1 files changed, 88 insertions, 38 deletions

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 789193c610..f7b46465f7 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -650,29 +650,22 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups,
  * of groups.
  ******************************************************************************/
 
-static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass,
+static NTSTATUS get_user_groups_from_local_sam(const char *username, uid_t uid, gid_t gid,
 					       int *n_groups, DOM_SID **groups,	gid_t **unix_groups)
 {
-	uid_t             uid;
-	gid_t             gid;
 	int               n_unix_groups;
 	int               i;
 
 	*n_groups = 0;
 	*groups   = NULL;
 
-	if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sampass), &uid)) || NT_STATUS_IS_ERR(sid_to_gid(pdb_get_group_sid(sampass), &gid))) {
-		DEBUG(0, ("get_user_groups_from_local_sam: error fetching uid or gid for user!\n"));
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-	
 	n_unix_groups = groups_max();
 	if ((*unix_groups = malloc( sizeof(gid_t) * n_unix_groups ) ) == NULL) {
 		DEBUG(0, ("get_user_groups_from_local_sam: Out of memory allocating unix group list\n"));
 		return NT_STATUS_NO_MEMORY;
 	}
 	
-	if (sys_getgrouplist(pdb_get_username(sampass), gid, *unix_groups, &n_unix_groups) == -1) {
+	if (sys_getgrouplist(username, gid, *unix_groups, &n_unix_groups) == -1) {
 		gid_t *groups_tmp;
 		groups_tmp = Realloc(*unix_groups, sizeof(gid_t) * n_unix_groups);
 		if (!groups_tmp) {
@@ -681,7 +674,7 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass,
 		}
 		*unix_groups = groups_tmp;
 
-		if (sys_getgrouplist(pdb_get_username(sampass), gid, *unix_groups, &n_unix_groups) == -1) {
+		if (sys_getgrouplist(username, gid, *unix_groups, &n_unix_groups) == -1) {
 			DEBUG(0, ("get_user_groups_from_local_sam: failed to get the unix group list\n"));
 			SAFE_FREE(*unix_groups);
 			return NT_STATUS_NO_SUCH_USER; /* what should this return value be? */
@@ -717,35 +710,26 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass,
  Make a user_info struct
 ***************************************************************************/
 
-static NTSTATUS make_server_info(auth_serversupplied_info **server_info, SAM_ACCOUNT *sampass)
+static NTSTATUS make_server_info(auth_serversupplied_info **server_info)
 {
-	NTSTATUS ret;
-
 	*server_info = malloc(sizeof(**server_info));
 	if (!*server_info) {
 		DEBUG(0,("make_server_info: malloc failed!\n"));
 		return NT_STATUS_NO_MEMORY;
 	}
 	ZERO_STRUCTP(*server_info);
-
-	(*server_info)->sam_fill_level = SAM_FILL_ALL;
-	(*server_info)->sam_account    = sampass;
-	if (NT_STATUS_IS_ERR(ret = sid_to_uid(pdb_get_user_sid(sampass), &((*server_info)->uid))))
-		return ret;
-	if (NT_STATUS_IS_ERR(ret = sid_to_gid(pdb_get_group_sid(sampass), &((*server_info)->gid))))
-		return ret;
-
 	return NT_STATUS_OK;
 }
 
 /***************************************************************************
- Make (and fill) a user_info struct from a SAM_ACCOUNT
+Fill a server_info struct from a SAM_ACCOUNT with their groups
 ***************************************************************************/
 
-NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, 
-			      SAM_ACCOUNT *sampass)
+static NTSTATUS add_user_groups(auth_serversupplied_info **server_info, 
+				SAM_ACCOUNT *sampass,
+				uid_t uid, gid_t gid)
 {
-	NTSTATUS nt_status = NT_STATUS_OK;
+	NTSTATUS nt_status;
 	const DOM_SID *user_sid = pdb_get_user_sid(sampass);
 	const DOM_SID *group_sid = pdb_get_group_sid(sampass);
 	int       n_groupSIDs = 0;
@@ -755,14 +739,11 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
 	BOOL is_guest;
 	uint32 rid;
 
-	if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info, sampass))) {
-		return nt_status;
-	}
-	
-	if (!NT_STATUS_IS_OK(nt_status 
-			     = get_user_groups_from_local_sam(sampass, 
-		&n_groupSIDs, &groupSIDs, &unix_groups)))
-	{
+	nt_status = get_user_groups_from_local_sam(pdb_get_username(sampass),
+						   uid, gid, 
+						   &n_groupSIDs, &groupSIDs,
+						   &unix_groups);
+	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(4,("get_user_groups_from_local_sam failed\n"));
 		free_server_info(server_info);
 		return nt_status;
@@ -785,9 +766,36 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
 
