diff options
author | Volker Lendecke <vlendec@samba.org> | 2006-04-30 14:34:30 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:16:37 -0500 |
commit | be8e338ef7d1bbcb33f9be449b8deb86fe23df1b (patch) | |
tree | f3a904d5bcf156b6656346856db8eaca7b745669 /source3/passdb | |
parent | 23b2f27a5448d74e456b9bb53f4d487f35d0d210 (diff) | |
download | samba-be8e338ef7d1bbcb33f9be449b8deb86fe23df1b.tar.gz samba-be8e338ef7d1bbcb33f9be449b8deb86fe23df1b.tar.bz2 samba-be8e338ef7d1bbcb33f9be449b8deb86fe23df1b.zip |
r15360: Fix bug # 3741. One more place where the algorithmic mapping needs to stay.
Volker
(This used to be commit 898948d65409e5b63937fbd8050be04ac81df05d)
Diffstat (limited to 'source3/passdb')
-rw-r--r-- | source3/passdb/lookup_sid.c | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 942d277178..751fa597c0 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -128,11 +128,30 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, * the expansion of group names coming in from smb.conf */ - if ((flags & LOOKUP_NAME_GROUP) && - (lookup_unix_group_name(name, &sid))) { - domain = talloc_strdup(tmp_ctx, unix_groups_domain_name()); - type = SID_NAME_DOM_GRP; - goto ok; + if (flags & LOOKUP_NAME_GROUP) { + struct group *grp; + + /* If we are using the smbpasswd backend, we need to use the + * algorithmic mapping for the unix group we find. This is + * necessary because when creating the NT token from the unix + * gid list we got from initgroups() we use gid_to_sid() that + * uses algorithmic mapping if pdb_rid_algorithm() is true. */ + + if (pdb_rid_algorithm() && ((grp = getgrnam(name)) != NULL) && + (grp->gr_gid < max_algorithmic_gid())) { + domain = talloc_strdup(tmp_ctx, get_global_sam_name()); + sid_compose(&sid, get_global_sam_sid(), + pdb_gid_to_group_rid(grp->gr_gid)); + type = SID_NAME_DOM_GRP; + goto ok; + } + + if (lookup_unix_group_name(name, &sid)) { + domain = talloc_strdup(tmp_ctx, + unix_groups_domain_name()); + type = SID_NAME_DOM_GRP; + goto ok; + } } /* Now the guesswork begins, we haven't been given an explicit |