Author: vlendec Date: 2006-07-07 18:53:19 +0000 (Fri, 07 Jul 2006) New Revision: 16865
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16865 Log: This is a proposal to fix bug 3915. Before sending patches around, this is what svn is for. The idea is that we fall back to a pure unix user with S-1-22 SIDs in the token in case anything weird is going on with the 'force user'. Volker Modified: branches/SAMBA_3_0/source/auth/auth_util.c branches/SAMBA_3_0/source/passdb/lookup_sid.c branches/SAMBA_3_0/source/passdb/util_unixsids.c Changeset: Modified: branches/SAMBA_3_0/source/auth/auth_util.c =================================================================== --- branches/SAMBA_3_0/source/auth/auth_util.c 2006-07-07 18:22:26 UTC (rev 16864) +++ branches/SAMBA_3_0/source/auth/auth_util.c 2006-07-07 18:53:19 UTC (rev 16865) @@ -1081,14 +1081,13 @@ if (!pdb_getsampwsid(sam_acct, &user_sid)) { DEBUG(1, ("pdb_getsampwsid(%s) for user %s failed\n", sid_string_static(&user_sid), username)); - result = NT_STATUS_NO_SUCH_USER; - goto done; + DEBUGADD(1, ("Fall back to unix user %s\n", username)); + goto unix_user; } gr_sid = pdb_get_group_sid(sam_acct); if (!gr_sid) { - result = NT_STATUS_NO_MEMORY; - goto done; + goto unix_user; } sid_copy(&primary_group_sid, gr_sid); @@ -1096,7 +1095,8 @@ if (!sid_to_gid(&primary_group_sid, gid)) { DEBUG(1, ("sid_to_gid(%s) failed\n", sid_string_static(&primary_group_sid))); - goto done; + DEBUGADD(1, ("Fall back to unix user %s\n", username)); + goto unix_user; } result = pdb_enum_group_memberships(tmp_ctx, sam_acct, @@ -1105,7 +1105,8 @@ if (!NT_STATUS_IS_OK(result)) { DEBUG(10, ("enum_group_memberships failed for %s\n", username)); - goto done; + DEBUGADD(1, ("Fall back to unix user %s\n", username)); + goto unix_user; } *found_username = talloc_strdup(mem_ctx, @@ -1119,6 +1120,16 @@ struct passwd *pass; size_t i; + /* + * This goto target is used as a fallback for the passdb + * case. The concrete bug report is when passdb gave us an + * unmapped gid. + */ + + unix_user: + + uid_to_unix_users_sid(*uid, &user_sid); + pass = getpwuid_alloc(tmp_ctx, *uid); if (pass == NULL) { DEBUG(1, ("getpwuid(%d) for user %s failed\n", Modified: branches/SAMBA_3_0/source/passdb/lookup_sid.c =================================================================== --- branches/SAMBA_3_0/source/passdb/lookup_sid.c 2006-07-07 18:22:26 UTC (rev 16864) +++ branches/SAMBA_3_0/source/passdb/lookup_sid.c 2006-07-07 18:53:19 UTC (rev 16865) @@ -1074,8 +1074,7 @@ sid_append_rid(psid, algorithmic_pdb_uid_to_user_rid(uid)); goto done; } else { - sid_copy(psid, &global_sid_Unix_Users); - sid_append_rid(psid, uid); + uid_to_unix_users_sid(psid, uid); goto done; } Modified: branches/SAMBA_3_0/source/passdb/util_unixsids.c =================================================================== --- branches/SAMBA_3_0/source/passdb/util_unixsids.c 2006-07-07 18:22:26 UTC (rev 16864) +++ branches/SAMBA_3_0/source/passdb/util_unixsids.c 2006-07-07 18:53:19 UTC (rev 16865) @@ -36,6 +36,12 @@ return sid_check_is_unix_users(&dom_sid); } +BOOL uid_to_unix_users_sid(uid_t uid, DOM_SID *sid) +{ + sid_copy(sid, &global_sid_Unix_Users); + return sid_append_rid(sid, uid); +} + const char *unix_users_domain_name(void) { return "Unix User";
