summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2006-06-06 20:18:11 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:17:19 -0500
commit40dc4e2d1a6893c391d68e6d5b0d2cb74f53866f (patch)
treeb621b370f1caa82c4a6374d868f1b3b068394727 /source3/passdb
parentc594a5519d459730252a9692200a849b84b4e96a (diff)
downloadsamba-40dc4e2d1a6893c391d68e6d5b0d2cb74f53866f.tar.gz
samba-40dc4e2d1a6893c391d68e6d5b0d2cb74f53866f.tar.bz2
samba-40dc4e2d1a6893c391d68e6d5b0d2cb74f53866f.zip
r16064: Bug fix for another one Tom Bork has reported:
'valid users = +unixgroup' failed with smbpasswd if 'unixgroup' has a (non-algorithmic) group mapping. Thanks a lot! People out there listening, please test current code, this release is **BIG** :-) Volker (This used to be commit 8f9ba5f96c9b506623ef97b7ed3d84f39d914a3c)
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/lookup_sid.c26
1 files changed, 23 insertions, 3 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 02b83f1965..8a28f75ec8 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -43,6 +43,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
DOM_SID sid;
enum SID_NAME_USE type;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ struct group *grp;
if (tmp_ctx == NULL) {
DEBUG(0, ("talloc_new failed\n"));
@@ -128,8 +129,27 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
* the expansion of group names coming in from smb.conf
*/
- if (flags & LOOKUP_NAME_GROUP) {
- struct group *grp;
+ if ((flags & LOOKUP_NAME_GROUP) && ((grp = getgrnam(name)) != NULL)) {
+
+ GROUP_MAP map;
+
+ if (pdb_getgrgid(&map, grp->gr_gid)) {
+ /* The hack gets worse. Handle the case where we have
+ * 'force group = +unixgroup' but "unixgroup" has a
+ * group mapping */
+
+ if (sid_check_is_in_builtin(&map.sid)) {
+ domain = talloc_strdup(
+ tmp_ctx, builtin_domain_name());
+ } else {
+ domain = talloc_strdup(
+ tmp_ctx, get_global_sam_name());
+ }
+
+ sid_copy(&sid, &map.sid);
+ type = map.sid_name_use;
+ goto ok;
+ }
/* If we are using the smbpasswd backend, we need to use the
* algorithmic mapping for the unix group we find. This is
@@ -137,7 +157,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
* gid list we got from initgroups() we use gid_to_sid() that
* uses algorithmic mapping if pdb_rid_algorithm() is true. */
- if (pdb_rid_algorithm() && ((grp = getgrnam(name)) != NULL) &&
+ if (pdb_rid_algorithm() &&
(grp->gr_gid < max_algorithmic_gid())) {
domain = talloc_strdup(tmp_ctx, get_global_sam_name());
sid_compose(&sid, get_global_sam_sid(),