summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_util.c34
-rw-r--r--source3/passdb/lookup_sid.c30
2 files changed, 42 insertions, 22 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 709d77bb36..c1f58cfecd 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -984,6 +984,7 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
TALLOC_CTX *mem_ctx;
struct id_map *ids;
NTSTATUS status;
+ BOOL wb = True;
size_t i;
@@ -1037,20 +1038,33 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
if (!winbind_sids_to_unixids(ids, server_info->ptok->num_sids-1)) {
DEBUG(2, ("Query to map secondary SIDs failed!\n"));
+ if (!winbind_ping()) {
+ DEBUG(2, ("Winbindd is not running, will try to map SIDs one by one with legacy code\n"));
+ wb = False;
+ }
}
for (i = 0; i < server_info->ptok->num_sids-1; i++) {
- if ( ! ids[i].mapped) {
- DEBUG(10, ("Could not convert SID %s to gid, "
- "ignoring it\n", sid_string_static(ids[i].sid)));
- continue;
- }
- if ( ! ids[i].xid.type == ID_TYPE_UID) {
- DEBUG(10, ("SID %s is a User ID (%u) not a Group ID, "
- "ignoring it\n", sid_string_static(ids[i].sid), ids[i].xid.id));
- continue;
+ gid_t agid;
+
+ if (wb) {
+ if ( ! ids[i].mapped) {
+ DEBUG(10, ("Could not convert SID %s to gid, "
+ "ignoring it\n", sid_string_static(ids[i].sid)));
+ continue;
+ }
+ if (ids[i].xid.type == ID_TYPE_UID) {
+ DEBUG(10, ("SID %s is a User ID (%u) not a Group ID, "
+ "ignoring it\n", sid_string_static(ids[i].sid), ids[i].xid.id));
+ continue;
+ }
+ agid = (gid_t)ids[i].xid.id;
+ } else {
+ if (! sid_to_gid(ids[i].sid, &agid)) {
+ continue;
+ }
}
- if (!add_gid_to_array_unique(server_info, (gid_t)ids[i].xid.id, &server_info->groups,
+ if (!add_gid_to_array_unique(server_info, agid, &server_info->groups,
&server_info->n_groups)) {
TALLOC_FREE(mem_ctx);
return NT_STATUS_NO_MEMORY;
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index d1d0f425ad..1fc96be70d 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1141,6 +1141,7 @@ void legacy_uid_to_sid(DOM_SID *psid, uid_t uid)
DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
sid_string_static(psid)));
+ store_uid_sid_cache(psid, uid);
return;
}
@@ -1171,6 +1172,7 @@ void legacy_gid_to_sid(DOM_SID *psid, gid_t gid)
DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
sid_string_static(psid)));
+ store_gid_sid_cache(psid, gid);
return;
}
@@ -1209,16 +1211,16 @@ BOOL legacy_sid_to_uid(const DOM_SID *psid, uid_t *puid)
}
/* This was ours, but it was not mapped. Fail */
-
- return False;
}
+ DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid)));
return False;
- done:
+done:
DEBUG(10,("LEGACY: sid %s -> uid %u\n", sid_string_static(psid),
(unsigned int)*puid ));
+ store_uid_sid_cache(psid, *puid);
return True;
}
@@ -1252,6 +1254,7 @@ BOOL legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid)
*pgid = map.gid;
goto done;
}
+ DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid)));
return False;
}
@@ -1265,7 +1268,7 @@ BOOL legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid)
if (ret) {
if ((type != SID_NAME_DOM_GRP) &&
(type != SID_NAME_ALIAS)) {
- DEBUG(5, ("sid %s is a %s, expected a group\n",
+ DEBUG(5, ("LEGACY: sid %s is a %s, expected a group\n",
sid_string_static(psid),
sid_type_lookup(type)));
return False;
@@ -1273,16 +1276,19 @@ BOOL legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid)
*pgid = id.gid;
goto done;
}
-
+
/* This was ours, but it was not mapped. Fail */
-
- return False;
}
+
+ DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid)));
+ return False;
done:
DEBUG(10,("LEGACY: sid %s -> gid %u\n", sid_string_static(psid),
(unsigned int)*pgid ));
+ store_gid_sid_cache(psid, *pgid);
+
return True;
}
@@ -1299,7 +1305,7 @@ void uid_to_sid(DOM_SID *psid, uid_t uid)
if (!winbind_uid_to_sid(psid, uid)) {
if (!winbind_ping()) {
- DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code"));
+ DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code\n"));
return legacy_uid_to_sid(psid, uid);
}
@@ -1328,7 +1334,7 @@ void gid_to_sid(DOM_SID *psid, gid_t gid)
if (!winbind_gid_to_sid(psid, gid)) {
if (!winbind_ping()) {
- DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code"));
+ DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code\n"));
return legacy_gid_to_sid(psid, gid);
}
@@ -1361,7 +1367,7 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid)
if (!winbind_sid_to_uid(puid, psid)) {
if (!winbind_ping()) {
- DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code"));
+ DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code\n"));
return legacy_sid_to_uid(psid, puid);
}
@@ -1400,8 +1406,8 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid)
if ( !winbind_sid_to_gid(pgid, psid) ) {
if (!winbind_ping()) {
- DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code"));
- return legacy_sid_to_uid(psid, pgid);
+ DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code\n"));
+ return legacy_sid_to_gid(psid, pgid);
}
DEBUG(10,("winbind failed to find a gid for sid %s\n",