mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
Somewhere along the line, a config line like "valid users = @foo" broke when "foo" also exists as a user. user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP flag; but lookup_name() was not respecting that flag, and went ahead and looked for users anyway. Regression test to follow. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320 Signed-off-by: Justin Maggard <jmaggard@netgear.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104
This commit is contained in:
parent
adbd6d3253
commit
dc99d451bf
@ -120,7 +120,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
|
||||
goto ok;
|
||||
}
|
||||
|
||||
if (((flags & LOOKUP_NAME_NO_NSS) == 0)
|
||||
if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
|
||||
&& strequal(domain, unix_users_domain_name())) {
|
||||
if (lookup_unix_user_name(name, &sid)) {
|
||||
type = SID_NAME_USER;
|
||||
@ -293,7 +293,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
|
||||
/* 11. Ok, windows would end here. Samba has two more options:
|
||||
Unmapped users and unmapped groups */
|
||||
|
||||
if (((flags & LOOKUP_NAME_NO_NSS) == 0)
|
||||
if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
|
||||
&& lookup_unix_user_name(name, &sid)) {
|
||||
domain = talloc_strdup(tmp_ctx, unix_users_domain_name());
|
||||
type = SID_NAME_USER;
|
||||
|
@ -31,7 +31,7 @@ struct unixid;
|
||||
#define LOOKUP_NAME_NONE 0x00000000
|
||||
#define LOOKUP_NAME_ISOLATED 0x00000001 /* Look up unqualified names */
|
||||
#define LOOKUP_NAME_REMOTE 0x00000002 /* Ask others */
|
||||
#define LOOKUP_NAME_GROUP 0x00000004 /* (unused) This is a NASTY hack for
|
||||
#define LOOKUP_NAME_GROUP 0x00000004 /* This is a NASTY hack for
|
||||
valid users = @foo where foo also
|
||||
exists in as user. */
|
||||
#define LOOKUP_NAME_NO_NSS 0x00000008 /* no NSS calls to avoid
|
||||
|
Loading…
Reference in New Issue
Block a user