No subject
Mon Dec 1 12:27:21 GMT 2003
winbind primary group = 213478
winbind force primary = no // this is the default, but I just
wanted to be explicit
Stephen A Jazdzewski
Steve at Jazd.com
<<samba-2.2.4-forceprimarygrouprid.patch>>
------_=_NextPart_000_01C1FC4A.A7164AC0
Content-Type: application/octet-stream;
name="samba-2.2.4-forceprimarygrouprid.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="samba-2.2.4-forceprimarygrouprid.patch"
--- samba-2.2.4/source/include/proto.h Wed May 15 12:08:38 2002=0A=
+++ samba-2.2.4/source/include/proto.h.forceprimarygrouprid Wed May 15 =
12:07:45 2002=0A=
@@ -2140,6 +2140,8 @@=0A=
int lp_write_cache_size(int );=0A=
char lp_magicchar(int );=0A=
int lp_winbind_cache_time(void);=0A=
+int lp_winbind_primary_group(void);=0A=
+BOOL lp_winbind_force_primary(void);=0A=
BOOL lp_hide_local_users(void);=0A=
BOOL lp_add_home(char *pszHomename, int iDefaultService, char =
*pszHomedir);=0A=
int lp_add_service(char *pszService, int iDefaultService);=0A=
--- samba-2.2.4/source/nsswitch/winbindd_rpc.c Wed May 15 12:08:51 =
2002=0A=
+++ samba-2.2.4/source/nsswitch/winbindd_rpc.c.forceprimarygrouprid Wed =
May 15 12:08:04 2002=0A=
@@ -37,6 +37,9 @@=0A=
BOOL got_dom_pol =3D False;=0A=
uint32 des_access =3D SEC_RIGHTS_MAXIMUM_ALLOWED;=0A=
int i;=0A=
+ uint32 num_groups, k;=0A=
+ uint32 *user_gids;=0A=
+ NTSTATUS status;=0A=
=0A=
*num_entries =3D 0;=0A=
*info =3D NULL;=0A=
@@ -95,14 +98,35 @@=0A=
(*info)[i].acct_name =3D unistr2_tdup(mem_ctx, =
&info1.str[j].uni_acct_name);=0A=
(*info)[i].full_name =3D unistr2_tdup(mem_ctx, =
&info1.str[j].uni_full_name);=0A=
(*info)[i].user_rid =3D info1.sam[j].rid_user;=0A=
- /* For the moment we set the primary group for=0A=
- every user to be the Domain Users group.=0A=
- There are serious problems with determining=0A=
+ /* There are serious problems with determining=0A=
the actual primary group for large domains.=0A=
- This should really be made into a 'winbind=0A=
- force group' smb.conf parameter or=0A=
- something like that. */=0A=
+ 'winbind primary group' smb.conf parameter=0A=
+ defaults to 0. */=0A=
(*info)[i].group_rid =3D DOMAIN_GROUP_RID_USERS;=0A=
+=0A=
+ /* Check for primary group rid */=0A=
+ if (lp_winbind_primary_group()) {=0A=
+=0A=
+ /* Check for forced primary group */=0A=
+ if (!lp_winbind_force_primary()) {=0A=
+ =0A=
+ /* only set primary group to primary_group if member */=0A=
+ status =3D domain->methods->lookup_usergroups(domain, mem_ctx, =
(*info)[i].user_rid, &num_groups, &user_gids);=0A=
+ if (NT_STATUS_IS_OK(status)) {=0A=
+=0A=
+ /* loop through group list */=0A=
+ for (k =3D 0; k < num_groups; k++) {=0A=
+ DEBUG(3,("%d is member of %d\n", (*info)[i].user_rid, =
user_gids[k]));=0A=
+ if (user_gids[k] =3D=3D lp_winbind_primary_group()) {=0A=
+ (*info)[i].group_rid =3D lp_winbind_primary_group();=0A=
+ break;=0A=
+ }=0A=
+ }=0A=
+ } else=0A=
+ DEBUG(1,("failed to lookup_usergroups for =
%d\n",(*info)[i].user_rid));=0A=
+ } else /* force primary group */=0A=
+ (*info)[i].group_rid =3D lp_winbind_primary_group();=0A=
+ }=0A=
}=0A=
=0A=
talloc_destroy(ctx2);=0A=
@@ -263,10 +287,12 @@=0A=
WINBIND_USERINFO *user_info)=0A=
{=0A=
CLI_POLICY_HND *hnd;=0A=
- NTSTATUS result;=0A=
+ NTSTATUS result, status;=0A=
POLICY_HND dom_pol, user_pol;=0A=
BOOL got_dom_pol =3D False, got_user_pol =3D False;=0A=
SAM_USERINFO_CTR *ctr;=0A=
