diff options
| author | Gerald Carter <jerry@samba.org> | 2006-02-17 19:07:58 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:10:12 -0500 |
| commit | 671c0098f683510194ae672973b167c0532eeba8 (patch) | |
| tree | 50df73ffcd2e1f87566fef3701fe18c7064e27dd /source3/passdb/passdb.c | |
| parent | a2f2a1d9f8f02bf4a4ffb38cc35a92cda770e4f4 (diff) | |
| download | samba-671c0098f683510194ae672973b167c0532eeba8.tar.gz samba-671c0098f683510194ae672973b167c0532eeba8.tar.bz2 samba-671c0098f683510194ae672973b167c0532eeba8.zip | |
r13545: A patch which I think it's time has come. VOlker, we can talk about
this more but it gets around the primary group issue.
* don't map a SID to a name from the group mapping code if
the map doesn't have a valid gid. This is only an issue
in a tdb setup
* Always allow S-1-$DOMAIN-513 to resolve (just like Windows)
* if we cannot resolve a users primary GID to a SID, then set
it to S-1-$DOMAIN-513
* Ignore the primary group SID inside pdb_enum_group_memberships().
Only look at the Unix group membersip.
Jeremy, this fixes a fresh install startup for smbd as far as my tests
are concerned.
(This used to be commit f79f4dc4c58a6172bf69d37469fdd8de05a812df)
Diffstat (limited to 'source3/passdb/passdb.c')
| -rw-r--r-- | source3/passdb/passdb.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 2b1da6ecce..a50afb6bb8 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -218,6 +218,8 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd } } + /* we really need to throw away the mapping algorithm here */ + if (!pdb_set_user_sid_from_rid(account_data, algorithmic_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) { DEBUG(0,("Can't set User SID from RID!\n")); return NT_STATUS_INVALID_PARAMETER; @@ -229,17 +231,23 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd unbecome_root(); if( ret ) { - if (!pdb_set_group_sid(account_data, &map.sid, PDB_SET)){ + if ( !pdb_set_group_sid(account_data, &map.sid, PDB_SET) ) { DEBUG(0,("Can't set Group SID!\n")); return NT_STATUS_INVALID_PARAMETER; } + + return NT_STATUS_OK; } - else { - if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) { - DEBUG(0,("Can't set Group SID\n")); - return NT_STATUS_INVALID_PARAMETER; - } - } + + /* at this point we do not have an explicit mapping for the user's + primary group. We do not want to fall back to the rid mapping + algorithm. Windows standalone servers set the 0x201 rid as the + primary group and LookupSid( S-1...-513 ) returns SERVER\None. + Do something similar. Use the Domain Users RID as a a placeholder. + This is a workaround only. */ + + if ( !pdb_set_group_sid_from_rid(account_data, DOMAIN_GROUP_RID_USERS, PDB_SET)) + return NT_STATUS_INVALID_PARAMETER; return NT_STATUS_OK; } |