diff options
| author | Jean-François Micouleau <jfm@samba.org> | 2001-11-23 15:11:22 +0000 |
|---|---|---|
| committer | Jean-François Micouleau <jfm@samba.org> | 2001-11-23 15:11:22 +0000 |
| commit | 2527f5ef52400294c98b4f4345a4f18b981ff22f (patch) | |
| tree | a0e8a08df31ecdc845582a809b5a54fde3cd73dc /source3/passdb | |
| parent | d05bbf042209b737e42a5daa8d59236d351ec8d0 (diff) | |
| download | samba-2527f5ef52400294c98b4f4345a4f18b981ff22f.tar.gz samba-2527f5ef52400294c98b4f4345a4f18b981ff22f.tar.bz2 samba-2527f5ef52400294c98b4f4345a4f18b981ff22f.zip | |
Changed how the privileges are stored in the group mapping code. It's now
an array of uint32. That's not perfect but that's better.
Added more privileges too.
Changed the local_lookup_rid/name functions in passdb.c to check if the
group is mapped. Makes the LSA rpc calls return correct groups
Corrected the return code in the LSA server code enum_sids.
Only enumerate well known aliases if they are mapped to real unix groups.
Won't confuse user seeing groups not available.
Added a short/long view to smbgroupedit.
now decoding rpc calls to add/remove privileges to sid.
J.F.
(This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
Diffstat (limited to 'source3/passdb')
| -rw-r--r-- | source3/passdb/passdb.c | 39 |
1 files changed, 32 insertions, 7 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 823feadea7..dc8e5471e1 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -75,7 +75,6 @@ static BOOL pdb_fill_default_sam(SAM_ACCOUNT *user) user->logoff_time = user->kickoff_time = user->pass_must_change_time = get_time_t_max(); - user->unknown_3 = 0x00ffffff; /* don't know */ user->logon_divs = 168; /* hours per week */ user->hours_len = 21; /* 21 times 8 bits = 168 */ @@ -536,6 +535,11 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use) } else { gid_t gid; struct group *gr; + GROUP_MAP map; + DOM_SID local_sid; + + sid_copy(&local_sid, &global_sam_sid); + sid_append_rid(&local_sid, rid); /* * Don't try to convert the rid to a name if running @@ -544,6 +548,16 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use) if (lp_hide_local_users()) return False; + + /* check if it's a mapped group */ + if (get_group_map_from_sid(local_sid, &map)) { + if (map.gid!=-1) { + DEBUG(5,("local_local_rid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid)); + fstrcpy(name, map.nt_name); + *psid_name_use = map.sid_name_use; + return True; + } + } gid = pdb_user_rid_to_gid(rid); gr = getgrgid(gid); @@ -617,13 +631,24 @@ BOOL local_lookup_name(const char *c_domain, const char *c_user, DOM_SID *psid, /* * Maybe it was a group ? */ - struct group *grp = getgrnam(user); - - if(!grp) - return False; + struct group *grp; + GROUP_MAP map; + + /* check if it's a mapped group */ + if (get_group_map_from_ntname(user, &map)) { + if (map.gid!=-1) { + /* yes it's a mapped group to a valid unix group */ + sid_copy(&local_sid, &map.sid); + *psid_name_use = map.sid_name_use; + } + } else { + grp = getgrnam(user); + if(!grp) + return False; - sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid)); - *psid_name_use = SID_NAME_ALIAS; + sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid)); + *psid_name_use = SID_NAME_ALIAS; + } } sid_copy( psid, &local_sid); |