diff options
author | Michael Adam <obnox@samba.org> | 2012-12-06 22:02:32 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2013-01-29 21:54:48 +0100 |
commit | d2360fe56c860fa20051f6373eb2fcc3e4def6b6 (patch) | |
tree | 2c51a948e7f84584a2893f9eaffcd6a4ba11668e | |
parent | 729e2c36301620ccc61b1d97205fb3f482efbe15 (diff) | |
download | samba-d2360fe56c860fa20051f6373eb2fcc3e4def6b6.tar.gz samba-d2360fe56c860fa20051f6373eb2fcc3e4def6b6.tar.bz2 samba-d2360fe56c860fa20051f6373eb2fcc3e4def6b6.zip |
s3:winbindd: create group structs for gids that are coming from a user sid id-mapped with ID_TYPE_BOTH
This "fake" group contains exctly one member, namely the user that the sid is
actually belonging to.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | source3/winbindd/wb_getgrsid.c | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c index 2097539e29..fa376da088 100644 --- a/source3/winbindd/wb_getgrsid.c +++ b/source3/winbindd/wb_getgrsid.c @@ -91,6 +91,11 @@ static void wb_getgrsid_lookupsid_done(struct tevent_req *subreq) case SID_NAME_DOM_GRP: case SID_NAME_ALIAS: case SID_NAME_WKN_GRP: + /* + * also treat user-type SIDS (they might map to ID_TYPE_BOTH) + */ + case SID_NAME_USER: + case SID_NAME_COMPUTER: break; default: tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP); @@ -132,6 +137,50 @@ static void wb_getgrsid_sid2gid_done(struct tevent_req *subreq) state->gid = (gid_t)xid.id; + if (state->type == SID_NAME_USER || state->type == SID_NAME_COMPUTER) { + /* + * special treatment for a user sid that is + * mapped to ID_TYPE_BOTH: + * create a group with the sid/xid as only member + */ + char *name; + + if (xid.type != ID_TYPE_BOTH) { + tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP); + return; + } + + state->members = talloc_dict_init(state); + if (tevent_req_nomem(state->members, req)) { + return; + } + + name = fill_domain_username_talloc(talloc_tos(), + state->domname, + state->name, + true /* can_assume */); + if (tevent_req_nomem(name, req)) { + return; + } + + status = add_wbint_Principal_to_dict(talloc_tos(), + &state->sid, + &name, + state->type, + state->members); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return; + } + + tevent_req_done(req); + return; + } + + /* + * the "regular" case of a group type sid. + */ + subreq = wb_group_members_send(state, state->ev, &state->sid, state->type, state->max_nesting); if (tevent_req_nomem(subreq, req)) { |