svn commit: samba r16867 - in trunk/source: auth passdb

Fri Jul 7 19:34:55 GMT 2006

Author: vlendec
Date: 2006-07-07 19:34:54 +0000 (Fri, 07 Jul 2006)
New Revision: 16867

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16867

Log:
Merge the fix for bug 3915
Modified:
   trunk/source/auth/auth_util.c
   trunk/source/passdb/lookup_sid.c
   trunk/source/passdb/util_unixsids.c


Changeset:
Modified: trunk/source/auth/auth_util.c
===================================================================

--- trunk/source/auth/auth_util.c	2006-07-07 19:01:15 UTC (rev 16866)
+++ trunk/source/auth/auth_util.c	2006-07-07 19:34:54 UTC (rev 16867)
@@ -1061,45 +1061,8 @@
 		goto done;
 	}
 
-	if (sid_check_is_in_unix_users(&user_sid)) {
+	if (sid_check_is_in_our_domain(&user_sid)) {
 
-		/* This is a unix user not in passdb. We need to ask nss
-		 * directly, without consulting passdb */
-
-		struct passwd *pass;
-		size_t i;
-
-		pass = getpwuid_alloc(tmp_ctx, *uid);
-		if (pass == NULL) {
-			DEBUG(1, ("getpwuid(%d) for user %s failed\n",
-				  *uid, username));
-			goto done;
-		}
-
-		*gid = pass->pw_gid;
-		gid_to_sid(&primary_group_sid, pass->pw_gid);
-
-		if (!getgroups_unix_user(tmp_ctx, username, pass->pw_gid,
-					 &gids, &num_group_sids)) {
-			DEBUG(1, ("getgroups_unix_user for user %s failed\n",
-				  username));
-			goto done;
-		}
-
-		group_sids = talloc_array(tmp_ctx, DOM_SID, num_group_sids);
-		if (group_sids == NULL) {
-			DEBUG(1, ("talloc_array failed\n"));
-			result = NT_STATUS_NO_MEMORY;
-			goto done;
-		}
-
-		for (i=0; i<num_group_sids; i++) {
-			gid_to_sid(&group_sids[i], gids[i]);
-		}
-		*found_username = talloc_strdup(mem_ctx, pass->pw_name);
-
-	} else if (sid_check_is_in_our_domain(&user_sid)) {
-
 		/* This is a passdb user, so ask passdb */
 
 		struct samu *sam_acct = NULL;
@@ -1113,14 +1076,13 @@
 		if (!pdb_getsampwsid(sam_acct, &user_sid)) {
 			DEBUG(1, ("pdb_getsampwsid(%s) for user %s failed\n",
 				  sid_string_static(&user_sid), username));
-			result = NT_STATUS_NO_SUCH_USER;
-			goto done;
+			DEBUGADD(1, ("Fall back to unix user %s\n", username));
+			goto unix_user;
 		}
 
 		gr_sid = pdb_get_group_sid(sam_acct);
 		if (!gr_sid) {
-			result = NT_STATUS_NO_MEMORY;
-			goto done;
+			goto unix_user;
 		}
 
 		sid_copy(&primary_group_sid, gr_sid);
@@ -1128,7 +1090,8 @@
 		if (!sid_to_gid(&primary_group_sid, gid)) {
 			DEBUG(1, ("sid_to_gid(%s) failed\n",
 				  sid_string_static(&primary_group_sid)));
-			goto done;
+			DEBUGADD(1, ("Fall back to unix user %s\n", username));
+			goto unix_user;
 		}
 
 		result = pdb_enum_group_memberships(tmp_ctx, sam_acct,
@@ -1137,12 +1100,60 @@
 		if (!NT_STATUS_IS_OK(result)) {
 			DEBUG(10, ("enum_group_memberships failed for %s\n",
 				   username));
-			goto done;
+			DEBUGADD(1, ("Fall back to unix user %s\n", username));
+			goto unix_user;
 		}
 
 		*found_username = talloc_strdup(mem_ctx,
 						pdb_get_username(sam_acct));
 
+	} else 	if (sid_check_is_in_unix_users(&user_sid)) {
+
+		/* This is a unix user not in passdb. We need to ask nss
+		 * directly, without consulting passdb */
+
+		struct passwd *pass;
+		size_t i;
+
+		/*
+		 * This goto target is used as a fallback for the passdb
+		 * case. The concrete bug report is when passdb gave us an
+		 * unmapped gid.
+		 */
+
+	unix_user:
+
+		uid_to_unix_users_sid(*uid, &user_sid);
+
+		pass = getpwuid_alloc(tmp_ctx, *uid);
+		if (pass == NULL) {
+			DEBUG(1, ("getpwuid(%d) for user %s failed\n",
+				  *uid, username));
+			goto done;
+		}
+
+		*gid = pass->pw_gid;
+		gid_to_sid(&primary_group_sid, pass->pw_gid);
+
+		if (!getgroups_unix_user(tmp_ctx, username, pass->pw_gid,
+					 &gids, &num_group_sids)) {
+			DEBUG(1, ("getgroups_unix_user for user %s failed\n",
+				  username));
+			goto done;
+		}
+
+		group_sids = talloc_array(tmp_ctx, DOM_SID, num_group_sids);
+		if (group_sids == NULL) {
+			DEBUG(1, ("talloc_array failed\n"));
+			result = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+
+		for (i=0; i<num_group_sids; i++) {
+			gid_to_sid(&group_sids[i], gids[i]);
+		}
+		*found_username = talloc_strdup(mem_ctx, pass->pw_name);
+
 	} else {
 
 		/* This user is from winbind, force the primary gid to the

Modified: trunk/source/passdb/lookup_sid.c
===================================================================
--- trunk/source/passdb/lookup_sid.c	2006-07-07 19:01:15 UTC (rev 16866)
+++ trunk/source/passdb/lookup_sid.c	2006-07-07 19:34:54 UTC (rev 16867)
@@ -1122,8 +1122,7 @@
 		sid_append_rid(psid, algorithmic_pdb_uid_to_user_rid(uid));
 		goto done;
 	} else {
-		sid_copy(psid, &global_sid_Unix_Users);
-		sid_append_rid(psid, uid);
+		uid_to_unix_users_sid(uid, psid);
 		goto done;
 	}
 

Modified: trunk/source/passdb/util_unixsids.c
===================================================================
--- trunk/source/passdb/util_unixsids.c	2006-07-07 19:01:15 UTC (rev 16866)
+++ trunk/source/passdb/util_unixsids.c	2006-07-07 19:34:54 UTC (rev 16867)
@@ -36,6 +36,12 @@
 	return sid_check_is_unix_users(&dom_sid);
 }
 
+BOOL uid_to_unix_users_sid(uid_t uid, DOM_SID *sid)
+{
+	sid_copy(sid, &global_sid_Unix_Users);
+	return sid_append_rid(sid, uid);
+}
+
 const char *unix_users_domain_name(void)
 {
 	return "Unix User";

