diff options
| author | Luke Leighton <lkcl@samba.org> | 1998-11-24 16:47:49 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 1998-11-24 16:47:49 +0000 |
| commit | ced486c8415c7ece457edecb3246f7277a57d60b (patch) | |
| tree | 578a345157409d97841c8c2c6fe2539226377c43 /source3/groupdb/groupunix.c | |
| parent | 0c9df3c61007eb170ae17282d7b31bea6899a656 (diff) | |
| download | samba-ced486c8415c7ece457edecb3246f7277a57d60b.tar.gz samba-ced486c8415c7ece457edecb3246f7277a57d60b.tar.bz2 samba-ced486c8415c7ece457edecb3246f7277a57d60b.zip | |
sorting out difference between aliases and groups in the cases where
unix groups are not explicitly mapped.
i.e as a PDC or BDC you can have domain groups, as a member of a domain
you cannot.
as a member of a domain, unmapped unix groups are assumed to be aliases,
and as a PDC or BDC, unmapped unix groups are assumed to be unix groups.
there is _one_ other check needed with aliases to be added: unmapped unix
groups that have the same name as an NT group on the PDC (for which i will
need to write an LsaLookupNames call) should be assumed to be domain groups
on the PDC.
(This used to be commit 53b49b44e13a4ca9818ebc947372b1374831b568)
Diffstat (limited to 'source3/groupdb/groupunix.c')
| -rw-r--r-- | source3/groupdb/groupunix.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/source3/groupdb/groupunix.c b/source3/groupdb/groupunix.c index 0f850f347c..89406fe139 100644 --- a/source3/groupdb/groupunix.c +++ b/source3/groupdb/groupunix.c @@ -154,6 +154,14 @@ BOOL get_unixgroup_members(struct group *grp, /************************************************************************* Routine to return the next entry in the domain group list. + + if we are not a PDC or BDC, then we do NOT support Domain groups, only + aliases. try running MUSRMGR.EXE or running USRMGR.EXE selected on a + workstation, you will find that no Domain groups are listed: only aliases. + + so, as a PDC or BDC, all unix groups not explicitly mapped using + map_group_gid() are treated as Domain groups. + *************************************************************************/ static DOMAIN_GRP *getgrpunixpwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem) { @@ -182,8 +190,17 @@ static DOMAIN_GRP *getgrpunixpwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_m while ((unix_grp = getgrent()) != NULL) { DOM_SID sid; + BOOL is_alias; + DEBUG(10,("getgrpunixpwent: enum unix group entry %s\n", unix_grp->gr_name)); + is_alias = map_alias_gid(unix_grp->gr_gid, &sid, NULL, NULL); + if (is_alias) + { + sid_split_rid(&sid, NULL); + is_alias = sid_equal(&sid, &global_sam_sid); + } + if (map_group_gid(unix_grp->gr_gid, &sid, gp_buf.name, NULL)) { /* @@ -194,7 +211,12 @@ static DOMAIN_GRP *getgrpunixpwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_m sid_split_rid(&sid, &gp_buf.rid); if (sid_equal(&sid, &global_sam_sid)) { - break; /* hooray. */ + if (!is_alias) + { + break; /* hooray. */ + } + DEBUG(0,("configuration mistake: unix group %s is mapped to both an NT alias and an NT group\n", + gp_buf.name)); } } else |