summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2007-04-19 22:26:09 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:19:30 -0500
commit36da6cb5847df2754e8f9223e0784da6013c572b (patch)
treee0c3e6fe06c658ddae8f0d947482e0bdb3657e6c /source3/auth
parentdc90cd89a7fef3b0a744ef1873193cf2c9d75cad (diff)
downloadsamba-36da6cb5847df2754e8f9223e0784da6013c572b.tar.gz
samba-36da6cb5847df2754e8f9223e0784da6013c572b.tar.bz2
samba-36da6cb5847df2754e8f9223e0784da6013c572b.zip
r22390: Patchset sent to samba-technical to address the winbind
loop when allocating a new id for a SID: auth_util.patch Revert create_local_token() to the 3.0.24 codebase idmap_type.patch Have the caller fillin the id_map.xid.type field when resolving a SID so that if we allocate a new id, we know what type to use winbindd_api.patch Remove the WINBINDD_SIDS_TO_XIDS calls from the public winbindd interface for the 3.0.25 release idmap_rid.patch Cleanup the idmap_rid backend to not call back into winbindd to resolve the SID in order to verify it's type. (This used to be commit 3b24dae9e73b244540a68b631b428a4d0f57440b)
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_util.c48
1 files changed, 10 insertions, 38 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 0de3bf2325..336daa906d 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -637,9 +637,7 @@ static NTSTATUS log_nt_token(TALLOC_CTX *tmp_ctx, NT_USER_TOKEN *token)
NTSTATUS create_local_token(auth_serversupplied_info *server_info)
{
TALLOC_CTX *mem_ctx;
- struct id_map *ids;
NTSTATUS status;
- BOOL wb = True;
size_t i;
@@ -686,46 +684,20 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
server_info->groups = NULL;
/* Start at index 1, where the groups start. */
- ids = talloc_zero_array(mem_ctx, struct id_map, server_info->ptok->num_sids);
- for (i = 0; i < server_info->ptok->num_sids-1; i++) {
- ids[i].sid = &server_info->ptok->user_sids[i + 1]; /* store the sids */
- }
-
- if (!winbind_sids_to_unixids(ids, server_info->ptok->num_sids-1)) {
- DEBUG(2, ("Query to map secondary SIDs failed!\n"));
- if (!winbind_ping()) {
- DEBUG(2, ("Winbindd is not running, will try to map SIDs one by one with legacy code\n"));
- wb = False;
- }
- }
- for (i = 0; i < server_info->ptok->num_sids-1; i++) {
- gid_t agid;
+ for (i=1; i<server_info->ptok->num_sids; i++) {
+ gid_t gid;
+ DOM_SID *sid = &server_info->ptok->user_sids[i];
- if (wb) {
- if (ids[i].status != ID_MAPPED) {
- DEBUG(10, ("Could not convert SID %s to gid, "
- "ignoring it\n", sid_string_static(ids[i].sid)));
- continue;
- }
- if (ids[i].xid.type == ID_TYPE_UID) {
- DEBUG(10, ("SID %s is a User ID (%u) not a Group ID, "
- "ignoring it\n", sid_string_static(ids[i].sid), ids[i].xid.id));
- continue;
- }
- agid = (gid_t)ids[i].xid.id;
- } else {
- if (! sid_to_gid(ids[i].sid, &agid)) {
- continue;
- }
- }
- if (!add_gid_to_array_unique(server_info, agid, &server_info->groups,
- &server_info->n_groups)) {
- TALLOC_FREE(mem_ctx);
- return NT_STATUS_NO_MEMORY;
+ if (!sid_to_gid(sid, &gid)) {
+ DEBUG(10, ("Could not convert SID %s to gid, "
+ "ignoring it\n", sid_string_static(sid)));
+ continue;
}
+ add_gid_to_array_unique(server_info, gid, &server_info->groups,
+ &server_info->n_groups);
}
-
+
debug_nt_user_token(DBGC_AUTH, 10, server_info->ptok);
status = log_nt_token(mem_ctx, server_info->ptok);