summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2012-12-06 22:02:32 +0100
committerStefan Metzmacher <metze@samba.org>2013-01-29 21:54:48 +0100
commitd2360fe56c860fa20051f6373eb2fcc3e4def6b6 (patch)
tree2c51a948e7f84584a2893f9eaffcd6a4ba11668e
parent729e2c36301620ccc61b1d97205fb3f482efbe15 (diff)
downloadsamba-d2360fe56c860fa20051f6373eb2fcc3e4def6b6.tar.gz
samba-d2360fe56c860fa20051f6373eb2fcc3e4def6b6.tar.bz2
samba-d2360fe56c860fa20051f6373eb2fcc3e4def6b6.zip
s3:winbindd: create group structs for gids that are coming from a user sid id-mapped with ID_TYPE_BOTH
This "fake" group contains exctly one member, namely the user that the sid is actually belonging to. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--source3/winbindd/wb_getgrsid.c49
1 files changed, 49 insertions, 0 deletions
diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c
index 2097539e29..fa376da088 100644
--- a/source3/winbindd/wb_getgrsid.c
+++ b/source3/winbindd/wb_getgrsid.c
@@ -91,6 +91,11 @@ static void wb_getgrsid_lookupsid_done(struct tevent_req *subreq)
case SID_NAME_DOM_GRP:
case SID_NAME_ALIAS:
case SID_NAME_WKN_GRP:
+ /*
+ * also treat user-type SIDS (they might map to ID_TYPE_BOTH)
+ */
+ case SID_NAME_USER:
+ case SID_NAME_COMPUTER:
break;
default:
tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
@@ -132,6 +137,50 @@ static void wb_getgrsid_sid2gid_done(struct tevent_req *subreq)
state->gid = (gid_t)xid.id;
+ if (state->type == SID_NAME_USER || state->type == SID_NAME_COMPUTER) {
+ /*
+ * special treatment for a user sid that is
+ * mapped to ID_TYPE_BOTH:
+ * create a group with the sid/xid as only member
+ */
+ char *name;
+
+ if (xid.type != ID_TYPE_BOTH) {
+ tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
+ return;
+ }
+
+ state->members = talloc_dict_init(state);
+ if (tevent_req_nomem(state->members, req)) {
+ return;
+ }
+
+ name = fill_domain_username_talloc(talloc_tos(),
+ state->domname,
+ state->name,
+ true /* can_assume */);
+ if (tevent_req_nomem(name, req)) {
+ return;
+ }
+
+ status = add_wbint_Principal_to_dict(talloc_tos(),
+ &state->sid,
+ &name,
+ state->type,
+ state->members);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ tevent_req_done(req);
+ return;
+ }
+
+ /*
+ * the "regular" case of a group type sid.
+ */
+
subreq = wb_group_members_send(state, state->ev, &state->sid,
state->type, state->max_nesting);
if (tevent_req_nomem(subreq, req)) {