[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha6-846-ge7f7ed8

Stefan Metzmacher metze at samba.org
Fri Feb 13 09:40:52 GMT 2009


The branch, master has been updated
       via  e7f7ed8bf6281ef01aca53ea44acdd4af4c51aa7 (commit)
       via  f14e4d4e54f424c05147cb0e635c9b8930270262 (commit)
      from  c2f7f1b40b20e20fbc111fba59adc49a35f4fda0 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit e7f7ed8bf6281ef01aca53ea44acdd4af4c51aa7
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Feb 11 11:47:41 2009 +0100

    s3:auth: only create_local_token() should add S-1-22-X-Y sids
    
    metze

commit f14e4d4e54f424c05147cb0e635c9b8930270262
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Feb 11 11:46:18 2009 +0100

    s3:auth: add S-1-22-X-Y sids to the local token
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 source3/auth/auth_util.c |   65 +++++++++++++++++++++++++++-------------------
 1 files changed, 38 insertions(+), 27 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 892e5c4..1f00e22 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -572,9 +572,6 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
 	struct passwd *pwd;
 	gid_t *gids;
 	auth_serversupplied_info *result;
-	int i;
-	size_t num_gids;
-	DOM_SID unix_group_sid;
 	const char *username = pdb_get_username(sampass);
 	NTSTATUS status;
 
@@ -646,30 +643,6 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
 		}
 	}
 
-	/* Add the "Unix Group" SID for each gid to catch mapped groups
-	   and their Unix equivalent.  This is to solve the backwards 
-	   compatibility problem of 'valid users = +ntadmin' where 
-	   ntadmin has been paired with "Domain Admins" in the group 
-	   mapping table.  Otherwise smb.conf would need to be changed
-	   to 'valid user = "Domain Admins"'.  --jerry */
-	
-	num_gids = result->num_sids;
-	for ( i=0; i<num_gids; i++ ) {
-		if ( !gid_to_unix_groups_sid( gids[i], &unix_group_sid ) ) {
-			DEBUG(1,("make_server_info_sam: Failed to create SID "
-				"for gid %d!\n", gids[i]));
-			continue;
-		}
-		status = add_sid_to_array_unique(result, &unix_group_sid,
-						 &result->sids,
-						 &result->num_sids);
-		if (!NT_STATUS_IS_OK(status)) {
-			result->sam_account = NULL; /* Don't free on error exit. */
-			TALLOC_FREE(result);
-			return status;
-		}
-	}
-
 	/* For now we throw away the gids and convert via sid_to_gid
 	 * later. This needs fixing, but I'd like to get the code straight and
 	 * simple first. */
@@ -736,6 +709,7 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 {
 	NTSTATUS status;
 	size_t i;
+	struct dom_sid tmp_sid;
 
 	/*
 	 * If winbind is not around, we can not make much use of the SIDs the
@@ -788,7 +762,44 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 					&server_info->utok.ngroups);
 	}
 
+	/*
+	 * Add the "Unix Group" SID for each gid to catch mapped groups
+	 * and their Unix equivalent.  This is to solve the backwards
+	 * compatibility problem of 'valid users = +ntadmin' where
+	 * ntadmin has been paired with "Domain Admins" in the group
+	 * mapping table.  Otherwise smb.conf would need to be changed
+	 * to 'valid user = "Domain Admins"'.  --jerry
+	 *
+	 * For consistency we also add the "Unix User" SID,
+	 * so that the complete unix token is represented within
+	 * the nt token.
+	 */
+
+	if (!uid_to_unix_users_sid(server_info->utok.uid, &tmp_sid)) {
+		DEBUG(1,("create_local_token: Failed to create SID "
+			"for uid %d!\n", server_info->utok.uid));
+	}
+	add_sid_to_array_unique(server_info->ptok, &tmp_sid,
+				&server_info->ptok->user_sids,
+				&server_info->ptok->num_sids);
+
+	for ( i=0; i<server_info->utok.ngroups; i++ ) {
+		if (!gid_to_unix_groups_sid( server_info->utok.groups[i], &tmp_sid ) ) {
+			DEBUG(1,("create_local_token: Failed to create SID "
+				"for gid %d!\n", server_info->utok.groups[i]));
+			continue;
+		}
+		add_sid_to_array_unique(server_info->ptok, &tmp_sid,
+					&server_info->ptok->user_sids,
+					&server_info->ptok->num_sids);
+	}
+
 	debug_nt_user_token(DBGC_AUTH, 10, server_info->ptok);
+	debug_unix_user_token(DBGC_AUTH, 10,
+			      server_info->utok.uid,
+			      server_info->utok.gid,
+			      server_info->utok.ngroups,
+			      server_info->utok.groups);
 
 	status = log_nt_token(server_info->ptok);
 	return status;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list