diff options
| author | Gerald Carter <jerry@samba.org> | 2003-07-07 05:11:10 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2003-07-07 05:11:10 +0000 |
| commit | 0b18acb841f6a372b3aa285d4734875e5e35fe3b (patch) | |
| tree | add4afee2b70d87bfd96b7702d9d6a2476ac7e74 /source3/auth | |
| parent | b5cd4a8643169b276a3af8a9272d212d76a54dd3 (diff) | |
| download | samba-0b18acb841f6a372b3aa285d4734875e5e35fe3b.tar.gz samba-0b18acb841f6a372b3aa285d4734875e5e35fe3b.tar.bz2 samba-0b18acb841f6a372b3aa285d4734875e5e35fe3b.zip | |
and so it begins....
* remove idmap_XX_to_XX calls from smbd. Move back to the
the winbind_XXX and local_XXX calls used in 2.2
* all uid/gid allocation must involve winbindd now
* move flags field around in winbindd_request struct
* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
to prevent automatic allocation for unknown SIDs
* add 'winbind trusted domains only' parameter to force a domain member
server to use matching users names from /etc/passwd for its domain
(needed for domain member of a Samba domain)
* rename 'idmap only' to 'enable rid algorithm' for better clarity
(defaults to "yes")
code has been tested on
* domain member of native mode 2k domain
* ads domain member of native mode 2k domain
* domain member of NT4 domain
* domain member of Samba domain
* Samba PDC running winbindd with trusts
Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'
This will be a long week of changes. The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
(This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_util.c | 65 | ||||
| -rw-r--r-- | source3/auth/auth_winbind.c | 2 |
2 files changed, 18 insertions, 49 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index f77ee350b4..399a1e9006 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -923,12 +923,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, DOM_SID user_sid; DOM_SID group_sid; - struct passwd *passwd; - - unid_t u_id, g_id; uid_t uid; gid_t gid; - int u_type, g_type; int n_lgroupSIDs; DOM_SID *lgroupSIDs = NULL; @@ -964,44 +960,20 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* If the server didn't give us one, just use the one we sent them */ domain = domain; } - - u_type = ID_USERID; - g_type = ID_GROUPID; - - /* we are trying to check that idmap isn't stuffing us over - does this - user actually exist? */ - if (NT_STATUS_IS_OK(idmap_get_id_from_sid(&u_id, &u_type, &user_sid)) - && NT_STATUS_IS_OK(idmap_get_id_from_sid(&g_id, &g_type, &group_sid)) - && ((passwd = getpwuid_alloc(u_id.uid)))) { - - nt_status = pdb_init_sam_pw(&sam_account, passwd); - - uid = passwd->pw_uid; - gid = passwd->pw_gid; - - /* we should check this is the same name */ - found_username = talloc_strdup(mem_ctx, passwd->pw_name); - - passwd_free(&passwd); - } else { - - /* User not from winbind - try and find them by getpwnam() */ - nt_status = fill_sam_account(mem_ctx, nt_domain, - internal_username, - &found_username, - &uid, &gid, - &sam_account); - - if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { - DEBUG(3,("User %s does not exist, trying to add it\n", - internal_username)); - auth_add_user_script(nt_domain, internal_username); - nt_status = fill_sam_account(mem_ctx, nt_domain, - internal_username, - &found_username, - &uid, &gid, - &sam_account); - } + + /* try to fill the same account.. If getpwnam() fails, then try the + add user script (2.2.x behavior) */ + + nt_status = fill_sam_account(mem_ctx, nt_domain, internal_username, + &found_username, &uid, &gid, &sam_account); + + if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { + DEBUG(3,("User %s does not exist, trying to add it\n", + internal_username)); + auth_add_user_script(nt_domain, internal_username); + nt_status = fill_sam_account(mem_ctx, nt_domain, + internal_username, &found_username, + &uid, &gid, &sam_account); } if (!NT_STATUS_IS_OK(nt_status)) { @@ -1082,12 +1054,9 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* Store the user group information in the server_info returned to the caller. */ - if (!NT_STATUS_IS_OK(nt_status - = get_user_groups_from_local_sam((*server_info)->unix_name, - uid, gid, - &n_lgroupSIDs, - &lgroupSIDs, - &unix_groups))) + nt_status = get_user_groups_from_local_sam((*server_info)->unix_name, + uid, gid, &n_lgroupSIDs, &lgroupSIDs, &unix_groups); + if ( !NT_STATUS_IS_OK(nt_status) ) { DEBUG(4,("get_user_groups_from_local_sam failed\n")); return nt_status; diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index 856b8f5a82..aa8f345a5b 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -85,7 +85,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, ZERO_STRUCT(request); ZERO_STRUCT(response); - request.data.auth_crap.flags = WINBIND_PAM_INFO3_NDR; + request.flags = WBFLAG_PAM_INFO3_NDR; push_utf8_fstring(request.data.auth_crap.user, user_info->smb_name.str); |