Centrify Changes to Samba 3.0.20b
Gerald (Jerry) Carter
jerry at samba.org
Mon Jun 26 11:15:01 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Daugherty wrote:
> Attached are all of the significant changes Centrify
> engineers have made to the Samba 3.0.20b base code,
> which our C.E.O has requested that I submit. I
> realize that this is an old code base, and at
> least some of the work attached is probably obsolete.
> However if there is anything of use but needs to
> be updated to the 3.0.23 code base, let me know
> and I will be happy to do it.
>
> Here is a summary of changes.
>
> Winbind - Support for Wndows Name != Unix Name for
> group lookups
>
> Winbind - Added some new background functions so
> that all SID <-> UID/GID mappings flow through the ID mappers
>
> SMBD / SMB.CONF - a configuration flag that prevents
> SMBD from stripping the domain name when it tries to look up
> a user via NSS - prevents confusion where a local
> user happens to be named the same as a windows user.
>
> IDMAP / SMB.CONF - a configuration flag to control whether
> or not SID <-> UID/GID mappings are stored in WINBIND_IDMAP.TDB.
>
> Make changes - for libtdb that I submitted earlier
> that Jeremy has been looking at.
Here's a version with the reformatting changes stripped
out and excluding configure.
$ wc -l CentrifyChanges3.0.20b.diff
1596 CentrifyChanges3.0.20b.diff
$ wc -l centrify-3-0-20b-real.patch
1132 centrify-3-0-20b-real.patch
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFEn8G0IR7qMdg1EfYRAga6AKDnvsJCNFkjFw4FLc0rjtlDs7FM4wCglLb5
D1LLx2thMYzW9tQst/q59gA=
=R2L3
-----END PGP SIGNATURE-----
-------------- next part --------------
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/auth/auth_server.c samba-3.0.20b-centrify/source/auth/auth_server.c
--- samba-3.0.20b/source/auth/auth_server.c 2006-06-26 06:09:21.000000000 -0500
+++ samba-3.0.20b-centrify/source/auth/auth_server.c 2006-06-26 06:08:52.000000000 -0500
@@ -459,7 +459,16 @@
if ((pass = smb_getpwnam (user_info->internal_username.str,
real_username, True)) != NULL)
{
- nt_status = make_server_info_pw (server_info, pass->pw_name, pass);
+ /*
+ * 2006/03/21 DDaugher
+ * Pass in NULL to satisify new make_server_info_pw interface.
+ * If no Windows User Name is supplied, the code falls back
+ * to the old behavior of trying the Unix name to lookup groups
+ * member ship. This will work as long as the Windows user name
+ * is the same as the Unix user name.
+ */
+ nt_status =
+ make_server_info_pw (server_info, pass->pw_name, NULL, pass);
passwd_free (&pass);
}
else
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/auth/auth_unix.c samba-3.0.20b-centrify/source/auth/auth_unix.c
--- samba-3.0.20b/source/auth/auth_unix.c 2006-06-26 06:09:21.000000000 -0500
+++ samba-3.0.20b-centrify/source/auth/auth_unix.c 2006-06-26 06:08:52.000000000 -0500
@@ -116,7 +116,15 @@
{
if (pass)
{
- make_server_info_pw (server_info, pass->pw_name, pass);
+ /*
+ * 2006/03/21 DDaugher
+ * Pass in NULL to satisify new make_server_info_pw interface.
+ * If no Windows User Name is supplied, the code falls back
+ * to the old behavior of trying the Unix name to lookup groups
+ * member ship. This will work as long as the Windows user name
+ * is the same as the Unix user name.
+ */
+ make_server_info_pw (server_info, pass->pw_name, NULL, pass);
}
else
{
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/auth/auth_util.c samba-3.0.20b-centrify/source/auth/auth_util.c
--- samba-3.0.20b/source/auth/auth_util.c 2006-06-26 06:09:21.000000000 -0500
+++ samba-3.0.20b-centrify/source/auth/auth_util.c 2006-06-26 06:08:52.000000000 -0500
@@ -835,7 +835,7 @@
static NTSTATUS
add_user_groups (auth_serversupplied_info ** server_info,
- const char *unix_username,
+ const char *username,
SAM_ACCOUNT * sampass, uid_t uid, gid_t gid)
{
NTSTATUS nt_status;
@@ -848,12 +848,15 @@
BOOL is_guest;
uint32 rid;
- nt_status = get_user_groups (unix_username, uid, gid,
+ DEBUG (4, ("add_user_groups for: %s\n", username));
+
+ nt_status = get_user_groups (username, uid, gid,
&n_groupSIDs, &groupSIDs, &unix_groups);
if (!NT_STATUS_IS_OK (nt_status))
{
- DEBUG (4, ("get_user_groups_from_local_sam failed\n"));
+ DEBUG (4,
+ ("get_user_groups_from_local_sam failed for: %s\n", username));
free_server_info (server_info);
return nt_status;
}
@@ -933,7 +936,8 @@
NTSTATUS
make_server_info_pw (auth_serversupplied_info ** server_info,
- char *unix_username, struct passwd * pwd)
+ char *unix_username,
+ char *nt_username, struct passwd * pwd)
{
NTSTATUS nt_status;
SAM_ACCOUNT *sampass = NULL;
@@ -948,16 +952,35 @@
(*server_info)->sam_account = sampass;
- if (!NT_STATUS_IS_OK
- (nt_status =
- add_user_groups (server_info, unix_username, sampass, pwd->pw_uid,
- pwd->pw_gid)))
+ /*
+ * 2006/3/21 DDaugher
+ * nt_username is for the case where the Windows user name
+ * is not the same as the Unix user name. We want to use
+ * the Windows user name to lookup the group membership.
