mirror of
https://github.com/samba-team/samba.git
synced 2025-03-08 04:58:40 +03:00
proper wellknown sids initialization at startup
(This used to be commit 568feee8977ee1be210344c8ab1896512894cba2)
This commit is contained in:
Simo Sorce
parent
75cace04fd
commit
7264b9df8f
@ -757,6 +757,9 @@ BOOL winbind_setup_common(void)
|
||||
if (!idmap_init())
|
||||
return False;
|
||||
|
||||
if (!idmap_init_wellknown_sids())
|
||||
return False;
|
||||
|
||||
/* Unblock all signals we are interested in as they may have been
|
||||
blocked by the parent process. */
|
||||
|
||||
|
||||
@ -37,7 +37,7 @@
|
||||
Fill the SAM_ACCOUNT with default values.
|
||||
***********************************************************/
|
||||
|
||||
static void pdb_fill_default_sam(SAM_ACCOUNT *user)
|
||||
void pdb_fill_default_sam(SAM_ACCOUNT *user)
|
||||
{
|
||||
ZERO_STRUCT(user->private); /* Don't touch the talloc context */
|
||||
|
||||
@ -296,7 +296,7 @@ NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username)
|
||||
|
||||
/* set Domain Users by default ! */
|
||||
sid_copy(&g_sid, get_global_sam_sid());
|
||||
sid_append_rid(&g_sid, DOMAIN_GROUP_RID_USERS);
|
||||
sid_append_rid(&g_sid, DOMAIN_GROUP_RID_USERS);
|
||||
pdb_set_group_sid(*new_sam_acct, &g_sid, PDB_SET);
|
||||
}
|
||||
return NT_STATUS_OK;
|
||||
@ -671,7 +671,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
|
||||
GROUP_MAP map;
|
||||
|
||||
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){
|
||||
DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n",
|
||||
DEBUG(0,("local_lookup_sid: sid_peek_check_rid return False! SID: %s\n",
|
||||
sid_string_static(&map.sid)));
|
||||
return False;
|
||||
}
|
||||
|
||||
@ -24,11 +24,16 @@
|
||||
Lookup a name in the SAM database
|
||||
******************************************************************/
|
||||
|
||||
static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
|
||||
static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *sam_account, const char *sname)
|
||||
{
|
||||
NTSTATUS nt_status;
|
||||
struct passwd *pass;
|
||||
const char *guest_account = lp_guestaccount();
|
||||
|
||||
if (!sam_account || !sname) {
|
||||
DEBUG(0,("invalid name specified"));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
if (!(guest_account && *guest_account)) {
|
||||
DEBUG(1, ("NULL guest account!?!?\n"));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
@ -38,21 +43,31 @@ static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *
|
||||
DEBUG(0,("invalid methods\n"));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
if (!sname) {
|
||||
DEBUG(0,("invalid name specified"));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
if (!strequal(guest_account, sname)) {
|
||||
return NT_STATUS_NO_SUCH_USER;
|
||||
}
|
||||
|
||||
pass = getpwnam_alloc(guest_account);
|
||||
pdb_fill_default_sam(sam_account);
|
||||
|
||||
if (!pdb_set_username(sam_account, guest_account, PDB_SET))
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
if (!pdb_set_fullname(sam_account, guest_account, PDB_SET))
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
if (!pdb_set_domain(sam_account, lp_workgroup(), PDB_DEFAULT))
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL, PDB_DEFAULT))
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_DEFAULT))
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT))
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
nt_status = pdb_fill_sam_pw(user, pass);
|
||||
|
||||
passwd_free(&pass);
|
||||
return nt_status;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
|
||||
