summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
authorJean-François Micouleau <jfm@samba.org>2001-11-23 15:11:22 +0000
committerJean-François Micouleau <jfm@samba.org>2001-11-23 15:11:22 +0000
commit2527f5ef52400294c98b4f4345a4f18b981ff22f (patch)
treea0e8a08df31ecdc845582a809b5a54fde3cd73dc /source3/passdb
parentd05bbf042209b737e42a5daa8d59236d351ec8d0 (diff)
downloadsamba-2527f5ef52400294c98b4f4345a4f18b981ff22f.tar.gz
samba-2527f5ef52400294c98b4f4345a4f18b981ff22f.tar.bz2
samba-2527f5ef52400294c98b4f4345a4f18b981ff22f.zip
Changed how the privileges are stored in the group mapping code. It's now
an array of uint32. That's not perfect but that's better. Added more privileges too. Changed the local_lookup_rid/name functions in passdb.c to check if the group is mapped. Makes the LSA rpc calls return correct groups Corrected the return code in the LSA server code enum_sids. Only enumerate well known aliases if they are mapped to real unix groups. Won't confuse user seeing groups not available. Added a short/long view to smbgroupedit. now decoding rpc calls to add/remove privileges to sid. J.F. (This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/passdb.c39
1 files changed, 32 insertions, 7 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 823feadea7..dc8e5471e1 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -75,7 +75,6 @@ static BOOL pdb_fill_default_sam(SAM_ACCOUNT *user)
user->logoff_time =
user->kickoff_time =
user->pass_must_change_time = get_time_t_max();
-
user->unknown_3 = 0x00ffffff; /* don't know */
user->logon_divs = 168; /* hours per week */
user->hours_len = 21; /* 21 times 8 bits = 168 */
@@ -536,6 +535,11 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
} else {
gid_t gid;
struct group *gr;
+ GROUP_MAP map;
+ DOM_SID local_sid;
+
+ sid_copy(&local_sid, &global_sam_sid);
+ sid_append_rid(&local_sid, rid);
/*
* Don't try to convert the rid to a name if running
@@ -544,6 +548,16 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
if (lp_hide_local_users())
return False;
+
+ /* check if it's a mapped group */
+ if (get_group_map_from_sid(local_sid, &map)) {
+ if (map.gid!=-1) {
+ DEBUG(5,("local_local_rid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
+ fstrcpy(name, map.nt_name);
+ *psid_name_use = map.sid_name_use;
+ return True;
+ }
+ }
gid = pdb_user_rid_to_gid(rid);
gr = getgrgid(gid);
@@ -617,13 +631,24 @@ BOOL local_lookup_name(const char *c_domain, const char *c_user, DOM_SID *psid,
/*
* Maybe it was a group ?
*/
- struct group *grp = getgrnam(user);
-
- if(!grp)
- return False;
+ struct group *grp;
+ GROUP_MAP map;
+
+ /* check if it's a mapped group */
+ if (get_group_map_from_ntname(user, &map)) {
+ if (map.gid!=-1) {
+ /* yes it's a mapped group to a valid unix group */
+ sid_copy(&local_sid, &map.sid);
+ *psid_name_use = map.sid_name_use;
+ }
+ } else {
+ grp = getgrnam(user);
+ if(!grp)
+ return False;
- sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid));
- *psid_name_use = SID_NAME_ALIAS;
+ sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid));
+ *psid_name_use = SID_NAME_ALIAS;
+ }
}
sid_copy( psid, &local_sid);