[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha6-1068-g1ff9696

Tim Prouty tprouty at samba.org
Sat Feb 21 22:18:31 GMT 2009 

The branch, master has been updated
       via  1ff9696306894c136015f83456e4c6e039e31e26 (commit)
       via  39b508e38e831f826be254391f7f341bc935f792 (commit)
      from  2ad2b6f723964ed6e5d1d12c8403bd3d4147dc84 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 1ff9696306894c136015f83456e4c6e039e31e26
Author: Tim Prouty <tprouty at samba.org>
Date:   Sat Feb 21 13:57:10 2009 -0800

    Revert "s3 auth: Add parameter that forces every user through an NSS lookup"
    
    After the discussion on samba-technical, it was decided that the best
    answer for now was to revert this change.  The right way to do this is
    to rewrite the token api to use opaque tokens with pluggable modules.
    
    This reverts commit 8e19a288052bca5efdb0277a40c1e0fdd099cc2b.

commit 39b508e38e831f826be254391f7f341bc935f792
Author: Tim Prouty <tprouty at samba.org>
Date:   Sat Feb 21 13:54:43 2009 -0800

    Fix shadowed declaration warning

-----------------------------------------------------------------------

Summary of changes:
 lib/util/util.h          |    2 +-
 source3/auth/auth_util.c |   26 ++++----------------------
 source3/include/proto.h  |    2 --
 source3/param/loadparm.c |   11 -----------
 4 files changed, 5 insertions(+), 36 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/util/util.h b/lib/util/util.h
index 4d4df21..d3e446f 100644
--- a/lib/util/util.h
+++ b/lib/util/util.h
@@ -732,7 +732,7 @@ _PUBLIC_ void close_low_fds(bool stderr_too);
 /**
  Become a daemon, discarding the controlling terminal.
 **/
-_PUBLIC_ void become_daemon(bool fork, bool no_process_group);
+_PUBLIC_ void become_daemon(bool do_fork, bool no_process_group);
 
 /**
  * Load a ini-style file.
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 0dab05b..1f00e22 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -710,8 +710,6 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 	NTSTATUS status;
 	size_t i;
 	struct dom_sid tmp_sid;
-	const char *name_to_use;
-	bool force_nss;
 
 	/*
 	 * If winbind is not around, we can not make much use of the SIDs the
@@ -719,22 +717,11 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 	 * mapped to some local unix user.
 	 */
 
-	DEBUG(10, ("creating token for %s (SAM: %s)\n", server_info->unix_name,
-		server_info->sam_account->username));
-
-	force_nss = lp_force_username_map() && !server_info->nss_token;
 	if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) ||
-	    server_info->nss_token || force_nss) {
-		if (force_nss)
-			name_to_use =
-			    pdb_get_username(server_info->sam_account);
-		else
-			name_to_use = server_info->unix_name;
-
+	    (server_info->nss_token)) {
 		status = create_token_from_username(server_info,
-						    name_to_use,
+						    server_info->unix_name,
 						    server_info->guest,
-						    force_nss,
 						    &server_info->utok.uid,
 						    &server_info->utok.gid,
 						    &server_info->unix_name,
@@ -839,7 +826,6 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 
 NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 				    bool is_guest,
-				    bool force_nss,
 				    uid_t *uid, gid_t *gid,
 				    char **found_username,
 				    struct nt_user_token **token)
@@ -855,9 +841,6 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 	size_t num_gids;
 	size_t i;
 
-	DEBUG(10, ("creating token for %s,%s guest,%s forcing NSS lookup\n",
-		username, is_guest ? "" : " not", force_nss ? "" : " not"));
-
 	tmp_ctx = talloc_new(NULL);
 	if (tmp_ctx == NULL) {
 		DEBUG(0, ("talloc_new failed\n"));
@@ -882,7 +865,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 		goto done;
 	}
 
-	if (sid_check_is_in_our_domain(&user_sid) && !force_nss) {
+	if (sid_check_is_in_our_domain(&user_sid)) {
 		bool ret;
 
 		/* This is a passdb user, so ask passdb */
@@ -924,7 +907,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 		*found_username = talloc_strdup(mem_ctx,
 						pdb_get_username(sam_acct));
 
-	} else 	if (force_nss || sid_check_is_in_unix_users(&user_sid)) {
+	} else 	if (sid_check_is_in_unix_users(&user_sid)) {
 
 		/* This is a unix user not in passdb. We need to ask nss
 		 * directly, without consulting passdb */
@@ -1080,7 +1063,6 @@ bool user_in_group_sid(const char *username, const DOM_SID *group_sid)
 	}
 
 	status = create_token_from_username(mem_ctx, username, False,
-					    lp_force_username_map(),
 					    &uid, &gid, &found_username,
 					    &token);
 
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 587bb29..9dc9719 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -110,7 +110,6 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
 NTSTATUS create_local_token(auth_serversupplied_info *server_info);
 NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 				    bool is_guest,
-				    bool force_nss,
 				    uid_t *uid, gid_t *gid,
 				    char **found_username,
 				    struct nt_user_token **token);
@@ -3971,7 +3970,6 @@ const char *lp_afs_username_map(void);
 int lp_afs_token_lifetime(void);
 char *lp_log_nt_token_command(void);
 char *lp_username_map(void);
-bool lp_force_username_map(void);
 const char *lp_logon_script(void);
 const char *lp_logon_path(void);
 const char *lp_logon_drive(void);
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 3d29f3a..e50ab92 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -144,7 +144,6 @@ struct global {
 	int iAfsTokenLifetime;
 	char *szLogNtTokenCommand;
 	char *szUsernameMap;
-	bool bForceUsernameMap;
 	char *szLogonScript;
 	char *szLogonPath;
 	char *szLogonDrive;
@@ -1283,15 +1282,6 @@ static struct parm_struct parm_table[] = {
 		.flags		= FLAG_ADVANCED,
 	},
 	{
-		.label		= "force username map",
-		.type		= P_BOOL,
-		.p_class	= P_GLOBAL,
-		.ptr		= &Globals.bForceUsernameMap,
-		.special	= NULL,
-		.enum_list	= NULL,
-		.flags		= FLAG_ADVANCED,
-	},
-	{
 		.label		= "password level",
 		.type		= P_INTEGER,
 		.p_class	= P_GLOBAL,
@@ -5246,7 +5236,6 @@ FN_GLOBAL_CONST_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap)
 FN_GLOBAL_INTEGER(lp_afs_token_lifetime, &Globals.iAfsTokenLifetime)
 FN_GLOBAL_STRING(lp_log_nt_token_command, &Globals.szLogNtTokenCommand)
 FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap)
-FN_GLOBAL_BOOL(lp_force_username_map, &Globals.bForceUsernameMap)
 FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript)
 FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath)
 FN_GLOBAL_CONST_STRING(lp_logon_drive, &Globals.szLogonDrive)


-- 
Samba Shared Repository

More information about the samba-cvs mailing list