svn commit: samba r13817 - in trunk/source/passdb: .
idra at samba.org
idra at samba.org
Fri Mar 3 17:02:59 GMT 2006
Author: idra
Date: 2006-03-03 17:02:58 +0000 (Fri, 03 Mar 2006)
New Revision: 13817
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13817
Log:
Back out special exceptions for enum_group_memberships
These must not be exceptions, you need to have the right
stuff in ldap, and it IS supposed to break if you don't anyway
Working on a provisioning tool to help out admins get to a
decent basic tree, stay tuned :-)
Simo.
Modified:
trunk/source/passdb/pdb_ldap.c
Changeset:
Modified: trunk/source/passdb/pdb_ldap.c
===================================================================
--- trunk/source/passdb/pdb_ldap.c 2006-03-03 17:00:56 UTC (rev 13816)
+++ trunk/source/passdb/pdb_ldap.c 2006-03-03 17:02:58 UTC (rev 13817)
@@ -2499,9 +2499,6 @@
size_t num_sids, num_gids;
char *gidstr;
gid_t primary_gid = -1;
- uid_t user_uid;
- const DOM_SID *user_sid;
- uint32 user_rid;
*pp_sids = NULL;
num_sids = 0;
@@ -2527,62 +2524,19 @@
switch (count) {
case 0:
- /* check if this is the special virtual guest account or root or return with error */
- user_sid = pdb_get_user_sid(user);
- if (!sid_peek_rid(user_sid, &user_rid)) {
- DEBUG(1, ("Could not peek into RID\n"));
- ret = NT_STATUS_NO_SUCH_USER;
- goto done;
- }
- if (!sid_to_uid(user_sid, &user_uid)) {
- user_uid = -1;
- }
- if (user_rid == DOMAIN_USER_RID_GUEST) {
- struct passwd *pw;
- /* try to get the user gid from the system
- * this is a special system account and is
- * allowed to stay off the ldap tree */
- if (!(pw = getpwnam_alloc(mem_ctx, pdb_get_username(user)))) {
- ret = NT_STATUS_NO_SUCH_USER;
- goto done;
- }
- primary_gid = pw->pw_gid;
- talloc_free(pw);
- } else {
- ret = NT_STATUS_NO_SUCH_USER;
- goto done;
- }
- break;
+ DEBUG(1, ("User account [%s] not found!\n", pdb_get_username(user)));
+ ret = NT_STATUS_NO_SUCH_USER;
+ goto done;
case 1:
entry = ldap_first_entry(priv2ld(ldap_state), result);
gidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", mem_ctx);
if (!gidstr) {
- /* make a special exception for the root user */
- user_sid = pdb_get_user_sid(user);
- if (!sid_to_uid(user_sid, &user_uid)) {
- user_uid = -1;
- }
-
- if (user_uid == 0) {
- struct passwd *pw;
- /* try to get the user gid from the system
- * this is a special system account and is
- * allowed to stay off the ldap tree */
- if (!(pw = getpwnam_alloc(mem_ctx, pdb_get_username(user)))) {
- ret = NT_STATUS_NO_SUCH_USER;
- goto done;
- }
- primary_gid = pw->pw_gid;
- talloc_free(pw);
- } else {
- DEBUG (1, ("Unable to find the member's gid!\n"));
- ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
- goto done;
- }
- } else {
- primary_gid = strtoul(gidstr, NULL, 10);
+ DEBUG (1, ("Unable to find the member's gid!\n"));
+ ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ goto done;
}
+ primary_gid = strtoul(gidstr, NULL, 10);
break;
default:
DEBUG(1, ("found more than one accoutn with the same user name ?!\n"));
@@ -2656,9 +2610,7 @@
if (sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {
DEBUG(3, ("primary group of [%s] not found\n",
pdb_get_username(user)));
- /* this may be the special guest user, do not give up
- * and use gid_to_sid */
- gid_to_sid(&(*pp_sids)[0], primary_gid);
+ goto done;
}
*p_num_groups = num_sids;
@@ -3692,8 +3644,7 @@
for (i=0; i<num_rids; i++) {
DOM_SID sid;
- sid_copy(&sid, domain_sid);
- sid_append_rid(&sid, rids[i]);
+ sid_compose(&sid, domain_sid, rids[i]);
allsids = talloc_asprintf_append(allsids, "(sambaSid=%s)",
sid_string_static(&sid));
if (allsids == NULL) {
@@ -4707,8 +4658,7 @@
return ret;
}
- sid_copy(&user_sid, get_global_sam_sid());
- sid_append_rid(&user_sid, *rid);
+ sid_compose(&user_sid, get_global_sam_sid(), *rid);
user = samu_new(tmp_ctx);
if (!user) {
@@ -5001,8 +4951,7 @@
return ret;
}
- sid_copy(&group_sid, get_global_sam_sid());
- sid_append_rid(&group_sid, *rid);
+ sid_compose(&group_sid, get_global_sam_sid(), *rid);
groupsidstr = talloc_strdup(tmp_ctx, sid_string_static(&group_sid));
grouptype = talloc_asprintf(tmp_ctx, "%d", SID_NAME_DOM_GRP);
@@ -5055,8 +5004,7 @@
int rc;
/* get the group sid */
- sid_copy(&group_sid, get_global_sam_sid());
- sid_append_rid(&group_sid, rid);
+ sid_compose(&group_sid, get_global_sam_sid(), rid);
filter = talloc_asprintf(tmp_ctx,
"(&(sambaSID=%s)"
@@ -5160,12 +5108,10 @@
}
/* get member sid */
- sid_copy(&member_sid, get_global_sam_sid());
- sid_append_rid(&member_sid, member_rid);
+ sid_compose(&member_sid, get_global_sam_sid(), member_rid);
/* get the group sid */
- sid_copy(&group_sid, get_global_sam_sid());
- sid_append_rid(&group_sid, group_rid);
+ sid_compose(&group_sid, get_global_sam_sid(), group_rid);
filter = talloc_asprintf(tmp_ctx,
"(&(sambaSID=%s)"
More information about the samba-cvs
mailing list