svn commit: samba r23048 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch

Mon May 21 20:36:23 GMT 2007

Author: jerry
Date: 2007-05-21 20:36:22 +0000 (Mon, 21 May 2007)
New Revision: 23048

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23048

Log:
Simo is correct in that winbind_lookup{sid,name}_async() needs
to be able to handle SIDs in the S-1-22-{1,2} domain in order
for winbindd_sid_to_uid(), et. al. to succeed.  For 3.0.25a,
we will short circuit in the sid_to_uid() family of functions
so that smbd is ok.

For 3.0.26, we need to allow winbindd to handle all types of SIDs.


Modified:
   branches/SAMBA_3_0/source/nsswitch/idmap.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_util.c
   branches/SAMBA_3_0_26/source/nsswitch/idmap.c
   branches/SAMBA_3_0_26/source/nsswitch/winbindd_passdb.c
   branches/SAMBA_3_0_26/source/nsswitch/winbindd_util.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/idmap.c
===================================================================

--- branches/SAMBA_3_0/source/nsswitch/idmap.c	2007-05-21 19:53:57 UTC (rev 23047)
+++ branches/SAMBA_3_0/source/nsswitch/idmap.c	2007-05-21 20:36:22 UTC (rev 23048)
@@ -821,7 +821,10 @@
 	/* Check we do not create mappings for our own local domain, or BUILTIN or special SIDs */
 	if ((sid_compare_domain(map->sid, get_global_sam_sid()) == 0) ||
 	    sid_check_is_in_builtin(map->sid) ||
-	    sid_check_is_in_wellknown_domain(map->sid)) {
+	    sid_check_is_in_wellknown_domain(map->sid) ||
+	    sid_check_is_in_unix_users(map->sid) ||
+	    sid_check_is_in_unix_groups(map->sid) ) 
+	{
 		DEBUG(10, ("We are not supposed to create mappings for our own domains (local, builtin, specials)\n"));
 		return NT_STATUS_UNSUCCESSFUL;
 	}

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c	2007-05-21 19:53:57 UTC (rev 23047)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c	2007-05-21 20:36:22 UTC (rev 23048)
@@ -125,7 +125,12 @@
 
 	/* Paranoia check */
 	if (!sid_check_is_in_builtin(sid) &&
-	    !sid_check_is_in_our_domain(sid)) {
+	    !sid_check_is_in_our_domain(sid) &&
+	    !sid_check_is_in_unix_users(sid) &&
+	    !sid_check_is_unix_users(sid) &&
+	    !sid_check_is_in_unix_groups(sid) &&
+	    !sid_check_is_unix_groups(sid) )
+	{
 		DEBUG(0, ("Possible deadlock: Trying to lookup SID %s with "
 			  "passdb backend\n", sid_string_static(sid)));
 		return NT_STATUS_NONE_MAPPED;

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_util.c	2007-05-21 19:53:57 UTC (rev 23047)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_util.c	2007-05-21 20:36:22 UTC (rev 23048)
@@ -914,6 +914,17 @@
 		return find_domain_from_sid(sid);
 	}
 
+	/* SIDs in the S-1-22-{1,2} domain should be handled by our passdb */
+
+	if ( sid_check_is_in_unix_groups(sid) || 
+	     sid_check_is_unix_groups(sid) ||
+	     sid_check_is_in_unix_users(sid) ||
+	     sid_check_is_unix_users(sid) )
+	{
+		return find_domain_from_sid(get_global_sam_sid());
+	}
+	
+
 	/* On a member server a query for SID or name can always go to our
 	 * primary DC. */
 
@@ -927,6 +938,14 @@
 	    strequal(domain_name, get_global_sam_name()))
 		return find_domain_from_name_noinit(domain_name);
 
+	/* The "Unix User" and "Unix Group" domain our handled by passdb */
+
+	if ( strequal(domain_name, unix_users_domain_name() ) ||
+	     strequal(domain_name, unix_groups_domain_name() ) )
+	{
+		return find_domain_from_name_noinit( get_global_sam_name() );
+	}
+
 	return find_our_domain();
 }
 

Modified: branches/SAMBA_3_0_26/source/nsswitch/idmap.c
===================================================================
--- branches/SAMBA_3_0_26/source/nsswitch/idmap.c	2007-05-21 19:53:57 UTC (rev 23047)
+++ branches/SAMBA_3_0_26/source/nsswitch/idmap.c	2007-05-21 20:36:22 UTC (rev 23048)
@@ -821,7 +821,10 @@
 	/* Check we do not create mappings for our own local domain, or BUILTIN or special SIDs */
 	if ((sid_compare_domain(map->sid, get_global_sam_sid()) == 0) ||
 	    sid_check_is_in_builtin(map->sid) ||
-	    sid_check_is_in_wellknown_domain(map->sid)) {
+	    sid_check_is_in_wellknown_domain(map->sid) ||
+	    sid_check_is_in_unix_users(map->sid) ||
+	    sid_check_is_in_unix_groups(map->sid) ) 
+	{
 		DEBUG(10, ("We are not supposed to create mappings for our own domains (local, builtin, specials)\n"));
 		return NT_STATUS_UNSUCCESSFUL;
 	}

Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_passdb.c
===================================================================
--- branches/SAMBA_3_0_26/source/nsswitch/winbindd_passdb.c	2007-05-21 19:53:57 UTC (rev 23047)
+++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_passdb.c	2007-05-21 20:36:22 UTC (rev 23048)
@@ -125,7 +125,12 @@
 
 	/* Paranoia check */
 	if (!sid_check_is_in_builtin(sid) &&
-	    !sid_check_is_in_our_domain(sid)) {
+	    !sid_check_is_in_our_domain(sid) &&
+	    !sid_check_is_in_unix_users(sid) &&
+	    !sid_check_is_unix_users(sid) &&
+	    !sid_check_is_in_unix_groups(sid) &&
+	    !sid_check_is_unix_groups(sid) )
+	{
 		DEBUG(0, ("Possible deadlock: Trying to lookup SID %s with "
 			  "passdb backend\n", sid_string_static(sid)));
 		return NT_STATUS_NONE_MAPPED;

Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_util.c
===================================================================
--- branches/SAMBA_3_0_26/source/nsswitch/winbindd_util.c	2007-05-21 19:53:57 UTC (rev 23047)
+++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_util.c	2007-05-21 20:36:22 UTC (rev 23048)
@@ -923,6 +923,17 @@
 		return find_domain_from_sid(sid);
 	}
 
+	/* SIDs in the S-1-22-{1,2} domain should be handled by our passdb */
+
+	if ( sid_check_is_in_unix_groups(sid) || 
+	     sid_check_is_unix_groups(sid) ||
+	     sid_check_is_in_unix_users(sid) ||
+	     sid_check_is_unix_users(sid) )
+	{
+		return find_domain_from_sid(get_global_sam_sid());
+	}
+	
+
 	/* On a member server a query for SID or name can always go to our
 	 * primary DC. */
 
@@ -936,6 +947,14 @@
 	    strequal(domain_name, get_global_sam_name()))
 		return find_domain_from_name_noinit(domain_name);
 
+	/* The "Unix User" and "Unix Group" domain our handled by passdb */
+
+	if ( strequal(domain_name, unix_users_domain_name() ) ||
+	     strequal(domain_name, unix_groups_domain_name() ) )
+	{
+		return find_domain_from_name_noinit( get_global_sam_name() );
+	}
+
 	return find_our_domain();
 }
 

