diff options
-rw-r--r-- | source3/auth/auth_util.c | 76 |
1 files changed, 38 insertions, 38 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index c5ce55bc8c..1c629bca82 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1066,44 +1066,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, goto done; } - if (sid_check_is_in_unix_users(&user_sid)) { - - /* This is a unix user not in passdb. We need to ask nss - * directly, without consulting passdb */ - - struct passwd *pass; - size_t i; - - pass = getpwuid_alloc(tmp_ctx, *uid); - if (pass == NULL) { - DEBUG(1, ("getpwuid(%d) for user %s failed\n", - *uid, username)); - goto done; - } - - *gid = pass->pw_gid; - gid_to_sid(&primary_group_sid, pass->pw_gid); - - if (!getgroups_unix_user(tmp_ctx, username, pass->pw_gid, - &gids, &num_group_sids)) { - DEBUG(1, ("getgroups_unix_user for user %s failed\n", - username)); - goto done; - } - - group_sids = talloc_array(tmp_ctx, DOM_SID, num_group_sids); - if (group_sids == NULL) { - DEBUG(1, ("talloc_array failed\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } - - for (i=0; i<num_group_sids; i++) { - gid_to_sid(&group_sids[i], gids[i]); - } - *found_username = talloc_strdup(mem_ctx, pass->pw_name); - - } else if (sid_check_is_in_our_domain(&user_sid)) { + if (sid_check_is_in_our_domain(&user_sid)) { /* This is a passdb user, so ask passdb */ @@ -1148,6 +1111,43 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, *found_username = talloc_strdup(mem_ctx, pdb_get_username(sam_acct)); + } else if (sid_check_is_in_unix_users(&user_sid)) { + + /* This is a unix user not in passdb. We need to ask nss + * directly, without consulting passdb */ + + struct passwd *pass; + size_t i; + + pass = getpwuid_alloc(tmp_ctx, *uid); + if (pass == NULL) { + DEBUG(1, ("getpwuid(%d) for user %s failed\n", + *uid, username)); + goto done; + } + + *gid = pass->pw_gid; + gid_to_sid(&primary_group_sid, pass->pw_gid); + + if (!getgroups_unix_user(tmp_ctx, username, pass->pw_gid, + &gids, &num_group_sids)) { + DEBUG(1, ("getgroups_unix_user for user %s failed\n", + username)); + goto done; + } + + group_sids = talloc_array(tmp_ctx, DOM_SID, num_group_sids); + if (group_sids == NULL) { + DEBUG(1, ("talloc_array failed\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + + for (i=0; i<num_group_sids; i++) { + gid_to_sid(&group_sids[i], gids[i]); + } + *found_username = talloc_strdup(mem_ctx, pass->pw_name); + } else { /* This user is from winbind, force the primary gid to the |