svn commit: samba r16064 - branches/SAMBA_3_0/source/passdb
trunk/source/passdb
vlendec at samba.org
vlendec at samba.org
Tue Jun 6 20:18:11 GMT 2006
Author: vlendec
Date: 2006-06-06 20:18:11 +0000 (Tue, 06 Jun 2006)
New Revision: 16064
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16064
Log:
Bug fix for another one Tom Bork has reported:
'valid users = +unixgroup' failed with smbpasswd if 'unixgroup' has a
(non-algorithmic) group mapping.
Thanks a lot!
People out there listening, please test current code, this release is
**BIG**
:-)
Volker
Modified:
branches/SAMBA_3_0/source/passdb/lookup_sid.c
trunk/source/passdb/lookup_sid.c
Changeset:
Modified: branches/SAMBA_3_0/source/passdb/lookup_sid.c
===================================================================
--- branches/SAMBA_3_0/source/passdb/lookup_sid.c 2006-06-06 17:55:41 UTC (rev 16063)
+++ branches/SAMBA_3_0/source/passdb/lookup_sid.c 2006-06-06 20:18:11 UTC (rev 16064)
@@ -43,6 +43,7 @@
DOM_SID sid;
enum SID_NAME_USE type;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ struct group *grp;
if (tmp_ctx == NULL) {
DEBUG(0, ("talloc_new failed\n"));
@@ -128,16 +129,35 @@
* the expansion of group names coming in from smb.conf
*/
- if (flags & LOOKUP_NAME_GROUP) {
- struct group *grp;
+ if ((flags & LOOKUP_NAME_GROUP) && ((grp = getgrnam(name)) != NULL)) {
+ GROUP_MAP map;
+
+ if (pdb_getgrgid(&map, grp->gr_gid)) {
+ /* The hack gets worse. Handle the case where we have
+ * 'force group = +unixgroup' but "unixgroup" has a
+ * group mapping */
+
+ if (sid_check_is_in_builtin(&map.sid)) {
+ domain = talloc_strdup(
+ tmp_ctx, builtin_domain_name());
+ } else {
+ domain = talloc_strdup(
+ tmp_ctx, get_global_sam_name());
+ }
+
+ sid_copy(&sid, &map.sid);
+ type = map.sid_name_use;
+ goto ok;
+ }
+
/* If we are using the smbpasswd backend, we need to use the
* algorithmic mapping for the unix group we find. This is
* necessary because when creating the NT token from the unix
* gid list we got from initgroups() we use gid_to_sid() that
* uses algorithmic mapping if pdb_rid_algorithm() is true. */
- if (pdb_rid_algorithm() && ((grp = getgrnam(name)) != NULL) &&
+ if (pdb_rid_algorithm() &&
(grp->gr_gid < max_algorithmic_gid())) {
domain = talloc_strdup(tmp_ctx, get_global_sam_name());
sid_compose(&sid, get_global_sam_sid(),
Modified: trunk/source/passdb/lookup_sid.c
===================================================================
--- trunk/source/passdb/lookup_sid.c 2006-06-06 17:55:41 UTC (rev 16063)
+++ trunk/source/passdb/lookup_sid.c 2006-06-06 20:18:11 UTC (rev 16064)
@@ -43,6 +43,7 @@
DOM_SID sid;
enum SID_NAME_USE type;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ struct group *grp;
if (tmp_ctx == NULL) {
DEBUG(0, ("talloc_new failed\n"));
@@ -128,16 +129,35 @@
* the expansion of group names coming in from smb.conf
*/
- if (flags & LOOKUP_NAME_GROUP) {
- struct group *grp;
+ if ((flags & LOOKUP_NAME_GROUP) && ((grp = getgrnam(name)) != NULL)) {
+ GROUP_MAP map;
+
+ if (pdb_getgrgid(&map, grp->gr_gid)) {
+ /* The hack gets worse. Handle the case where we have
+ * 'force group = +unixgroup' but "unixgroup" has a
+ * group mapping */
+
+ if (sid_check_is_in_builtin(&map.sid)) {
+ domain = talloc_strdup(
+ tmp_ctx, builtin_domain_name());
+ } else {
+ domain = talloc_strdup(
+ tmp_ctx, get_global_sam_name());
+ }
+
+ sid_copy(&sid, &map.sid);
+ type = map.sid_name_use;
+ goto ok;
+ }
+
/* If we are using the smbpasswd backend, we need to use the
* algorithmic mapping for the unix group we find. This is
* necessary because when creating the NT token from the unix
* gid list we got from initgroups() we use gid_to_sid() that
* uses algorithmic mapping if pdb_rid_algorithm() is true. */
- if (pdb_rid_algorithm() && ((grp = getgrnam(name)) != NULL) &&
+ if (pdb_rid_algorithm() &&
(grp->gr_gid < max_algorithmic_gid())) {
domain = talloc_strdup(tmp_ctx, get_global_sam_name());
sid_compose(&sid, get_global_sam_sid(),
More information about the samba-cvs
mailing list