The Samba-Bugzilla – Attachment 2864 Details for
Bug 4874
Samba users local domain SID for uknown groups even for foreign users
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Use user's domain "Domain user" when primary group is guessed
samba-domainsid.patch (text/plain), 2.18 KB, created by
Luiz Angelo Daros de Luca
on 2007-08-14 11:28:30 UTC
(
hide
)
Description:
Use user's domain "Domain user" when primary group is guessed
Filename:
MIME Type:
Creator:
Luiz Angelo Daros de Luca
Created:
2007-08-14 11:28:30 UTC
Size:
2.18 KB
patch
obsolete
>--- samba-3.0.23d/source/passdb/pdb_get_set.c.old 2007-08-13 20:30:40.000000000 -0300 >+++ samba-3.0.23d/source/passdb/pdb_get_set.c 2007-08-13 20:33:32.000000000 -0300 >@@ -140,6 +140,9 @@ > > /* Return the cached group SID if we have that */ > if ( sampass->group_sid ) { >+ DEBUG(10,("pdb_get_group_sid: Using cached group SID %s for %s\n", >+ sid_string_static(sampass->group_sid), >+ pdb_get_username(sampass))); > return sampass->group_sid; > } > >@@ -156,7 +159,9 @@ > > if ( sampass->unix_pw ) { > pwd = sampass->unix_pw; >+ DEBUG(10,("pdb_get_group_sid: Found existing unix account for %s: %s\n", pdb_get_username(sampass), pwd->pw_name)); > } else { >+ DEBUG(10,("pdb_get_group_sid: alloc new user for %s\n", pdb_get_username(sampass))); > pwd = Get_Pwnam_alloc( sampass, pdb_get_username(sampass) ); > } > >@@ -191,8 +196,19 @@ > > /* Just set it to the 'Domain Users' RID of 512 which will > always resolve to a name */ >- >- sid_copy( gsid, get_global_sam_sid() ); >+ >+ uint32 dummy; >+ >+ DEBUG(3, ("Primary group for user %s will be SID-512\n", pdb_get_username(sampass))); >+ >+ /* Try to use user's domain "Domain Users" group */ >+ sid_copy(gsid, &sampass->user_sid); >+ if (!sid_split_rid(gsid, &dummy)) { >+ DEBUG(1, ("sid_split_rid(%s) failed. Using global SID\n", >+ sid_string_static(gsid))); >+ /* Use default domain if fails */ >+ sid_copy(gsid, get_global_sam_sid()); >+ } > sid_append_rid( gsid, DOMAIN_GROUP_RID_USERS ); > > sampass->group_sid = gsid; >@@ -511,9 +527,19 @@ > store DOMAIN_USERS as the primary groupSID */ > > if ( sid_to_gid( g_sid, &gid ) ) { >+ DEBUG(10, ("pdb_set_group_sid: resolved %s to %d\n", sid_string_static(g_sid),gid)); > sid_copy(sampass->group_sid, g_sid); > } else { >- sid_copy( sampass->group_sid, get_global_sam_sid() ); >+ uint32 dummy; >+ >+ DEBUG(10, ("pdb_set_group_sid: guessing group using SID-513\n")); >+ >+ sid_copy(sampass->group_sid, &sampass->user_sid); >+ if (!sid_split_rid(sampass->group_sid, &dummy)) { >+ DEBUG(1, ("sid_split_rid(%s) failed. Using global SID\n", >+ sid_string_static(sampass->group_sid))); >+ sid_copy(sampass->group_sid, get_global_sam_sid()); >+ } > sid_append_rid( sampass->group_sid, DOMAIN_GROUP_RID_USERS ); > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2864">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 4874
: 2864