disable storing S-1-22-{1,2} SIDs in the Sid to uid/gid cache

[Gerald (Jerry) Carter]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here's a small patch to fix a bug in the SID to gid/uid
cache.  The problem is this:

Assume we have a gid of 1007 mapped to a real SID
in the machine's domain.  Both the S-1-22-2-1007 and
S-1-32-5-XXX-XXX-XX-XXX SIDs will map to the same
gid.  The gid should always map back to the SID in
the machine's domain since that is the important one.

So I'm disabling storing S-1-22-{1,2}-XX SIDs in
the cache.  This fixes a problem with the token creation
based on the order of SIDs in the cache.

This will be in 3.0.23c (and is the absolute last
bug before tomorrow's release...hopefully).




cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE9ypDIR7qMdg1EfYRAiIaAJ9l3k5jNgIoU6/qoqjPXfYtbRM10wCfT693
SffpEXLtmZqQp4YL3DvBZz0=
=F4xb
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: passdb/lookup_sid.c
===================================================================
--- passdb/lookup_sid.c	(revision 17968)
+++ passdb/lookup_sid.c	(working copy)
@@ -951,6 +951,11 @@
 {
 	struct uid_sid_cache *pc;
 
+	/* do not store SIDs in the "Unix Group" domain */
+	
+	if ( sid_check_is_in_unix_users( psid ) )
+		return;
+
 	if (n_uid_sid_cache >= MAX_UID_SID_CACHE_SIZE && n_uid_sid_cache > TURNOVER_UID_SID_CACHE_SIZE) {
 		/* Delete the last TURNOVER_UID_SID_CACHE_SIZE entries. */
 		struct uid_sid_cache *pc_next;
@@ -1022,6 +1027,11 @@
 void store_gid_sid_cache(const DOM_SID *psid, gid_t gid)
 {
 	struct gid_sid_cache *pc;
+	
+	/* do not store SIDs in the "Unix Group" domain */
+	
+	if ( sid_check_is_in_unix_groups( psid ) )
+		return;
 
 	if (n_gid_sid_cache >= MAX_GID_SID_CACHE_SIZE && n_gid_sid_cache > TURNOVER_GID_SID_CACHE_SIZE) {
 		/* Delete the last TURNOVER_GID_SID_CACHE_SIZE entries. */