[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-646-gcccb80b

Stefan Metzmacher metze at samba.org
Fri Dec 14 07:28:33 GMT 2007


The branch, v3-2-test has been updated
       via  cccb80b7b7980fbe1298ce266375e51bacb4a425 (commit)
      from  a412e6c7c676a054acd9db371221a50078cfe1d9 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit cccb80b7b7980fbe1298ce266375e51bacb4a425
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Dec 14 07:47:07 2007 +0100

    Revert "Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames."
    
    As it breaks all tests which try to join a new machine account.
    So more testing is needed...
    
    metze
    
    This reverts commit dd320c0924ce393a89b1cab020fd5cffc5b80380.

-----------------------------------------------------------------------

Summary of changes:
 source/passdb/lookup_sid.c     |   45 +++++++++++----------------------------
 source/rpc_server/srv_lsa_nt.c |   37 ++++++++------------------------
 2 files changed, 22 insertions(+), 60 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c
index 54db14f..bb54959 100644
--- a/source/passdb/lookup_sid.c
+++ b/source/passdb/lookup_sid.c
@@ -59,19 +59,16 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
 		name = talloc_strdup(tmp_ctx, full_name);
 	}
 
+	DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n", 
+		full_name, domain, name));
+
 	if ((domain == NULL) || (name == NULL)) {
 		DEBUG(0, ("talloc failed\n"));
 		TALLOC_FREE(tmp_ctx);
 		return false;
 	}
 
-	DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n",
-		full_name, domain, name));
-	DEBUG(10, ("lookup_name: flags = 0x0%x\n", flags));
-
-	if ((flags & LOOKUP_NAME_DOMAIN) &&
-	    strequal(domain, get_global_sam_name()))
-	{
+	if (strequal(domain, get_global_sam_name())) {
 
 		/* It's our own domain, lookup the name in passdb */
 		if (lookup_global_sam_name(name, flags, &rid, &type)) {
@@ -83,9 +80,8 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
 		return false;
 	}
 
-	if ((flags & LOOKUP_NAME_BUILTIN) &&
-	    strequal(domain, builtin_domain_name()))
-	{
+	if (strequal(domain, builtin_domain_name())) {
+
 		/* Explicit request for a name in BUILTIN */
 		if (lookup_builtin_name(name, &rid)) {
 			sid_copy(&sid, &global_sid_Builtin);
@@ -101,7 +97,6 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
 	 * domain yet at this point yet. This comes later. */
 
 	if ((domain[0] != '\0') &&
-	    (flags & ~(LOOKUP_NAME_DOMAIN|LOOKUP_NAME_ISOLATED)) &&
 	    (winbind_lookup_name(domain, name, &sid, &type))) {
 			goto ok;
 	}
@@ -136,18 +131,14 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
 
 	/* 1. well-known names */
 
-	if ((flags & LOOKUP_NAME_WKN) &&
-	    lookup_wellknown_name(tmp_ctx, name, &sid, &domain))
-	{
+	if (lookup_wellknown_name(tmp_ctx, name, &sid, &domain)) {
 		type = SID_NAME_WKN_GRP;
 		goto ok;
 	}
 
 	/* 2. Builtin domain as such */
 
-	if ((flags & (LOOKUP_NAME_BUILTIN|LOOKUP_NAME_REMOTE)) &&
-	    strequal(name, builtin_domain_name()))
-	{
+	if (strequal(name, builtin_domain_name())) {
 		/* Swap domain and name */
 		tmp = name; name = domain; domain = tmp;
 		sid_copy(&sid, &global_sid_Builtin);
@@ -157,9 +148,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
 
 	/* 3. Account domain */
 
-	if ((flags & LOOKUP_NAME_DOMAIN) &&
-	    strequal(name, get_global_sam_name()))
-	{
+	if (strequal(name, get_global_sam_name())) {
 		if (!secrets_fetch_domain_sid(name, &sid)) {
 			DEBUG(3, ("Could not fetch my SID\n"));
 			TALLOC_FREE(tmp_ctx);
@@ -173,9 +162,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
 