 	(*server_info)->n_groups = n_groupSIDs;
 	(*server_info)->groups = unix_groups;
-
 	(*server_info)->ptok = token;
-	
+
+	return nt_status;
+}
+
+/***************************************************************************
+ Make (and fill) a user_info struct from a SAM_ACCOUNT
+***************************************************************************/
+
+NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, 
+			      SAM_ACCOUNT *sampass)
+{
+	NTSTATUS nt_status;
+
+	if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info)))
+		return nt_status;
+
+	(*server_info)->sam_account    = sampass;
+
+	if (!NT_STATUS_IS_OK(nt_status = sid_to_uid(pdb_get_user_sid(sampass), &((*server_info)->uid))))
+		return nt_status;
+
+	if (!NT_STATUS_IS_OK(nt_status = sid_to_gid(pdb_get_group_sid(sampass), &((*server_info)->gid))))
+		return nt_status;
+
+	if (!NT_STATUS_IS_OK(nt_status = add_user_groups(server_info, sampass, 
+							 (*server_info)->uid, (*server_info)->gid)))
+		return nt_status;
+
+	(*server_info)->sam_fill_level = SAM_FILL_ALL;
 	DEBUG(5,("make_server_info_sam: made server info for user %s\n",
 		 pdb_get_username((*server_info)->sam_account)));
 
@@ -806,7 +814,20 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, const struc
 	if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(&sampass, pwd))) {		
 		return nt_status;
 	}
-	return make_server_info_sam(server_info, sampass);
+	if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info))) {
+		return nt_status;
+	}
+
+	(*server_info)->sam_account    = sampass;
+
+	if (!NT_STATUS_IS_OK(nt_status = add_user_groups(server_info, sampass, pwd->pw_uid, pwd->pw_gid))) {
+		return nt_status;
+	}
+
+	(*server_info)->sam_fill_level = SAM_FILL_ALL;
+	(*server_info)->uid = pwd->pw_uid;
+	(*server_info)->gid = pwd->pw_gid;
+	return nt_status;
 }
 
 /***************************************************************************
@@ -848,6 +869,7 @@ NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info)
 ***************************************************************************/
 static NTSTATUS fill_sam_account(const char *domain,
 				 const char *username,
+				 uid_t *uid, gid_t *gid,
 				 SAM_ACCOUNT **sam_account)
 {
 	fstring dom_user;
@@ -866,6 +888,9 @@ static NTSTATUS fill_sam_account(const char *domain,
 	if (passwd == NULL)
 		return NT_STATUS_NO_SUCH_USER;
 
+	*uid = passwd->pw_uid;
+	*gid = passwd->pw_gid;
+
 	return pdb_init_sam_pw(sam_account, passwd);
 }
 
@@ -892,6 +917,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 	struct passwd *passwd;
 
 	unid_t u_id, g_id;
+	uid_t uid;
+	gid_t gid;
 	int u_type, g_type;
 
 	int n_lgroupSIDs;
@@ -931,15 +958,27 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 
 	u_type = ID_USERID;
 	g_type = ID_GROUPID;
+ 
+ 	/* we are trying to check that idmap isn't stuffing us over - does this
+ 	   user actually exist? */
 	if (NT_STATUS_IS_OK(idmap_get_id_from_sid(&u_id, &u_type, &user_sid))
 	    && NT_STATUS_IS_OK(idmap_get_id_from_sid(&g_id, &g_type, &group_sid))
 	    && ((passwd = getpwuid_alloc(u_id.uid)))) {
+
 		nt_status = pdb_init_sam_pw(&sam_account, passwd);
+
+ 		uid = passwd->pw_uid;
+ 		gid = passwd->pw_gid;
+ 
+ 		/* we should check this is the same name */
+
 		passwd_free(&passwd);
 	} else {
 
+ 		/* User not from winbind - try and find them by getpwnam() */
 		nt_status = fill_sam_account(nt_domain,
 					     internal_username,
+					     &uid, &gid,
 					     &sam_account);
 
 		if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) {
@@ -948,6 +987,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 			auth_add_user_script(nt_domain, internal_username);
 			nt_status = fill_sam_account(nt_domain,
 						     internal_username,
+						     &uid, &gid,
 						     &sam_account);
 		}
 	}
@@ -1002,17 +1042,27 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info, sam_account))) {
+	/* now that we have a SAM_ACCOUNT that looks real, make a server_info
+	   to wrap it in, and use pass it on down */
+
+	if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info))) {
 		DEBUG(4, ("make_server_info failed!\n"));
 		pdb_free_sam(&sam_account);
 		return nt_status;
 	}
 
+	/* Fill in the unix info we found on the way */
+
+	(*server_info)->sam_fill_level = SAM_FILL_ALL;
+	(*server_info)->uid = uid;
+	(*server_info)->gid = gid;
+
 	/* Store the user group information in the server_info 
 	   returned to the caller. */
 	
 	if (!NT_STATUS_IS_OK(nt_status 
-			     = get_user_groups_from_local_sam(sam_account, 
+			     = get_user_groups_from_local_sam(pdb_get_username(sam_account), 
+							      uid, gid, 
 							      &n_lgroupSIDs, 
 							      &lgroupSIDs, 
 							      &unix_groups)))