diff options
| author | Herb Lewis <hlewis@panasas.com> | 2008-08-15 15:28:23 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2008-08-15 15:28:23 -0700 |
| commit | 63ff9e008147b105316dcb0ea2df9b4304a8851e (patch) | |
| tree | ba33935ddac60635f58380582109267b80125df8 /source3 | |
| parent | 2408d3cf873f85827329d65d2f5d239b31d24200 (diff) | |
| download | samba-63ff9e008147b105316dcb0ea2df9b4304a8851e.tar.gz samba-63ff9e008147b105316dcb0ea2df9b4304a8851e.tar.bz2 samba-63ff9e008147b105316dcb0ea2df9b4304a8851e.zip | |
I think the problem with these functions is that lookup_usergroups
should never include the user SID.
The comment for the function in winbindd/winbindd_ads.c says
/* Lookup groups a user is a member of. */
The following patch makes the wbinfo calls return the correct data
before and after a login.
wbinfo --user-domgroups and --user-sids
(This used to be commit 7849938906a9c859805cbaeca66fae9d3c515aad)
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/lib/util_sid.c | 34 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_util.c | 2 |
2 files changed, 18 insertions, 18 deletions
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 6b83f9ce65..53614ed1ac 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -678,9 +678,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, int i; if (include_user_group_rid) { - - if (!sid_compose(&sid, info3->base.domain_sid, info3->base.rid)) - { + if (!sid_compose(&sid, info3->base.domain_sid, info3->base.rid)) { DEBUG(3, ("could not compose user SID from rid 0x%x\n", info3->base.rid)); return NT_STATUS_INVALID_PARAMETER; @@ -691,25 +689,27 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, info3->base.rid)); return status; } + } - if (!sid_compose(&sid, info3->base.domain_sid, info3->base.primary_gid)) - { - DEBUG(3, ("could not compose group SID from rid 0x%x\n", - info3->base.primary_gid)); - return NT_STATUS_INVALID_PARAMETER; - } - status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(3, ("could not append group SID from rid 0x%x\n", - info3->base.rid)); - return status; - } + if (!sid_compose(&sid, info3->base.domain_sid, info3->base.primary_gid)) { + DEBUG(3, ("could not compose group SID from rid 0x%x\n", + info3->base.primary_gid)); + return NT_STATUS_INVALID_PARAMETER; + } + status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("could not append group SID from rid 0x%x\n", + info3->base.rid)); + return status; } for (i = 0; i < info3->base.groups.count; i++) { + /* Don't add the primary group sid twice. */ + if (info3->base.primary_gid == info3->base.groups.rids[i].rid) { + continue; + } if (!sid_compose(&sid, info3->base.domain_sid, - info3->base.groups.rids[i].rid)) - { + info3->base.groups.rids[i].rid)) { DEBUG(3, ("could not compose SID from additional group " "rid 0x%x\n", info3->base.groups.rids[i].rid)); return NT_STATUS_INVALID_PARAMETER; diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index f1da5780aa..77b17787c9 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -1333,7 +1333,7 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain, status = sid_array_from_info3(mem_ctx, info3, user_sids, &num_groups, - true, true); + false, true); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(info3); |