[PATCH] Use idmap in pdb_set_sam_sids()

Tue Aug 17 02:45:28 GMT 2004

We have deployed nss_ldap with a custom idmap plugin, rather than using
a passdb backend. It appears that the primary user and group SIDs are
always mapped algorhtimically, whilst secondary groups are correctly
mapped using winbindd.

The attached patch to pdb_set_sam_sids() will attempt to call
uid_to_sid() and gid_to_sid() on the user's POSIX UID and GID 
(respectively). Otherwise it falls back to the old behaviour.

Patch is against 3.0.6rc2.

regards,

-- Luke

-------------- next part --------------
Index: source/passdb/passdb.c
===================================================================
RCS file: /home/project/cvs/samba/source/passdb/passdb.c,v
retrieving revision 1.1.1.7
retrieving revision 1.2
diff -u -r1.1.1.7 -r1.2

--- source/passdb/passdb.c	16 Aug 2004 01:26:09 -0000	1.1.1.7
+++ source/passdb/passdb.c	17 Aug 2004 02:36:14 -0000	1.2
@@ -190,7 +190,9 @@
 	const char *guest_account = lp_guestaccount();
 	GROUP_MAP map;
 	BOOL ret;
-	
+	DOM_SID user_sid;
+	DOM_SID group_sid;
+
 	if (!account_data || !pwd) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
@@ -213,7 +215,12 @@
 		}
 	}
 
-	if (!pdb_set_user_sid_from_rid(account_data, fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
+	if (NT_STATUS_IS_OK(uid_to_sid(&user_sid, pwd->pw_uid))) {
+		if (!pdb_set_user_sid(account_data, &user_sid, PDB_SET)) {
+			DEBUG(0,("Can't set User SID from mapped UID\n"));
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+	} else if (!pdb_set_user_sid_from_rid(account_data, fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
 		DEBUG(0,("Can't set User SID from RID!\n"));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
@@ -230,7 +237,12 @@
 		}
 	} 
 	else {
-		if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
+		if (NT_STATUS_IS_OK(gid_to_sid(&group_sid, pwd->pw_gid))) {
+			if (!pdb_set_group_sid(account_data, &group_sid, PDB_SET)) {
+				DEBUG(0,("Can't set Group SID from mapped GID\n"));
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+		} else if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
 			DEBUG(0,("Can't set Group SID\n"));
 			return NT_STATUS_INVALID_PARAMETER;
 		}
