diff options
author | Tim Potter <tpot@samba.org> | 2001-10-31 06:20:58 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2001-10-31 06:20:58 +0000 |
commit | 6f0b8a38ec036a0027e9f938834e241b41db40c5 (patch) | |
tree | 3ed3e06329649d6843ed9b3f43f18e4cdf1d60f2 /source3/nsswitch | |
parent | eab05eac3998eeb9fb6fb635771370d645b5ff06 (diff) | |
download | samba-6f0b8a38ec036a0027e9f938834e241b41db40c5.tar.gz samba-6f0b8a38ec036a0027e9f938834e241b41db40c5.tar.bz2 samba-6f0b8a38ec036a0027e9f938834e241b41db40c5.zip |
Added some extra fields to the auth_serversupplied_info structure.
To obtain the full group membership of a user (i.e nested groups on a
win2k native mode server) it is necessary to merge this list of groups
with the groups returned by winbindd when creating an nt access token.
This breaks winbindd linking while AB and I sync up our changes to the
authentication subsystem.
(This used to be commit 4eeb7bcd783d7cfb3ac232f1faa035773007401d)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r-- | source3/nsswitch/winbindd_group.c | 4 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 4 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_util.c | 10 |
3 files changed, 14 insertions, 4 deletions
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 092651c9a7..e1e4443442 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -107,7 +107,9 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain, DEBUG(10, ("fill_grent_mem(): processing name %s\n", the_name)); - /* Only add domain users */ + /* FIXME: need to cope with groups within groups. These + occur in Universal groups on a Windows 2000 native mode + server. */ if (name_types[i] != SID_NAME_USER) { DEBUG(3, ("fill_grent_mem(): name %s isn't a domain " diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 406b12c9f6..5cf819a19d 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -141,6 +141,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) auth_dc, trust_passwd, last_change_time); + free_serversupplied_info(&server_info); /* No info needed */ + return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } @@ -218,6 +220,8 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) auth_dc, trust_passwd, last_change_time); + free_serversupplied_info(&server_info); /* No info needed */ + return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index 614198673b..6a0a5389ef 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -344,6 +344,9 @@ BOOL winbindd_lookup_groupmem(struct winbindd_domain *domain, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 i, total_names = 0; + /* Step #1: Get a list of user rids that are the members of the + group. */ + if (!(group_hnd = cm_get_sam_group_handle(domain->name, &domain->sid, group_rid))) goto done; @@ -357,9 +360,10 @@ BOOL winbindd_lookup_groupmem(struct winbindd_domain *domain, if (!NT_STATUS_IS_OK(result)) goto done; - /* Convert list of rids into list of names. Do this in bunches of - ~1000 to avoid crashing NT4. It looks like there is a buffer - overflow or something like that lurking around somewhere. */ + /* Step #2: Convert list of rids into list of usernames. Do this + in bunches of ~1000 to avoid crashing NT4. It looks like there + is a buffer overflow or something like that lurking around + somewhere. */ if (!(dom_hnd = cm_get_sam_dom_handle(domain->name, &domain->sid))) goto done; |