svn commit: samba r16915 - in branches/SAMBA_3_0_RELEASE: .
source/auth source/passdb
jerry at samba.org
jerry at samba.org
Mon Jul 10 12:35:27 GMT 2006
Author: jerry
Date: 2006-07-10 12:35:27 +0000 (Mon, 10 Jul 2006)
New Revision: 16915
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16915
Log:
grab vl's fix for BUG 3915
Modified:
branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c
branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c
branches/SAMBA_3_0_RELEASE/source/passdb/util_unixsids.c
Changeset:
Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
===================================================================
--- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-07-10 11:24:46 UTC (rev 16914)
+++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-07-10 12:35:27 UTC (rev 16915)
@@ -201,6 +201,8 @@
shares.
* Fix an invalid munlock() call in winbindd's credentials cache.
* Fix compile warnings when passing NULL to snprintf().
+ * BUG 3915: Fall back to a pure unix user with S-1-22 SIDs in the
+ token in case anything weird is going on with the 'force user'.
o Jason Mader <jason at ncac.gwu.edu>
Modified: branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c 2006-07-10 11:24:46 UTC (rev 16914)
+++ branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c 2006-07-10 12:35:27 UTC (rev 16915)
@@ -1066,45 +1066,8 @@
goto done;
}
- if (sid_check_is_in_unix_users(&user_sid)) {
+ if (sid_check_is_in_our_domain(&user_sid)) {
- /* This is a unix user not in passdb. We need to ask nss
- * directly, without consulting passdb */
-
- struct passwd *pass;
- size_t i;
-
- pass = getpwuid_alloc(tmp_ctx, *uid);
- if (pass == NULL) {
- DEBUG(1, ("getpwuid(%d) for user %s failed\n",
- *uid, username));
- goto done;
- }
-
- *gid = pass->pw_gid;
- gid_to_sid(&primary_group_sid, pass->pw_gid);
-
- if (!getgroups_unix_user(tmp_ctx, username, pass->pw_gid,
- &gids, &num_group_sids)) {
- DEBUG(1, ("getgroups_unix_user for user %s failed\n",
- username));
- goto done;
- }
-
- group_sids = talloc_array(tmp_ctx, DOM_SID, num_group_sids);
- if (group_sids == NULL) {
- DEBUG(1, ("talloc_array failed\n"));
- result = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- for (i=0; i<num_group_sids; i++) {
- gid_to_sid(&group_sids[i], gids[i]);
- }
- *found_username = talloc_strdup(mem_ctx, pass->pw_name);
-
- } else if (sid_check_is_in_our_domain(&user_sid)) {
-
/* This is a passdb user, so ask passdb */
struct samu *sam_acct = NULL;
@@ -1118,14 +1081,13 @@
if (!pdb_getsampwsid(sam_acct, &user_sid)) {
DEBUG(1, ("pdb_getsampwsid(%s) for user %s failed\n",
sid_string_static(&user_sid), username));
- result = NT_STATUS_NO_SUCH_USER;
- goto done;
+ DEBUGADD(1, ("Fall back to unix user %s\n", username));
+ goto unix_user;
}
gr_sid = pdb_get_group_sid(sam_acct);
if (!gr_sid) {
- result = NT_STATUS_NO_MEMORY;
- goto done;
+ goto unix_user;
}
sid_copy(&primary_group_sid, gr_sid);
@@ -1133,7 +1095,8 @@
if (!sid_to_gid(&primary_group_sid, gid)) {
DEBUG(1, ("sid_to_gid(%s) failed\n",
sid_string_static(&primary_group_sid)));
- goto done;
+ DEBUGADD(1, ("Fall back to unix user %s\n", username));
+ goto unix_user;
}
result = pdb_enum_group_memberships(tmp_ctx, sam_acct,
@@ -1142,12 +1105,60 @@
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10, ("enum_group_memberships failed for %s\n",
username));
- goto done;
+ DEBUGADD(1, ("Fall back to unix user %s\n", username));
+ goto unix_user;
}
*found_username = talloc_strdup(mem_ctx,
pdb_get_username(sam_acct));
+ } else if (sid_check_is_in_unix_users(&user_sid)) {
+
+ /* This is a unix user not in passdb. We need to ask nss
+ * directly, without consulting passdb */
+
+ struct passwd *pass;
+ size_t i;
+
+ /*
+ * This goto target is used as a fallback for the passdb
+ * case. The concrete bug report is when passdb gave us an
+ * unmapped gid.
+ */
+
+ unix_user:
+
+ uid_to_unix_users_sid(*uid, &user_sid);
+
+ pass = getpwuid_alloc(tmp_ctx, *uid);
+ if (pass == NULL) {
+ DEBUG(1, ("getpwuid(%d) for user %s failed\n",
+ *uid, username));
+ goto done;
+ }
+
+ *gid = pass->pw_gid;
+ gid_to_sid(&primary_group_sid, pass->pw_gid);
+
+ if (!getgroups_unix_user(tmp_ctx, username, pass->pw_gid,
+ &gids, &num_group_sids)) {
+ DEBUG(1, ("getgroups_unix_user for user %s failed\n",
+ username));
+ goto done;
+ }
+
+ group_sids = talloc_array(tmp_ctx, DOM_SID, num_group_sids);
+ if (group_sids == NULL) {
+ DEBUG(1, ("talloc_array failed\n"));
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ for (i=0; i<num_group_sids; i++) {
+ gid_to_sid(&group_sids[i], gids[i]);
+ }
+ *found_username = talloc_strdup(mem_ctx, pass->pw_name);
+
} else {
/* This user is from winbind, force the primary gid to the
Modified: branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c 2006-07-10 11:24:46 UTC (rev 16914)
+++ branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c 2006-07-10 12:35:27 UTC (rev 16915)
@@ -1074,8 +1074,7 @@
sid_append_rid(psid, algorithmic_pdb_uid_to_user_rid(uid));
goto done;
} else {
- sid_copy(psid, &global_sid_Unix_Users);
- sid_append_rid(psid, uid);
+ uid_to_unix_users_sid(uid, psid);
goto done;
}
Modified: branches/SAMBA_3_0_RELEASE/source/passdb/util_unixsids.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/passdb/util_unixsids.c 2006-07-10 11:24:46 UTC (rev 16914)
+++ branches/SAMBA_3_0_RELEASE/source/passdb/util_unixsids.c 2006-07-10 12:35:27 UTC (rev 16915)
@@ -36,6 +36,12 @@
return sid_check_is_unix_users(&dom_sid);
}
+BOOL uid_to_unix_users_sid(uid_t uid, DOM_SID *sid)
+{
+ sid_copy(sid, &global_sid_Unix_Users);
+ return sid_append_rid(sid, uid);
+}
+
const char *unix_users_domain_name(void)
{
return "Unix User";
More information about the samba-cvs
mailing list