svn commit: samba r14403 - branches/SAMBA_3_0/source/auth branches/SAMBA_3_0/source/groupdb branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/nsswitch branches/SAMBA_3_0/source/passdb branches/SAMBA_3_0/source/rpc_server branches/SAMBA_3_0/source/utils trunk/source/auth trunk/source/groupdb trunk/source/include trunk/source/nsswitch trunk/source/passdb trunk/source/rpc_server trunk/source/utils

[jerry at samba.org]

Author: jerry
Date: 2006-03-15 00:10:38 +0000 (Wed, 15 Mar 2006)
New Revision: 14403

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14403

Log:
* modifies create_local_nt_token() to create a BUILTIN\Administrators
  group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'

* Add a SID domain to the group mapping enumeration passdb call
  to fix the checks for local and builtin groups.  The SID can be
  NULL if you want the old semantics for internal maintenance.
  I only updated the tdb group mapping code.

* remove any group mapping from the tdb that have a
  gid of -1 for better consistency with pdb_ldap.c.
  The fixes the problem with calling add_group_map() in
  the tdb code for unmapped groups which might have had
  a record present.

* Ensure that we distinguish between groups in the
  BUILTIN and local machine domains via getgrnam()
  Other wise BUILTIN\Administrators & SERVER\Administrators
  would resolve to the same gid.

* Doesn't strip the global_sam_name() from groups in the
  local machine's domain (this is required to work with
  'winbind default domain' code)

Still todo.

* Fix fallback Administrators membership for root and domain Admins
  if nested groups = no or winbindd is not running

* issues with "su - user -c 'groups'" command

* There are a few outstanding issues with BUILTIN\Users that
  Windows apparently tends to assume.  I worked around this
  presently with a manual group mapping but I do not think
  this is a good solution.  So I'll probably add some similar
  as I did for Administrators.


Modified:
   branches/SAMBA_3_0/source/auth/auth_util.c
   branches/SAMBA_3_0/source/groupdb/mapping.c
   branches/SAMBA_3_0/source/include/passdb.h
   branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_group.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_user.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_util.c
   branches/SAMBA_3_0/source/passdb/pdb_interface.c
   branches/SAMBA_3_0/source/passdb/pdb_ldap.c
   branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
   branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
   branches/SAMBA_3_0/source/utils/net_groupmap.c
   trunk/source/auth/auth_util.c
   trunk/source/groupdb/mapping.c
   trunk/source/include/passdb.h
   trunk/source/nsswitch/winbindd_dual.c
   trunk/source/nsswitch/winbindd_group.c
   trunk/source/nsswitch/winbindd_pam.c
   trunk/source/nsswitch/winbindd_passdb.c
   trunk/source/nsswitch/winbindd_user.c
   trunk/source/nsswitch/winbindd_util.c
   trunk/source/passdb/pdb_interface.c
   trunk/source/passdb/pdb_ldap.c
   trunk/source/rpc_server/srv_lsa_nt.c
   trunk/source/rpc_server/srv_samr_nt.c
   trunk/source/utils/net_groupmap.c


Changeset:
Sorry, the patch is too large (1639 lines) to include; please use WebSVN to see it!
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14403