rebuilding winbindd with the enclosed replacement function gets the UNIX uid/gid from the users home directory. If it fails in anyway, it returns (g/u)id of 'nobody' This obviously allows specifically assigned uid's per user, allowing them to create files in there home directories while maintaining security. I'm running this with 2.2.5 on Solaris9 Proof of concept only. Not ported / tested on any other platform.
Enjoy
Ross
---- winbindd_idmap.c ----
/*
Replacement get_id_from_sid()
Use the UNIX homedir to determine the uid/gid.
Requires minimum directory permission of: --------x
If fails, will always return uid/gid=nobody
[EMAIL PROTECTED] aug-02
TODO:
cache gid/uid's in tdb database and hounour -n (no caching option)
make this an option in smb.conf winbind uid = homedir
get lp_template_homedir() to work
port/test/port!
*/
#include <sys/types.h>
#include <sys/stat.h>
enum username_t { root=0, nobody=60001 };
static BOOL get_id_from_sid(DOM_SID *sid, uid_t *id, BOOL isgroup)
{
fstring dom_name;
fstring name;
fstring homedir;
enum SID_NAME_USE type;
struct stat info;
char* p;
/* so that %U gets refreshed in lp_template_homedir() */
winbindd_lookup_name_by_sid(sid, dom_name, name, &type);
info.st_uid=nobody;
info.st_gid=nobody;
*id=nobody;
/* Should really use lp_template_homedir()
but does not seem to work (caches users)... */
fstrcpy(homedir,"/home/"); /* ...therefore hardcoded */
fstrcat(homedir,name);
fstrcat(homedir,"/."); /* odd NFS behavior? */
for(p=homedir; *p; p++)
*p=tolower(*p);
if(stat(homedir,&info)!=0) {
printf("Error accessing %s\n",homedir);
*id=nobody;
return(True);
}
if(type==SID_NAME_USER) {
if(info.st_uid==root) /* Safetynet. Cannot give root! */
*id=nobody;
else {
DEBUG(0,("%s+%s type=%d uid=%d gid=%d %s\n",
dom_name,name,type,info.st_uid,info.st_gid,homedir));
*id=info.st_uid;
}
}
if(type==SID_NAME_DOM_GRP) {
if(info.st_gid==root) /* Safetynet. Cannot give root! */
*id=nobody;
else
*id=info.st_gid;
}
return(True);
}
This e-mail, its content and any files transmitted with it are intended solely for the addressee(s) and may be legally privileged and/or confidential. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message and any attachments which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.
