diff options
Diffstat (limited to 'source3/nsswitch')
| -rw-r--r-- | source3/nsswitch/winbindd_dual.c | 1 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_group.c | 27 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_pam.c | 2 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_passdb.c | 7 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_user.c | 6 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_util.c | 4 |
6 files changed, 29 insertions, 18 deletions
diff --git a/source3/nsswitch/winbindd_dual.c b/source3/nsswitch/winbindd_dual.c index d1ad3330d4..14e0ef4ce2 100644 --- a/source3/nsswitch/winbindd_dual.c +++ b/source3/nsswitch/winbindd_dual.c @@ -559,7 +559,6 @@ static void child_msg_offline(int msg_type, struct process_id src, void *buf, si static void child_msg_online(int msg_type, struct process_id src, void *buf, size_t len) { struct winbindd_domain *domain; - int ret; DEBUG(5,("child_msg_online received.\n")); diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 38d47ca3d7..6e7a242379 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -41,8 +41,8 @@ static BOOL fill_grent(struct winbindd_gr *gr, const char *dom_name, const char *gr_name, gid_t unix_gid) { fstring full_group_name; - /* Fill in uid/gid */ - fill_domain_username(full_group_name, dom_name, gr_name); + + fill_domain_username( full_group_name, dom_name, gr_name, False); gr->gr_gid = unix_gid; @@ -146,7 +146,7 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain, /* Append domain name */ - fill_domain_username(name, domain->name, the_name); + fill_domain_username(name, domain->name, the_name, False); len = strlen(name); @@ -201,7 +201,8 @@ done: void winbindd_getgrnam(struct winbindd_cli_state *state) { - DOM_SID group_sid; + DOM_SID group_sid, tmp_sid; + uint32 grp_rid; struct winbindd_domain *domain; enum SID_NAME_USE name_type; fstring name_domain, name_group; @@ -270,6 +271,20 @@ void winbindd_getgrnam(struct winbindd_cli_state *state) return; } + /* Make sure that the group SID is within the domain of the + original domain */ + + sid_copy( &tmp_sid, &group_sid ); + sid_split_rid( &tmp_sid, &grp_rid ); + if ( !sid_equal( &tmp_sid, &domain->sid ) ) { + DEBUG(3,("winbindd_getgrnam: group %s resolves to a SID in the wrong domain [%s]\n", + state->request.data.groupname, sid_string_static(&group_sid))); + request_error(state); + return; + } + + + /* Try to get the GID */ status = idmap_sid_to_gid(&group_sid, &gid, 0); @@ -731,7 +746,7 @@ void winbindd_getgrent(struct winbindd_cli_state *state) /* Fill in group entry */ fill_domain_username(domain_group_name, ent->domain_name, - name_list[ent->sam_entry_index].acct_name); + name_list[ent->sam_entry_index].acct_name, False); result = fill_grent(&group_list[group_list_ndx], ent->domain_name, @@ -905,7 +920,7 @@ void winbindd_list_groups(struct winbindd_cli_state *state) groups.sam_entries)[i].acct_name; fstring name; - fill_domain_username(name, domain->name, group_name); + fill_domain_username(name, domain->name, group_name, False); /* Append to extra data */ memcpy(&extra_data[extra_data_len], name, strlen(name)); diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 3e30d70522..d460c14769 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -1515,7 +1515,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, nt_domain = name_domain; } - fill_domain_username(username_out, nt_domain, nt_username); + fill_domain_username(username_out, nt_domain, nt_username, True); DEBUG(5, ("Setting unix username to [%s]\n", username_out)); diff --git a/source3/nsswitch/winbindd_passdb.c b/source3/nsswitch/winbindd_passdb.c index 96a85a4f3a..73020cd6bc 100644 --- a/source3/nsswitch/winbindd_passdb.c +++ b/source3/nsswitch/winbindd_passdb.c @@ -33,7 +33,7 @@ static void add_member(const char *domain, const char *user, { fstring name; - fill_domain_username(name, domain, user); + fill_domain_username(name, domain, user, True); safe_strcat(name, ",", sizeof(name)-1); string_append(pp_members, name); *p_num_members += 1; @@ -248,10 +248,7 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, if (!pdb_find_alias(name, sid)) return NT_STATUS_NONE_MAPPED; - if (sid_check_is_in_builtin(sid)) - *type = SID_NAME_WKN_GRP; - else - *type = SID_NAME_ALIAS; + *type = SID_NAME_ALIAS; return NT_STATUS_OK; } diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c index b48284a031..9b0796fb67 100644 --- a/source3/nsswitch/winbindd_user.c +++ b/source3/nsswitch/winbindd_user.c @@ -97,7 +97,7 @@ static BOOL winbindd_fill_pwent(char *dom_name, char *user_name, /* Username */ - fill_domain_username(output_username, dom_name, user_name); + fill_domain_username(output_username, dom_name, user_name, True); safe_strcpy(pw->pw_name, output_username, sizeof(pw->pw_name) - 1); @@ -289,7 +289,7 @@ static void getpwsid_sid2gid_recv(void *private_data, BOOL success, gid_t gid) pw = &s->state->response.data.pw; pw->pw_uid = s->uid; pw->pw_gid = s->gid; - fill_domain_username(output_username, s->domain->name, s->username); + fill_domain_username(output_username, s->domain->name, s->username, True); safe_strcpy(pw->pw_name, output_username, sizeof(pw->pw_name) - 1); safe_strcpy(pw->pw_gecos, s->fullname, sizeof(pw->pw_gecos) - 1); @@ -781,7 +781,7 @@ void winbindd_list_users(struct winbindd_cli_state *state) fstrcpy(acct_name, info[i].acct_name); } - fill_domain_username(name, domain->name, acct_name); + fill_domain_username(name, domain->name, acct_name, True); /* Append to extra data */ memcpy(&extra_data[extra_data_len], name, diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index 0678376e8f..64b4dd27a3 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -877,14 +877,14 @@ BOOL parse_domain_user_talloc(TALLOC_CTX *mem_ctx, const char *domuser, username is then unqualified in unix */ -void fill_domain_username(fstring name, const char *domain, const char *user) +void fill_domain_username(fstring name, const char *domain, const char *user, BOOL can_assume) { fstring tmp_user; fstrcpy(tmp_user, user); strlower_m(tmp_user); - if (assume_domain(domain)) { + if (can_assume && assume_domain(domain)) { strlcpy(name, user, sizeof(fstring)); } else { slprintf(name, sizeof(fstring) - 1, "%s%c%s", |