diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2002-06-13 14:06:08 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2002-06-13 14:06:08 +0000 |
| commit | bad738e6536e983064eee7647229354bc9028183 (patch) | |
| tree | a3f36ff7035d676e28d60c0249dfdbf37cac6317 /source3/passdb/pdb_nisplus.c | |
| parent | 2154ebce84c6cf376e7183e8c5f7ad0e17aead97 (diff) | |
| download | samba-bad738e6536e983064eee7647229354bc9028183.tar.gz samba-bad738e6536e983064eee7647229354bc9028183.tar.bz2 samba-bad738e6536e983064eee7647229354bc9028183.zip | |
Latest patch from metze <metze@metzemix.de> to move most of samba across
to using SIDs instead of RIDs.
The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument.
The idea here is to prevent mistakes where the SID is implict, but isn't
the same one that we have in the struct.
Andrew Bartlett
(This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901)
Diffstat (limited to 'source3/passdb/pdb_nisplus.c')
| -rw-r--r-- | source3/passdb/pdb_nisplus.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index 0c4c2c5bb3..80f918d1a6 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -339,8 +339,8 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj pdb_set_uid(pw_buf, atoi(ENTRY_VAL(obj, NPF_UID))); pdb_set_gid(pw_buf, atoi(ENTRY_VAL(obj, NPF_SMB_GRPID))); - pdb_set_user_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID))); - pdb_set_group_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID))); + pdb_set_user_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID))); + pdb_set_group_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID))); /* values, must exist for user */ if( !(pdb_get_acct_ctrl(pw_buf) & ACB_WSTRUST) ) { @@ -381,7 +381,7 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj else { /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ - pdb_set_group_rid (pw_buf, DOMAIN_GROUP_RID_USERS); + pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS); } /* Check the lanman password column. */ @@ -538,7 +538,8 @@ static BOOL init_nisp_from_sam(nis_object *obj, const SAM_ACCOUNT *sampass, if (rid==0) { if (get_group_map_from_gid(pdb_get_gid(sampass), &map, MAPPING_WITHOUT_PRIV)) { - sid_peek_rid(&map.sid, &rid); + if (!sid_peek_check_rid(get_global_sam_sid(), &map.sid, &rid)) + return False; } else rid=pdb_gid_to_group_rid(pdb_get_gid(sampass)); } @@ -1034,7 +1035,8 @@ BOOL pdb_getsampwnam(SAM_ACCOUNT * user, const char *sname) BOOL pdb_getsampwsid(SAM_ACCOUNT * user, DOM_SID *sid) { uint32 rid; - sid_peek_rid(sid, &rid); + if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) + return False; return pdb_getsampwrid(user, rid); } |