sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

r16865: This is a proposal to fix bug 3915. Before sending patches around, this is

Browse Source 
what svn is for.

The idea is that we fall back to a pure unix user with S-1-22 SIDs in the
token in case anything weird is going on with the 'force user'.

Volker
(This used to be commit 9ec5ccfe85)
This commit is contained in:
Volker Lendecke 2006-07-07 18:53:19 +00:00 committed by Gerald (Jerry) Carter
parent fc4abcf028
commit 3899f95e1f
3 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
source3/auth/auth_util.c
View File

@ -1081,14 +1081,13 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
if (!pdb_getsampwsid(sam_acct, &user_sid)) {
DEBUG(1, ("pdb_getsampwsid(%s) for user %s failed\n",
sid_string_static(&user_sid), username));
result = NT_STATUS_NO_SUCH_USER;
goto done;
DEBUGADD(1, ("Fall back to unix user %s\n", username));
goto unix_user;
}
gr_sid = pdb_get_group_sid(sam_acct);
if (!gr_sid) {
result = NT_STATUS_NO_MEMORY;
goto done;
goto unix_user;
}
sid_copy(&primary_group_sid, gr_sid);
@ -1096,7 +1095,8 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
if (!sid_to_gid(&primary_group_sid, gid)) {
DEBUG(1, ("sid_to_gid(%s) failed\n",
sid_string_static(&primary_group_sid)));
goto done;
DEBUGADD(1, ("Fall back to unix user %s\n", username));
goto unix_user;
}
result = pdb_enum_group_memberships(tmp_ctx, sam_acct,
@ -1105,7 +1105,8 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10, ("enum_group_memberships failed for %s\n",
username));
goto done;
DEBUGADD(1, ("Fall back to unix user %s\n", username));
goto unix_user;
}
*found_username = talloc_strdup(mem_ctx,
@ -1119,6 +1120,16 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
struct passwd *pass;
size_t i;
/*
* This goto target is used as a fallback for the passdb
* case. The concrete bug report is when passdb gave us an
* unmapped gid.
*/
unix_user:
uid_to_unix_users_sid(*uid, &user_sid);
pass = getpwuid_alloc(tmp_ctx, *uid);
if (pass == NULL) {
DEBUG(1, ("getpwuid(%d) for user %s failed\n",

3
source3/passdb/lookup_sid.c
View File

@ -1074,8 +1074,7 @@ void uid_to_sid(DOM_SID *psid, uid_t uid)
sid_append_rid(psid, algorithmic_pdb_uid_to_user_rid(uid));
goto done;
} else {
sid_copy(psid, &global_sid_Unix_Users);
sid_append_rid(psid, uid);
uid_to_unix_users_sid(psid, uid);
goto done;
}

6
source3/passdb/util_unixsids.c
View File

@ -36,6 +36,12 @@ BOOL sid_check_is_in_unix_users(const DOM_SID *sid)
return sid_check_is_unix_users(&dom_sid);
}
BOOL uid_to_unix_users_sid(uid_t uid, DOM_SID *sid)
{
sid_copy(sid, &global_sid_Unix_Users);
return sid_append_rid(sid, uid);
}
const char *unix_users_domain_name(void)
{
return "Unix User";