diff options
| author | Simo Sorce <idra@samba.org> | 2003-04-29 22:06:16 +0000 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2003-04-29 22:06:16 +0000 |
| commit | a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b (patch) | |
| tree | 1d006dc489a2373fc3e55f78cc6ce34a4880b9aa /source3/rpc_server | |
| parent | 0db7c13f9210c0eac82050a2b9e37bd81bfffe10 (diff) | |
| download | samba-a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b.tar.gz samba-a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b.tar.bz2 samba-a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b.zip | |
This is a nice rewrite:
SAM_ACCOUNT does not have anymore uid and gid fields
all the code that used them has been fixed to use the proper idmap calls
fix to idmap_tdb for first time idmap.tdb initialization.
auth_serversupplied_info structure has now an uid and gid field
few other fixes to make the system behave correctly with idmap
tested only with tdbsam, but smbpasswd and nisplus should be ok
have not tested ldap !
(This used to be commit 6a6f6032467e55aa9b76390e035623976477ba42)
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 10 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 26 | ||||
| -rw-r--r-- | source3/rpc_server/srv_util.c | 7 |
3 files changed, 14 insertions, 29 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 5b9d39ddc7..6a9e591f64 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -472,16 +472,10 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); * Store the UNIX credential data (uid/gid pair) in the pipe structure. */ - if (!IS_SAM_UNIX_USER(server_info->sam_account)) { - DEBUG(0,("Attempted authenticated pipe with invalid user. No uid/gid in SAM_ACCOUNT\n")); - free_server_info(&server_info); - return False; - } - memcpy(p->session_key, server_info->session_key, sizeof(p->session_key)); - p->pipe_user.uid = pdb_get_uid(server_info->sam_account); - p->pipe_user.gid = pdb_get_gid(server_info->sam_account); + p->pipe_user.uid = server_info->uid; + p->pipe_user.gid = server_info->gid; p->pipe_user.ngroups = server_info->n_groups; if (p->pipe_user.ngroups) { diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 5ab0e80351..d2e4ff2614 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2818,8 +2818,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, DOM_SID *sid) copy_id23_to_sam_passwd(pwd, id23); /* if it's a trust account, don't update /etc/passwd */ - if ( (!IS_SAM_UNIX_USER(pwd)) || - ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || + if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || ( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) || ( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) { DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n")); @@ -2880,8 +2879,7 @@ static BOOL set_user_info_pw(char *pass, DOM_SID *sid) } /* if it's a trust account, don't update /etc/passwd */ - if ( (!IS_SAM_UNIX_USER(pwd)) || - ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || + if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || ( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) || ( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) { DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n")); @@ -3396,9 +3394,9 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD pdb_free_sam(&sam_user); return NT_STATUS_NO_SUCH_USER; } - - uid = pdb_get_uid(sam_user); - if (uid == -1) { + + /* check a real user exist before we run the script to add a user to a group */ + if (!sid_to_uid(pdb_get_user_sid(sam_user), &uid)) { pdb_free_sam(&sam_user); return NT_STATUS_NO_SUCH_USER; } @@ -3408,7 +3406,7 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD if ((pwd=getpwuid_alloc(uid)) == NULL) { return NT_STATUS_NO_SUCH_USER; } - + if ((grp=getgrgid(map.gid)) == NULL) { passwd_free(&pwd); return NT_STATUS_NO_SUCH_ALIAS; @@ -3557,18 +3555,6 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD return NT_STATUS_NO_SUCH_USER; } - uid = pdb_get_uid(sam_user); - if (uid == -1) { - pdb_free_sam(&sam_user); - return NT_STATUS_NO_SUCH_USER; - } - - pdb_free_sam(&sam_user); - - if ((pwd=getpwuid_alloc(uid)) == NULL) { - return NT_STATUS_NO_SUCH_USER; - } - if ((grp=getgrgid(map.gid)) == NULL) { passwd_free(&pwd); return NT_STATUS_NO_SUCH_GROUP; diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 4656efb6fa..f948088737 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -129,7 +129,12 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui fstrcpy(user_name, pdb_get_username(sam_pass)); grid=pdb_get_group_rid(sam_pass); - gid=pdb_get_gid(sam_pass); + if (!sid_to_gid(pdb_get_group_sid(sam_pass), &gid)) { + /* this should never happen */ + DEBUG(2,("get_alias_user_groups: sid_to_gid failed!\n")); + pdb_free_sam(&sam_pass); + return NT_STATUS_UNSUCCESSFUL; + } become_root(); /* on some systems this must run as root */ |