[Samba] Problem using 2.0.23 client in a domain with a Samba 2.0.20c PDC.

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Thu Jul 13 17:43:31 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/13/2006 01:27 PM, Andreas Hasenack escreveu:
> On Thu, Jul 13, 2006 at 01:01:27PM +0200, Volker Lendecke wrote:
>>The attached patch adds the S-1-22-1-<uid> to the user's
>>token. It is a bit larger than strictly necessary, but the
>>minimum diff size would have made the code a bit clumsy.
>
> I think the patch was removed, or you forgot to attach it. If
> the later, could you please send it again? Has it been commited
> already?

	I got the following patch (inline) attached from Volker's
original message, hope it helps. Kind regards,

brownpaperbag.diff:
Index: auth/auth_util.c
===================================================================
- --- auth/auth_util.c	(Revision 17003)
+++ auth/auth_util.c	(Arbeitskopie)
@@ -963,23 +963,48 @@
 						    &server_info->gid,
 						    &server_info->unix_name,
 						    &server_info->ptok);
- -		
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(mem_ctx);
+			return status;
+		}
 	} else {
- -		server_info->ptok = create_local_nt_token(
+		struct nt_user_token *token;
+
+		token = create_local_nt_token(
 			server_info,
 			pdb_get_user_sid(server_info->sam_account),
 			pdb_get_group_sid(server_info->sam_account),
 			server_info->guest,
 			server_info->num_sids, server_info->sids);
- -		status = server_info->ptok ?
- -			NT_STATUS_OK : NT_STATUS_NO_SUCH_USER;
+
+		if (token == NULL) {
+			TALLOC_FREE(mem_ctx);
+			return NT_STATUS_NO_SUCH_USER;
+		}
+
+		/*
+		 * We need to add the unix user sid as not necessarily the
+		 * unix username resolves to the domain user sid. This is an
+		 * artifact of an incomplete lookup_name/sid implementation
+		 * when winbind is not around.
+		 */
+
+		if (!winbind_ping()) {
+			DOM_SID unix_user_sid;
+			uid_to_unix_users_sid(server_info->uid,
+					      &unix_user_sid);
+
+			add_sid_to_array(token, &unix_user_sid,
+					 &token->user_sids, &token->num_sids);
+			if (token->user_sids == NULL) {
+				TALLOC_FREE(mem_ctx);
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+		server_info->ptok = token;
+		status = NT_STATUS_OK;
 	}

- -	if (!NT_STATUS_IS_OK(status)) {
- -		TALLOC_FREE(mem_ctx);
- -		return status;
- -	}
- -	
 	/* Convert the SIDs to gids. */

 	server_info->n_groups = 0;


- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFEtoZDCj65ZxU4gPQRAgSkAJ0fXY+mBjTgEU8I/g8JModKl/K8UQCfTRYH
Nv1SIVSVCyMXSaZKEsERgEs=
=Qw27
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list