svn commit: samba r17159 - in branches: SAMBA_3_0/source/nsswitch
SAMBA_3_0_23/source/nsswitch
jerry at samba.org
jerry at samba.org
Thu Jul 20 18:02:52 GMT 2006
Author: jerry
Date: 2006-07-20 18:02:51 +0000 (Thu, 20 Jul 2006)
New Revision: 17159
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17159
Log:
Bug 3920: Restore wnibind use default domain behavior for domain groups.
This break local users and 'winbind nested groups' on domain members.
Cannot be helped.
My plans is to move the default domain crud to the client code (pam and
nss libraries) in 3.0.24.
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_group.c
branches/SAMBA_3_0/source/nsswitch/winbindd_util.c
branches/SAMBA_3_0_23/source/nsswitch/winbindd_group.c
branches/SAMBA_3_0_23/source/nsswitch/winbindd_util.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_group.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_group.c 2006-07-20 14:39:06 UTC (rev 17158)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_group.c 2006-07-20 18:02:51 UTC (rev 17159)
@@ -41,16 +41,9 @@
const char *gr_name, gid_t unix_gid)
{
fstring full_group_name;
- BOOL can_assume = False;
- /* I *hate* winbind use default domain!!!! Somehow I will figure out
- how to remove this parameter. -jerry */
+ fill_domain_username( full_group_name, dom_name, gr_name, True );
- if ( (lp_server_role() == ROLE_DOMAIN_MEMBER) && strequal(dom_name, lp_workgroup() ) )
- can_assume = True;
-
- fill_domain_username( full_group_name, dom_name, gr_name, can_assume);
-
gr->gr_gid = unix_gid;
/* Group name and password */
@@ -153,7 +146,7 @@
/* Append domain name */
- fill_domain_username(name, domain->name, the_name, False);
+ fill_domain_username(name, domain->name, the_name, True);
len = strlen(name);
@@ -759,7 +752,7 @@
/* Fill in group entry */
fill_domain_username(domain_group_name, ent->domain_name,
- name_list[ent->sam_entry_index].acct_name, False);
+ name_list[ent->sam_entry_index].acct_name, True);
result = fill_grent(&group_list[group_list_ndx],
ent->domain_name,
@@ -936,7 +929,7 @@
groups.sam_entries)[i].acct_name;
fstring name;
- fill_domain_username(name, domain->name, group_name, False);
+ fill_domain_username(name, domain->name, group_name, True);
/* Append to extra data */
memcpy(&extra_data[extra_data_len], name,
strlen(name));
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2006-07-20 14:39:06 UTC (rev 17158)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2006-07-20 18:02:51 UTC (rev 17159)
@@ -812,14 +812,28 @@
/* Is this a domain which we may assume no DOMAIN\ prefix? */
-static BOOL assume_domain(const char *domain) {
- if ((lp_winbind_use_default_domain()
- || lp_winbind_trusted_domains_only()) &&
- strequal(lp_workgroup(), domain))
- return True;
+static BOOL assume_domain(const char *domain)
+{
+ /* never assume the domain on a standalone server */
- if (strequal(get_global_sam_name(), domain))
+ if ( lp_server_role() == ROLE_STANDALONE )
+ return False;
+
+ /* domain member servers may possibly assume for the domain name */
+
+ if ( lp_server_role() == ROLE_DOMAIN_MEMBER ) {
+ if ( !strequal(lp_workgroup(), domain) )
+ return False;
+
+ if ( lp_winbind_use_default_domain() || lp_winbind_trusted_domains_only() )
+ return True;
+ }
+
+ /* only left with a domain controller */
+
+ if ( strequal(get_global_sam_name(), domain) ) {
return True;
+ }
return False;
}
@@ -832,7 +846,7 @@
if ( !p ) {
fstrcpy(user, domuser);
-
+
if ( assume_domain(lp_workgroup())) {
fstrcpy(domain, lp_workgroup());
} else {
Modified: branches/SAMBA_3_0_23/source/nsswitch/winbindd_group.c
===================================================================
--- branches/SAMBA_3_0_23/source/nsswitch/winbindd_group.c 2006-07-20 14:39:06 UTC (rev 17158)
+++ branches/SAMBA_3_0_23/source/nsswitch/winbindd_group.c 2006-07-20 18:02:51 UTC (rev 17159)
@@ -42,7 +42,7 @@
{
fstring full_group_name;
- fill_domain_username( full_group_name, dom_name, gr_name, False);
+ fill_domain_username( full_group_name, dom_name, gr_name, True );
gr->gr_gid = unix_gid;
@@ -146,7 +146,7 @@
/* Append domain name */
- fill_domain_username(name, domain->name, the_name, False);
+ fill_domain_username(name, domain->name, the_name, True);
len = strlen(name);
@@ -752,7 +752,7 @@
/* Fill in group entry */
fill_domain_username(domain_group_name, ent->domain_name,
- name_list[ent->sam_entry_index].acct_name, False);
+ name_list[ent->sam_entry_index].acct_name, True);
result = fill_grent(&group_list[group_list_ndx],
ent->domain_name,
@@ -929,7 +929,7 @@
groups.sam_entries)[i].acct_name;
fstring name;
- fill_domain_username(name, domain->name, group_name, False);
+ fill_domain_username(name, domain->name, group_name, True);
/* Append to extra data */
memcpy(&extra_data[extra_data_len], name,
strlen(name));
Modified: branches/SAMBA_3_0_23/source/nsswitch/winbindd_util.c
===================================================================
--- branches/SAMBA_3_0_23/source/nsswitch/winbindd_util.c 2006-07-20 14:39:06 UTC (rev 17158)
+++ branches/SAMBA_3_0_23/source/nsswitch/winbindd_util.c 2006-07-20 18:02:51 UTC (rev 17159)
@@ -812,14 +812,28 @@
/* Is this a domain which we may assume no DOMAIN\ prefix? */
-static BOOL assume_domain(const char *domain) {
- if ((lp_winbind_use_default_domain()
- || lp_winbind_trusted_domains_only()) &&
- strequal(lp_workgroup(), domain))
- return True;
+static BOOL assume_domain(const char *domain)
+{
+ /* never assume the domain on a standalone server */
- if (strequal(get_global_sam_name(), domain))
+ if ( lp_server_role() == ROLE_STANDALONE )
+ return False;
+
+ /* domain member servers may possibly assume for the domain name */
+
+ if ( lp_server_role() == ROLE_DOMAIN_MEMBER ) {
+ if ( !strequal(lp_workgroup(), domain) )
+ return False;
+
+ if ( lp_winbind_use_default_domain() || lp_winbind_trusted_domains_only() )
+ return True;
+ }
+
+ /* only left with a domain controller */
+
+ if ( strequal(get_global_sam_name(), domain) ) {
return True;
+ }
return False;
}
@@ -832,7 +846,7 @@
if ( !p ) {
fstrcpy(user, domuser);
-
+
if ( assume_domain(lp_workgroup())) {
fstrcpy(domain, lp_workgroup());
} else {
More information about the samba-cvs
mailing list