diff options
Diffstat (limited to 'source3/auth')
-rw-r--r-- | source3/auth/auth_util.c | 76 | ||||
-rw-r--r-- | source3/auth/server_info_sam.c | 32 |
2 files changed, 2 insertions, 106 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index ea95f33a86..c9ad507e8c 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -30,34 +30,6 @@ #define DBGC_CLASS DBGC_AUTH /**************************************************************************** - Ensure primary group SID is always at position 0 in a - auth_serversupplied_info struct. -****************************************************************************/ - -static void sort_sid_array_for_smbd(struct auth_serversupplied_info *result, - const struct dom_sid *pgroup_sid) -{ - unsigned int i; - - if (!result->sids) { - return; - } - - if (sid_compare(&result->sids[0], pgroup_sid)==0) { - return; - } - - for (i = 1; i < result->num_sids; i++) { - if (sid_compare(pgroup_sid, - &result->sids[i]) == 0) { - sid_copy(&result->sids[i], &result->sids[0]); - sid_copy(&result->sids[0], pgroup_sid); - return; - } - } -} - -/**************************************************************************** Create a UNIX user on demand. ****************************************************************************/ @@ -567,7 +539,6 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, { NTSTATUS status; struct samu *sampass = NULL; - gid_t *gids; char *qualified_name = NULL; TALLOC_CTX *mem_ctx = NULL; struct dom_sid u_sid; @@ -646,13 +617,13 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, return status; } + TALLOC_FREE(sampass); result->unix_name = talloc_strdup(result, unix_username); result->sanitized_username = sanitize_username(result, unix_username); if ((result->unix_name == NULL) || (result->sanitized_username == NULL)) { - TALLOC_FREE(sampass); TALLOC_FREE(result); return NT_STATUS_NO_MEMORY; } @@ -660,34 +631,6 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, result->utok.uid = pwd->pw_uid; result->utok.gid = pwd->pw_gid; - status = pdb_enum_group_memberships(result, sampass, - &result->sids, &gids, - &result->num_sids); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("pdb_enum_group_memberships failed: %s\n", - nt_errstr(status))); - TALLOC_FREE(sampass); - TALLOC_FREE(result); - return status; - } - - TALLOC_FREE(sampass); - - /* FIXME: add to info3 too ? */ - status = add_sid_to_array_unique(result, &u_sid, - &result->sids, - &result->num_sids); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(result); - return status; - } - - /* For now we throw away the gids and convert via sid_to_gid - * later. This needs fixing, but I'd like to get the code straight and - * simple first. */ - TALLOC_FREE(gids); - *server_info = result; return NT_STATUS_OK; @@ -1189,23 +1132,6 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, result->utok.uid = uid; result->utok.gid = gid; - /* Create a 'combined' list of all SIDs we might want in the SD */ - - result->num_sids = 0; - result->sids = NULL; - - nt_status = sid_array_from_info3(result, info3, - &result->sids, - &result->num_sids, - false, false); - if (!NT_STATUS_IS_OK(nt_status)) { - TALLOC_FREE(result); - return nt_status; - } - - /* Ensure the primary group sid is at position 0. */ - sort_sid_array_for_smbd(result, &group_sid); - /* ensure we are never given NULL session keys */ if (memcmp(info3->base.key.key, zeros, sizeof(zeros)) == 0) { diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c index 9072b6314a..7a33aab2a2 100644 --- a/source3/auth/server_info_sam.c +++ b/source3/auth/server_info_sam.c @@ -61,7 +61,6 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, struct samu *sampass) { struct passwd *pwd; - gid_t *gids; struct auth_serversupplied_info *result; const char *username = pdb_get_username(sampass); NTSTATUS status; @@ -101,16 +100,6 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, if (IS_DC && is_our_machine_account(username)) { /* - * Ensure for a connection from our own - * machine account (from winbindd on a DC) - * there are no supplementary groups. - * Prevents loops in calling gid_to_sid(). - */ - result->sids = NULL; - gids = NULL; - result->num_sids = 0; - - /* * This is a hack of monstrous proportions. * If we know it's winbindd talking to us, * we know we must never recurse into it, @@ -123,28 +112,9 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, (void)winbind_off(); DEBUG(10, ("make_server_info_sam: our machine account %s " - "setting supplementary group list empty and " - "turning off winbindd requests.\n", - username)); - } else { - status = pdb_enum_group_memberships(result, sampass, - &result->sids, &gids, - &result->num_sids); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("pdb_enum_group_memberships failed: %s\n", - nt_errstr(status))); - TALLOC_FREE(result); - return status; - } + "turning off winbindd requests.\n", username)); } - /* For now we throw away the gids and convert via sid_to_gid - * later. This needs fixing, but I'd like to get the code straight and - * simple first. */ - - TALLOC_FREE(gids); - DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n", pdb_get_username(sampass), result->unix_name)); |