ctx, DOM_SID, num_group_sids);
 		if (group_sids == NULL) {