+ */
+ if (nt_username)
{
- return nt_status;
+
+ DEBUG (4,
+ ("make_server_info_pw: calling add_user_group nt_username=%s\n",
+ nt_username));
+
+ nt_status = add_user_groups (server_info, nt_username,
+ sampass, pwd->pw_uid, pwd->pw_gid);
+
+ pdb_set_nt_username ((*server_info)->sam_account,
+ nt_username, PDB_CHANGED);
+ }
+ else
+ {
+ nt_status = add_user_groups (server_info, unix_username,
+ sampass, pwd->pw_uid, pwd->pw_gid);
}
- (*server_info)->unix_name = smb_xstrdup (unix_username);
+ if (!NT_STATUS_IS_OK (nt_status))
+ return nt_status;
+ (*server_info)->unix_name = smb_xstrdup (unix_username);
(*server_info)->sam_fill_level = SAM_FILL_ALL;
(*server_info)->uid = pwd->pw_uid;
(*server_info)->gid = pwd->pw_gid;
@@ -1117,7 +1141,8 @@
char *p;
fstring username;
- /* we only save a copy of the username it has been mangled
+
+ /* we only save a copy of the username if has been mangled
by winbindd use default domain */
save_username[0] = '\0';
@@ -1127,6 +1152,8 @@
fstrcpy (username, domuser);
+ DEBUG (10, ("smb pwnam lookup attempt for %s\n", username));
+
p = strchr_m (username, *lp_winbind_separator ());
/* code for a DOMAIN\user string */
@@ -1141,8 +1168,10 @@
/* make sure we get the case of the username correct */
/* work around 'winbind use default domain = yes' */
- if (!strchr_m (pw->pw_name, *lp_winbind_separator ()))
+ if (lp_winbind_use_default_domain () &&
+ !strchr_m (pw->pw_name, *lp_winbind_separator ()))
{
+
char *domain;
/* split the domain and username into 2 strings */
@@ -1156,6 +1185,15 @@
fstrcpy (save_username, pw->pw_name);
/* whew -- done! */
+ DEBUG (10, ("smb pwnam found %s\n", pw->pw_name));
+ return pw;
+ }
+
+ /* Check if we have disabled domain stripping. */
+ if (!lp_winbind_domain_name_required ())
+ {
+ DEBUG (10,
+ ("Domain names are required. Skipping plain user name lookup attempt.)\n"));
return pw;
}
@@ -1225,6 +1263,7 @@
DOM_SID *all_group_SIDs;
size_t i;
+ fstring ntlm_name;
/*
Here is where we should check the list of
@@ -1382,19 +1421,36 @@
(*server_info)->uid = uid;
(*server_info)->gid = gid;
- /* Store the user group information in the server_info
- returned to the caller. */
+ /*
+ * 2006/04/09 DDaugher (NTLM Authentication)
+ * First try the Windows name in case WinName != UnixName
+ */
+ if (strchr_m (nt_username, '\\'))
+ fstrcpy (ntlm_name, nt_username);
+ else
+ fstr_sprintf (ntlm_name, "%s\\%s", nt_domain, nt_username);
+
+ DEBUG (4,
+ ("make_server_info_info3: get_user_groups (NtlmName=%s UnixName=%s)\n",
+ ntlm_name, (*server_info)->unix_name));
- nt_status = get_user_groups ((*server_info)->unix_name,
- uid, gid, &n_lgroupSIDs, &lgroupSIDs,
- &unix_groups);
+ nt_status = get_user_groups (ntlm_name, uid, gid, &n_lgroupSIDs,
+ &lgroupSIDs, &unix_groups);
+
+ if (!NT_STATUS_IS_OK (nt_status))
+ {
+ DEBUG (4, ("get_user_groups by WinName failed. Try UnixName\n"));
+ nt_status = get_user_groups ((*server_info)->unix_name, uid, gid,
+ &n_lgroupSIDs, &lgroupSIDs, &unix_groups);
if (!NT_STATUS_IS_OK (nt_status))
{
DEBUG (4, ("get_user_groups failed\n"));
return nt_status;
}
+ }
+ /* Store the user group information in the server_info returned to the caller. */
(*server_info)->groups = unix_groups;
(*server_info)->n_groups = n_lgroupSIDs;
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/include/includes.h samba-3.0.20b-centrify/source/include/includes.h
--- samba-3.0.20b/source/include/includes.h 2006-06-26 06:09:23.000000000 -0500
+++ samba-3.0.20b-centrify/source/include/includes.h 2006-06-26 06:08:52.000000000 -0500
@@ -514,17 +514,20 @@
#if HAVE_VALGRIND_MEMCHECK_H
/* memcheck.h includes valgrind.h */
#include <valgrind/memcheck.h>
-#elif HAVE_VALGRIND_H
-#include <valgrind.h>
-#endif
-#endif
-
/* If we have --enable-developer and the valgrind header is present,
* then we're OK to use it. Set a macro so this logic can be done only
* once. */
-#if defined(DEVELOPER) && (HAVE_VALGRIND_H || HAVE_VALGRIND_VALGRIND_H)
+#if defined(DEVELOPER)
#define VALGRIND
-#endif
+#endif /* defined(DEVELOPER) */
+#elif HAVE_VALGRIND_H
+#include <valgrind.h>
+#if defined(DEVELOPER)
+#define VALGRIND
+#endif /* defined(DEVELOPER) */
+#endif /* HAVE_VALGRIND_H */
+#endif /* HAVE_64BIT_LINUX */
+
/* we support ADS if we want it and have krb5 and ldap libs */
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/lib/system.c samba-3.0.20b-centrify/source/lib/system.c
--- samba-3.0.20b/source/lib/system.c 2006-06-26 06:09:22.000000000 -0500
+++ samba-3.0.20b-centrify/source/lib/system.c 2006-06-26 06:08:53.000000000 -0500
@@ -1507,7 +1507,11 @@
sys_getxattr (const char *path, const char *name, void *value, size_t size)
{
#if defined(HAVE_GETXATTR)
+#ifdef XATTR_NOFOLLOW
+ return getxattr (path, name, value, size, 0, 0);
+#else
return getxattr (path, name, value, size);
+#endif
#elif defined(HAVE_EXTATTR_GET_FILE)
char *s;
int attrnamespace = (strncmp (name, "system", 6) == 0) ?
@@ -1537,6 +1541,8 @@
{
#if defined(HAVE_LGETXATTR)
return lgetxattr (path, name, value, size);
+#elif defined(HAVE_GETXATTR) && defined(XATTR_NOFOLLOW)
+ return getxattr (path, name, value, size, 0, XATTR_NOFOLLOW);
#elif defined(HAVE_EXTATTR_GET_LINK)
char *s;
int attrnamespace = (strncmp (name, "system", 6) == 0) ?
