svn commit: samba r13817 - in trunk/source/passdb: .

idra at samba.org idra at samba.org
Fri Mar 3 17:02:59 GMT 2006 

Author: idra
Date: 2006-03-03 17:02:58 +0000 (Fri, 03 Mar 2006)
New Revision: 13817

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13817

Log:

Back out special exceptions for enum_group_memberships
These must not be exceptions, you need to have the right
stuff in ldap, and it IS supposed to break if you don't anyway

Working on a provisioning tool to help out admins get to a
decent basic tree, stay tuned :-)

Simo.


Modified:
   trunk/source/passdb/pdb_ldap.c


Changeset:
Modified: trunk/source/passdb/pdb_ldap.c
===================================================================
--- trunk/source/passdb/pdb_ldap.c	2006-03-03 17:00:56 UTC (rev 13816)
+++ trunk/source/passdb/pdb_ldap.c	2006-03-03 17:02:58 UTC (rev 13817)
@@ -2499,9 +2499,6 @@
 	size_t num_sids, num_gids;
 	char *gidstr;
 	gid_t primary_gid = -1;
-	uid_t user_uid;
-	const DOM_SID *user_sid;
-	uint32 user_rid;
 
 	*pp_sids = NULL;
 	num_sids = 0;
@@ -2527,62 +2524,19 @@
 
 	switch (count) {
 	case 0:	
-		/* check if this is the special virtual guest account or root or return with error */
-		user_sid = pdb_get_user_sid(user);
-		if (!sid_peek_rid(user_sid, &user_rid)) {
-			DEBUG(1, ("Could not peek into RID\n"));
-			ret = NT_STATUS_NO_SUCH_USER;
-			goto done;
-		}
-		if (!sid_to_uid(user_sid, &user_uid)) {
-			user_uid = -1;
-		}
-		if (user_rid == DOMAIN_USER_RID_GUEST) {
-			struct passwd *pw;
-			/* try to get the user gid from the system
-			 * this is a special system account and is
-			 * allowed to stay off the ldap tree */
-			if (!(pw = getpwnam_alloc(mem_ctx, pdb_get_username(user)))) {
-				ret = NT_STATUS_NO_SUCH_USER;
-				goto done;
-			}
-			primary_gid = pw->pw_gid;
-			talloc_free(pw);
-		} else {
-			ret = NT_STATUS_NO_SUCH_USER;
-			goto done;
-		}
-		break;
+		DEBUG(1, ("User account [%s] not found!\n", pdb_get_username(user)));
+		ret = NT_STATUS_NO_SUCH_USER;
+		goto done;
 	case 1:
 		entry = ldap_first_entry(priv2ld(ldap_state), result);
 
 		gidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", mem_ctx);
 		if (!gidstr) {
-			/* make a special exception for the root user */
-			user_sid = pdb_get_user_sid(user);
-			if (!sid_to_uid(user_sid, &user_uid)) {
-				user_uid = -1;
-			}
-
-			if (user_uid == 0) {
-				struct passwd *pw;
-				/* try to get the user gid from the system
-				 * this is a special system account and is
-				 * allowed to stay off the ldap tree */
-				if (!(pw = getpwnam_alloc(mem_ctx, pdb_get_username(user)))) {
-					ret = NT_STATUS_NO_SUCH_USER;
-					goto done;
-				}
-				primary_gid = pw->pw_gid;
-				talloc_free(pw);
-			} else {
-				DEBUG (1, ("Unable to find the member's gid!\n"));
-				ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
-				goto done;
-			}
-		} else {
-			primary_gid = strtoul(gidstr, NULL, 10);
+			DEBUG (1, ("Unable to find the member's gid!\n"));
+			ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
+			goto done;
 		}
+		primary_gid = strtoul(gidstr, NULL, 10);
 		break;
 	default:
 		DEBUG(1, ("found more than one accoutn with the same user name ?!\n"));
@@ -2656,9 +2610,7 @@
 	if (sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {
 		DEBUG(3, ("primary group of [%s] not found\n",
 			  pdb_get_username(user)));
-		/* this may be the special guest user, do not give up
-		 * and use gid_to_sid */
-		gid_to_sid(&(*pp_sids)[0], primary_gid);
+		goto done;
 	}
 
 	*p_num_groups = num_sids;
@@ -3692,8 +3644,7 @@
 
 	for (i=0; i<num_rids; i++) {
 		DOM_SID sid;
-		sid_copy(&sid, domain_sid);
-		sid_append_rid(&sid, rids[i]);
+		sid_compose(&sid, domain_sid, rids[i]);
 		allsids = talloc_asprintf_append(allsids, "(sambaSid=%s)",
 						 sid_string_static(&sid));
 		if (allsids == NULL) {
@@ -4707,8 +4658,7 @@
 		return ret;
 	}
 
-	sid_copy(&user_sid, get_global_sam_sid());
-	sid_append_rid(&user_sid, *rid);
+	sid_compose(&user_sid, get_global_sam_sid(), *rid);
 
 	user = samu_new(tmp_ctx);
 	if (!user) {
@@ -5001,8 +4951,7 @@
 		return ret;
 	}
 
-	sid_copy(&group_sid, get_global_sam_sid());
-	sid_append_rid(&group_sid, *rid);
+	sid_compose(&group_sid, get_global_sam_sid(), *rid);
 
 	groupsidstr = talloc_strdup(tmp_ctx, sid_string_static(&group_sid));
 	grouptype = talloc_asprintf(tmp_ctx, "%d", SID_NAME_DOM_GRP);
@@ -5055,8 +5004,7 @@
 	int rc;
 
 	/* get the group sid */
-	sid_copy(&group_sid, get_global_sam_sid());
-	sid_append_rid(&group_sid, rid);
+	sid_compose(&group_sid, get_global_sam_sid(), rid);
 
 	filter = talloc_asprintf(tmp_ctx,
 				 "(&(sambaSID=%s)"
@@ -5160,12 +5108,10 @@
 	}
 	
 	/* get member sid  */
-	sid_copy(&member_sid, get_global_sam_sid());
-	sid_append_rid(&member_sid, member_rid);
+	sid_compose(&member_sid, get_global_sam_sid(), member_rid);
 
 	/* get the group sid */
-	sid_copy(&group_sid, get_global_sam_sid());
-	sid_append_rid(&group_sid, group_rid);
+	sid_compose(&group_sid, get_global_sam_sid(), group_rid);
 
 	filter = talloc_asprintf(tmp_ctx,
 				 "(&(sambaSID=%s)"

More information about the samba-cvs mailing list