svn commit: samba r15360 - branches/SAMBA_3_0/source/passdb
trunk/source/passdb
vlendec at samba.org
vlendec at samba.org
Sun Apr 30 14:34:30 GMT 2006
Author: vlendec
Date: 2006-04-30 14:34:30 +0000 (Sun, 30 Apr 2006)
New Revision: 15360
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15360
Log:
Fix bug # 3741. One more place where the algorithmic mapping needs to stay.
Volker
Modified:
branches/SAMBA_3_0/source/passdb/lookup_sid.c
trunk/source/passdb/lookup_sid.c
Changeset:
Modified: branches/SAMBA_3_0/source/passdb/lookup_sid.c
===================================================================
--- branches/SAMBA_3_0/source/passdb/lookup_sid.c 2006-04-30 14:14:46 UTC (rev 15359)
+++ branches/SAMBA_3_0/source/passdb/lookup_sid.c 2006-04-30 14:34:30 UTC (rev 15360)
@@ -128,11 +128,30 @@
* the expansion of group names coming in from smb.conf
*/
- if ((flags & LOOKUP_NAME_GROUP) &&
- (lookup_unix_group_name(name, &sid))) {
- domain = talloc_strdup(tmp_ctx, unix_groups_domain_name());
- type = SID_NAME_DOM_GRP;
- goto ok;
+ if (flags & LOOKUP_NAME_GROUP) {
+ struct group *grp;
+
+ /* If we are using the smbpasswd backend, we need to use the
+ * algorithmic mapping for the unix group we find. This is
+ * necessary because when creating the NT token from the unix
+ * gid list we got from initgroups() we use gid_to_sid() that
+ * uses algorithmic mapping if pdb_rid_algorithm() is true. */
+
+ if (pdb_rid_algorithm() && ((grp = getgrnam(name)) != NULL) &&
+ (grp->gr_gid < max_algorithmic_gid())) {
+ domain = talloc_strdup(tmp_ctx, get_global_sam_name());
+ sid_compose(&sid, get_global_sam_sid(),
+ pdb_gid_to_group_rid(grp->gr_gid));
+ type = SID_NAME_DOM_GRP;
+ goto ok;
+ }
+
+ if (lookup_unix_group_name(name, &sid)) {
+ domain = talloc_strdup(tmp_ctx,
+ unix_groups_domain_name());
+ type = SID_NAME_DOM_GRP;
+ goto ok;
+ }
}
/* Now the guesswork begins, we haven't been given an explicit
Modified: trunk/source/passdb/lookup_sid.c
===================================================================
--- trunk/source/passdb/lookup_sid.c 2006-04-30 14:14:46 UTC (rev 15359)
+++ trunk/source/passdb/lookup_sid.c 2006-04-30 14:34:30 UTC (rev 15360)
@@ -128,11 +128,30 @@
* the expansion of group names coming in from smb.conf
*/
- if ((flags & LOOKUP_NAME_GROUP) &&
- (lookup_unix_group_name(name, &sid))) {
- domain = talloc_strdup(tmp_ctx, unix_groups_domain_name());
- type = SID_NAME_DOM_GRP;
- goto ok;
+ if (flags & LOOKUP_NAME_GROUP) {
+ struct group *grp;
+
+ /* If we are using the smbpasswd backend, we need to use the
+ * algorithmic mapping for the unix group we find. This is
+ * necessary because when creating the NT token from the unix
+ * gid list we got from initgroups() we use gid_to_sid() that
+ * uses algorithmic mapping if pdb_rid_algorithm() is true. */
+
+ if (pdb_rid_algorithm() && ((grp = getgrnam(name)) != NULL) &&
+ (grp->gr_gid < max_algorithmic_gid())) {
+ domain = talloc_strdup(tmp_ctx, get_global_sam_name());
+ sid_compose(&sid, get_global_sam_sid(),
+ pdb_gid_to_group_rid(grp->gr_gid));
+ type = SID_NAME_DOM_GRP;
+ goto ok;
+ }
+
+ if (lookup_unix_group_name(name, &sid)) {
+ domain = talloc_strdup(tmp_ctx,
+ unix_groups_domain_name());
+ type = SID_NAME_DOM_GRP;
+ goto ok;
+ }
}
/* Now the guesswork begins, we haven't been given an explicit
More information about the samba-cvs
mailing list