summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2007-05-21 20:36:22 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:22:17 -0500
commit224239d8e3cbf579977e669b28629919d9b4f3b1 (patch)
treeff81f3e551d52714f421938b8fcde9e7211a1b7a /source3
parent53719c6d7d155e6e61ee67341cbc058a3fa52295 (diff)
downloadsamba-224239d8e3cbf579977e669b28629919d9b4f3b1.tar.gz
samba-224239d8e3cbf579977e669b28629919d9b4f3b1.tar.bz2
samba-224239d8e3cbf579977e669b28629919d9b4f3b1.zip
r23048: Simo is correct in that winbind_lookup{sid,name}_async() needs
to be able to handle SIDs in the S-1-22-{1,2} domain in order for winbindd_sid_to_uid(), et. al. to succeed. For 3.0.25a, we will short circuit in the sid_to_uid() family of functions so that smbd is ok. For 3.0.26, we need to allow winbindd to handle all types of SIDs. (This used to be commit d70cec31965de41d3296c9b585ff0aea4f2bcffe)
Diffstat (limited to 'source3')
-rw-r--r--source3/nsswitch/idmap.c5
-rw-r--r--source3/nsswitch/winbindd_passdb.c7
-rw-r--r--source3/nsswitch/winbindd_util.c19
3 files changed, 29 insertions, 2 deletions
diff --git a/source3/nsswitch/idmap.c b/source3/nsswitch/idmap.c
index babd5645aa..8f3e7c465e 100644
--- a/source3/nsswitch/idmap.c
+++ b/source3/nsswitch/idmap.c
@@ -821,7 +821,10 @@ static NTSTATUS idmap_can_map(const struct id_map *map, struct idmap_domain **re
/* Check we do not create mappings for our own local domain, or BUILTIN or special SIDs */
if ((sid_compare_domain(map->sid, get_global_sam_sid()) == 0) ||
sid_check_is_in_builtin(map->sid) ||
- sid_check_is_in_wellknown_domain(map->sid)) {
+ sid_check_is_in_wellknown_domain(map->sid) ||
+ sid_check_is_in_unix_users(map->sid) ||
+ sid_check_is_in_unix_groups(map->sid) )
+ {
DEBUG(10, ("We are not supposed to create mappings for our own domains (local, builtin, specials)\n"));
return NT_STATUS_UNSUCCESSFUL;
}
diff --git a/source3/nsswitch/winbindd_passdb.c b/source3/nsswitch/winbindd_passdb.c
index e8b0ae641f..2a61908f0e 100644
--- a/source3/nsswitch/winbindd_passdb.c
+++ b/source3/nsswitch/winbindd_passdb.c
@@ -125,7 +125,12 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain,
/* Paranoia check */
if (!sid_check_is_in_builtin(sid) &&
- !sid_check_is_in_our_domain(sid)) {
+ !sid_check_is_in_our_domain(sid) &&
+ !sid_check_is_in_unix_users(sid) &&
+ !sid_check_is_unix_users(sid) &&
+ !sid_check_is_in_unix_groups(sid) &&
+ !sid_check_is_unix_groups(sid) )
+ {
DEBUG(0, ("Possible deadlock: Trying to lookup SID %s with "
"passdb backend\n", sid_string_static(sid)));
return NT_STATUS_NONE_MAPPED;
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index 2bec404a13..e05f698ee8 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -914,6 +914,17 @@ struct winbindd_domain *find_lookup_domain_from_sid(const DOM_SID *sid)
return find_domain_from_sid(sid);
}
+ /* SIDs in the S-1-22-{1,2} domain should be handled by our passdb */
+
+ if ( sid_check_is_in_unix_groups(sid) ||
+ sid_check_is_unix_groups(sid) ||
+ sid_check_is_in_unix_users(sid) ||
+ sid_check_is_unix_users(sid) )
+ {
+ return find_domain_from_sid(get_global_sam_sid());
+ }
+
+
/* On a member server a query for SID or name can always go to our
* primary DC. */
@@ -927,6 +938,14 @@ struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name)
strequal(domain_name, get_global_sam_name()))
return find_domain_from_name_noinit(domain_name);
+ /* The "Unix User" and "Unix Group" domain our handled by passdb */
+
+ if ( strequal(domain_name, unix_users_domain_name() ) ||
+ strequal(domain_name, unix_groups_domain_name() ) )
+ {
+ return find_domain_from_name_noinit( get_global_sam_name() );
+ }
+
return find_our_domain();
}