svn commit: samba r13683 - branches/SAMBA_3_0/source/passdb
trunk/source/passdb
vlendec at samba.org
vlendec at samba.org
Fri Feb 24 22:26:53 GMT 2006
Author: vlendec
Date: 2006-02-24 22:26:53 +0000 (Fri, 24 Feb 2006)
New Revision: 13683
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13683
Log:
Fix the 'valid users = +users' problem I introduced.
Volker
Modified:
branches/SAMBA_3_0/source/passdb/lookup_sid.c
trunk/source/passdb/lookup_sid.c
Changeset:
Modified: branches/SAMBA_3_0/source/passdb/lookup_sid.c
===================================================================
--- branches/SAMBA_3_0/source/passdb/lookup_sid.c 2006-02-24 22:04:07 UTC (rev 13682)
+++ branches/SAMBA_3_0/source/passdb/lookup_sid.c 2006-02-24 22:26:53 UTC (rev 13683)
@@ -116,6 +116,25 @@
goto failed;
}
+ /*
+ * Nasty hack necessary for too common scenarios:
+ *
+ * For 'valid users = +users' we know "users" is most probably not
+ * BUILTIN\users but the unix group users. This hack requires the
+ * admin to explicitly qualify BUILTIN if BUILTIN\users is meant.
+ *
+ * Please note that LOOKUP_NAME_GROUP can not be requested via for
+ * example lsa_lookupnames, it only comes into this routine via
+ * the expansion of group names coming in from smb.conf
+ */
+
+ if ((flags & LOOKUP_NAME_GROUP) &&
+ (lookup_unix_group_name(name, &sid))) {
+ domain = talloc_strdup(tmp_ctx, unix_groups_domain_name());
+ type = SID_NAME_DOM_GRP;
+ goto ok;
+ }
+
/* Now the guesswork begins, we haven't been given an explicit
* domain. Try the sequence as documented on
* http://msdn.microsoft.com/library/en-us/secmgmt/security/lsalookupnames.asp
Modified: trunk/source/passdb/lookup_sid.c
===================================================================
--- trunk/source/passdb/lookup_sid.c 2006-02-24 22:04:07 UTC (rev 13682)
+++ trunk/source/passdb/lookup_sid.c 2006-02-24 22:26:53 UTC (rev 13683)
@@ -116,6 +116,25 @@
goto failed;
}
+ /*
+ * Nasty hack necessary for too common scenarios:
+ *
+ * For 'valid users = +users' we know "users" is most probably not
+ * BUILTIN\users but the unix group users. This hack requires the
+ * admin to explicitly qualify BUILTIN if BUILTIN\users is meant.
+ *
+ * Please note that LOOKUP_NAME_GROUP can not be requested via for
+ * example lsa_lookupnames, it only comes into this routine via
+ * the expansion of group names coming in from smb.conf
+ */
+
+ if ((flags & LOOKUP_NAME_GROUP) &&
+ (lookup_unix_group_name(name, &sid))) {
+ domain = talloc_strdup(tmp_ctx, unix_groups_domain_name());
+ type = SID_NAME_DOM_GRP;
+ goto ok;
+ }
+
/* Now the guesswork begins, we haven't been given an explicit
* domain. Try the sequence as documented on
* http://msdn.microsoft.com/library/en-us/secmgmt/security/lsalookupnames.asp
More information about the samba-cvs
mailing list