diff options
| author | Volker Lendecke <vlendec@samba.org> | 2004-02-29 16:48:19 +0000 |
|---|---|---|
| committer | Volker Lendecke <vlendec@samba.org> | 2004-02-29 16:48:19 +0000 |
| commit | 0d45ad1b0d55546c6a4afcb002acefefc2e2feb0 (patch) | |
| tree | 34fa0e74191cef6a5070a0e1499c919a43b4f64d /source3/auth | |
| parent | 4628a2da1e32f397696640452c950e4b55ada9e7 (diff) | |
| download | samba-0d45ad1b0d55546c6a4afcb002acefefc2e2feb0.tar.gz samba-0d45ad1b0d55546c6a4afcb002acefefc2e2feb0.tar.bz2 samba-0d45ad1b0d55546c6a4afcb002acefefc2e2feb0.zip | |
Apply my experimental aliases support to HEAD. This will be a bit difficult to
merge to 3_0, as the pdb interfaces has changed a bit between the two.
This has not been tested too severly (which means it's completely broken ;-),
but I want it in for review. Feel free to revert it :-)
TODO:
make 'net groupmap' a bit more friendly for alias members.
Put that stuff into pdb_ldap.
Getting the information over to winbind. One plan without linking pdb into
winbind would be to fill group_mapping.tdb with the membership information and
have that as a cache (or use gencache.tdb?). smbd on a PDC or stand-alone
could trigger that itself, the problem is a BDC using LDAP. This needs to do
it on a regular basis. The BDC smbd needs to be informed about SAM changes
somehow...
Volker
(This used to be commit 30ef8fe1e85c0ca229b54f3f1595c4330f7191d1)
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_util.c | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 0f945b33cb..912432b98f 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -635,6 +635,70 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, return token; } +static void add_gid_to_array_unique(gid_t gid, gid_t **groups, int *ngroups) +{ + int i; + + if ((*ngroups) >= groups_max()) + return; + + for (i=0; i<*ngroups; i++) { + if ((*groups)[i] == gid) + return; + } + + *groups = Realloc(*groups, ((*ngroups)+1) * sizeof(gid_t)); + + if (*groups == NULL) + return; + + (*groups)[*ngroups] = gid; + *ngroups += 1; +} + +static void add_foreign_gids_from_sid(const DOM_SID *sid, gid_t **groups, + int *ngroups) +{ + DOM_SID *aliases; + int j, num_aliases; + + if (!pdb_enum_alias_memberships(sid, &aliases, &num_aliases)) + return; + + for (j=0; j<num_aliases; j++) { + gid_t gid; + + if (!NT_STATUS_IS_OK(sid_to_gid(&aliases[j], &gid))) + continue; + + add_gid_to_array_unique(gid, groups, ngroups); + } + SAFE_FREE(aliases); +} + +static void add_foreign_gids(uid_t uid, gid_t gid, + gid_t **groups, int *ngroups) +{ + int i, dom_groups; + DOM_SID sid; + + if (NT_STATUS_IS_OK(uid_to_sid(&sid, uid))) + add_foreign_gids_from_sid(&sid, groups, ngroups); + + if (NT_STATUS_IS_OK(gid_to_sid(&sid, gid))) + add_foreign_gids_from_sid(&sid, groups, ngroups); + + dom_groups = *ngroups; + + for (i=0; i<dom_groups; i++) { + + if (!NT_STATUS_IS_OK(gid_to_sid(&sid, (*groups)[i]))) + continue; + + add_foreign_gids_from_sid(&sid, groups, ngroups); + } +} + /****************************************************************************** * this function returns the groups (SIDs) of the local SAM the user is in. * If this samba server is a DC of the domain the user belongs to, it returns @@ -699,6 +763,8 @@ static NTSTATUS get_user_groups(const char *username, uid_t uid, gid_t gid, } } + add_foreign_gids(uid, gid, unix_groups, &n_unix_groups); + debug_unix_user_token(DBGC_CLASS, 5, uid, gid, n_unix_groups, *unix_groups); /* now setup the space for storing the SIDS */ |