summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2006-03-15 00:10:38 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:15:28 -0500
commit0ce53f8ba5110381ad6f910abe581a69019135b8 (patch)
tree3640e38925aa4cc044092561ab90107a44004e72 /source3/passdb
parent568f28284a99fc6f6efb2618ad8d91699cad46b8 (diff)
downloadsamba-0ce53f8ba5110381ad6f910abe581a69019135b8.tar.gz
samba-0ce53f8ba5110381ad6f910abe581a69019135b8.tar.bz2
samba-0ce53f8ba5110381ad6f910abe581a69019135b8.zip
r14403: * modifies create_local_nt_token() to create a BUILTIN\Administrators
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/pdb_interface.c21
-rw-r--r--source3/passdb/pdb_ldap.c2
2 files changed, 8 insertions, 15 deletions
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 8645c12bce..4061e7b5db 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -715,7 +715,7 @@ NTSTATUS pdb_delete_group_mapping_entry(DOM_SID sid)
return pdb->delete_group_mapping_entry(pdb, sid);
}
-BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap,
+BOOL pdb_enum_group_mapping(const DOM_SID *sid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap,
size_t *p_num_entries, BOOL unix_only)
{
struct pdb_methods *pdb = pdb_get_methods();
@@ -724,7 +724,7 @@ BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap,
return False;
}
- return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid_name_use,
+ return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use,
pp_rmap, p_num_entries, unix_only));
}
@@ -1631,7 +1631,7 @@ static BOOL lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
if ( rid == DOMAIN_GROUP_RID_USERS ) {
*name = talloc_strdup(mem_ctx, "None" );
- *psid_name_use = IS_DC ? SID_NAME_DOM_GRP : SID_NAME_ALIAS;
+ *psid_name_use = SID_NAME_DOM_GRP;
return True;
}
@@ -1919,7 +1919,7 @@ static void search_end_groups(struct pdb_search *search)
}
static BOOL pdb_search_grouptype(struct pdb_search *search,
- enum SID_NAME_USE type)
+ const DOM_SID *sid, enum SID_NAME_USE type)
{
struct group_search *state;
@@ -1929,7 +1929,7 @@ static BOOL pdb_search_grouptype(struct pdb_search *search,
return False;
}
- if (!pdb_enum_group_mapping(type, &state->groups, &state->num_groups,
+ if (!pdb_enum_group_mapping(sid, type, &state->groups, &state->num_groups,
True)) {
DEBUG(0, ("Could not enum groups\n"));
return False;
@@ -1945,7 +1945,7 @@ static BOOL pdb_search_grouptype(struct pdb_search *search,
static BOOL pdb_default_search_groups(struct pdb_methods *methods,
struct pdb_search *search)
{
- return pdb_search_grouptype(search, SID_NAME_DOM_GRP);
+ return pdb_search_grouptype(search, get_global_sam_sid(), SID_NAME_DOM_GRP);
}
static BOOL pdb_default_search_aliases(struct pdb_methods *methods,
@@ -1953,14 +1953,7 @@ static BOOL pdb_default_search_aliases(struct pdb_methods *methods,
const DOM_SID *sid)
{
- if (sid_equal(sid, get_global_sam_sid()))
- return pdb_search_grouptype(search, SID_NAME_ALIAS);
-
- if (sid_equal(sid, &global_sid_Builtin))
- return pdb_search_grouptype(search, SID_NAME_WKN_GRP);
-
- DEBUG(3, ("unknown domain sid: %s\n", sid_string_static(sid)));
- return False;
+ return pdb_search_grouptype(search, sid, SID_NAME_ALIAS);
}
static struct samr_displayentry *pdb_search_getentry(struct pdb_search *search,
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 72ec883aca..b4f7e2b55c 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -3070,7 +3070,7 @@ static NTSTATUS ldapsam_getsamgrent(struct pdb_methods *my_methods,
*********************************************************************/
static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
- enum SID_NAME_USE sid_name_use,
+ const DOM_SID *domsid, enum SID_NAME_USE sid_name_use,
GROUP_MAP **pp_rmap,
size_t *p_num_entries,
BOOL unix_only)