svn commit: samba r11932 - in trunk/source: groupdb include modules passdb rpc_server

vlendec at samba.org vlendec at samba.org
Sun Nov 27 11:30:00 GMT 2005 

Author: vlendec
Date: 2005-11-27 11:29:58 +0000 (Sun, 27 Nov 2005)
New Revision: 11932

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11932

Log:
Give a fresh start on lookup_name(), the old function was broken in several
ways. For example, asking for DOMAIN\everyone always gave S-1-1-0.

I'm only committing this to HEAD, this is quite intrusive I think. I
definitely want it across, but only after some peer review. Jeremy, splitting
this up might resolve some of the huge mess we have with BUILTIN. At least it
makes some code paths a bit cleaner.

I think it was an error to have parse_domain_user separate from actually
looking up the name, so the new lookup_name unifies both. If an explicit
domain was given, the backend to ask is clear. Don't do any fallback in that
case.

If no explicit domain was given, we have to do guesswork. I chose builtin,
passdb, well-known ones and winbind in that order.

One interesting thing: There is actually meaning in the lsa_lookupsids
lookup_level. I asked a German w2k3 for an unqualified "Everyone" which it
does not know, there it would be "Jeder". What it did was to all trusted DCs
with that unqualified name, and even the US NT4 that was queried did not
know. Huh? The proxied question was with a lookup_level 3. When giving it that
level, it only does the guesswork stuff with a level 1.

My next guess is that lookup_level is some sort of bitmask. It might be
interesting to play with the rest of the 32 bits.... Or it's a recursion
count, who knows :-)

Ah, also provide a template for pdb_lookup_names. Not used yet.

Volker

Modified:
   trunk/source/groupdb/mapping.c
   trunk/source/include/passdb.h
   trunk/source/modules/vfs_afsacl.c
   trunk/source/passdb/lookup_sid.c
   trunk/source/passdb/passdb.c
   trunk/source/passdb/pdb_interface.c
   trunk/source/passdb/util_sam_sid.c
   trunk/source/rpc_server/srv_lsa_nt.c
   trunk/source/rpc_server/srv_samr_nt.c


Changeset:
Sorry, the patch is too large (764 lines) to include; please use WebSVN to see it!
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11932

More information about the samba-cvs mailing list