@@ -1565,7 +1571,11 @@
sys_fgetxattr (int filedes, const char *name, void *value, size_t size)
{
#if defined(HAVE_FGETXATTR)
+#ifdef XATTR_NOFOLLOW
+ return fgetxattr (filedes, name, value, size, 0, 0);
+#else
return fgetxattr (filedes, name, value, size);
+#endif
#elif defined(HAVE_EXTATTR_GET_FD)
char *s;
int attrnamespace = (strncmp (name, "system", 6) == 0) ?
@@ -1790,7 +1800,11 @@
sys_listxattr (const char *path, char *list, size_t size)
{
#if defined(HAVE_LISTXATTR)
+#ifdef XATTR_NOFOLLOW
+ return listxattr (path, list, size, 0);
+#else
return listxattr (path, list, size);
+#endif
#elif defined(HAVE_EXTATTR_LIST_FILE)
extattr_arg arg;
arg.path = path;
@@ -1808,6 +1822,8 @@
{
#if defined(HAVE_LLISTXATTR)
return llistxattr (path, list, size);
+#elif defined(HAVE_LISTXATTR) && defined(XATTR_NOFOLLOW)
+ return listxattr (path, list, size, XATTR_NOFOLLOW);
#elif defined(HAVE_EXTATTR_LIST_LINK)
extattr_arg arg;
arg.path = path;
@@ -1824,7 +1840,11 @@
sys_flistxattr (int filedes, char *list, size_t size)
{
#if defined(HAVE_FLISTXATTR)
+#ifdef XATTR_NOFOLLOW
+ return flistxattr (filedes, list, size, 0);
+#else
return flistxattr (filedes, list, size);
+#endif
#elif defined(HAVE_EXTATTR_LIST_FD)
extattr_arg arg;
arg.filedes = filedes;
@@ -1841,7 +1861,11 @@
sys_removexattr (const char *path, const char *name)
{
#if defined(HAVE_REMOVEXATTR)
+#ifdef XATTR_NOFOLLOW
+ return removexattr (path, name, 0);
+#else
return removexattr (path, name);
+#endif
#elif defined(HAVE_EXTATTR_DELETE_FILE)
char *s;
int attrnamespace = (strncmp (name, "system", 6) == 0) ?
@@ -1868,6 +1892,8 @@
{
#if defined(HAVE_LREMOVEXATTR)
return lremovexattr (path, name);
+#elif defined(HAVE_REMOVEXATTR) && defined(XATTR_NOFOLLOW)
+ return removexattr (path, name, XATTR_NOFOLLOW);
#elif defined(HAVE_EXTATTR_DELETE_LINK)
char *s;
int attrnamespace = (strncmp (name, "system", 6) == 0) ?
@@ -1893,7 +1919,11 @@
sys_fremovexattr (int filedes, const char *name)
{
#if defined(HAVE_FREMOVEXATTR)
+#ifdef XATTR_NOFOLLOW
+ return fremovexattr (filedes, name, 0);
+#else
return fremovexattr (filedes, name);
+#endif
#elif defined(HAVE_EXTATTR_DELETE_FD)
char *s;
int attrnamespace = (strncmp (name, "system", 6) == 0) ?
@@ -1925,7 +1955,11 @@
size_t size, int flags)
{
#if defined(HAVE_SETXATTR)
+#ifdef XATTR_NOFOLLOW
+ return setxattr (path, name, value, size, flags, 0);
+#else
return setxattr (path, name, value, size, flags);
+#endif
#elif defined(HAVE_EXTATTR_SET_FILE)
char *s;
int retval = 0;
@@ -1959,6 +1993,8 @@
{
#if defined(HAVE_LSETXATTR)
return lsetxattr (path, name, value, size, flags);
+#elif defined(HAVE_SETXATTR) && defined(XATTR_NOFOLLOW)
+ return setxattr (path, name, value, size, flags, XATTR_NOFOLLOW);
#elif defined(HAVE_EXTATTR_SET_LINK)
char *s;
int retval = 0;
@@ -1991,7 +2027,11 @@
int flags)
{
#if defined(HAVE_FSETXATTR)
+#ifdef XATTR_NOFOLLOW
+ return fsetxattr (filedes, name, value, size, flags, 0);
+#else
return fsetxattr (filedes, name, value, size, flags);
+#endif
#elif defined(HAVE_EXTATTR_SET_FD)
char *s;
int retval = 0;
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/Makefile.in samba-3.0.20b-centrify/source/Makefile.in
--- samba-3.0.20b/source/Makefile.in 2006-06-26 05:59:26.000000000 -0500
+++ samba-3.0.20b-centrify/source/Makefile.in 2006-06-26 06:02:04.000000000 -0500
@@ -97,6 +97,10 @@
LIBSMBCLIENT_MAJOR=0
LIBSMBCLIENT_MINOR=1
+LIBTDB=bin/libtdb.a @LIBTDB_SHARED@
+LIBTDB_MAJOR=0
+LIBTDB_MINOR=1
+
LIBSMBSHAREMODES=bin/libsmbsharemodes.a @LIBSMBSHAREMODES_SHARED@
LIBSMBSHAREMODES_MAJOR=0
LIBSMBSHAREMODES_MINOR=1
@@ -141,7 +145,7 @@
EVERYTHING_PROGS = bin/debug2html at EXEEXT@ bin/smbfilter at EXEEXT@ bin/talloctort at EXEEXT@ \
bin/log2pcap at EXEEXT@
-SHLIBS = @SHLIB_PROGS@ @LIBSMBCLIENT@ @LIBSMBSHAREMODES@
+SHLIBS = @SHLIB_PROGS@ @LIBSMBCLIENT@ @LIBTDB@ @LIBSMBSHAREMODES@
SCRIPTS = $(srcdir)/script/smbtar $(builddir)/script/findsmb
@@ -514,6 +518,8 @@
$(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
$(SECRETS_OBJ) $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ)
+LIBTDB_OBJ = tdb/libtdb.o $(TDBBASE_OBJ)
+
LIBSMBSHAREMODES_OBJ = libsmb/smb_share_modes.o tdb/tdb.o tdb/spinlock.o
# This shared library is intended for linking with unit test programs
# to test Samba internals. It's called libbigballofmud.so to
@@ -638,6 +644,7 @@
PICOBJS = $(SMBWRAPPER_OBJ:.o=. at PICSUFFIX@)
LIBSMBCLIENT_PICOBJS = $(LIBSMBCLIENT_OBJ:.o=. at PICSUFFIX@)
+LIBTDB_PICOBJS = $(LIBTDB_OBJ:.o=. at PICSUFFIX@)
LIBSMBSHAREMODES_PICOBJS = $(LIBSMBSHAREMODES_OBJ:.o=. at PICSUFFIX@)
PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
@@ -741,7 +748,7 @@
modules: SHOWFLAGS proto_exists $(MODULES)
-everything: all libsmbclient debug2html smbfilter talloctort modules torture \
+everything: all libsmbclient libtdb debug2html smbfilter talloctort modules torture \
