diff options
author | Gerald Carter <jerry@samba.org> | 2007-05-21 20:36:22 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:22:17 -0500 |
commit | 224239d8e3cbf579977e669b28629919d9b4f3b1 (patch) | |
tree | ff81f3e551d52714f421938b8fcde9e7211a1b7a /source3 | |
parent | 53719c6d7d155e6e61ee67341cbc058a3fa52295 (diff) | |
download | samba-224239d8e3cbf579977e669b28629919d9b4f3b1.tar.gz samba-224239d8e3cbf579977e669b28629919d9b4f3b1.tar.bz2 samba-224239d8e3cbf579977e669b28629919d9b4f3b1.zip |
r23048: Simo is correct in that winbind_lookup{sid,name}_async() needs
to be able to handle SIDs in the S-1-22-{1,2} domain in order
for winbindd_sid_to_uid(), et. al. to succeed. For 3.0.25a,
we will short circuit in the sid_to_uid() family of functions
so that smbd is ok.
For 3.0.26, we need to allow winbindd to handle all types of SIDs.
(This used to be commit d70cec31965de41d3296c9b585ff0aea4f2bcffe)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/nsswitch/idmap.c | 5 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_passdb.c | 7 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_util.c | 19 |
3 files changed, 29 insertions, 2 deletions
diff --git a/source3/nsswitch/idmap.c b/source3/nsswitch/idmap.c index babd5645aa..8f3e7c465e 100644 --- a/source3/nsswitch/idmap.c +++ b/source3/nsswitch/idmap.c @@ -821,7 +821,10 @@ static NTSTATUS idmap_can_map(const struct id_map *map, struct idmap_domain **re /* Check we do not create mappings for our own local domain, or BUILTIN or special SIDs */ if ((sid_compare_domain(map->sid, get_global_sam_sid()) == 0) || sid_check_is_in_builtin(map->sid) || - sid_check_is_in_wellknown_domain(map->sid)) { + sid_check_is_in_wellknown_domain(map->sid) || + sid_check_is_in_unix_users(map->sid) || + sid_check_is_in_unix_groups(map->sid) ) + { DEBUG(10, ("We are not supposed to create mappings for our own domains (local, builtin, specials)\n")); return NT_STATUS_UNSUCCESSFUL; } diff --git a/source3/nsswitch/winbindd_passdb.c b/source3/nsswitch/winbindd_passdb.c index e8b0ae641f..2a61908f0e 100644 --- a/source3/nsswitch/winbindd_passdb.c +++ b/source3/nsswitch/winbindd_passdb.c @@ -125,7 +125,12 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, /* Paranoia check */ if (!sid_check_is_in_builtin(sid) && - !sid_check_is_in_our_domain(sid)) { + !sid_check_is_in_our_domain(sid) && + !sid_check_is_in_unix_users(sid) && + !sid_check_is_unix_users(sid) && + !sid_check_is_in_unix_groups(sid) && + !sid_check_is_unix_groups(sid) ) + { DEBUG(0, ("Possible deadlock: Trying to lookup SID %s with " "passdb backend\n", sid_string_static(sid))); return NT_STATUS_NONE_MAPPED; diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index 2bec404a13..e05f698ee8 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -914,6 +914,17 @@ struct winbindd_domain *find_lookup_domain_from_sid(const DOM_SID *sid) return find_domain_from_sid(sid); } + /* SIDs in the S-1-22-{1,2} domain should be handled by our passdb */ + + if ( sid_check_is_in_unix_groups(sid) || + sid_check_is_unix_groups(sid) || + sid_check_is_in_unix_users(sid) || + sid_check_is_unix_users(sid) ) + { + return find_domain_from_sid(get_global_sam_sid()); + } + + /* On a member server a query for SID or name can always go to our * primary DC. */ @@ -927,6 +938,14 @@ struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name) strequal(domain_name, get_global_sam_name())) return find_domain_from_name_noinit(domain_name); + /* The "Unix User" and "Unix Group" domain our handled by passdb */ + + if ( strequal(domain_name, unix_users_domain_name() ) || + strequal(domain_name, unix_groups_domain_name() ) ) + { + return find_domain_from_name_noinit( get_global_sam_name() ); + } + return find_our_domain(); } |