summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2006-02-24 22:26:53 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:10:23 -0500
commit2ced94c54d4ad074600ed0bc955899a118d2d876 (patch)
tree8abb0a410dee40401f4945499f0329a13f8c4949 /source3
parent984fe8c9af5063d4a381ac7b2bb31d2bcbe29fac (diff)
downloadsamba-2ced94c54d4ad074600ed0bc955899a118d2d876.tar.gz
samba-2ced94c54d4ad074600ed0bc955899a118d2d876.tar.bz2
samba-2ced94c54d4ad074600ed0bc955899a118d2d876.zip
r13683: Fix the 'valid users = +users' problem I introduced.
Volker (This used to be commit dbdb8bdb9993b0136322530f0b8462bb9477dbf1)
Diffstat (limited to 'source3')
-rw-r--r--source3/passdb/lookup_sid.c19
1 files changed, 19 insertions, 0 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 2ffc02a988..3d1805525a 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -116,6 +116,25 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
goto failed;
}
+ /*
+ * Nasty hack necessary for too common scenarios:
+ *
+ * For 'valid users = +users' we know "users" is most probably not
+ * BUILTIN\users but the unix group users. This hack requires the
+ * admin to explicitly qualify BUILTIN if BUILTIN\users is meant.
+ *
+ * Please note that LOOKUP_NAME_GROUP can not be requested via for
+ * example lsa_lookupnames, it only comes into this routine via
+ * the expansion of group names coming in from smb.conf
+ */
+
+ if ((flags & LOOKUP_NAME_GROUP) &&
+ (lookup_unix_group_name(name, &sid))) {
+ domain = talloc_strdup(tmp_ctx, unix_groups_domain_name());
+ type = SID_NAME_DOM_GRP;
+ goto ok;
+ }
+
/* Now the guesswork begins, we haven't been given an explicit
* domain. Try the sequence as documented on
* http://msdn.microsoft.com/library/en-us/secmgmt/security/lsalookupnames.asp