$(EVERYTHING_PROGS)
.SUFFIXES:
@@ -996,12 +1003,23 @@
@echo Linking libsmbclient shared library $@
@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_PICOBJS) $(LDFLAGS) $(LIBS) \
$(KRB5LIBS) $(LDAP_LIBS) \
- @SONAMEFLAG@`basename $@`.$(LIBSMBCLIENT_MAJOR)
+ @SONAMEFLAG@`basename $@`@LIBSMBCLIENT_EXT@
bin/libsmbclient.a: $(LIBSMBCLIENT_PICOBJS)
@echo Linking libsmbclient non-shared library $@
@-$(AR) -rc $@ $(LIBSMBCLIENT_PICOBJS)
+bin/libtdb. at SHLIBEXT@: LIBDIR = /usr/share/centrifydc/lib
+bin/libtdb. at SHLIBEXT@: $(LIBTDB_PICOBJS)
+ @echo Linking libtdb shared library $@
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(LIBTDB_PICOBJS) $(LDFLAGS) $(LIBS) \
+ $(KRB5LIBS) $(LDAP_LIBS) \
+ @SONAMEFLAG@`basename $@`@LIBTDB_EXT@
+
+bin/libtdb.a: $(LIBTDB_PICOBJS)
+ @echo Linking libtdb non-shared library $@
+ @-$(AR) -rc $@ $(LIBTDB_PICOBJS)
+
bin/libsmbsharemodes. at SHLIBEXT@: $(LIBSMBSHAREMODES_PICOBJS)
@echo Linking libsmbsharemodes shared library $@
@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBSHAREMODES_PICOBJS) $(LDFLAGS) $(LIBS) \
@@ -1026,6 +1044,7 @@
# library.
libsmbclient: $(LIBSMBCLIENT)
+libtdb: $(LIBTDB)
libsmbsharemodes: $(LIBSMBSHAREMODES)
bin/librpc_lsarpc. at SHLIBEXT@: $(RPC_LSA_OBJ)
@@ -1366,8 +1385,11 @@
@$(SHELL) $(srcdir)/script/installdirs.sh $(DESTDIR)$(LIBDIR)
-$(INSTALLCLIENTCMD_SH) bin/libsmbclient. at SHLIBEXT@ $(DESTDIR)$(LIBDIR)
-$(INSTALLCLIENTCMD_A) bin/libsmbclient.a $(DESTDIR)$(LIBDIR)
+ -$(INSTALLCLIENTCMD_SH) bin/libtdb. at SHLIBEXT@ $(DESTDIR)$(LIBDIR)
+ -$(INSTALLCLIENTCMD_A) bin/libtdb.a $(DESTDIR)$(LIBDIR)
@$(SHELL) $(srcdir)/script/installdirs.sh $(DESTDIR)${prefix}/include
-$(INSTALLCMD) $(srcdir)/include/libsmbclient.h $(DESTDIR)${prefix}/include
+ -$(INSTALLCMD) $(srcdir)/include/libtdb.h $(DESTDIR)${prefix}/include
# Python extensions
@@ -1450,7 +1472,7 @@
clean: delheaders python_clean
-rm -f core */*~ *~ */*.o */*. at PICSUFFIX@ */*. at SHLIBEXT@ \
$(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(MODULES) $(TORTURE_PROGS) \
- $(LIBSMBCLIENT) $(LIBSMBSHAREMODES) $(EVERYTHING_PROGS) .headers.stamp
+ $(LIBSMBCLIENT) $(LIBTDB) $(LIBSMBSHAREMODES) $(EVERYTHING_PROGS) .headers.stamp
-rm -rf t_dir
# Making this target will just make sure that the prototype files
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/nsswitch/winbindd_async.c samba-3.0.20b-centrify/source/nsswitch/winbindd_async.c
--- samba-3.0.20b/source/nsswitch/winbindd_async.c 2006-06-26 06:09:21.000000000 -0500
+++ samba-3.0.20b-centrify/source/nsswitch/winbindd_async.c 2006-06-26 06:08:54.000000000 -0500
@@ -253,6 +253,142 @@
cont (private_data, True, response->data.uid);
}
+static void idmap_uid2sid_recv (TALLOC_CTX * mem_ctx, BOOL success,
+ struct winbindd_response *response,
+ void *c, void *private_data);
+
+void
+idmap_uid2sid_async (TALLOC_CTX * mem_ctx, uid_t uid,
+ void (*cont) (void *private_data, BOOL success,
+ const char *sid), void *private_data)
+{
+ struct winbindd_request request;
+ ZERO_STRUCT (request);
+ request.cmd = WINBINDD_DUAL_UID2SID;
+ request.data.uid = uid;
+ do_async (mem_ctx, idmap_child (), &request, idmap_uid2sid_recv,
+ cont, private_data);
+}
+
+enum winbindd_result
+winbindd_dual_uid2sid (struct winbindd_domain *domain,
+ struct winbindd_cli_state *state)
+{
+ DOM_SID sid;
+ NTSTATUS result;
+
+ DEBUG (3, ("[%5lu]: uid to sid %lu\n", (unsigned long) state->pid,
+ (unsigned long) state->request.data.uid));
+
+ /* Find sid for this uid and return it, possibly ask the slow remote
+ * idmap */
+
+ result = idmap_uid_to_sid (&sid, state->request.data.uid, 0);
+
+ if (NT_STATUS_IS_OK (result))
+ {
+ sid_to_string (state->response.data.sid.sid, &sid);
+ state->response.data.sid.type = SID_NAME_USER;
+ return WINBINDD_OK;
+ }
+ else
+ {
+ return WINBINDD_ERROR;
+ }
+}
+
+static void
+idmap_uid2sid_recv (TALLOC_CTX * mem_ctx, BOOL success,
+ struct winbindd_response *response,
+ void *c, void *private_data)
+{
+ void (*cont) (void *priv, BOOL succ, const char *sid) = c;
+
+ if (!success)
+ {
+ DEBUG (5, ("Could not trigger uid2sid\n"));
+ cont (private_data, False, NULL);
+ return;
+ }
+
+ if (response->result != WINBINDD_OK)
+ {
+ DEBUG (5, ("uid2sid returned an error\n"));
+ cont (private_data, False, NULL);
+ return;
+ }
+
+ cont (private_data, True, response->data.sid.sid);
+}
+
+static void idmap_gid2sid_recv (TALLOC_CTX * mem_ctx, BOOL success,
+ struct winbindd_response *response,
+ void *c, void *private_data);
+
+void
+idmap_gid2sid_async (TALLOC_CTX * mem_ctx, gid_t gid,
+ void (*cont) (void *private_data, BOOL success,
+ const char *sid), void *private_data)
+{
+ struct winbindd_request request;
+ ZERO_STRUCT (request);
+ request.cmd = WINBINDD_DUAL_GID2SID;
+ request.data.gid = gid;
