1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s4-auth log details about any token we fail to convert to a unix token

Now that entries are being added into the idmap DB from Samba3, and
may be UID or GID but not BOTH, failures are more likely.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2011-11-17 18:24:24 +11:00 committed by Amitay Isaacs
parent e6c77f523b
commit f93ec5a027

View File

@ -78,6 +78,11 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
} else if (ids[0].xid.type == ID_TYPE_UID) {
(*sec)->uid = ids[0].xid.id;
} else {
char *sid_str = dom_sid_string(mem_ctx, ids[0].sid);
DEBUG(0, ("Unable to convert first SID (%s) in user token to a UID. Conversion was returned as type %d, full token:\n",
sid_str, (int)ids[0].xid.type));
security_token_debug(0, 0, token);
talloc_free(sid_str);
return NT_STATUS_INVALID_SID;
}
@ -87,6 +92,11 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
(*sec)->groups[g] = ids[1].xid.id;
g++;
} else {
char *sid_str = dom_sid_string(mem_ctx, ids[1].sid);
DEBUG(0, ("Unable to convert second SID (%s) in user token to a GID. Conversion was returned as type %d, full token:\n",
sid_str, (int)ids[1].xid.type));
security_token_debug(0, 0, token);
talloc_free(sid_str);
return NT_STATUS_INVALID_SID;
}
@ -96,10 +106,17 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
(*sec)->groups[g] = ids[s].xid.id;
g++;
} else {
char *sid_str = dom_sid_string(mem_ctx, ids[s].sid);
DEBUG(0, ("Unable to convert SID (%s) at index %u in user token to a GID. Conversion was returned as type %d, full token:\n",
sid_str, (unsigned int)s, (int)ids[s].xid.type));
security_token_debug(0, 0, token);
talloc_free(sid_str);
return NT_STATUS_INVALID_SID;
}
}
DEBUG(5, ("Successfully converted security token to a unix token:"));
security_token_debug(0, 5, token);
TALLOC_FREE(ids);
return NT_STATUS_OK;