diff options
| author | Volker Lendecke <vlendec@samba.org> | 2006-07-07 18:53:19 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:19:12 -0500 |
| commit | 3899f95e1f44a4dfe31b42119ad5e14304d8a4b4 (patch) | |
| tree | 9e24fbdee158ae6262adf0f71993c79695df6a04 /source3/auth/auth_util.c | |
| parent | fc4abcf02857596c40110f2421facfb70f9be41d (diff) | |
| download | samba-3899f95e1f44a4dfe31b42119ad5e14304d8a4b4.tar.gz samba-3899f95e1f44a4dfe31b42119ad5e14304d8a4b4.tar.bz2 samba-3899f95e1f44a4dfe31b42119ad5e14304d8a4b4.zip | |
r16865: This is a proposal to fix bug 3915. Before sending patches around, this is
what svn is for.
The idea is that we fall back to a pure unix user with S-1-22 SIDs in the
token in case anything weird is going on with the 'force user'.
Volker
(This used to be commit 9ec5ccfe851ac8a1f88b88c8c8461a5cf75b4c57)
Diffstat (limited to 'source3/auth/auth_util.c')
| -rw-r--r-- | source3/auth/auth_util.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 1c629bca82..493d7393d0 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1081,14 +1081,13 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, if (!pdb_getsampwsid(sam_acct, &user_sid)) { DEBUG(1, ("pdb_getsampwsid(%s) for user %s failed\n", sid_string_static(&user_sid), username)); - result = NT_STATUS_NO_SUCH_USER; - goto done; + DEBUGADD(1, ("Fall back to unix user %s\n", username)); + goto unix_user; } gr_sid = pdb_get_group_sid(sam_acct); if (!gr_sid) { - result = NT_STATUS_NO_MEMORY; - goto done; + goto unix_user; } sid_copy(&primary_group_sid, gr_sid); @@ -1096,7 +1095,8 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, if (!sid_to_gid(&primary_group_sid, gid)) { DEBUG(1, ("sid_to_gid(%s) failed\n", sid_string_static(&primary_group_sid))); - goto done; + DEBUGADD(1, ("Fall back to unix user %s\n", username)); + goto unix_user; } result = pdb_enum_group_memberships(tmp_ctx, sam_acct, @@ -1105,7 +1105,8 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, if (!NT_STATUS_IS_OK(result)) { DEBUG(10, ("enum_group_memberships failed for %s\n", username)); - goto done; + DEBUGADD(1, ("Fall back to unix user %s\n", username)); + goto unix_user; } *found_username = talloc_strdup(mem_ctx, @@ -1119,6 +1120,16 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, struct passwd *pass; size_t i; + /* + * This goto target is used as a fallback for the passdb + * case. The concrete bug report is when passdb gave us an + * unmapped gid. + */ + + unix_user: + + uid_to_unix_users_sid(*uid, &user_sid); + pass = getpwuid_alloc(tmp_ctx, *uid); if (pass == NULL) { DEBUG(1, ("getpwuid(%d) for user %s failed\n", |