+ do_async (mem_ctx, idmap_child (), &request, idmap_gid2sid_recv,
+ cont, private_data);
+}
+
+enum winbindd_result
+winbindd_dual_gid2sid (struct winbindd_domain *domain,
+ struct winbindd_cli_state *state)
+{
+ DOM_SID sid;
+ NTSTATUS result;
+
+ DEBUG (3, ("[%5lu]: gid to sid %lu\n", (unsigned long) state->pid,
+ (unsigned long) state->request.data.gid));
+
+ /* Find sid for this gid and return it, possibly ask the slow remote
+ * idmap */
+
+ result = idmap_gid_to_sid (&sid, state->request.data.gid, 0);
+
+ if (NT_STATUS_IS_OK (result))
+ {
+ sid_to_string (state->response.data.sid.sid, &sid);
+ state->response.data.sid.type = SID_NAME_USER;
+ return WINBINDD_OK;
+ }
+ else
+ {
+ return WINBINDD_ERROR;
+ }
+}
+
+static void
+idmap_gid2sid_recv (TALLOC_CTX * mem_ctx, BOOL success,
+ struct winbindd_response *response,
+ void *c, void *private_data)
+{
+ void (*cont) (void *priv, BOOL succ, const char *sid) = c;
+
+ if (!success)
+ {
+ DEBUG (5, ("Could not trigger gid2sid\n"));
+ cont (private_data, False, NULL);
+ return;
+ }
+
+ if (response->result != WINBINDD_OK)
+ {
+ DEBUG (5, ("gid2sid returned an error\n"));
+ cont (private_data, False, NULL);
+ return;
+ }
+
+ cont (private_data, True, response->data.sid.sid);
+}
+
static void uid2name_recv (TALLOC_CTX * mem_ctx, BOOL success,
struct winbindd_response *response,
void *c, void *private_data);
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/nsswitch/winbindd_dual.c samba-3.0.20b-centrify/source/nsswitch/winbindd_dual.c
--- samba-3.0.20b/source/nsswitch/winbindd_dual.c 2006-06-26 06:09:21.000000000 -0500
+++ samba-3.0.20b-centrify/source/nsswitch/winbindd_dual.c 2006-06-26 06:08:54.000000000 -0500
@@ -338,6 +338,8 @@
{WINBINDD_CHECK_MACHACC, winbindd_dual_check_machine_acct, "CHECK_MACHACC"},
{WINBINDD_DUAL_SID2UID, winbindd_dual_sid2uid, "DUAL_SID2UID"},
{WINBINDD_DUAL_SID2GID, winbindd_dual_sid2gid, "DUAL_SID2GID"},
+ {WINBINDD_DUAL_UID2SID, winbindd_dual_uid2sid, "DUAL_UID2SID"},
+ {WINBINDD_DUAL_GID2SID, winbindd_dual_gid2sid, "DUAL_GID2SID"},
{WINBINDD_DUAL_UID2NAME, winbindd_dual_uid2name, "DUAL_UID2NAME"},
{WINBINDD_DUAL_NAME2UID, winbindd_dual_name2uid, "DUAL_NAME2UID"},
{WINBINDD_DUAL_GID2NAME, winbindd_dual_gid2name, "DUAL_GID2NAME"},
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/nsswitch/winbindd_nss.h samba-3.0.20b-centrify/source/nsswitch/winbindd_nss.h
--- samba-3.0.20b/source/nsswitch/winbindd_nss.h 2006-06-26 06:09:21.000000000 -0500
+++ samba-3.0.20b-centrify/source/nsswitch/winbindd_nss.h 2006-06-26 06:08:54.000000000 -0500
@@ -125,6 +125,8 @@
* between parent and children */
WINBINDD_DUAL_SID2UID,
WINBINDD_DUAL_SID2GID,
+ WINBINDD_DUAL_UID2SID,
+ WINBINDD_DUAL_GID2SID,
WINBINDD_DUAL_IDMAPSET,
/* Wrapper around possibly blocking unix nss calls */
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/nsswitch/winbindd_sid.c samba-3.0.20b-centrify/source/nsswitch/winbindd_sid.c
--- samba-3.0.20b/source/nsswitch/winbindd_sid.c 2006-06-26 06:09:21.000000000 -0500
+++ samba-3.0.20b-centrify/source/nsswitch/winbindd_sid.c 2006-06-26 06:08:54.000000000 -0500
@@ -277,21 +277,7 @@
/* Convert a uid to a sid */
-struct uid2sid_state
-{
- struct winbindd_cli_state *cli_state;
- uid_t uid;
- fstring name;
- DOM_SID sid;
- enum SID_NAME_USE type;
-};
-
-static void uid2sid_uid2name_recv (void *private_data, BOOL success,
- const char *username);
-static void uid2sid_lookupname_recv (void *private_data, BOOL success,
- const DOM_SID * sid,
- enum SID_NAME_USE type);
-static void uid2sid_idmap_set_mapping_recv (void *private_data, BOOL success);
+static void uid2sid_recv (void *private_data, BOOL success, const char *sid);
void
winbindd_uid_to_sid (struct winbindd_cli_state *state)
@@ -338,98 +324,32 @@
return;
}
- /* The only chance that this is correct is that winbind trusted
- * domains only = yes, and the user exists in nss and the domain. */
-
- uid2sid_state = TALLOC_ZERO_P (state->mem_ctx, struct uid2sid_state);
- if (uid2sid_state == NULL)
- {
- DEBUG (0, ("talloc failed\n"));
- request_error (state);
- return;
- }
-
- uid2sid_state->cli_state = state;
- uid2sid_state->uid = state->request.data.uid;
-
- winbindd_uid2name_async (state->mem_ctx, state->request.data.uid,
- uid2sid_uid2name_recv, uid2sid_state);
+ idmap_uid2sid_async (state->mem_ctx, state->request.data.uid,
+ uid2sid_recv, state);
}
static void
-uid2sid_uid2name_recv (void *private_data, BOOL success, const char *username)
+uid2sid_recv (void *private_data, BOOL success, const char *sid)
{
- struct uid2sid_state *state =
- talloc_get_type_abort (private_data, struct uid2sid_state);
+ struct winbindd_cli_state *state = private_data;
- DEBUG (10, ("uid2sid: uid %lu has name %s\n",
- (unsigned long) state->uid, username));
-
- fstrcpy (state->name, username);
