diff options
-rw-r--r-- | source3/auth/auth_util.c | 34 | ||||
-rw-r--r-- | source3/passdb/lookup_sid.c | 30 |
2 files changed, 42 insertions, 22 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 709d77bb36..c1f58cfecd 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -984,6 +984,7 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) TALLOC_CTX *mem_ctx; struct id_map *ids; NTSTATUS status; + BOOL wb = True; size_t i; @@ -1037,20 +1038,33 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) if (!winbind_sids_to_unixids(ids, server_info->ptok->num_sids-1)) { DEBUG(2, ("Query to map secondary SIDs failed!\n")); + if (!winbind_ping()) { + DEBUG(2, ("Winbindd is not running, will try to map SIDs one by one with legacy code\n")); + wb = False; + } } for (i = 0; i < server_info->ptok->num_sids-1; i++) { - if ( ! ids[i].mapped) { - DEBUG(10, ("Could not convert SID %s to gid, " - "ignoring it\n", sid_string_static(ids[i].sid))); - continue; - } - if ( ! ids[i].xid.type == ID_TYPE_UID) { - DEBUG(10, ("SID %s is a User ID (%u) not a Group ID, " - "ignoring it\n", sid_string_static(ids[i].sid), ids[i].xid.id)); - continue; + gid_t agid; + + if (wb) { + if ( ! ids[i].mapped) { + DEBUG(10, ("Could not convert SID %s to gid, " + "ignoring it\n", sid_string_static(ids[i].sid))); + continue; + } + if (ids[i].xid.type == ID_TYPE_UID) { + DEBUG(10, ("SID %s is a User ID (%u) not a Group ID, " + "ignoring it\n", sid_string_static(ids[i].sid), ids[i].xid.id)); + continue; + } + agid = (gid_t)ids[i].xid.id; + } else { + if (! sid_to_gid(ids[i].sid, &agid)) { + continue; + } } - if (!add_gid_to_array_unique(server_info, (gid_t)ids[i].xid.id, &server_info->groups, + if (!add_gid_to_array_unique(server_info, agid, &server_info->groups, &server_info->n_groups)) { TALLOC_FREE(mem_ctx); return NT_STATUS_NO_MEMORY; diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index d1d0f425ad..1fc96be70d 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1141,6 +1141,7 @@ void legacy_uid_to_sid(DOM_SID *psid, uid_t uid) DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid, sid_string_static(psid))); + store_uid_sid_cache(psid, uid); return; } @@ -1171,6 +1172,7 @@ void legacy_gid_to_sid(DOM_SID *psid, gid_t gid) DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid, sid_string_static(psid))); + store_gid_sid_cache(psid, gid); return; } @@ -1209,16 +1211,16 @@ BOOL legacy_sid_to_uid(const DOM_SID *psid, uid_t *puid) } /* This was ours, but it was not mapped. Fail */ - - return False; } + DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid))); return False; - done: +done: DEBUG(10,("LEGACY: sid %s -> uid %u\n", sid_string_static(psid), (unsigned int)*puid )); + store_uid_sid_cache(psid, *puid); return True; } @@ -1252,6 +1254,7 @@ BOOL legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid) *pgid = map.gid; goto done; } + DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid))); return False; } @@ -1265,7 +1268,7 @@ BOOL legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid) if (ret) { if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS)) { - DEBUG(5, ("sid %s is a %s, expected a group\n", + DEBUG(5, ("LEGACY: sid %s is a %s, expected a group\n", sid_string_static(psid), sid_type_lookup(type))); return False; @@ -1273,16 +1276,19 @@ BOOL legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid) *pgid = id.gid; goto done; } - + /* This was ours, but it was not mapped. Fail */ - - return False; } + + DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid))); + return False; done: DEBUG(10,("LEGACY: sid %s -> gid %u\n", sid_string_static(psid), (unsigned int)*pgid )); + store_gid_sid_cache(psid, *pgid); + return True; } @@ -1299,7 +1305,7 @@ void uid_to_sid(DOM_SID *psid, uid_t uid) if (!winbind_uid_to_sid(psid, uid)) { if (!winbind_ping()) { - DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code")); + DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code\n")); return legacy_uid_to_sid(psid, uid); } @@ -1328,7 +1334,7 @@ void gid_to_sid(DOM_SID *psid, gid_t gid) if (!winbind_gid_to_sid(psid, gid)) { if (!winbind_ping()) { - DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code")); + DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code\n")); return legacy_gid_to_sid(psid, gid); } @@ -1361,7 +1367,7 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid) if (!winbind_sid_to_uid(puid, psid)) { if (!winbind_ping()) { - DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code")); + DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code\n")); return legacy_sid_to_uid(psid, puid); } @@ -1400,8 +1406,8 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid) if ( !winbind_sid_to_gid(pgid, psid) ) { if (!winbind_ping()) { - DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code")); - return legacy_sid_to_uid(psid, pgid); + DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code\n")); + return legacy_sid_to_gid(psid, pgid); } DEBUG(10,("winbind failed to find a gid for sid %s\n", |