diff options
| author | Steven Danneman <steven.danneman@isilon.com> | 2009-02-26 17:47:32 -0800 |
|---|---|---|
| committer | Steven Danneman <steven.danneman@isilon.com> | 2009-02-26 19:47:43 -0800 |
| commit | 61bedb4263a73121bde3fb18295bc0abc4ccbcb2 (patch) | |
| tree | 9ebb37d27ad12d0c5866a763c4413fb15c509837 /nsswitch/winbind_nss_config.h | |
| parent | b7b287d41720ec15eff234ffc96c2fa628e8a6e8 (diff) | |
| download | samba-61bedb4263a73121bde3fb18295bc0abc4ccbcb2.tar.gz samba-61bedb4263a73121bde3fb18295bc0abc4ccbcb2.tar.bz2 samba-61bedb4263a73121bde3fb18295bc0abc4ccbcb2.zip | |
s3: fix guest auth when winbindd is running
This fix is very subtle. If a server is configured with "security = share"
and "guest ok = yes" and winbindd is running authorization will fail during
tree connect.
This is due to our inability to map the guest sid S-1-5-21-X-501 to a uid
through sid_to_uid(). Winbindd is unaware of the hard coded mapping
between this sid and whatever uid the name in lp_guestaccount() is assigned.
So sid_to_uid() fails and we exit create_token_from_username() without
ever calling pdb_getsampwsid() which IS aware of the hard coded mapping.
This patch just reorganizes the code, moving sid_to_uid() down to the
block of code in which it is needed, avoiding this early failure.
Diffstat (limited to 'nsswitch/winbind_nss_config.h')
0 files changed, 0 insertions, 0 deletions