summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Ambach <ambi@samba.org>2013-06-18 17:06:52 +0200
committerMichael Adam <obnox@samba.org>2013-06-21 12:49:10 +0200
commitad86e2a599812bc7b7d0037d3acd3f3e6973c4be (patch)
tree42e35c8926f98b464f72119a247f846d95dd74f8
parent2d2d13ee6104f21fa4a3ec845f216084a24da0b2 (diff)
downloadsamba-ad86e2a599812bc7b7d0037d3acd3f3e6973c4be.tar.gz
samba-ad86e2a599812bc7b7d0037d3acd3f3e6973c4be.tar.bz2
samba-ad86e2a599812bc7b7d0037d3acd3f3e6973c4be.zip
s3:passdb/pdb_util make pdb_create_builtin consider whether backend deals with BUILTIN
when creating a BUILTIN group, make the strategy dependent on passdb backend behavior 1. if passdb is responsible for BUILTIN (normal case), call pdb_create_builtin_alias with gid=0 argument so it asks winbindd for a gid to be used 2. if passdb is not responsible, ask for a mapping for the group first and let pdb_create_builtin_alias create the mapping based on the gid that was determined in the mapping request Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Jun 21 12:49:10 CEST 2013 on sn-devel-104
-rw-r--r--source3/passdb/pdb_util.c37
1 files changed, 33 insertions, 4 deletions
diff --git a/source3/passdb/pdb_util.c b/source3/passdb/pdb_util.c
index 31fd018e8c..bf7b2b8abd 100644
--- a/source3/passdb/pdb_util.c
+++ b/source3/passdb/pdb_util.c
@@ -26,6 +26,7 @@
#include "../libcli/security/security.h"
#include "passdb.h"
#include "lib/winbind_util.h"
+#include "../librpc/gen_ndr/idmap.h"
/**
* Add sid as a member of builtin_sid.
@@ -72,16 +73,44 @@ NTSTATUS pdb_create_builtin(uint32_t rid)
NTSTATUS status = NT_STATUS_OK;
struct dom_sid sid;
gid_t gid;
+ bool mapresult;
if (!sid_compose(&sid, &global_sid_Builtin, rid)) {
return NT_STATUS_NO_SUCH_ALIAS;
}
- if (!sid_to_gid(&sid, &gid)) {
- if (!lp_winbind_nested_groups() || !winbind_ping()) {
- return NT_STATUS_PROTOCOL_UNREACHABLE;
+ if (!pdb_is_responsible_for_builtin()) {
+ /*
+ * if this backend is not responsible for BUILTIN
+ *
+ * Use the gid from the mapping request for entry.
+ * If the mapping fails, bail out
+ */
+ mapresult = sid_to_gid(&sid, &gid);
+ if (!mapresult) {
+ status = NT_STATUS_NO_SUCH_GROUP;
+ } else {
+ status = pdb_create_builtin_alias(rid, gid);
+ }
+ } else {
+ /*
+ * this backend is responsible for BUILTIN
+ *
+ * a failed mapping result means that the entry
+ * does not exist yet, so create it
+ *
+ * we use pdb_sid_to_id intentionally here to
+ * directly query the passdb backend (sid_to_gid
+ * would finally do the same)
+ */
+ struct unixid id;
+ mapresult = pdb_sid_to_id(&sid, &id);
+ if (!mapresult) {
+ if (!lp_winbind_nested_groups() || !winbind_ping()) {
+ return NT_STATUS_PROTOCOL_UNREACHABLE;
+ }
+ status = pdb_create_builtin_alias(rid, 0);
}
- status = pdb_create_builtin_alias(rid, 0);
}
return status;
}