diff options
author | Volker Lendecke <vlendec@samba.org> | 2006-02-24 22:26:53 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:10:23 -0500 |
commit | 2ced94c54d4ad074600ed0bc955899a118d2d876 (patch) | |
tree | 8abb0a410dee40401f4945499f0329a13f8c4949 /source3 | |
parent | 984fe8c9af5063d4a381ac7b2bb31d2bcbe29fac (diff) | |
download | samba-2ced94c54d4ad074600ed0bc955899a118d2d876.tar.gz samba-2ced94c54d4ad074600ed0bc955899a118d2d876.tar.bz2 samba-2ced94c54d4ad074600ed0bc955899a118d2d876.zip |
r13683: Fix the 'valid users = +users' problem I introduced.
Volker
(This used to be commit dbdb8bdb9993b0136322530f0b8462bb9477dbf1)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/passdb/lookup_sid.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 2ffc02a988..3d1805525a 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -116,6 +116,25 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, goto failed; } + /* + * Nasty hack necessary for too common scenarios: + * + * For 'valid users = +users' we know "users" is most probably not + * BUILTIN\users but the unix group users. This hack requires the + * admin to explicitly qualify BUILTIN if BUILTIN\users is meant. + * + * Please note that LOOKUP_NAME_GROUP can not be requested via for + * example lsa_lookupnames, it only comes into this routine via + * the expansion of group names coming in from smb.conf + */ + + if ((flags & LOOKUP_NAME_GROUP) && + (lookup_unix_group_name(name, &sid))) { + domain = talloc_strdup(tmp_ctx, unix_groups_domain_name()); + type = SID_NAME_DOM_GRP; + goto ok; + } + /* Now the guesswork begins, we haven't been given an explicit * domain. Try the sequence as documented on * http://msdn.microsoft.com/library/en-us/secmgmt/security/lsalookupnames.asp |