diff options
Diffstat (limited to 'source3/auth/auth_util.c')
| -rw-r--r-- | source3/auth/auth_util.c | 40 |
1 files changed, 11 insertions, 29 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 0dab05b97c..c39aa8501d 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -710,8 +710,6 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) NTSTATUS status; size_t i; struct dom_sid tmp_sid; - const char *name_to_use; - bool force_nss; /* * If winbind is not around, we can not make much use of the SIDs the @@ -719,22 +717,11 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) * mapped to some local unix user. */ - DEBUG(10, ("creating token for %s (SAM: %s)\n", server_info->unix_name, - server_info->sam_account->username)); - - force_nss = lp_force_username_map() && !server_info->nss_token; if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) || - server_info->nss_token || force_nss) { - if (force_nss) - name_to_use = - pdb_get_username(server_info->sam_account); - else - name_to_use = server_info->unix_name; - + (server_info->nss_token)) { status = create_token_from_username(server_info, - name_to_use, + server_info->unix_name, server_info->guest, - force_nss, &server_info->utok.uid, &server_info->utok.gid, &server_info->unix_name, @@ -819,7 +806,7 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) } /* - * Create an artificial NT token given just a username. (Initially indended + * Create an artificial NT token given just a username. (Initially intended * for force user) * * We go through lookup_name() to avoid problems we had with 'winbind use @@ -839,7 +826,6 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, bool is_guest, - bool force_nss, uid_t *uid, gid_t *gid, char **found_username, struct nt_user_token **token) @@ -855,9 +841,6 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, size_t num_gids; size_t i; - DEBUG(10, ("creating token for %s,%s guest,%s forcing NSS lookup\n", - username, is_guest ? "" : " not", force_nss ? "" : " not")); - tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(0, ("talloc_new failed\n")); @@ -876,13 +859,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, goto done; } - if (!sid_to_uid(&user_sid, uid)) { - DEBUG(1, ("sid_to_uid for %s (%s) failed\n", - username, sid_string_dbg(&user_sid))); - goto done; - } - - if (sid_check_is_in_our_domain(&user_sid) && !force_nss) { + if (sid_check_is_in_our_domain(&user_sid)) { bool ret; /* This is a passdb user, so ask passdb */ @@ -924,7 +901,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, *found_username = talloc_strdup(mem_ctx, pdb_get_username(sam_acct)); - } else if (force_nss || sid_check_is_in_unix_users(&user_sid)) { + } else if (sid_check_is_in_unix_users(&user_sid)) { /* This is a unix user not in passdb. We need to ask nss * directly, without consulting passdb */ @@ -939,6 +916,12 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, unix_user: + if (!sid_to_uid(&user_sid, uid)) { + DEBUG(1, ("sid_to_uid for %s (%s) failed\n", + username, sid_string_dbg(&user_sid))); + goto done; + } + uid_to_unix_users_sid(*uid, &user_sid); pass = getpwuid_alloc(tmp_ctx, *uid); @@ -1080,7 +1063,6 @@ bool user_in_group_sid(const char *username, const DOM_SID *group_sid) } status = create_token_from_username(mem_ctx, username, False, - lp_force_username_map(), &uid, &gid, &found_username, &token); |