From a85395e0f5b18b9359d5785dcbe43e8f42c3448f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 13 Jul 2006 15:03:46 +0000 Subject: r17010: If winbind is not around, add S-1-22-1- to the user's token. See the comment in the patch for the reason. Volker (This used to be commit 5e07ab750af3744e1ee5bfc813d5c6532aff4ecb) --- source3/auth/auth_util.c | 43 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 34 insertions(+), 9 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 823bf8c322..56a3568933 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -958,23 +958,48 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) &server_info->gid, &server_info->unix_name, &server_info->ptok); - + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(mem_ctx); + return status; + } } else { - server_info->ptok = create_local_nt_token( + struct nt_user_token *token; + + token = create_local_nt_token( server_info, pdb_get_user_sid(server_info->sam_account), pdb_get_group_sid(server_info->sam_account), server_info->guest, server_info->num_sids, server_info->sids); - status = server_info->ptok ? - NT_STATUS_OK : NT_STATUS_NO_SUCH_USER; - } - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(mem_ctx); - return status; + if (token == NULL) { + TALLOC_FREE(mem_ctx); + return NT_STATUS_NO_SUCH_USER; + } + + /* + * We need to add the unix user sid as not necessarily the + * unix username resolves to the domain user sid. This is an + * artifact of an incomplete lookup_name/sid implementation + * when winbind is not around. + */ + + if (!winbind_ping()) { + DOM_SID unix_user_sid; + uid_to_unix_users_sid(server_info->uid, + &unix_user_sid); + + add_sid_to_array(token, &unix_user_sid, + &token->user_sids, &token->num_sids); + if (token->user_sids == NULL) { + TALLOC_FREE(mem_ctx); + return NT_STATUS_NO_MEMORY; + } + } + server_info->ptok = token; + status = NT_STATUS_OK; } - + /* Convert the SIDs to gids. */ server_info->n_groups = 0; -- cgit