+ DEBUG (10, ("uid2sid: uid %lu has sid %s\n",
+ (unsigned long) state->request.data.uid, sid));
if (!success)
{
- request_error (state->cli_state);
- return;
- }
-
- winbindd_lookupname_async (state->cli_state->mem_ctx,
- find_our_domain ()->name, username,
- uid2sid_lookupname_recv, state);
-}
-
-static void
-uid2sid_lookupname_recv (void *private_data, BOOL success,
- const DOM_SID * sid, enum SID_NAME_USE type)
-{
- struct uid2sid_state *state =
- talloc_get_type_abort (private_data, struct uid2sid_state);
- unid_t id;
-
- if ((!success) || (type != SID_NAME_USER))
- {
- request_error (state->cli_state);
+ request_error (state);
return;
}
- state->sid = *sid;
- state->type = type;
-
- id.uid = state->uid;
- idmap_set_mapping_async (state->cli_state->mem_ctx, sid, id, ID_USERID,
- uid2sid_idmap_set_mapping_recv, state);
-}
-
-static void
-uid2sid_idmap_set_mapping_recv (void *private_data, BOOL success)
-{
- struct uid2sid_state *state =
- talloc_get_type_abort (private_data, struct uid2sid_state);
-
- /* don't fail if we can't store it */
-
- sid_to_string (state->cli_state->response.data.sid.sid, &state->sid);
- state->cli_state->response.data.sid.type = state->type;
- request_ok (state->cli_state);
+ fstrcpy (state->response.data.sid.sid, sid);
+ state->response.data.sid.type = SID_NAME_USER;
+ request_ok (state);
}
/* Convert a gid to a sid */
-struct gid2sid_state
-{
- struct winbindd_cli_state *cli_state;
- gid_t gid;
- fstring name;
- DOM_SID sid;
- enum SID_NAME_USE type;
-};
-
-static void gid2sid_gid2name_recv (void *private_data, BOOL success,
- const char *groupname);
-static void gid2sid_lookupname_recv (void *private_data, BOOL success,
- const DOM_SID * sid,
- enum SID_NAME_USE type);
-static void gid2sid_idmap_set_mapping_recv (void *private_data, BOOL success);
+static void gid2sid_recv (void *private_data, BOOL success, const char *sid);
void
winbindd_gid_to_sid (struct winbindd_cli_state *state)
@@ -476,78 +396,27 @@
return;
}
- /* The only chance that this is correct is that winbind trusted
- * domains only = yes, and the user exists in nss and the domain. */
-
- gid2sid_state = TALLOC_ZERO_P (state->mem_ctx, struct gid2sid_state);
- if (gid2sid_state == NULL)
- {
- DEBUG (0, ("talloc failed\n"));
- request_error (state);
- return;
- }
-
- gid2sid_state->cli_state = state;
- gid2sid_state->gid = state->request.data.gid;
-
- winbindd_gid2name_async (state->mem_ctx, state->request.data.gid,
- gid2sid_gid2name_recv, gid2sid_state);
+ idmap_gid2sid_async (state->mem_ctx, state->request.data.gid,
+ gid2sid_recv, state);
}
static void
-gid2sid_gid2name_recv (void *private_data, BOOL success, const char *username)
+gid2sid_recv (void *private_data, BOOL success, const char *sid)
{
- struct gid2sid_state *state =
- talloc_get_type_abort (private_data, struct gid2sid_state);
+ struct winbindd_cli_state *state = private_data;
- DEBUG (10, ("gid2sid: gid %lu has name %s\n",
- (unsigned long) state->gid, username));
-
- fstrcpy (state->name, username);
+ DEBUG (10, ("gid2sid: gid %lu has sid %s\n",
+ (unsigned long) state->request.data.gid, sid));
if (!success)
{
- request_error (state->cli_state);
- return;
- }
-
- winbindd_lookupname_async (state->cli_state->mem_ctx,
- find_our_domain ()->name, username,
- gid2sid_lookupname_recv, state);
-}
-
-static void
-gid2sid_lookupname_recv (void *private_data, BOOL success,
- const DOM_SID * sid, enum SID_NAME_USE type)
-{
- struct gid2sid_state *state =
- talloc_get_type_abort (private_data, struct gid2sid_state);
- unid_t id;
-
- if ((!success) || ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS)))
- {
- request_error (state->cli_state);
+ request_error (state);
return;
}
- state->sid = *sid;
- state->type = type;
-
- id.gid = state->gid;
- idmap_set_mapping_async (state->cli_state->mem_ctx, sid, id, ID_GROUPID,
- gid2sid_idmap_set_mapping_recv, state);
-}
-
-static void
-gid2sid_idmap_set_mapping_recv (void *private_data, BOOL success)
-{
- struct gid2sid_state *state = private_data;
-
- /* don't fail if we can't store it */
-
- sid_to_string (state->cli_state->response.data.sid.sid, &state->sid);
- state->cli_state->response.data.sid.type = state->type;
- request_ok (state->cli_state);
+ fstrcpy (state->response.data.sid.sid, sid);
+ state->response.data.sid.type = SID_NAME_USER;
+ request_ok (state);
}
void
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/nsswitch/winbind_nss_hpux.h samba-3.0.20b-centrify/source/nsswitch/winbind_nss_hpux.h
--- samba-3.0.20b/source/nsswitch/winbind_nss_hpux.h 2006-06-26 06:09:21.000000000 -0500
+++ samba-3.0.20b-centrify/source/nsswitch/winbind_nss_hpux.h 2006-06-26 06:08:54.000000000 -0500
@@ -149,4 +149,29 @@
nss_status_t status;
} nss_XbyY_args_t;
+/* HPUX is using the same winbind source as solaris.
