diff options
| author | Volker Lendecke <vlendec@samba.org> | 2006-02-24 22:26:53 +0000 |
|---|---|---|
| committer | Volker Lendecke <vlendec@samba.org> | 2006-02-24 22:26:53 +0000 |
| commit | 678137635adafc67d7b33fe347fc2f1ddeafb031 (patch) | |
| tree | 95533cef4a1cbba34f14e199f2d1c556aafc367a /source/passdb | |
| parent | 1767b96eeee3658da70c9eff75732a4ba4ad5b62 (diff) | |
| download | samba-678137635adafc67d7b33fe347fc2f1ddeafb031.tar.gz samba-678137635adafc67d7b33fe347fc2f1ddeafb031.tar.xz samba-678137635adafc67d7b33fe347fc2f1ddeafb031.zip | |
r13683: Fix the 'valid users = +users' problem I introduced.
Volker
Diffstat (limited to 'source/passdb')
| -rw-r--r-- | source/passdb/lookup_sid.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index 2ffc02a9886..3d1805525a1 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -116,6 +116,25 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, goto failed; } + /* + * Nasty hack necessary for too common scenarios: + * + * For 'valid users = +users' we know "users" is most probably not + * BUILTIN\users but the unix group users. This hack requires the + * admin to explicitly qualify BUILTIN if BUILTIN\users is meant. + * + * Please note that LOOKUP_NAME_GROUP can not be requested via for + * example lsa_lookupnames, it only comes into this routine via + * the expansion of group names coming in from smb.conf + */ + + if ((flags & LOOKUP_NAME_GROUP) && + (lookup_unix_group_name(name, &sid))) { + domain = talloc_strdup(tmp_ctx, unix_groups_domain_name()); + type = SID_NAME_DOM_GRP; + goto ok; + } + /* Now the guesswork begins, we haven't been given an explicit * domain. Try the sequence as documented on * http://msdn.microsoft.com/library/en-us/secmgmt/security/lsalookupnames.asp |