diff options
author | Gerald Carter <jerry@samba.org> | 2006-08-23 12:27:34 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2006-08-23 12:27:34 +0000 |
commit | 37a34a3626ea66d8959044154a9baa81c47fa4ca (patch) | |
tree | 01ea1e1f8346996c9a14279f310d2b74c5e50f18 /source | |
parent | 67a24ad6e1bef0c80f8a8f6e79df1e81643fa6cc (diff) | |
download | samba-37a34a3626ea66d8959044154a9baa81c47fa4ca.tar.gz samba-37a34a3626ea66d8959044154a9baa81c47fa4ca.tar.xz samba-37a34a3626ea66d8959044154a9baa81c47fa4ca.zip |
r17751: add create_token_from_username() fix
Diffstat (limited to 'source')
-rw-r--r-- | source/auth/auth_util.c | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index aa070805321..d12e49d1bc0 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -1067,7 +1067,10 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, gid_t *gids; DOM_SID primary_group_sid; DOM_SID *group_sids; + DOM_SID unix_group_sid; size_t num_group_sids; + size_t num_gids; + size_t i; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -1134,7 +1137,6 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, * directly, without consulting passdb */ struct passwd *pass; - size_t i; /* * This goto target is used as a fallback for the passdb @@ -1204,6 +1206,31 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, *found_username = talloc_strdup(mem_ctx, username); } + /* Add the "Unix Group" SID for each gid to catch mapped groups + and their Unix equivalent. This is to solve the backwards + compatibility problem of 'valid users = +ntadmin' where + ntadmin has been paired with "Domain Admins" in the group + mapping table. Otherwise smb.conf would need to be changed + to 'valid user = "Domain Admins"'. --jerry */ + + num_gids = num_group_sids; + for ( i=0; i<num_gids; i++ ) { + gid_t high, low; + + /* don't pickup anything managed by Winbind */ + + if ( lp_idmap_gid(&low, &high) && (gids[i] >= low) && (gids[i] <= high) ) + continue; + + if ( !gid_to_unix_groups_sid( gids[i], &unix_group_sid ) ) { + DEBUG(1,("create_token_from_username: Failed to create SID " + "for gid %d!\n", gids[i])); + continue; + } + add_sid_to_array_unique( mem_ctx, &unix_group_sid, + &group_sids, &num_group_sids ); + } + *token = create_local_nt_token(mem_ctx, &user_sid, is_guest, num_group_sids, group_sids); |