svn commit: samba r17391 - in branches: SAMBA_3_0/source/auth SAMBA_3_0_23/source/auth

jra at samba.org jra at samba.org
Thu Aug 3 23:44:08 GMT 2006 

Author: jra
Date: 2006-08-03 23:44:07 +0000 (Thu, 03 Aug 2006)
New Revision: 17391

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17391

Log:
Revert the second part of the valid users fix - the
netlogon code uses pdb_get_group_sid() which could
return a S-1-1-22 unix sid. Who knew.... :-(.
I'm going to test Volker's fix instead. Once
3.0.23b is out we *have* to rip out the pdb_set_group_sid()
code....
Jeremy.

Modified:
   branches/SAMBA_3_0/source/auth/auth_util.c
   branches/SAMBA_3_0_23/source/auth/auth_util.c


Changeset:
Modified: branches/SAMBA_3_0/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_0/source/auth/auth_util.c	2006-08-03 23:22:07 UTC (rev 17390)
+++ branches/SAMBA_3_0/source/auth/auth_util.c	2006-08-03 23:44:07 UTC (rev 17391)
@@ -599,14 +599,6 @@
 	 * simple first. */
 	TALLOC_FREE(gids);
 
-	/* For a local user the real primary group sid is the result->sids[0] */
-
-	if (!pdb_set_group_sid(sampass, &result->sids[0], PDB_CHANGED)) {
-		result->sam_account = NULL; /* Don't free on error exit. */
-		TALLOC_FREE(result);
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
 	DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
 		 pdb_get_username(sampass), result->unix_name));
 
@@ -1097,7 +1089,7 @@
 
 		gr_sid = pdb_get_group_sid(sam_acct);
 		if (!gr_sid) {
-			goto unix_group;
+			goto unix_user;
 		}
 
 		sid_copy(&primary_group_sid, gr_sid);
@@ -1105,8 +1097,8 @@
 		if (!sid_to_gid(&primary_group_sid, gid)) {
 			DEBUG(1, ("sid_to_gid(%s) failed\n",
 				  sid_string_static(&primary_group_sid)));
-			DEBUGADD(1, ("Fall back to unix group %s\n", username));
-			goto unix_group;
+			DEBUGADD(1, ("Fall back to unix user %s\n", username));
+			goto unix_user;
 		}
 
 		result = pdb_enum_group_memberships(tmp_ctx, sam_acct,
@@ -1115,8 +1107,8 @@
 		if (!NT_STATUS_IS_OK(result)) {
 			DEBUG(10, ("enum_group_memberships failed for %s\n",
 				   username));
-			DEBUGADD(1, ("Fall back to unix group %s\n", username));
-			goto unix_group;
+			DEBUGADD(1, ("Fall back to unix user %s\n", username));
+			goto unix_user;
 		}
 
 		*found_username = talloc_strdup(mem_ctx,
@@ -1140,8 +1132,6 @@
 
 		uid_to_unix_users_sid(*uid, &user_sid);
 
-	unix_group:
-
 		pass = getpwuid_alloc(tmp_ctx, *uid);
 		if (pass == NULL) {
 			DEBUG(1, ("getpwuid(%d) for user %s failed\n",
@@ -1326,14 +1316,6 @@
 	 * simple first. */
 	TALLOC_FREE(gids);
 
-	/* For a local user the real primary group sid is the result->sids[0] */
-
-	if (!pdb_set_group_sid(sampass, &result->sids[0], PDB_CHANGED)) {
-		result->sam_account = NULL; /* Don't free on error exit. */
-		TALLOC_FREE(sampass);
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
 	*server_info = result;
 
 	return NT_STATUS_OK;

Modified: branches/SAMBA_3_0_23/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_0_23/source/auth/auth_util.c	2006-08-03 23:22:07 UTC (rev 17390)
+++ branches/SAMBA_3_0_23/source/auth/auth_util.c	2006-08-03 23:44:07 UTC (rev 17391)
@@ -599,14 +599,6 @@
 	 * simple first. */
 	TALLOC_FREE(gids);
 
-	/* For a local user the real primary group sid is the result->sids[0] */
-
-	if (!pdb_set_group_sid(sampass, &result->sids[0], PDB_CHANGED)) {
-		result->sam_account = NULL; /* Don't free on error exit. */
-		TALLOC_FREE(result);
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
 	DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
 		 pdb_get_username(sampass), result->unix_name));
 
@@ -1096,7 +1088,7 @@
 
 		gr_sid = pdb_get_group_sid(sam_acct);
 		if (!gr_sid) {
-			goto unix_group;
+			goto unix_user;
 		}
 
 		sid_copy(&primary_group_sid, gr_sid);
@@ -1104,8 +1096,8 @@
 		if (!sid_to_gid(&primary_group_sid, gid)) {
 			DEBUG(1, ("sid_to_gid(%s) failed\n",
 				  sid_string_static(&primary_group_sid)));
-			DEBUGADD(1, ("Fall back to unix group %s\n", username));
-			goto unix_group;
+			DEBUGADD(1, ("Fall back to unix user %s\n", username));
+			goto unix_user;
 		}
 
 		result = pdb_enum_group_memberships(tmp_ctx, sam_acct,
@@ -1114,8 +1106,8 @@
 		if (!NT_STATUS_IS_OK(result)) {
 			DEBUG(10, ("enum_group_memberships failed for %s\n",
 				   username));
-			DEBUGADD(1, ("Fall back to unix group %s\n", username));
-			goto unix_group;
+			DEBUGADD(1, ("Fall back to unix user %s\n", username));
+			goto unix_user;
 		}
 
 		*found_username = talloc_strdup(mem_ctx,
@@ -1139,8 +1131,6 @@
 
 		uid_to_unix_users_sid(*uid, &user_sid);
 
-	unix_group:
-
 		pass = getpwuid_alloc(tmp_ctx, *uid);
 		if (pass == NULL) {
 			DEBUG(1, ("getpwuid(%d) for user %s failed\n",
@@ -1325,14 +1315,6 @@
 	 * simple first. */
 	TALLOC_FREE(gids);
 
-	/* For a local user the real primary group sid is the result->sids[0] */
-
-	if (!pdb_set_group_sid(sampass, &result->sids[0], PDB_CHANGED)) {
-		result->sam_account = NULL; /* Don't free on error exit. */
-		TALLOC_FREE(sampass);
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
 	*server_info = result;
 
 	return NT_STATUS_OK;

More information about the samba-cvs mailing list