[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-3728-ga2b9857
Jeremy Allison
jra at samba.org
Fri Aug 15 22:32:04 GMT 2008
The branch, v3-3-test has been updated
via a2b985751fa6f02ac30c3cef3504a51676a43e92 (commit)
from ab46a73a88d334691c5a00311a02f9a2cbbec63a (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit a2b985751fa6f02ac30c3cef3504a51676a43e92
Author: Herb Lewis <hlewis at panasas.com>
Date: Fri Aug 15 15:30:38 2008 -0700
I think the problem with these functions is that lookup_usergroups
should never include the user SID.
The comment for the function in winbindd/winbindd_ads.c says
/* Lookup groups a user is a member of. */
The following patch makes the wbinfo calls return the correct data
before and after a login.
binfo --user-domgroups and --user-sids
-----------------------------------------------------------------------
Summary of changes:
source/lib/util_sid.c | 34 +++++++++++++++++-----------------
source/winbindd/winbindd_util.c | 2 +-
2 files changed, 18 insertions(+), 18 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c
index 6b83f9c..53614ed 100644
--- a/source/lib/util_sid.c
+++ b/source/lib/util_sid.c
@@ -678,9 +678,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
int i;
if (include_user_group_rid) {
-
- if (!sid_compose(&sid, info3->base.domain_sid, info3->base.rid))
- {
+ if (!sid_compose(&sid, info3->base.domain_sid, info3->base.rid)) {
DEBUG(3, ("could not compose user SID from rid 0x%x\n",
info3->base.rid));
return NT_STATUS_INVALID_PARAMETER;
@@ -691,25 +689,27 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
info3->base.rid));
return status;
}
+ }
- if (!sid_compose(&sid, info3->base.domain_sid, info3->base.primary_gid))
- {
- DEBUG(3, ("could not compose group SID from rid 0x%x\n",
- info3->base.primary_gid));
- return NT_STATUS_INVALID_PARAMETER;
- }
- status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(3, ("could not append group SID from rid 0x%x\n",
- info3->base.rid));
- return status;
- }
+ if (!sid_compose(&sid, info3->base.domain_sid, info3->base.primary_gid)) {
+ DEBUG(3, ("could not compose group SID from rid 0x%x\n",
+ info3->base.primary_gid));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("could not append group SID from rid 0x%x\n",
+ info3->base.rid));
+ return status;
}
for (i = 0; i < info3->base.groups.count; i++) {
+ /* Don't add the primary group sid twice. */
+ if (info3->base.primary_gid == info3->base.groups.rids[i].rid) {
+ continue;
+ }
if (!sid_compose(&sid, info3->base.domain_sid,
- info3->base.groups.rids[i].rid))
- {
+ info3->base.groups.rids[i].rid)) {
DEBUG(3, ("could not compose SID from additional group "
"rid 0x%x\n", info3->base.groups.rids[i].rid));
return NT_STATUS_INVALID_PARAMETER;
diff --git a/source/winbindd/winbindd_util.c b/source/winbindd/winbindd_util.c
index f1da578..77b1778 100644
--- a/source/winbindd/winbindd_util.c
+++ b/source/winbindd/winbindd_util.c
@@ -1333,7 +1333,7 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain,
status = sid_array_from_info3(mem_ctx, info3,
user_sids,
&num_groups,
- true, true);
+ false, true);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(info3);
--
Samba Shared Repository
More information about the samba-cvs
mailing list