summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2004-06-03 08:31:57 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:51:52 -0500
commitb24835c155d90fe9871cfa5d77f9883c8b0de540 (patch)
tree0d7088001e52baba5b7ca814ccdd1e0c203435e7
parentac5f0785c83d971a043cc99369dd491bee2be302 (diff)
downloadsamba-b24835c155d90fe9871cfa5d77f9883c8b0de540.tar.gz
samba-b24835c155d90fe9871cfa5d77f9883c8b0de540.tar.bz2
samba-b24835c155d90fe9871cfa5d77f9883c8b0de540.zip
r988: When adding local aliases' gids to the user token, don't do a idmap_sid_to_gid
on the user sid. This might lead to a user SID entered as a GID in the idmap. Volker (This used to be commit 98e10d149710d9b70404e77a4bc0560c2e48aeaf)
-rw-r--r--source3/nsswitch/winbindd_group.c42
1 files changed, 31 insertions, 11 deletions
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index 7b4529144e..0e6c98e5d3 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -942,16 +942,14 @@ static void add_gid_to_array_unique(gid_t gid, gid_t **gids, int *num)
*num += 1;
}
-static void add_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num)
+static void add_local_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num)
{
gid_t gid;
DOM_SID *aliases;
int j, num_aliases;
- DEBUG(10, ("Adding gids from SID: %s\n", sid_string_static(sid)));
-
- if (NT_STATUS_IS_OK(idmap_sid_to_gid(sid, &gid, 0)))
- add_gid_to_array_unique(gid, gids, num);
+ DEBUG(10, ("Adding local gids from SID: %s\n",
+ sid_string_static(sid)));
/* Don't expand aliases if not explicitly activated -- for now
-- jerry */
@@ -974,6 +972,27 @@ static void add_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num)
SAFE_FREE(aliases);
}
+static void add_gids_from_user_sid(DOM_SID *sid, gid_t **gids, int *num)
+{
+ DEBUG(10, ("Adding gids from user SID: %s\n",
+ sid_string_static(sid)));
+
+ add_local_gids_from_sid(sid, gids, num);
+}
+
+static void add_gids_from_group_sid(DOM_SID *sid, gid_t **gids, int *num)
+{
+ gid_t gid;
+
+ DEBUG(10, ("Adding gids from group SID: %s\n",
+ sid_string_static(sid)));
+
+ if (NT_STATUS_IS_OK(idmap_sid_to_gid(sid, &gid, 0)))
+ add_gid_to_array_unique(gid, gids, num);
+
+ add_local_gids_from_sid(sid, gids, num);
+}
+
/* Get user supplementary groups. This is much quicker than trying to
invert the groups database. We merge the groups from the gids and
other_sids info3 fields as trusted domain, universal group
@@ -1039,7 +1058,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
goto done;
}
- add_gids_from_sid(&user_sid, &gid_list, &num_gids);
+ add_gids_from_user_sid(&user_sid, &gid_list, &num_gids);
/* Treat the info3 cache as authoritative as the
lookup_usergroups() function may return cached data. */
@@ -1083,8 +1102,8 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
continue;
}
- add_gids_from_sid(&info3->other_sids[i].sid,
- &gid_list, &num_gids);
+ add_gids_from_group_sid(&info3->other_sids[i].sid,
+ &gid_list, &num_gids);
if (gid_list == NULL)
goto done;
@@ -1097,7 +1116,8 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
sid_copy( &group_sid, &domain->sid );
sid_append_rid( &group_sid, info3->gids[i].g_rid );
- add_gids_from_sid(&group_sid, &gid_list, &num_gids);
+ add_gids_from_group_sid(&group_sid, &gid_list,
+ &num_gids);
if (gid_list == NULL)
goto done;
@@ -1116,8 +1136,8 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
goto done;
for (i = 0; i < num_groups; i++) {
- add_gids_from_sid(user_grpsids[i],
- &gid_list, &num_gids);
+ add_gids_from_group_sid(user_grpsids[i],
+ &gid_list, &num_gids);
if (gid_list == NULL)
goto done;