CVS update: samba/source/auth

Andrew Bartlett abartlet at samba.org
Thu Jun 12 10:17:10 EST 2003 

On Thu, 2003-06-12 at 02:36, vlendec at samba.org wrote:
> 
> Date:	Wed Jun 11 16:36:04 2003
> Author:	vlendec
> 
> Update of /data/cvs/samba/source/auth
> In directory dp.samba.org:/tmp/cvs-serv23485
> 
> Modified Files:
>       Tag: SAMBA_3_0
> 	auth_util.c 
> Log Message:
> Fix 'security = domain' without winbind. This stores the sid we got
> from the PDC as a mapping to the uid we got from getpwnam in the
> local idmap.
> 
> This should not be worse than the current state, so I decided to
> commit it. It is different from abartlet's preliminary patch, but I
> believe this is the better solution. Feel free to comment and/or
> revert it.

Firstly, thanks for breaking the code into a subfunction, rather than
the while loop (that was insane...)

+	/* This is currently broken. We have two different sources of
+	   information for the primary group: The info3 and
+	   /etc/passwd. To make this work at all, the info3 sid is
+	   mapped to the user's primary group from /etc/passwd.
+	   This is broken, but it basically works. */
+
+	id.gid = passwd->pw_gid;
+	result = idmap_set_mapping(group_sid, id, ID_GROUPID);
+

While I have reservations about the first part of this patch (mapping
the user) for the reasons discussed elsewhere (sids changing under
people), this part is *really* wrong.

A typical setup is to have 'user private groups', where abartlet has
group abartlet.  This would fail *very badly* when my NT version has me
as a 'domain user'.  We would change the gid of 'domain users' every
time somebody logs in!

I think we are stuck with the approach described in my other patch,
which is to know that we can't do the mapping, and to avoid it for that
reason.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-cvs/attachments/20030612/4a652fc9/attachment.bin

More information about the samba-cvs mailing list