diff options
author | Volker Lendecke <vlendec@samba.org> | 2006-06-06 20:18:11 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:17:19 -0500 |
commit | 40dc4e2d1a6893c391d68e6d5b0d2cb74f53866f (patch) | |
tree | b621b370f1caa82c4a6374d868f1b3b068394727 /source3 | |
parent | c594a5519d459730252a9692200a849b84b4e96a (diff) | |
download | samba-40dc4e2d1a6893c391d68e6d5b0d2cb74f53866f.tar.gz samba-40dc4e2d1a6893c391d68e6d5b0d2cb74f53866f.tar.bz2 samba-40dc4e2d1a6893c391d68e6d5b0d2cb74f53866f.zip |
r16064: Bug fix for another one Tom Bork has reported:
'valid users = +unixgroup' failed with smbpasswd if 'unixgroup' has a
(non-algorithmic) group mapping.
Thanks a lot!
People out there listening, please test current code, this release is
**BIG**
:-)
Volker
(This used to be commit 8f9ba5f96c9b506623ef97b7ed3d84f39d914a3c)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/passdb/lookup_sid.c | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 02b83f1965..8a28f75ec8 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -43,6 +43,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, DOM_SID sid; enum SID_NAME_USE type; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + struct group *grp; if (tmp_ctx == NULL) { DEBUG(0, ("talloc_new failed\n")); @@ -128,8 +129,27 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, * the expansion of group names coming in from smb.conf */ - if (flags & LOOKUP_NAME_GROUP) { - struct group *grp; + if ((flags & LOOKUP_NAME_GROUP) && ((grp = getgrnam(name)) != NULL)) { + + GROUP_MAP map; + + if (pdb_getgrgid(&map, grp->gr_gid)) { + /* The hack gets worse. Handle the case where we have + * 'force group = +unixgroup' but "unixgroup" has a + * group mapping */ + + if (sid_check_is_in_builtin(&map.sid)) { + domain = talloc_strdup( + tmp_ctx, builtin_domain_name()); + } else { + domain = talloc_strdup( + tmp_ctx, get_global_sam_name()); + } + + sid_copy(&sid, &map.sid); + type = map.sid_name_use; + goto ok; + } /* If we are using the smbpasswd backend, we need to use the * algorithmic mapping for the unix group we find. This is @@ -137,7 +157,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, * gid list we got from initgroups() we use gid_to_sid() that * uses algorithmic mapping if pdb_rid_algorithm() is true. */ - if (pdb_rid_algorithm() && ((grp = getgrnam(name)) != NULL) && + if (pdb_rid_algorithm() && (grp->gr_gid < max_algorithmic_gid())) { domain = talloc_strdup(tmp_ctx, get_global_sam_name()); sid_compose(&sid, get_global_sam_sid(), |