[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-4947-gcc1c764
Stefan Metzmacher
metze at samba.org
Fri Feb 13 14:29:04 GMT 2009
The branch, v3-3-test has been updated
via cc1c764effd07bb124b5b5cf03fb5a4565c8ed36 (commit)
via 490f7214f0d26e7466f0fdfb978e4b09f2433146 (commit)
from 3077f2ab45b08595b4849add56110a37069d12ec (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit cc1c764effd07bb124b5b5cf03fb5a4565c8ed36
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 11 11:47:41 2009 +0100
s3:auth: only create_local_token() should add S-1-22-X-Y sids
metze
(cherry picked from commit e7f7ed8bf6281ef01aca53ea44acdd4af4c51aa7)
commit 490f7214f0d26e7466f0fdfb978e4b09f2433146
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 11 11:46:18 2009 +0100
s3:auth: add S-1-22-X-Y sids to the local token
metze
(cherry picked from commit f14e4d4e54f424c05147cb0e635c9b8930270262)
-----------------------------------------------------------------------
Summary of changes:
source/auth/auth_util.c | 65 +++++++++++++++++++++++++++-------------------
1 files changed, 38 insertions(+), 27 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 9ee19ca..b84c168 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -555,9 +555,6 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
struct passwd *pwd;
gid_t *gids;
auth_serversupplied_info *result;
- int i;
- size_t num_gids;
- DOM_SID unix_group_sid;
const char *username = pdb_get_username(sampass);
NTSTATUS status;
@@ -629,30 +626,6 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
}
}
- /* Add the "Unix Group" SID for each gid to catch mapped groups
- and their Unix equivalent. This is to solve the backwards
- compatibility problem of 'valid users = +ntadmin' where
- ntadmin has been paired with "Domain Admins" in the group
- mapping table. Otherwise smb.conf would need to be changed
- to 'valid user = "Domain Admins"'. --jerry */
-
- num_gids = result->num_sids;
- for ( i=0; i<num_gids; i++ ) {
- if ( !gid_to_unix_groups_sid( gids[i], &unix_group_sid ) ) {
- DEBUG(1,("make_server_info_sam: Failed to create SID "
- "for gid %d!\n", gids[i]));
- continue;
- }
- status = add_sid_to_array_unique(result, &unix_group_sid,
- &result->sids,
- &result->num_sids);
- if (!NT_STATUS_IS_OK(status)) {
- result->sam_account = NULL; /* Don't free on error exit. */
- TALLOC_FREE(result);
- return status;
- }
- }
-
/* For now we throw away the gids and convert via sid_to_gid
* later. This needs fixing, but I'd like to get the code straight and
* simple first. */
@@ -719,6 +692,7 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
{
NTSTATUS status;
size_t i;
+ struct dom_sid tmp_sid;
/*
* If winbind is not around, we can not make much use of the SIDs the
@@ -771,7 +745,44 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
&server_info->utok.ngroups);
}
+ /*
+ * Add the "Unix Group" SID for each gid to catch mapped groups
+ * and their Unix equivalent. This is to solve the backwards
+ * compatibility problem of 'valid users = +ntadmin' where
+ * ntadmin has been paired with "Domain Admins" in the group
+ * mapping table. Otherwise smb.conf would need to be changed
+ * to 'valid user = "Domain Admins"'. --jerry
+ *
+ * For consistency we also add the "Unix User" SID,
+ * so that the complete unix token is represented within
+ * the nt token.
+ */
+
+ if (!uid_to_unix_users_sid(server_info->utok.uid, &tmp_sid)) {
+ DEBUG(1,("create_local_token: Failed to create SID "
+ "for uid %d!\n", server_info->utok.uid));
+ }
+ add_sid_to_array_unique(server_info->ptok, &tmp_sid,
+ &server_info->ptok->user_sids,
+ &server_info->ptok->num_sids);
+
+ for ( i=0; i<server_info->utok.ngroups; i++ ) {
+ if (!gid_to_unix_groups_sid( server_info->utok.groups[i], &tmp_sid ) ) {
+ DEBUG(1,("create_local_token: Failed to create SID "
+ "for gid %d!\n", server_info->utok.groups[i]));
+ continue;
+ }
+ add_sid_to_array_unique(server_info->ptok, &tmp_sid,
+ &server_info->ptok->user_sids,
+ &server_info->ptok->num_sids);
+ }
+
debug_nt_user_token(DBGC_AUTH, 10, server_info->ptok);
+ debug_unix_user_token(DBGC_AUTH, 10,
+ server_info->utok.uid,
+ server_info->utok.gid,
+ server_info->utok.ngroups,
+ server_info->utok.groups);
status = log_nt_token(server_info->ptok);
return status;
--
Samba Shared Repository
More information about the samba-cvs
mailing list