[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3455-gebd7f45

Stefan Metzmacher metze at samba.org
Fri Feb 13 15:40:11 GMT 2009 

The branch, v3-2-test has been updated
       via  ebd7f45f9fe12b15dacc8ba52006ca25cb14fa0d (commit)
       via  2ac198ed8e219ce57d811d199cbdb1ae10770b15 (commit)
      from  566f4e92390312feddedf16f2175139ef62ac45e (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit ebd7f45f9fe12b15dacc8ba52006ca25cb14fa0d
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Feb 11 11:47:41 2009 +0100

    s3:auth: only create_local_token() should add S-1-22-X-Y sids
    
    metze
    (cherry picked from commit e7f7ed8bf6281ef01aca53ea44acdd4af4c51aa7)
    (cherry picked from commit cc1c764effd07bb124b5b5cf03fb5a4565c8ed36)

commit 2ac198ed8e219ce57d811d199cbdb1ae10770b15
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Feb 11 11:46:18 2009 +0100

    s3:auth: add S-1-22-X-Y sids to the local token
    
    metze
    (cherry picked from commit f14e4d4e54f424c05147cb0e635c9b8930270262)
    (cherry picked from commit 490f7214f0d26e7466f0fdfb978e4b09f2433146)

-----------------------------------------------------------------------

Summary of changes:
 source/auth/auth_util.c |   75 +++++++++++++++++++++++++----------------------
 1 files changed, 40 insertions(+), 35 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 2f9cfa3..2039e92 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -547,9 +547,6 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
 	struct passwd *pwd;
 	gid_t *gids;
 	auth_serversupplied_info *result;
-	int i;
-	size_t num_gids;
-	DOM_SID unix_group_sid;
 	const char *username = pdb_get_username(sampass);
 	NTSTATUS status;
 
@@ -614,30 +611,6 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
 		}
 	}
 
-	/* Add the "Unix Group" SID for each gid to catch mapped groups
-	   and their Unix equivalent.  This is to solve the backwards 
-	   compatibility problem of 'valid users = +ntadmin' where 
-	   ntadmin has been paired with "Domain Admins" in the group 
-	   mapping table.  Otherwise smb.conf would need to be changed
-	   to 'valid user = "Domain Admins"'.  --jerry */
-	
-	num_gids = result->num_sids;
-	for ( i=0; i<num_gids; i++ ) {
-		if ( !gid_to_unix_groups_sid( gids[i], &unix_group_sid ) ) {
-			DEBUG(1,("make_server_info_sam: Failed to create SID "
-				"for gid %d!\n", gids[i]));
-			continue;
-		}
-		status = add_sid_to_array_unique(result, &unix_group_sid,
-						 &result->sids,
-						 &result->num_sids);
-		if (!NT_STATUS_IS_OK(status)) {
-			result->sam_account = NULL; /* Don't free on error exit. */
-			TALLOC_FREE(result);
-			return status;
-		}
-	}
-
 	/* For now we throw away the gids and convert via sid_to_gid
 	 * later. This needs fixing, but I'd like to get the code straight and
 	 * simple first. */
@@ -700,13 +673,7 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 	TALLOC_CTX *mem_ctx;
 	NTSTATUS status;
 	size_t i;
-	
-
-	mem_ctx = talloc_new(NULL);
-	if (mem_ctx == NULL) {
-		DEBUG(0, ("talloc_new failed\n"));
-		return NT_STATUS_NO_MEMORY;
-	}
+	struct dom_sid tmp_sid;
 
 	/*
 	 * If winbind is not around, we can not make much use of the SIDs the
@@ -758,8 +725,46 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 		add_gid_to_array_unique(server_info, gid, &server_info->groups,
 					&server_info->n_groups);
 	}
-	
+
+	if (!uid_to_unix_users_sid(server_info->uid, &tmp_sid)) {
+		DEBUG(1,("create_local_token: Failed to create SID "
+			"for uid %d!\n", server_info->uid));
+	}
+	add_sid_to_array_unique(server_info->ptok, &tmp_sid,
+				&server_info->ptok->user_sids,
+				&server_info->ptok->num_sids);
+
+	if (!gid_to_unix_groups_sid( server_info->gid, &tmp_sid)) {
+		DEBUG(1,("create_local_token: Failed to create SID "
+			"for gid %d!\n", server_info->gid));
+	}
+	add_sid_to_array_unique(server_info->ptok, &tmp_sid,
+				&server_info->ptok->user_sids,
+				&server_info->ptok->num_sids);
+
+	for ( i=0; i<server_info->ngroups; i++ ) {
+		if (!gid_to_unix_groups_sid( server_info->groups[i], &tmp_sid ) ) {
+			DEBUG(1,("create_local_token: Failed to create SID "
+				"for gid %d!\n", server_info->groups[i]));
+			continue;
+		}
+		add_sid_to_array_unique(server_info->ptok, &tmp_sid,
+					&server_info->ptok->user_sids,
+					&server_info->ptok->num_sids);
+	}
+
 	debug_nt_user_token(DBGC_AUTH, 10, server_info->ptok);
+	debug_unix_user_token(DBGC_AUTH, 10,
+			      server_info->uid,
+			      server_info->gid,
+			      server_info->ngroups,
+			      server_info->groups);
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		DEBUG(0, ("talloc_new failed\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	status = log_nt_token(mem_ctx, server_info->ptok);
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list