Author: Hank Hampel <hh@nr-city.net>

Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain.

diff --git a/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.pl.in b/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.pl.in
index 9bf652891d97247848757043bdf63209ba05ec42..f2b6be15ff1b0f323842ffd4aab0e4bb46aa8616 100755 (executable)
--- a/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.pl.in
+++ b/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.pl.in
@@ -12,6 +12,9 @@
 #   Jerry Murdock <jmurdock@itraktech.com>
 #
 # Version history:
+#   2010-08-27 Hank Hampel <hh@nr-city.net>
+#               Add Kerberos to NTLM conversion of credentials (-K)
+#
 #   2005-12-26 Guido Serassio <guido.serassio@acmeconsulting.it>
 #               Add '-d' command line debugging option
 #
@@ -52,6 +55,7 @@ username.
 
        -d Write debug info to stderr.
        -h Print the help.
+       -K downgrade Kerberos credentials to NTLM.
 
 =head1 CONFIGURATION
 
@@ -118,6 +122,10 @@ sub debug {
 #
 sub check {
         local($user, $group) = @_;
+       if ($opt{K} && ($user =~ m/\@/)) {
+               @tmpuser = split(/\@/, $user);
+               $user = "$tmpuser[1]\\$tmpuser[0]";
+       }
         $groupSID = `wbinfo -n "$group" | cut -d" " -f1`;
         chop  $groupSID;
         $groupGID = `wbinfo -Y "$groupSID"`;
@@ -135,7 +143,7 @@ sub check {
 sub init()
 {
     use Getopt::Std;
-    my $opt_string = 'hd';
+    my $opt_string = 'hdK';
     getopts( "$opt_string", \%opt ) or usage();
     usage() if $opt{h};
 }
@@ -148,6 +156,7 @@ sub usage()
        print "Usage: ext_wbinfo_group_acl -dh\n";
        print "\t-d enable debugging\n";
        print "\t-h print the help\n";
+       print "\t-K downgrade Kerberos credentials to NTLM.\n";
        exit;
 }