r21860: Fixes for "winbind normalize names" functionality:

* Fix getgroups() call called using a normalized name
* Fix some more name mappings that could cause for example
  a user to be unable to unlock the screen as the username
  would not match in the PAM authenticate call.

diff --git a/source/nsswitch/winbindd.h b/source/nsswitch/winbindd.h
index b9e07a2321b87c60032a5c9092f4b0a74331d1ea..198c655b2d38a5da969bf1e30f0024422a0865d6 100644 (file)
--- a/source/nsswitch/winbindd.h
+++ b/source/nsswitch/winbindd.h
@@ -40,6 +40,8 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
 
+#define WB_REPLACE_CHAR                '_'
+
 /* bits for fd_event.flags */
 #define EVENT_FD_READ 1
 #define EVENT_FD_WRITE 2

diff --git a/source/nsswitch/winbindd_group.c b/source/nsswitch/winbindd_group.c
index f47d08ee857d8505cb8836f43e5eea6997070123..9cf6cc12e0fddbc1875512b9d837691dd06587f1 100644 (file)
--- a/source/nsswitch/winbindd_group.c
+++ b/source/nsswitch/winbindd_group.c
@@ -508,7 +508,7 @@ void winbindd_getgrnam(struct winbindd_cli_state *state)
 
        /* Get rid and name type from name */
 
-       ws_name_replace( name_group, '_' );
+       ws_name_replace( name_group, WB_REPLACE_CHAR );
         
        if (!winbindd_lookup_sid_by_name(state->mem_ctx, domain, domain->name,
                                         name_group, &group_sid, &name_type)) {
@@ -1275,6 +1275,8 @@ void winbindd_getgroups(struct winbindd_cli_state *state)
 
        s->state = state;
 
+       ws_name_return( state->request.data.username, WB_REPLACE_CHAR );
+
        if (!parse_domain_user_talloc(state->mem_ctx,
                                      state->request.data.username,
                                      &s->domname, &s->username)) {

diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c
index 2e679c37dcf73759a53c5f950bf58f0866aaca27..6fdead59821db65ac5ed0ef61464a443f48d106e 100644 (file)
--- a/source/nsswitch/winbindd_pam.c
+++ b/source/nsswitch/winbindd_pam.c
@@ -744,6 +744,8 @@ void winbindd_pam_auth(struct winbindd_cli_state *state)
 
        /* Parse domain and username */
        
+       ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
+
        if (!canonicalize_username(state->request.data.auth.user,
                               name_domain, name_user)) {
                set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
@@ -1332,6 +1334,8 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
 
        /* Parse domain and username */
        
+       ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
+
        parse_domain_user(state->request.data.auth.user, name_domain, name_user);
 
        if (domain->online == False) {

diff --git a/source/nsswitch/winbindd_rpc.c b/source/nsswitch/winbindd_rpc.c
index 11d9fe0dbbd91e8145e1529bc8f33d893dfa446b..3707f0311f83c0994cf26b9051adc9b5907f3a6c 100644 (file)
--- a/source/nsswitch/winbindd_rpc.c
+++ b/source/nsswitch/winbindd_rpc.c
@@ -262,7 +262,7 @@ NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
                return NT_STATUS_NO_MEMORY;
        }
 
-       ws_name_return( full_name, '_' );
+       ws_name_return( full_name, WB_REPLACE_CHAR );
 
        DEBUG(3,("name_to_sid [rpc] %s for domain %s\n", full_name?full_name:"", domain_name ));
 
@@ -317,7 +317,7 @@ NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,
        *domain_name = domains[0];
        *name = names[0];
 
-       ws_name_replace( *name, '_' );  
+       ws_name_replace( *name, WB_REPLACE_CHAR );      
                
        DEBUG(5,("Mapped sid to [%s]\\[%s]\n", domains[0], *name));
        return NT_STATUS_OK;
@@ -369,7 +369,7 @@ NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,
        ret_names = *names;
        for (i=0; i<num_rids; i++) {
                if ((*types)[i] != SID_NAME_UNKNOWN) {
-                       ws_name_replace( ret_names[i], '_' );
+                       ws_name_replace( ret_names[i], WB_REPLACE_CHAR );
                        *domain_name = domains[i];
                }
        }

diff --git a/source/nsswitch/winbindd_user.c b/source/nsswitch/winbindd_user.c
index acb81ee87138903dec4ee88b502fb0518eae92af..ce677198fff3c352ae1b2cf36769842d2a4aefcf 100644 (file)
--- a/source/nsswitch/winbindd_user.c
+++ b/source/nsswitch/winbindd_user.c
@@ -243,7 +243,7 @@ static void getpwsid_queryuser_recv(void *private_data, BOOL success,
        strlower_m( username );
        s->username = talloc_strdup(s->state->mem_ctx, username);
 
-       ws_name_replace( s->username, '_' );
+       ws_name_replace( s->username, WB_REPLACE_CHAR );
         
        s->fullname = talloc_strdup(s->state->mem_ctx, full_name);
        s->homedir = talloc_strdup(s->state->mem_ctx, homedir);
@@ -345,6 +345,8 @@ void winbindd_getpwnam(struct winbindd_cli_state *state)
        DEBUG(3, ("[%5lu]: getpwnam %s\n", (unsigned long)state->pid,
                  state->request.data.username));
 
+       ws_name_return( state->request.data.username, WB_REPLACE_CHAR );
+
        if (!parse_domain_user(state->request.data.username, domname,
                               username)) {
                DEBUG(5, ("Could not parse domain user: %s\n",