diff options
author | Christian Ambach <ambi@samba.org> | 2013-06-18 17:06:52 +0200 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2013-06-21 12:49:10 +0200 |
commit | ad86e2a599812bc7b7d0037d3acd3f3e6973c4be (patch) | |
tree | 42e35c8926f98b464f72119a247f846d95dd74f8 | |
parent | 2d2d13ee6104f21fa4a3ec845f216084a24da0b2 (diff) | |
download | samba-ad86e2a599812bc7b7d0037d3acd3f3e6973c4be.tar.gz samba-ad86e2a599812bc7b7d0037d3acd3f3e6973c4be.tar.bz2 samba-ad86e2a599812bc7b7d0037d3acd3f3e6973c4be.zip |
s3:passdb/pdb_util make pdb_create_builtin consider whether backend deals with BUILTIN
when creating a BUILTIN group, make the strategy dependent on passdb backend behavior
1. if passdb is responsible for BUILTIN (normal case), call pdb_create_builtin_alias with gid=0 argument
so it asks winbindd for a gid to be used
2. if passdb is not responsible, ask for a mapping for the group first and let pdb_create_builtin_alias
create the mapping based on the gid that was determined in the mapping request
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun 21 12:49:10 CEST 2013 on sn-devel-104
-rw-r--r-- | source3/passdb/pdb_util.c | 37 |
1 files changed, 33 insertions, 4 deletions
diff --git a/source3/passdb/pdb_util.c b/source3/passdb/pdb_util.c index 31fd018e8c..bf7b2b8abd 100644 --- a/source3/passdb/pdb_util.c +++ b/source3/passdb/pdb_util.c @@ -26,6 +26,7 @@ #include "../libcli/security/security.h" #include "passdb.h" #include "lib/winbind_util.h" +#include "../librpc/gen_ndr/idmap.h" /** * Add sid as a member of builtin_sid. @@ -72,16 +73,44 @@ NTSTATUS pdb_create_builtin(uint32_t rid) NTSTATUS status = NT_STATUS_OK; struct dom_sid sid; gid_t gid; + bool mapresult; if (!sid_compose(&sid, &global_sid_Builtin, rid)) { return NT_STATUS_NO_SUCH_ALIAS; } - if (!sid_to_gid(&sid, &gid)) { - if (!lp_winbind_nested_groups() || !winbind_ping()) { - return NT_STATUS_PROTOCOL_UNREACHABLE; + if (!pdb_is_responsible_for_builtin()) { + /* + * if this backend is not responsible for BUILTIN + * + * Use the gid from the mapping request for entry. + * If the mapping fails, bail out + */ + mapresult = sid_to_gid(&sid, &gid); + if (!mapresult) { + status = NT_STATUS_NO_SUCH_GROUP; + } else { + status = pdb_create_builtin_alias(rid, gid); + } + } else { + /* + * this backend is responsible for BUILTIN + * + * a failed mapping result means that the entry + * does not exist yet, so create it + * + * we use pdb_sid_to_id intentionally here to + * directly query the passdb backend (sid_to_gid + * would finally do the same) + */ + struct unixid id; + mapresult = pdb_sid_to_id(&sid, &id); + if (!mapresult) { + if (!lp_winbind_nested_groups() || !winbind_ping()) { + return NT_STATUS_PROTOCOL_UNREACHABLE; + } + status = pdb_create_builtin_alias(rid, 0); } - status = pdb_create_builtin_alias(rid, 0); } return status; } |