svn commit: samba r15360 - branches/SAMBA_3_0/source/passdb trunk/source/passdb

vlendec at samba.org vlendec at samba.org
Sun Apr 30 14:34:30 GMT 2006


Author: vlendec
Date: 2006-04-30 14:34:30 +0000 (Sun, 30 Apr 2006)
New Revision: 15360

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15360

Log:
Fix bug # 3741. One more place where the algorithmic mapping needs to stay.

Volker

Modified:
   branches/SAMBA_3_0/source/passdb/lookup_sid.c
   trunk/source/passdb/lookup_sid.c


Changeset:
Modified: branches/SAMBA_3_0/source/passdb/lookup_sid.c
===================================================================
--- branches/SAMBA_3_0/source/passdb/lookup_sid.c	2006-04-30 14:14:46 UTC (rev 15359)
+++ branches/SAMBA_3_0/source/passdb/lookup_sid.c	2006-04-30 14:34:30 UTC (rev 15360)
@@ -128,11 +128,30 @@
 	 * the expansion of group names coming in from smb.conf
 	 */
 
-	if ((flags & LOOKUP_NAME_GROUP) &&
-	    (lookup_unix_group_name(name, &sid))) {
-		domain = talloc_strdup(tmp_ctx, unix_groups_domain_name());
-		type = SID_NAME_DOM_GRP;
-		goto ok;
+	if (flags & LOOKUP_NAME_GROUP) {
+		struct group *grp;
+
+		/* If we are using the smbpasswd backend, we need to use the
+		 * algorithmic mapping for the unix group we find. This is
+		 * necessary because when creating the NT token from the unix
+		 * gid list we got from initgroups() we use gid_to_sid() that
+		 * uses algorithmic mapping if pdb_rid_algorithm() is true. */
+
+		if (pdb_rid_algorithm() && ((grp = getgrnam(name)) != NULL) &&
+		    (grp->gr_gid < max_algorithmic_gid())) {
+			domain = talloc_strdup(tmp_ctx, get_global_sam_name());
+			sid_compose(&sid, get_global_sam_sid(),
+				    pdb_gid_to_group_rid(grp->gr_gid));
+			type = SID_NAME_DOM_GRP;
+			goto ok;
+		}
+		
+		if (lookup_unix_group_name(name, &sid)) {
+			domain = talloc_strdup(tmp_ctx,
+					       unix_groups_domain_name());
+			type = SID_NAME_DOM_GRP;
+			goto ok;
+		}
 	}
 
 	/* Now the guesswork begins, we haven't been given an explicit

Modified: trunk/source/passdb/lookup_sid.c
===================================================================
--- trunk/source/passdb/lookup_sid.c	2006-04-30 14:14:46 UTC (rev 15359)
+++ trunk/source/passdb/lookup_sid.c	2006-04-30 14:34:30 UTC (rev 15360)
@@ -128,11 +128,30 @@
 	 * the expansion of group names coming in from smb.conf
 	 */
 
-	if ((flags & LOOKUP_NAME_GROUP) &&
-	    (lookup_unix_group_name(name, &sid))) {
-		domain = talloc_strdup(tmp_ctx, unix_groups_domain_name());
-		type = SID_NAME_DOM_GRP;
-		goto ok;
+	if (flags & LOOKUP_NAME_GROUP) {
+		struct group *grp;
+
+		/* If we are using the smbpasswd backend, we need to use the
+		 * algorithmic mapping for the unix group we find. This is
+		 * necessary because when creating the NT token from the unix
+		 * gid list we got from initgroups() we use gid_to_sid() that
+		 * uses algorithmic mapping if pdb_rid_algorithm() is true. */
+
+		if (pdb_rid_algorithm() && ((grp = getgrnam(name)) != NULL) &&
+		    (grp->gr_gid < max_algorithmic_gid())) {
+			domain = talloc_strdup(tmp_ctx, get_global_sam_name());
+			sid_compose(&sid, get_global_sam_sid(),
+				    pdb_gid_to_group_rid(grp->gr_gid));
+			type = SID_NAME_DOM_GRP;
+			goto ok;
+		}
+		
+		if (lookup_unix_group_name(name, &sid)) {
+			domain = talloc_strdup(tmp_ctx,
+					       unix_groups_domain_name());
+			type = SID_NAME_DOM_GRP;
+			goto ok;
+		}
 	}
 
 	/* Now the guesswork begins, we haven't been given an explicit



More information about the samba-cvs mailing list