 	/* 4. Primary domain */
 
-	if ((flags & LOOKUP_NAME_DOMAIN) && !IS_DC &&
-	    strequal(name, lp_workgroup()))
-	{
+	if (!IS_DC && strequal(name, lp_workgroup())) {
 		if (!secrets_fetch_domain_sid(name, &sid)) {
 			DEBUG(3, ("Could not fetch the domain SID\n"));
 			TALLOC_FREE(tmp_ctx);
@@ -190,9 +177,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
 	/* 5. Trusted domains as such, to me it looks as if members don't do
               this, tested an XP workstation in a NT domain -- vl */
 
-	if ((flags & LOOKUP_NAME_REMOTE) && IS_DC &&
-	    (secrets_fetch_trusted_domain_password(name, NULL, &sid, NULL)))
-	{
+	if (IS_DC && (pdb_get_trusteddom_pw(name, NULL, &sid, NULL))) {
 		/* Swap domain and name */
 		tmp = name; name = domain; domain = tmp;
 		type = SID_NAME_DOMAIN;
@@ -201,9 +186,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
 
 	/* 6. Builtin aliases */	
 
-	if ((flags & LOOKUP_NAME_BUILTIN) &&
-	    lookup_builtin_name(name, &rid))
-	{
+	if (lookup_builtin_name(name, &rid)) {
 		domain = talloc_strdup(tmp_ctx, builtin_domain_name());
 		sid_copy(&sid, &global_sid_Builtin);
 		sid_append_rid(&sid, rid);
@@ -216,9 +199,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
 
 	/* Both cases are done by looking at our passdb */
 
-	if ((flags & LOOKUP_NAME_DOMAIN) &&
-	    lookup_global_sam_name(name, flags, &rid, &type))
-	{
+	if (lookup_global_sam_name(name, flags, &rid, &type)) {
 		domain = talloc_strdup(tmp_ctx, get_global_sam_name());
 		sid_copy(&sid, get_global_sam_sid());
 		sid_append_rid(&sid, rid);
diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c
index c5f0c7b..2065508 100644
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@@ -1035,31 +1035,6 @@ NTSTATUS _lsa_lookup_sids3(pipes_struct *p,
 	return r_u->status;
 }
 
-static int lsa_lookup_level_to_flags(uint16 level)
-{
-	int flags;
-
-	switch (level) {
-		case 1:
-			flags = LOOKUP_NAME_ALL;
-			break;
-		case 2:
-			flags = LOOKUP_NAME_DOMAIN|LOOKUP_NAME_REMOTE|LOOKUP_NAME_ISOLATED;
-			break;
-		case 3:
-			flags = LOOKUP_NAME_DOMAIN|LOOKUP_NAME_ISOLATED;
-			break;
-		case 4:
-		case 5:
-		case 6:
-		default:
-			flags = LOOKUP_NAME_NONE;
-			break;
-	}
-
-	return flags;
-}
-
 /***************************************************************************
 lsa_reply_lookup_names
  ***************************************************************************/
@@ -1079,7 +1054,10 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP
 		DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries));
 	}
 		
-	flags = lsa_lookup_level_to_flags(q_u->lookup_level);
+	/* Probably the lookup_level is some sort of bitmask. */
+	if (q_u->lookup_level == 1) {
+		flags = LOOKUP_NAME_ALL;
+	}
 
 	ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
 	if (!ref) {
@@ -1145,8 +1123,11 @@ NTSTATUS _lsa_lookup_names2(pipes_struct *p, LSA_Q_LOOKUP_NAMES2 *q_u, LSA_R_LOO
 		num_entries = MAX_LOOKUP_SIDS;
 		DEBUG(5,("_lsa_lookup_names2: truncating name lookup list to %d\n", num_entries));
 	}
-
-	flags = lsa_lookup_level_to_flags(q_u->lookup_level);
+		
+	/* Probably the lookup_level is some sort of bitmask. */
+	if (q_u->lookup_level == 1) {
+		flags = LOOKUP_NAME_ALL;
+	}
 
 	ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
 	if (ref == NULL) {


-- 
Samba Shared Repository


More information about the samba-cvs mailing list