svn commit: samba r21881 - in branches/SAMBA_3_0/source: nsswitch passdb

jpeach at samba.org jpeach at samba.org
Tue Mar 20 00:13:43 GMT 2007 

Author: jpeach
Date: 2007-03-20 00:13:42 +0000 (Tue, 20 Mar 2007)
New Revision: 21881

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21881

Log:
Make sure we are very specific when testing whether a backand can handle a
particular SID. Make sure that the passdb backend will accept the same set
range of local SIDs that the idmap system sends it.

Simo, Jerry - this is a 3_0_25 candidate. Can you please review?

Modified:
   branches/SAMBA_3_0/source/nsswitch/winbindd_util.c
   branches/SAMBA_3_0/source/passdb/pdb_interface.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_util.c	2007-03-19 22:45:35 UTC (rev 21880)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_util.c	2007-03-20 00:13:42 UTC (rev 21881)
@@ -599,12 +599,18 @@
 struct winbindd_domain *find_domain_from_sid_noinit(const DOM_SID *sid)
 {
 	struct winbindd_domain *domain;
+	uint32 discard;
 
 	/* Search through list */
 
 	for (domain = domain_list(); domain != NULL; domain = domain->next) {
-		if (sid_compare_domain(sid, &domain->sid) == 0)
+		/* We need to use sid_peek_check_rid, because we want 
+		 * to make sure that the SIDs we send to the backends are
+		 * as specific as possible.
+		 */
+		if (sid_peek_check_rid(&domain->sid, sid, &discard) == 0) {
 			return domain;
+		}
 	}
 
 	/* Not found */

Modified: branches/SAMBA_3_0/source/passdb/pdb_interface.c
===================================================================
--- branches/SAMBA_3_0/source/passdb/pdb_interface.c	2007-03-19 22:45:35 UTC (rev 21880)
+++ branches/SAMBA_3_0/source/passdb/pdb_interface.c	2007-03-20 00:13:42 UTC (rev 21881)
@@ -1305,7 +1305,8 @@
 		goto done;
 	}
 
-	if (sid_peek_check_rid(&global_sid_Builtin, sid, &rid)) {
+	if (sid_check_is_in_builtin(sid) ||
+	    sid_check_is_in_wellknown_domain(sid)) {
 		/* Here we only have aliases */
 		GROUP_MAP map;
 		if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, *sid))) {

More information about the samba-cvs mailing list