Ignore:
Timestamp:
May 24, 2009, 7:17:10 AM (16 years ago)
Author:
Herwig Bauernfeind
Message:

Update Samba 3.3 to 3.3.1

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/samba-3.3.x/source/auth/auth_util.c

    r206 r221  
    556556        gid_t *gids;
    557557        auth_serversupplied_info *result;
    558         int i;
    559         size_t num_gids;
    560         DOM_SID unix_group_sid;
    561558        const char *username = pdb_get_username(sampass);
    562559        NTSTATUS status;
     
    574571
    575572        result->sam_account = sampass;
    576         /* Ensure thaat the sampass will be freed with the result */
    577         talloc_steal(result, sampass);
    578573        result->unix_name = pwd->pw_name;
    579574        /* Ensure that we keep pwd->pw_name, because we will free pwd below */
     
    632627        }
    633628
    634         /* Add the "Unix Group" SID for each gid to catch mapped groups
    635            and their Unix equivalent.  This is to solve the backwards
    636            compatibility problem of 'valid users = +ntadmin' where
    637            ntadmin has been paired with "Domain Admins" in the group
    638            mapping table.  Otherwise smb.conf would need to be changed
    639            to 'valid user = "Domain Admins"'.  --jerry */
    640        
    641         num_gids = result->num_sids;
    642         for ( i=0; i<num_gids; i++ ) {
    643                 if ( !gid_to_unix_groups_sid( gids[i], &unix_group_sid ) ) {
    644                         DEBUG(1,("make_server_info_sam: Failed to create SID "
    645                                 "for gid %d!\n", gids[i]));
    646                         continue;
    647                 }
    648                 status = add_sid_to_array_unique(result, &unix_group_sid,
    649                                                  &result->sids,
    650                                                  &result->num_sids);
    651                 if (!NT_STATUS_IS_OK(status)) {
    652                         result->sam_account = NULL; /* Don't free on error exit. */
    653                         TALLOC_FREE(result);
    654                         return status;
    655                 }
    656         }
    657 
    658629        /* For now we throw away the gids and convert via sid_to_gid
    659630         * later. This needs fixing, but I'd like to get the code straight and
     
    666637
    667638        *server_info = result;
     639        /* Ensure thaat the sampass will be freed with the result */
     640        talloc_steal(result, sampass);
    668641
    669642        return NT_STATUS_OK;
     
    720693        NTSTATUS status;
    721694        size_t i;
     695        struct dom_sid tmp_sid;
    722696
    723697        /*
     
    772746        }
    773747
     748        /*
     749         * Add the "Unix Group" SID for each gid to catch mapped groups
     750         * and their Unix equivalent.  This is to solve the backwards
     751         * compatibility problem of 'valid users = +ntadmin' where
     752         * ntadmin has been paired with "Domain Admins" in the group
     753         * mapping table.  Otherwise smb.conf would need to be changed
     754         * to 'valid user = "Domain Admins"'.  --jerry
     755         *
     756         * For consistency we also add the "Unix User" SID,
     757         * so that the complete unix token is represented within
     758         * the nt token.
     759         */
     760
     761        if (!uid_to_unix_users_sid(server_info->utok.uid, &tmp_sid)) {
     762                DEBUG(1,("create_local_token: Failed to create SID "
     763                        "for uid %d!\n", server_info->utok.uid));
     764        }
     765        add_sid_to_array_unique(server_info->ptok, &tmp_sid,
     766                                &server_info->ptok->user_sids,
     767                                &server_info->ptok->num_sids);
     768
     769        for ( i=0; i<server_info->utok.ngroups; i++ ) {
     770                if (!gid_to_unix_groups_sid( server_info->utok.groups[i], &tmp_sid ) ) {
     771                        DEBUG(1,("create_local_token: Failed to create SID "
     772                                "for gid %d!\n", server_info->utok.groups[i]));
     773                        continue;
     774                }
     775                add_sid_to_array_unique(server_info->ptok, &tmp_sid,
     776                                        &server_info->ptok->user_sids,
     777                                        &server_info->ptok->num_sids);
     778        }
     779
    774780        debug_nt_user_token(DBGC_AUTH, 10, server_info->ptok);
     781        debug_unix_user_token(DBGC_AUTH, 10,
     782                              server_info->utok.uid,
     783                              server_info->utok.gid,
     784                              server_info->utok.ngroups,
     785                              server_info->utok.groups);
    775786
    776787        status = log_nt_token(server_info->ptok);
Note: See TracChangeset for help on using the changeset viewer.