diff options
| author | Gerald Carter <jerry@samba.org> | 2006-02-17 19:07:58 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:10:12 -0500 |
| commit | 671c0098f683510194ae672973b167c0532eeba8 (patch) | |
| tree | 50df73ffcd2e1f87566fef3701fe18c7064e27dd /source3/passdb/pdb_interface.c | |
| parent | a2f2a1d9f8f02bf4a4ffb38cc35a92cda770e4f4 (diff) | |
| download | samba-671c0098f683510194ae672973b167c0532eeba8.tar.gz samba-671c0098f683510194ae672973b167c0532eeba8.tar.bz2 samba-671c0098f683510194ae672973b167c0532eeba8.zip | |
r13545: A patch which I think it's time has come. VOlker, we can talk about
this more but it gets around the primary group issue.
* don't map a SID to a name from the group mapping code if
the map doesn't have a valid gid. This is only an issue
in a tdb setup
* Always allow S-1-$DOMAIN-513 to resolve (just like Windows)
* if we cannot resolve a users primary GID to a SID, then set
it to S-1-$DOMAIN-513
* Ignore the primary group SID inside pdb_enum_group_memberships().
Only look at the Unix group membersip.
Jeremy, this fixes a fresh install startup for smbd as far as my tests
are concerned.
(This used to be commit f79f4dc4c58a6172bf69d37469fdd8de05a812df)
Diffstat (limited to 'source3/passdb/pdb_interface.c')
| -rw-r--r-- | source3/passdb/pdb_interface.c | 60 |
1 files changed, 38 insertions, 22 deletions
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index c8917b9356..f42ff3a725 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -1498,14 +1498,29 @@ NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods, { size_t i; gid_t gid; + struct passwd *pw; + const char *username = pdb_get_username(user); + +#if 0 + /* Ignore the primary group SID. Honor the real Unix primary group. + The primary group SID is only of real use to Windows clients */ + if (!sid_to_gid(pdb_get_group_sid(user), &gid)) { DEBUG(10, ("sid_to_gid failed\n")); return NT_STATUS_NO_SUCH_USER; } +#else + if ( !(pw = getpwnam_alloc(mem_ctx, username)) ) { + return NT_STATUS_NO_SUCH_USER; + } + + gid = pw->pw_gid; + + TALLOC_FREE( pw ); +#endif - if (!getgroups_unix_user(mem_ctx, pdb_get_username(user), gid, - pp_gids, p_num_groups)) { + if (!getgroups_unix_user(mem_ctx, username, gid, pp_gids, p_num_groups)) { return NT_STATUS_NO_SUCH_USER; } @@ -1581,32 +1596,33 @@ static BOOL lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, ret = pdb_getgrsid(&map, sid); unbecome_root(); /* END BECOME_ROOT BLOCK */ - - if ( ret ) { - if (map.gid!=(gid_t)-1) { - DEBUG(5,("lookup_global_sam_rid: mapped group %s to " - "gid %u\n", map.nt_name, - (unsigned int)map.gid)); - } else { - DEBUG(5,("lookup_global_sam_rid: mapped group %s to " - "no unix gid. Returning name.\n", - map.nt_name)); - } - + + /* do not resolve SIDs to a name unless there is a valid + gid associated with it */ + + if ( ret && (map.gid != (gid_t)-1) ) { *name = talloc_strdup(mem_ctx, map.nt_name); *psid_name_use = map.sid_name_use; - if (unix_id == NULL) { - return True; + if ( unix_id ) { + unix_id->gid = map.gid; } - if (map.gid == (gid_t)-1) { - DEBUG(5, ("Can't find a unix id for an unmapped " - "group\n")); - return False; - } + return True; + } + + /* Windows will always map RID 513 to something. On a non-domain + controller, this gets mapped to SERVER\None. */ - unix_id->gid = map.gid; + if ( unix_id ) { + DEBUG(5, ("Can't find a unix id for an unmapped group\n")); + return False; + } + + if ( rid == DOMAIN_GROUP_RID_USERS ) { + *name = talloc_strdup(mem_ctx, "None" ); + *psid_name_use = IS_DC ? SID_NAME_DOM_GRP : SID_NAME_ALIAS; + return True; } |