svn commit: samba r21196 - in branches/SAMBA_3_0_25/source/auth: .

[jerry at samba.org]

Author: jerry
Date: 2007-02-06 21:39:23 +0000 (Tue, 06 Feb 2007)
New Revision: 21196

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21196

Log:
* pick up a few sid mapping changes 


Modified:
   branches/SAMBA_3_0_25/source/auth/auth_util.c


Changeset:
Modified: branches/SAMBA_3_0_25/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_0_25/source/auth/auth_util.c	2007-02-06 21:11:44 UTC (rev 21195)
+++ branches/SAMBA_3_0_25/source/auth/auth_util.c	2007-02-06 21:39:23 UTC (rev 21196)
@@ -841,6 +841,8 @@
 	NTSTATUS status;
 	gid_t gid;
 
+	DEBUG(10, ("Create local NT token for %s\n", sid_string_static(user_sid)));
+
 	if (!(result = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN))) {
 		DEBUG(0, ("talloc failed\n"));
 		return NULL;
@@ -980,7 +982,9 @@
 NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 {
 	TALLOC_CTX *mem_ctx;
+	struct id_map *ids;
 	NTSTATUS status;
+	BOOL wb = True;
 	size_t i;
 	
 
@@ -1027,17 +1031,40 @@
 	server_info->groups = NULL;
 
 	/* Start at index 1, where the groups start. */
+	ids = talloc_zero_array(mem_ctx, struct id_map, server_info->ptok->num_sids);
+	for (i = 0; i < server_info->ptok->num_sids-1; i++) {
+		ids[i].sid = &server_info->ptok->user_sids[i + 1]; /* store the sids */
+	}
 
-	for (i=1; i<server_info->ptok->num_sids; i++) {
-		gid_t gid;
-		DOM_SID *sid = &server_info->ptok->user_sids[i];
+	if (!winbind_sids_to_unixids(ids, server_info->ptok->num_sids-1)) {
+		DEBUG(2, ("Query to map secondary SIDs failed!\n"));
+		if (!winbind_ping()) {
+			DEBUG(2, ("Winbindd is not running, will try to map SIDs one by one with legacy code\n"));
+			wb = False;
+		}
+	}
 
-		if (!sid_to_gid(sid, &gid)) {
+	for (i = 0; i < server_info->ptok->num_sids-1; i++) {
+		gid_t agid;
+
+		if (wb) {
+			if (ids[i].status != ID_MAPPED) {
 			DEBUG(10, ("Could not convert SID %s to gid, "
-				   "ignoring it\n", sid_string_static(sid)));
+					   "ignoring it\n", sid_string_static(ids[i].sid)));
 			continue;
 		}
-		if (!add_gid_to_array_unique(server_info, gid, &server_info->groups,
+			if (ids[i].xid.type == ID_TYPE_UID) {
+				DEBUG(10, ("SID %s is a User ID (%u) not a Group ID, "
+					   "ignoring it\n", sid_string_static(ids[i].sid), ids[i].xid.id));
+				continue;
+			}
+			agid = (gid_t)ids[i].xid.id;
+		} else {
+			if (! sid_to_gid(ids[i].sid, &agid)) {
+				continue;
+			}
+		}
+		if (!add_gid_to_array_unique(server_info, agid, &server_info->groups,
 					&server_info->n_groups)) {
 			TALLOC_FREE(mem_ctx);
 			return NT_STATUS_NO_MEMORY;
@@ -2012,7 +2039,7 @@
  Duplicate a SID token.
 ****************************************************************************/
 
-NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, NT_USER_TOKEN *ptoken)
+NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, const NT_USER_TOKEN *ptoken)
 {
 	NT_USER_TOKEN *token;