From ba5f9c4ef9b91b636157647fdd9f610cfdde97ff Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 3 Aug 2006 19:07:12 +0000 Subject: r17388: Fix the "valid users"/token issue for now. Volker, please come in and fix it in a less ugly way once you have some time. Thanks, Jeremy. (This used to be commit 79b1e668e2ce263c84ff8fafaafb3e57b06717ab) --- source3/auth/auth_util.c | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index d59c6b40cc..77da182f57 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -599,6 +599,14 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, * simple first. */ TALLOC_FREE(gids); + /* For a local user the real primary group sid is the result->sids[0] */ + + if (!pdb_set_group_sid(sampass, &result->sids[0], PDB_CHANGED)) { + result->sam_account = NULL; /* Don't free on error exit. */ + TALLOC_FREE(result); + return NT_STATUS_UNSUCCESSFUL; + } + DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n", pdb_get_username(sampass), result->unix_name)); @@ -1089,7 +1097,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, gr_sid = pdb_get_group_sid(sam_acct); if (!gr_sid) { - goto unix_user; + goto unix_group; } sid_copy(&primary_group_sid, gr_sid); @@ -1097,8 +1105,8 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, if (!sid_to_gid(&primary_group_sid, gid)) { DEBUG(1, ("sid_to_gid(%s) failed\n", sid_string_static(&primary_group_sid))); - DEBUGADD(1, ("Fall back to unix user %s\n", username)); - goto unix_user; + DEBUGADD(1, ("Fall back to unix group %s\n", username)); + goto unix_group; } result = pdb_enum_group_memberships(tmp_ctx, sam_acct, @@ -1107,8 +1115,8 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, if (!NT_STATUS_IS_OK(result)) { DEBUG(10, ("enum_group_memberships failed for %s\n", username)); - DEBUGADD(1, ("Fall back to unix user %s\n", username)); - goto unix_user; + DEBUGADD(1, ("Fall back to unix group %s\n", username)); + goto unix_group; } *found_username = talloc_strdup(mem_ctx, @@ -1132,6 +1140,8 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, uid_to_unix_users_sid(*uid, &user_sid); + unix_group: + pass = getpwuid_alloc(tmp_ctx, *uid); if (pass == NULL) { DEBUG(1, ("getpwuid(%d) for user %s failed\n", @@ -1316,6 +1326,14 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, * simple first. */ TALLOC_FREE(gids); + /* For a local user the real primary group sid is the result->sids[0] */ + + if (!pdb_set_group_sid(sampass, &result->sids[0], PDB_CHANGED)) { + result->sam_account = NULL; /* Don't free on error exit. */ + TALLOC_FREE(sampass); + return NT_STATUS_UNSUCCESSFUL; + } + *server_info = result; return NT_STATUS_OK; -- cgit