+ uint32 num_groups, i;=0A=
+ uint32 *user_gids;=0A=
=0A=
/* Get sam handle */=0A=
if (!(hnd =3D cm_get_sam_handle(domain->name)))=0A=
@@ -300,6 +326,34 @@=0A=
got_user_pol =3D False;=0A=
=0A=
user_info->group_rid =3D ctr->info.id21->group_rid;=0A=
+=0A=
+ /* Check for primary group rid */=0A=
+ if (lp_winbind_primary_group()) {=0A=
+=0A=
+ /* Check for forced primary group */=0A=
+ if (!lp_winbind_force_primary()) {=0A=
+=0A=
+ /* only set primary group to primary_group if member */=0A=
+ status =3D domain->methods->lookup_usergroups(domain, mem_ctx, =
user_rid, &num_groups, &user_gids);=0A=
+ if (NT_STATUS_IS_OK(status)) {=0A=
+=0A=
+ /* loop through group list */=0A=
+ for (i =3D 0; i < num_groups; i++) {=0A=
+ DEBUG(3,("%d is member of %d\n", user_rid, user_gids[i]));=0A=
+=0A=
+ if (user_gids[i] =3D=3D lp_winbind_primary_group()) {=0A=
+ user_info->group_rid =3D lp_winbind_primary_group();=0A=
+ break;=0A=
+ }=0A=
+ }=0A=
+ } else=0A=
+ DEBUG(1,("failed to lookup_usergroups for %d\n",user_rid));=0A=
+ } else /* force primary group */=0A=
+ user_info->group_rid =3D lp_winbind_primary_group();=0A=
+ }=0A=
+=0A=
+ DEBUG(1,("set user %d primary group to %d\n", user_rid, =
user_info->group_rid));=0A=
+=0A=
user_info->acct_name =3D unistr2_tdup(mem_ctx, =0A=
&ctr->info.id21->uni_user_name);=0A=
user_info->full_name =3D unistr2_tdup(mem_ctx, =0A=
--- samba-2.2.4/source/param/loadparm.c Wed May 15 12:09:02 2002=0A=
+++ samba-2.2.4/source/param/loadparm.c.forceprimarygrouprid Wed May 15 =
12:08:14 2002=0A=
@@ -210,6 +210,8 @@=0A=
int min_passwd_length;=0A=
int oplock_break_wait_time;=0A=
int winbind_cache_time;=0A=
+ int winbind_primary_group;=0A=
+ BOOL bWinbindForcePrimary;=0A=
int iLockSpinCount;=0A=
int iLockSpinTime;=0A=
#ifdef WITH_LDAP_SAM=0A=
@@ -1098,6 +1100,8 @@=0A=
{"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, =
NULL, NULL, 0},=0A=
{"winbind enum groups", P_BOOL, P_GLOBAL, =
&Globals.bWinbindEnumGroups, NULL, NULL, 0},=0A=
{"winbind use default domain", P_BOOL, P_GLOBAL, =
&Globals.bWinbindUseDefaultDomain, NULL, NULL, 0},=0A=
+ {"winbind primary group", P_INTEGER, P_GLOBAL, =
&Globals.winbind_primary_group, NULL, NULL, 0},=0A=
+ {"winbind force primary", P_BOOL, P_GLOBAL, =
&Globals.bWinbindForcePrimary, NULL, NULL, 0},=0A=
=0A=
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}=0A=
};=0A=
@@ -1427,6 +1431,8 @@=0A=
string_set(&Globals.szTemplateHomedir, "/home/%D/%U");=0A=
string_set(&Globals.szWinbindSeparator, "\\");=0A=
Globals.winbind_cache_time =3D 15;=0A=
+ Globals.winbind_primary_group =3D 0; /* use primary group from =
domain */=0A=
+ Globals.bWinbindForcePrimary =3D False; /* True to force membership =
to primary_group */=0A=
=0A=
Globals.bWinbindEnumUsers =3D True;=0A=
Globals.bWinbindEnumGroups =3D True;=0A=
@@ -1787,6 +1793,8 @@=0A=
FN_LOCAL_INTEGER(lp_write_cache_size, iWriteCacheSize)=0A=
FN_LOCAL_CHAR(lp_magicchar, magic_char)=0A=
FN_GLOBAL_INTEGER(lp_winbind_cache_time, =
&Globals.winbind_cache_time)=0A=
+FN_GLOBAL_INTEGER(lp_winbind_primary_group, =
&Globals.winbind_primary_group)=0A=
+FN_GLOBAL_BOOL(lp_winbind_force_primary, =
&Globals.bWinbindForcePrimary)=0A=
FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers)=0A=
=0A=
/* local prototypes */=0A=
------_=_NextPart_000_01C1FC4A.A7164AC0--
More information about the samba
mailing list