diff options
author | Gerald Carter <jerry@samba.org> | 2006-03-15 00:10:38 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:15:28 -0500 |
commit | 0ce53f8ba5110381ad6f910abe581a69019135b8 (patch) | |
tree | 3640e38925aa4cc044092561ab90107a44004e72 /source3/rpc_server | |
parent | 568f28284a99fc6f6efb2618ad8d91699cad46b8 (diff) | |
download | samba-0ce53f8ba5110381ad6f910abe581a69019135b8.tar.gz samba-0ce53f8ba5110381ad6f910abe581a69019135b8.tar.bz2 samba-0ce53f8ba5110381ad6f910abe581a69019135b8.zip |
r14403: * modifies create_local_nt_token() to create a BUILTIN\Administrators
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
(This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 12 |
2 files changed, 13 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 80c86a3079..7fe42efefb 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1071,7 +1071,7 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP done: - if (NT_STATUS_IS_OK(r_u->status)) { + if (NT_STATUS_IS_OK(r_u->status) && (num_entries != 0) ) { if (mapped_count == 0) r_u->status = NT_STATUS_NONE_MAPPED; else if (mapped_count != num_entries) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index e4dc92c08d..6a4c9f7133 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1650,6 +1650,10 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK names, attrs); unbecome_root(); + if ( NT_STATUS_EQUAL(r_u->status, NT_STATUS_NONE_MAPPED) && (num_rids == 0) ) { + r_u->status = NT_STATUS_OK; + } + if(!make_samr_lookup_rids(p->mem_ctx, num_rids, names, &hdr_name, &uni_name)) return NT_STATUS_NO_MEMORY; @@ -2914,6 +2918,7 @@ NTSTATUS _samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_A /* Check we actually have the requested alias */ enum SID_NAME_USE type; BOOL result; + gid_t gid; become_root(); result = lookup_sid(NULL, &sid, NULL, NULL, &type); @@ -2922,6 +2927,13 @@ NTSTATUS _samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_A if (!result || (type != SID_NAME_ALIAS)) { return NT_STATUS_NO_SUCH_ALIAS; } + + /* make sure there is a mapping */ + + if ( !sid_to_gid( &sid, &gid ) ) { + return NT_STATUS_NO_SUCH_ALIAS; + } + } /* associate the alias SID with the new handle. */ |