diff options
| author | Gerald Carter <jerry@samba.org> | 2006-08-23 02:45:45 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:38:47 -0500 |
| commit | 049fcc8dd54a5fc93b27f84366880cc308a12ca6 (patch) | |
| tree | 0ea456c0a478006d1e59595297640f641bd67707 /source3/auth | |
| parent | 975b15949013f86ffa43675537183b20f3519ed2 (diff) | |
| download | samba-049fcc8dd54a5fc93b27f84366880cc308a12ca6.tar.gz samba-049fcc8dd54a5fc93b27f84366880cc308a12ca6.tar.bz2 samba-049fcc8dd54a5fc93b27f84366880cc308a12ca6.zip | |
r17736: Apply the Unix group patch when creating the token for a
username map.
(This used to be commit 0298a3466bc6c5e322db7dac386e4e5eef0e2702)
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_util.c | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 7ba1bea955..2c20beb33c 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1068,7 +1068,10 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, gid_t *gids; DOM_SID primary_group_sid; DOM_SID *group_sids; + DOM_SID unix_group_sid; size_t num_group_sids; + size_t num_gids; + size_t i; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -1135,7 +1138,6 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, * directly, without consulting passdb */ struct passwd *pass; - size_t i; /* * This goto target is used as a fallback for the passdb @@ -1205,6 +1207,31 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, *found_username = talloc_strdup(mem_ctx, username); } + /* Add the "Unix Group" SID for each gid to catch mapped groups + and their Unix equivalent. This is to solve the backwards + compatibility problem of 'valid users = +ntadmin' where + ntadmin has been paired with "Domain Admins" in the group + mapping table. Otherwise smb.conf would need to be changed + to 'valid user = "Domain Admins"'. --jerry */ + + num_gids = num_group_sids; + for ( i=0; i<num_gids; i++ ) { + gid_t high, low; + + /* don't pickup anything managed by Winbind */ + + if ( lp_idmap_gid(&low, &high) && (gids[i] >= low) && (gids[i] <= high) ) + continue; + + if ( !gid_to_unix_groups_sid( gids[i], &unix_group_sid ) ) { + DEBUG(1,("create_token_from_username: Failed to create SID " + "for gid %d!\n", gids[i])); + continue; + } + add_sid_to_array_unique( mem_ctx, &unix_group_sid, + &group_sids, &num_group_sids ); + } + *token = create_local_nt_token(mem_ctx, &user_sid, is_guest, num_group_sids, group_sids); |