+ * The solaris winbind is implemented as a wrapper around the linux
+ * version.
+ */
+
+NSS_STATUS _nss_winbind_setpwent (void);
+NSS_STATUS _nss_winbind_endpwent (void);
+NSS_STATUS _nss_winbind_getpwent_r (struct passwd *result, char *buffer,
+ size_t buflen, int *errnop);
+NSS_STATUS _nss_winbind_getpwuid_r (uid_t, struct passwd *, char *buffer,
+ size_t buflen, int *errnop);
+NSS_STATUS _nss_winbind_getpwnam_r (const char *name, struct passwd *result,
+ char *buffer, size_t buflen, int *errnop);
+
+NSS_STATUS _nss_winbind_setgrent (void);
+NSS_STATUS _nss_winbind_endgrent (void);
+NSS_STATUS _nss_winbind_getgrent_r (struct group *result, char *buffer,
+ size_t buflen, int *errnop);
+NSS_STATUS _nss_winbind_getgrnam_r (const char *name,
+ struct group *result, char *buffer,
+ size_t buflen, int *errnop);
+NSS_STATUS _nss_winbind_getgrgid_r (gid_t gid,
+ struct group *result, char *buffer,
+ size_t buflen, int *errnop);
+
#endif /* _WINBIND_NSS_HPUX_H */
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/nsswitch/winbind_nss_solaris.c samba-3.0.20b-centrify/source/nsswitch/winbind_nss_solaris.c
--- samba-3.0.20b/source/nsswitch/winbind_nss_solaris.c 2006-06-26 06:09:21.000000000 -0500
+++ samba-3.0.20b-centrify/source/nsswitch/winbind_nss_solaris.c 2006-06-26 06:08:54.000000000 -0500
@@ -187,7 +187,7 @@
{
nss_backend_t *be;
- if (!(be = (nss_backend_t *) malloc (sizeof (nss_backend_t))))
+ if (!(be = (nss_backend_t *) SMB_MALLOC (sizeof (nss_backend_t))))
return NULL;
be->ops = passwd_ops;
@@ -332,7 +332,7 @@
{
nss_backend_t *be;
- if (!(be = (nss_backend_t *) malloc (sizeof (nss_backend_t))))
+ if (!(be = (nss_backend_t *) SMB_MALLOC (sizeof (nss_backend_t))))
return NULL;
be->ops = group_ops;
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/param/loadparm.c samba-3.0.20b-centrify/source/param/loadparm.c
--- samba-3.0.20b/source/param/loadparm.c 2006-06-26 06:09:21.000000000 -0500
+++ samba-3.0.20b-centrify/source/param/loadparm.c 2006-06-26 06:08:54.000000000 -0500
@@ -178,8 +178,10 @@
BOOL bWinbindEnumGroups;
BOOL bWinbindUseDefaultDomain;
BOOL bWinbindTrustedDomainsOnly;
+ BOOL bWinbindDomainNameRequired;
BOOL bWinbindNestedGroups;
char **szIdmapBackend;
+ BOOL bIdmapEnableCache;
char *szAddShareCommand;
char *szChangeShareCommand;
char *szDeleteShareCommand;
@@ -1572,6 +1574,8 @@
NULL, NULL, FLAG_DEPRECATED},
{"idmap backend", P_LIST, P_GLOBAL, &Globals.szIdmapBackend, NULL, NULL,
FLAG_ADVANCED},
+ {"idmap enable cache", P_BOOL, P_GLOBAL, &Globals.bIdmapEnableCache, NULL,
+ NULL, FLAG_ADVANCED},
{"idmap uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid,
NULL, FLAG_ADVANCED},
{"winbind uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid,
@@ -1596,6 +1600,8 @@
&Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED},
{"winbind trusted domains only", P_BOOL, P_GLOBAL,
&Globals.bWinbindTrustedDomainsOnly, NULL, NULL, FLAG_ADVANCED},
+ {"winbind domain name required", P_BOOL, P_GLOBAL,
+ &Globals.bWinbindDomainNameRequired, NULL, NULL, FLAG_ADVANCED},
{"winbind nested groups", P_BOOL, P_GLOBAL, &Globals.bWinbindNestedGroups,
NULL, NULL, FLAG_ADVANCED},
{"winbind max idle children", P_INTEGER, P_GLOBAL,
@@ -1948,11 +1954,13 @@
Globals.bWinbindEnumGroups = True;
Globals.bWinbindUseDefaultDomain = False;
Globals.bWinbindTrustedDomainsOnly = False;
+ Globals.bWinbindDomainNameRequired = False;
Globals.bWinbindNestedGroups = False;
Globals.winbind_max_idle_children = 3;
Globals.szWinbindNssInfo = str_list_make ("template", NULL);
Globals.bEnableRidAlgorithm = True;
+ Globals.bIdmapEnableCache = True;
Globals.name_cache_timeout = 660; /* In seconds */
@@ -2167,12 +2175,19 @@
FN_GLOBAL_BOOL (lp_winbind_trusted_domains_only,
&Globals.
bWinbindTrustedDomainsOnly)
+ FN_GLOBAL_BOOL (lp_winbind_domain_name_required,
+ &Globals.
+ bWinbindDomainNameRequired)
FN_GLOBAL_BOOL (lp_winbind_nested_groups,
&Globals.
bWinbindNestedGroups) FN_GLOBAL_LIST (lp_idmap_backend,
&Globals.
szIdmapBackend)
- FN_GLOBAL_BOOL (lp_enable_rid_algorithm, &Globals.bEnableRidAlgorithm)
+ FN_GLOBAL_BOOL (lp_idmap_enable_cache,
+ &Globals.
+ bIdmapEnableCache) FN_GLOBAL_BOOL (lp_enable_rid_algorithm,
+ &Globals.