@ -61,35 +76,17 @@ static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *
|
||||
**************************************************************************/
|
||||
|
||||
static NTSTATUS guestsam_getsampwrid (struct pdb_methods *methods,
|
||||
SAM_ACCOUNT *user, uint32 rid)
|
||||
SAM_ACCOUNT *sam_account, uint32 rid)
|
||||
{
|
||||
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
|
||||
struct passwd *pass = NULL;
|
||||
const char *guest_account = lp_guestaccount();
|
||||
if (!(guest_account && *guest_account)) {
|
||||
DEBUG(1, ("NULL guest account!?!?\n"));
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
if (!methods) {
|
||||
DEBUG(0,("invalid methods\n"));
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
if (rid == DOMAIN_USER_RID_GUEST) {
|
||||
pass = getpwnam_alloc(guest_account);
|
||||
if (!pass) {
|
||||
DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account));
|
||||
return NT_STATUS_NO_SUCH_USER;
|
||||
}
|
||||
} else {
|
||||
if (rid != DOMAIN_USER_RID_GUEST) {
|
||||
return NT_STATUS_NO_SUCH_USER;
|
||||
}
|
||||
|
||||
nt_status = pdb_fill_sam_pw(user, pass);
|
||||
passwd_free(&pass);
|
||||
if (!sam_account) {
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
return nt_status;
|
||||
return guestsam_getsampwnam (methods, sam_account, lp_guestaccount());
|
||||
}
|
||||
|
||||
static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
|
||||
@ -97,6 +94,7 @@ static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
|
||||
uint32 rid;
|
||||
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
|
||||
return NT_STATUS_NO_SUCH_USER;
|
||||
|
||||
return guestsam_getsampwrid(my_methods, user, rid);
|
||||
}
|
||||
|
||||
|
||||
@ -298,3 +298,49 @@ NTSTATUS sid_to_gid(const DOM_SID *sid, gid_t *gid)
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Initialize idmap withWellknown SIDs like Guest, that are necessary
|
||||
* to make samba run properly */
|
||||
BOOL idmap_init_wellknown_sids(void)
|
||||
{
|
||||
const char *guest_account = lp_guestaccount();
|
||||
struct passwd *pass;
|
||||
DOM_SID sid;
|
||||
unid_t id;
|
||||
int flags;
|
||||
|
||||
if (!(guest_account && *guest_account)) {
|
||||
DEBUG(1, ("NULL guest account!?!?\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
pass = getpwnam_alloc(guest_account);
|
||||
if (!pass) {
|
||||
return False;
|
||||
}
|
||||
|
||||
flags = ID_USERID;
|
||||
id.uid = pass->pw_uid;
|
||||
sid_copy(&sid, get_global_sam_sid());
|
||||
sid_append_rid(&sid, DOMAIN_USER_RID_GUEST);
|
||||
if (NT_STATUS_IS_ERR(idmap_set_mapping(&sid, id, flags))) {
|
||||
passwd_free(&pass);
|
||||
return False;
|
||||
}
|
||||
|
||||
/* check if DOMAIN_GROUP_RID_GUESTS SID is set, if not store the
|
||||
* guest account gid as mapping */
|
||||
flags = ID_GROUPID | ID_NOMAP;
|
||||
sid_copy(&sid, get_global_sam_sid());
|
||||
sid_append_rid(&sid, DOMAIN_GROUP_RID_GUESTS);
|
||||
if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &flags, &sid))) {
|
||||
flags = ID_GROUPID;
|
||||
id.gid = pass->pw_gid;
|
||||
if (NT_STATUS_IS_ERR(idmap_set_mapping(&sid, id, flags))) {
|
||||
passwd_free(&pass);
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
@ -833,10 +833,13 @@ static BOOL init_structs(void )
|
||||
if (!init_registry())
|
||||
exit(1);
|
||||
|
||||
if(!initialize_password_db(False))
|
||||
exit(1);
|
||||
|
||||
if (!idmap_init())
|
||||
exit(1);
|
||||
|
||||
if(!initialize_password_db(False))
|
||||
if (!idmap_init_wellknown_sids())
|
||||
exit(1);
|
||||
|
||||
static_init_rpc;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user