The Samba-Bugzilla – Attachment 2024 Details for
Bug 3915
force user=root -> NT_STATUS_NO_SUCH_USER
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch Volker created.
look (text/plain), 4.58 KB, created by
Jeremy Allison
on 2006-07-07 15:00:08 UTC
(
hide
)
Description:
Patch Volker created.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2006-07-07 15:00:08 UTC
Size:
4.58 KB
patch
obsolete
>Index: source/auth/auth_util.c >=================================================================== >--- source/auth/auth_util.c (revision 16866) >+++ source/auth/auth_util.c (revision 16867) >@@ -1061,45 +1061,8 @@ > goto done; > } > >- if (sid_check_is_in_unix_users(&user_sid)) { >+ if (sid_check_is_in_our_domain(&user_sid)) { > >- /* This is a unix user not in passdb. We need to ask nss >- * directly, without consulting passdb */ >- >- struct passwd *pass; >- size_t i; >- >- pass = getpwuid_alloc(tmp_ctx, *uid); >- if (pass == NULL) { >- DEBUG(1, ("getpwuid(%d) for user %s failed\n", >- *uid, username)); >- goto done; >- } >- >- *gid = pass->pw_gid; >- gid_to_sid(&primary_group_sid, pass->pw_gid); >- >- if (!getgroups_unix_user(tmp_ctx, username, pass->pw_gid, >- &gids, &num_group_sids)) { >- DEBUG(1, ("getgroups_unix_user for user %s failed\n", >- username)); >- goto done; >- } >- >- group_sids = talloc_array(tmp_ctx, DOM_SID, num_group_sids); >- if (group_sids == NULL) { >- DEBUG(1, ("talloc_array failed\n")); >- result = NT_STATUS_NO_MEMORY; >- goto done; >- } >- >- for (i=0; i<num_group_sids; i++) { >- gid_to_sid(&group_sids[i], gids[i]); >- } >- *found_username = talloc_strdup(mem_ctx, pass->pw_name); >- >- } else if (sid_check_is_in_our_domain(&user_sid)) { >- > /* This is a passdb user, so ask passdb */ > > struct samu *sam_acct = NULL; >@@ -1113,14 +1076,13 @@ > if (!pdb_getsampwsid(sam_acct, &user_sid)) { > DEBUG(1, ("pdb_getsampwsid(%s) for user %s failed\n", > sid_string_static(&user_sid), username)); >- result = NT_STATUS_NO_SUCH_USER; >- goto done; >+ DEBUGADD(1, ("Fall back to unix user %s\n", username)); >+ goto unix_user; > } > > gr_sid = pdb_get_group_sid(sam_acct); > if (!gr_sid) { >- result = NT_STATUS_NO_MEMORY; >- goto done; >+ goto unix_user; > } > > sid_copy(&primary_group_sid, gr_sid); >@@ -1128,7 +1090,8 @@ > if (!sid_to_gid(&primary_group_sid, gid)) { > DEBUG(1, ("sid_to_gid(%s) failed\n", > sid_string_static(&primary_group_sid))); >- goto done; >+ DEBUGADD(1, ("Fall back to unix user %s\n", username)); >+ goto unix_user; > } > > result = pdb_enum_group_memberships(tmp_ctx, sam_acct, >@@ -1137,12 +1100,60 @@ > if (!NT_STATUS_IS_OK(result)) { > DEBUG(10, ("enum_group_memberships failed for %s\n", > username)); >- goto done; >+ DEBUGADD(1, ("Fall back to unix user %s\n", username)); >+ goto unix_user; > } > > *found_username = talloc_strdup(mem_ctx, > pdb_get_username(sam_acct)); > >+ } else if (sid_check_is_in_unix_users(&user_sid)) { >+ >+ /* This is a unix user not in passdb. We need to ask nss >+ * directly, without consulting passdb */ >+ >+ struct passwd *pass; >+ size_t i; >+ >+ /* >+ * This goto target is used as a fallback for the passdb >+ * case. The concrete bug report is when passdb gave us an >+ * unmapped gid. >+ */ >+ >+ unix_user: >+ >+ uid_to_unix_users_sid(*uid, &user_sid); >+ >+ pass = getpwuid_alloc(tmp_ctx, *uid); >+ if (pass == NULL) { >+ DEBUG(1, ("getpwuid(%d) for user %s failed\n", >+ *uid, username)); >+ goto done; >+ } >+ >+ *gid = pass->pw_gid; >+ gid_to_sid(&primary_group_sid, pass->pw_gid); >+ >+ if (!getgroups_unix_user(tmp_ctx, username, pass->pw_gid, >+ &gids, &num_group_sids)) { >+ DEBUG(1, ("getgroups_unix_user for user %s failed\n", >+ username)); >+ goto done; >+ } >+ >+ group_sids = talloc_array(tmp_ctx, DOM_SID, num_group_sids); >+ if (group_sids == NULL) { >+ DEBUG(1, ("talloc_array failed\n")); >+ result = NT_STATUS_NO_MEMORY; >+ goto done; >+ } >+ >+ for (i=0; i<num_group_sids; i++) { >+ gid_to_sid(&group_sids[i], gids[i]); >+ } >+ *found_username = talloc_strdup(mem_ctx, pass->pw_name); >+ > } else { > > /* This user is from winbind, force the primary gid to the >Index: source/passdb/util_unixsids.c >=================================================================== >--- source/passdb/util_unixsids.c (revision 16866) >+++ source/passdb/util_unixsids.c (revision 16867) >@@ -36,6 +36,12 @@ > return sid_check_is_unix_users(&dom_sid); > } > >+BOOL uid_to_unix_users_sid(uid_t uid, DOM_SID *sid) >+{ >+ sid_copy(sid, &global_sid_Unix_Users); >+ return sid_append_rid(sid, uid); >+} >+ > const char *unix_users_domain_name(void) > { > return "Unix User"; >Index: source/passdb/lookup_sid.c >=================================================================== >--- source/passdb/lookup_sid.c (revision 16866) >+++ source/passdb/lookup_sid.c (revision 16867) >@@ -1122,8 +1122,7 @@ > sid_append_rid(psid, algorithmic_pdb_uid_to_user_rid(uid)); > goto done; > } else { >- sid_copy(psid, &global_sid_Unix_Users); >- sid_append_rid(psid, uid); >+ uid_to_unix_users_sid(uid, psid); > goto done; > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2024">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 3915
:
2021
| 2024