summaryrefslogtreecommitdiffstats
path: root/source3/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_util.c76
-rw-r--r--source3/auth/server_info_sam.c32
2 files changed, 2 insertions, 106 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index ea95f33a86..c9ad507e8c 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -30,34 +30,6 @@
#define DBGC_CLASS DBGC_AUTH
/****************************************************************************
- Ensure primary group SID is always at position 0 in a
- auth_serversupplied_info struct.
-****************************************************************************/
-
-static void sort_sid_array_for_smbd(struct auth_serversupplied_info *result,
- const struct dom_sid *pgroup_sid)
-{
- unsigned int i;
-
- if (!result->sids) {
- return;
- }
-
- if (sid_compare(&result->sids[0], pgroup_sid)==0) {
- return;
- }
-
- for (i = 1; i < result->num_sids; i++) {
- if (sid_compare(pgroup_sid,
- &result->sids[i]) == 0) {
- sid_copy(&result->sids[i], &result->sids[0]);
- sid_copy(&result->sids[0], pgroup_sid);
- return;
- }
- }
-}
-
-/****************************************************************************
Create a UNIX user on demand.
****************************************************************************/
@@ -567,7 +539,6 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
{
NTSTATUS status;
struct samu *sampass = NULL;
- gid_t *gids;
char *qualified_name = NULL;
TALLOC_CTX *mem_ctx = NULL;
struct dom_sid u_sid;
@@ -646,13 +617,13 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
return status;
}
+ TALLOC_FREE(sampass);
result->unix_name = talloc_strdup(result, unix_username);
result->sanitized_username = sanitize_username(result, unix_username);
if ((result->unix_name == NULL)
|| (result->sanitized_username == NULL)) {
- TALLOC_FREE(sampass);
TALLOC_FREE(result);
return NT_STATUS_NO_MEMORY;
}
@@ -660,34 +631,6 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
result->utok.uid = pwd->pw_uid;
result->utok.gid = pwd->pw_gid;
- status = pdb_enum_group_memberships(result, sampass,
- &result->sids, &gids,
- &result->num_sids);
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("pdb_enum_group_memberships failed: %s\n",
- nt_errstr(status)));
- TALLOC_FREE(sampass);
- TALLOC_FREE(result);
- return status;
- }
-
- TALLOC_FREE(sampass);
-
- /* FIXME: add to info3 too ? */
- status = add_sid_to_array_unique(result, &u_sid,
- &result->sids,
- &result->num_sids);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(result);
- return status;
- }
-
- /* For now we throw away the gids and convert via sid_to_gid
- * later. This needs fixing, but I'd like to get the code straight and
- * simple first. */
- TALLOC_FREE(gids);
-
*server_info = result;
return NT_STATUS_OK;
@@ -1189,23 +1132,6 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
result->utok.uid = uid;
result->utok.gid = gid;
- /* Create a 'combined' list of all SIDs we might want in the SD */
-
- result->num_sids = 0;
- result->sids = NULL;
-
- nt_status = sid_array_from_info3(result, info3,
- &result->sids,
- &result->num_sids,
- false, false);
- if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(result);
- return nt_status;
- }
-
- /* Ensure the primary group sid is at position 0. */
- sort_sid_array_for_smbd(result, &group_sid);
-
/* ensure we are never given NULL session keys */
if (memcmp(info3->base.key.key, zeros, sizeof(zeros)) == 0) {
diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c
index 9072b6314a..7a33aab2a2 100644
--- a/source3/auth/server_info_sam.c
+++ b/source3/auth/server_info_sam.c
@@ -61,7 +61,6 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
struct samu *sampass)
{
struct passwd *pwd;
- gid_t *gids;
struct auth_serversupplied_info *result;
const char *username = pdb_get_username(sampass);
NTSTATUS status;
@@ -101,16 +100,6 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
if (IS_DC && is_our_machine_account(username)) {
/*
- * Ensure for a connection from our own
- * machine account (from winbindd on a DC)
- * there are no supplementary groups.
- * Prevents loops in calling gid_to_sid().
- */
- result->sids = NULL;
- gids = NULL;
- result->num_sids = 0;
-
- /*
* This is a hack of monstrous proportions.
* If we know it's winbindd talking to us,
* we know we must never recurse into it,
@@ -123,28 +112,9 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
(void)winbind_off();
DEBUG(10, ("make_server_info_sam: our machine account %s "
- "setting supplementary group list empty and "
- "turning off winbindd requests.\n",
- username));
- } else {
- status = pdb_enum_group_memberships(result, sampass,
- &result->sids, &gids,
- &result->num_sids);
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("pdb_enum_group_memberships failed: %s\n",
- nt_errstr(status)));
- TALLOC_FREE(result);
- return status;
- }
+ "turning off winbindd requests.\n", username));
}
- /* For now we throw away the gids and convert via sid_to_gid
- * later. This needs fixing, but I'd like to get the code straight and
- * simple first. */
-
- TALLOC_FREE(gids);
-
DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
pdb_get_username(sampass), result->unix_name));