diff options
author | Gerald Carter <jerry@samba.org> | 2006-02-17 19:07:58 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:10:12 -0500 |
commit | f79f4dc4c58a6172bf69d37469fdd8de05a812df (patch) | |
tree | cd108a95a535c128c0b58c33f6221e8e46ec712d /source/passdb/passdb.c | |
parent | a95d7d722273863efa820674672393fe6e5a33b7 (diff) | |
download | samba-f79f4dc4c58a6172bf69d37469fdd8de05a812df.tar.gz samba-f79f4dc4c58a6172bf69d37469fdd8de05a812df.tar.xz samba-f79f4dc4c58a6172bf69d37469fdd8de05a812df.zip |
r13545: A patch which I think it's time has come. VOlker, we can talk about
this more but it gets around the primary group issue.
* don't map a SID to a name from the group mapping code if
the map doesn't have a valid gid. This is only an issue
in a tdb setup
* Always allow S-1-$DOMAIN-513 to resolve (just like Windows)
* if we cannot resolve a users primary GID to a SID, then set
it to S-1-$DOMAIN-513
* Ignore the primary group SID inside pdb_enum_group_memberships().
Only look at the Unix group membersip.
Jeremy, this fixes a fresh install startup for smbd as far as my tests
are concerned.
Diffstat (limited to 'source/passdb/passdb.c')
-rw-r--r-- | source/passdb/passdb.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index 2b1da6ecce7..a50afb6bb86 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -218,6 +218,8 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd } } + /* we really need to throw away the mapping algorithm here */ + if (!pdb_set_user_sid_from_rid(account_data, algorithmic_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) { DEBUG(0,("Can't set User SID from RID!\n")); return NT_STATUS_INVALID_PARAMETER; @@ -229,17 +231,23 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd unbecome_root(); if( ret ) { - if (!pdb_set_group_sid(account_data, &map.sid, PDB_SET)){ + if ( !pdb_set_group_sid(account_data, &map.sid, PDB_SET) ) { DEBUG(0,("Can't set Group SID!\n")); return NT_STATUS_INVALID_PARAMETER; } + + return NT_STATUS_OK; } - else { - if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) { - DEBUG(0,("Can't set Group SID\n")); - return NT_STATUS_INVALID_PARAMETER; - } - } + + /* at this point we do not have an explicit mapping for the user's + primary group. We do not want to fall back to the rid mapping + algorithm. Windows standalone servers set the 0x201 rid as the + primary group and LookupSid( S-1...-513 ) returns SERVER\None. + Do something similar. Use the Domain Users RID as a a placeholder. + This is a workaround only. */ + + if ( !pdb_set_group_sid_from_rid(account_data, DOMAIN_GROUP_RID_USERS, PDB_SET)) + return NT_STATUS_INVALID_PARAMETER; return NT_STATUS_OK; } |