+ bEnableRidAlgorithm)
#ifdef WITH_LDAP_SAMCONFIG
FN_GLOBAL_STRING (lp_ldap_server, &Globals.szLdapServer)
FN_GLOBAL_INTEGER (lp_ldap_port, &Globals.ldap_port)
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/passdb/lookup_sid.c samba-3.0.20b-centrify/source/passdb/lookup_sid.c
--- samba-3.0.20b/source/passdb/lookup_sid.c 2006-06-26 06:09:23.000000000 -0500
+++ samba-3.0.20b-centrify/source/passdb/lookup_sid.c 2006-06-26 06:08:54.000000000 -0500
@@ -344,8 +344,14 @@
ZERO_STRUCTP (psid);
+ DEBUG (10, ("I:uid_to_sid: uid=%u\n", (unsigned int) uid));
+
if (fetch_sid_from_uid_cache (psid, uid))
+ {
+ NTSTATUS ret = psid ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+ DEBUG (10, ("fetch_sid_from_uid_cache ret=%x\n", ret));
return (psid ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL);
+ }
/* DC's never use winbindd to resolve users outside the
defined idmap range */
@@ -353,6 +359,8 @@
if (lp_server_role () == ROLE_DOMAIN_MEMBER
|| (lp_idmap_uid (&low, &high) && uid >= low && uid <= high))
{
+ DEBUG (10, ("Calling winbind_uid_to_sid...\n"));
+
if (winbind_uid_to_sid (psid, uid))
{
@@ -365,6 +373,8 @@
}
}
+ DEBUG (10, ("Calling local_uid_to_sid...\n"));
+
if (!local_uid_to_sid (psid, uid))
{
DEBUG (10,
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/passdb/passdb.c samba-3.0.20b-centrify/source/passdb/passdb.c
--- samba-3.0.20b/source/passdb/passdb.c 2006-06-26 06:09:23.000000000 -0500
+++ samba-3.0.20b-centrify/source/passdb/passdb.c 2006-06-26 06:08:54.000000000 -0500
@@ -235,8 +234,11 @@
}
}
- if (!pdb_set_user_sid_from_rid
- (account_data, algorithmic_pdb_uid_to_user_rid (pwd->pw_uid), PDB_SET))
+ DEBUG (10, ("Generating SID from UID: %d\n", pwd->pw_uid));
+ if (!pdb_set_user_sid_from_rid (account_data,
+ algorithmic_pdb_uid_to_user_rid (pwd->
+ pw_uid),
+ PDB_SET))
{
DEBUG (0, ("Can't set User SID from RID!\n"));
return NT_STATUS_INVALID_PARAMETER;
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/sam/idmap.c samba-3.0.20b-centrify/source/sam/idmap.c
--- samba-3.0.20b/source/sam/idmap.c 2006-06-26 06:09:23.000000000 -0500
+++ samba-3.0.20b-centrify/source/sam/idmap.c 2006-06-26 06:08:55.000000000 -0500
@@ -329,6 +330,17 @@
loc_type = id_type | ID_QUERY_ONLY;
}
+ /*
+ * 2006/03/21 DDaugher
+ * If we disabled the IDMapper Cache then always ask
+ * the IDMapper backend.
+ */
+ if (lp_idmap_enable_cache () == False)
+ {
+ DEBUG (10, ("Bypassing disabled IDMapper cache\n"));
+ loc_type &= ~ID_CACHE_ONLY;
+ }
+
ret = cache_map->get_sid_from_id (sid, id, loc_type);
if (NT_STATUS_IS_OK (ret))
@@ -341,6 +353,8 @@
ret = remote_map->get_sid_from_id (sid, id, id_type);
+ DEBUG (4, ("remote_map sid from id: ret=0x%x\n", NT_STATUS_V (ret)));
+
if (NT_STATUS_IS_OK (ret))
{
/* The remote backend gave us a valid mapping, cache it. */
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/sam/idmap_tdb.c samba-3.0.20b-centrify/source/sam/idmap_tdb.c
--- samba-3.0.20b/source/sam/idmap_tdb.c 2006-06-26 06:09:23.000000000 -0500
+++ samba-3.0.20b-centrify/source/sam/idmap_tdb.c 2006-06-26 06:08:55.000000000 -0500
@@ -501,6 +501,9 @@
DEBUG (10, ("db_set_mapping: id_type = 0x%x\n", id_type));
+ if (lp_idmap_enable_cache () == False)
+ return NT_STATUS_OK;
+
if (!sid)
return NT_STATUS_INVALID_PARAMETER;
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/script/mkversion.sh samba-3.0.20b-centrify/source/script/mkversion.sh
--- samba-3.0.20b/source/script/mkversion.sh 2006-06-26 05:59:25.000000000 -0500
+++ samba-3.0.20b-centrify/source/script/mkversion.sh 2006-06-26 06:02:04.000000000 -0500
@@ -26,7 +26,8 @@
SAMBA_VERSION_IS_SVN_SNAPSHOT=`sed -n 's/^SAMBA_VERSION_IS_SVN_SNAPSHOT=//p' $SOURCE_DIR$VERSION_FILE`
-SAMBA_VERSION_VENDOR_SUFFIX=`sed -n 's/^SAMBA_VERSION_VENDOR_SUFFIX=//p' $SOURCE_DIR$VERSION_FILE`
+#SAMBA_VERSION_VENDOR_SUFFIX=`sed -n 's/^SAMBA_VERSION_VENDOR_SUFFIX=//p' $SOURCE_DIR$VERSION_FILE`
+SAMBA_VERSION_VENDOR_SUFFIX="\"cdc-${CENTRIFY_VERSION_NUMBER}-${CENTRIFY_BUILD_NUMBER}\""
echo "/* Autogenerated by script/mkversion.sh */" > $OUTPUT_FILE
diff -urNbB --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.20b/source/smbd/sesssetup.c samba-3.0.20b-centrify/source/smbd/sesssetup.c
--- samba-3.0.20b/source/smbd/sesssetup.c 2006-06-26 06:09:21.000000000 -0500
+++ samba-3.0.20b-centrify/source/smbd/sesssetup.c 2006-06-26 06:08:55.000000000 -0500
@@ -301,7 +301,13 @@
}
else
{
- ret = make_server_info_pw (&server_info, real_username, pw);
+ /*
+ * 2006/03/21 DDaugher
+ * Windows user name may be different than the UNIX user name returned by
+ * GetPwnam. We want to use the Windows name to lookup the the user's
+ * groups.
+ */
+ ret = make_server_info_pw (&server_info, real_username, user, pw);
if (!NT_STATUS_IS_OK (ret))
{
DEBUG (1, ("make_server_info_from_pw failed!\n"));
More information about the samba-technical
mailing list