--- samba-3.0.23b/source/auth/auth_util.c.gwc 2006-08-29 16:06:48.000000000 -0400 +++ samba-3.0.23b/source/auth/auth_util.c 2006-08-29 16:24:21.000000000 -0400 @@ -551,40 +551,21 @@ return result; } + /*************************************************************************** - Make (and fill) a user_info struct from a struct samu + Fill in the the UNIX-group-derived SIDs of a server_info struct. ***************************************************************************/ -NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, - struct samu *sampass) +static NTSTATUS fill_in_unix_group_sids(struct samu *sampass, + auth_serversupplied_info *result) { + NTSTATUS status; - struct passwd *pwd; gid_t *gids; - auth_serversupplied_info *result; int i; size_t num_gids; DOM_SID unix_group_sid; - - if ( !(pwd = getpwnam_alloc(NULL, pdb_get_username(sampass))) ) { - DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n", - pdb_get_username(sampass))); - return NT_STATUS_NO_SUCH_USER; - } - - if ( !(result = make_server_info(NULL)) ) { - TALLOC_FREE(pwd); - return NT_STATUS_NO_MEMORY; - } - - result->sam_account = sampass; - result->unix_name = talloc_strdup(result, pwd->pw_name); - result->gid = pwd->pw_gid; - result->uid = pwd->pw_uid; - - TALLOC_FREE(pwd); - status = pdb_enum_group_memberships(result, sampass, &result->sids, &gids, &result->num_sids); @@ -592,8 +573,6 @@ if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("pdb_enum_group_memberships failed: %s\n", nt_errstr(status))); - result->sam_account = NULL; /* Don't free on error exit. */ - TALLOC_FREE(result); return status; } @@ -607,8 +586,7 @@ num_gids = result->num_sids; for ( i=0; isam_account = sampass; + result->unix_name = talloc_strdup(result, pwd->pw_name); + result->gid = pwd->pw_gid; + result->uid = pwd->pw_uid; + + TALLOC_FREE(pwd); + + status = fill_in_unix_group_sids(sampass, result); + + if (!NT_STATUS_IS_OK(status)) { + result->sam_account = NULL; /* Don't free on error exit. */ + TALLOC_FREE(result); + return status; + } + DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n", pdb_get_username(sampass), result->unix_name)); @@ -1343,22 +1367,14 @@ result->uid = pwd->pw_uid; result->gid = pwd->pw_gid; - status = pdb_enum_group_memberships(result, sampass, - &result->sids, &gids, - &result->num_sids); + status = fill_in_unix_group_sids(sampass, result); if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("pdb_enum_group_memberships failed: %s\n", - nt_errstr(status))); + TALLOC_FREE(sampass); TALLOC_FREE(result); return status; } - /* For now we throw away the gids and convert via sid_to_gid - * later. This needs fixing, but I'd like to get the code straight and - * simple first. */ - TALLOC_FREE(gids); - *server_info = result; return NT_STATUS_OK; @@ -1810,6 +1826,7 @@ info3->gids[i].g_rid)) { DEBUG(3,("could not append additional group rid " "0x%x\n", info3->gids[i].g_rid)); + TALLOC_FREE(sam_account); TALLOC_FREE(result); return NT_STATUS_INVALID_PARAMETER; } @@ -1817,6 +1834,15 @@ &result->num_sids); } + nt_status = fill_in_unix_group_sids(sam_account, result); + + if (!NT_STATUS_IS_OK(nt_status)) { + /* XXX is this worth error-ing out */ + TALLOC_FREE(sam_account); + TALLOC_FREE(result); + return nt_status; + } + /* Copy 'other' sids. We need to do sid filtering here to prevent possible elevation of privileges. See: