The Samba-Bugzilla – Attachment 374 Details for
Bug 1016
Net groupmap add / delete / modify doesn't update users' Primary group SID
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Activates users' primary group SID update when adding/modifying/deleting a group mapping.
net_groupmap.c_updatesid.patch (text/plain), 4.38 KB, created by
Ganael LAPLANCHE
on 2004-01-30 01:25:22 UTC
(
hide
)
Description:
Activates users' primary group SID update when adding/modifying/deleting a group mapping.
Filename:
MIME Type:
Creator:
Ganael LAPLANCHE
Created:
2004-01-30 01:25:22 UTC
Size:
4.38 KB
patch
obsolete
>--- utils/net_groupmap.c.orig 2003-09-24 19:16:13.000000000 +0200 >+++ utils/net_groupmap.c 2004-01-29 13:38:06.000000000 +0100 >@@ -80,6 +80,65 @@ > return True; > } > >+/****************************************************** >+ Update primary group SID in passdb with <string_sid> >+ for users whose Unix primary group is <gid>. Useful >+ after a net_groupmap add/modify/delete. >+******************************************************/ >+static BOOL update_users_primgroup_sid(const gid_t gid, fstring string_sid) >+{ >+ SAM_ACCOUNT *sam_pwent=NULL; >+ struct passwd *pass=NULL; >+ fstring usrname = ""; >+ >+ /* Initialize static context */ >+ if(!initialize_password_db(True)) { >+ DEBUG(0,("update_users_primgroup_sid: Cannot initialize password database.\n")); >+ return False; >+ } >+ /* Open password database for update */ >+ if(!pdb_setsampwent(True)) { >+ DEBUG(0,("update_users_primgroup_sid: Cannot open password database.\n")); >+ return False; >+ } >+ >+ while (NT_STATUS_IS_OK(pdb_init_sam(&sam_pwent)) && pdb_getsampwent(sam_pwent)) { >+ fstrcpy(usrname,pdb_get_username(sam_pwent)); >+ if(!(pass = Get_Pwnam(usrname))) { >+ DEBUG(0,("update_users_primgroup_sid: Cannot find Unix account for %s.\n", usrname)); >+ return False; >+ } >+ >+ if ((pass->pw_gid) != (gid_t)-1) { >+ /* Check if user's primary group SID must be updated (if mapped gid is the user's primary group gid) */ >+ if (pass->pw_gid == gid) { >+ if (string_sid) { /* String specified, use it */ >+ pdb_set_group_sid_from_string(sam_pwent, string_sid, PDB_CHANGED); >+ } >+ else { /* no string specified, must compute the RID */ >+ pdb_set_group_sid_from_rid(sam_pwent, pdb_gid_to_group_rid(pass->pw_gid), PDB_CHANGED); >+ } >+ >+ /* Commit changes */ >+ if (pdb_update_sam_account(sam_pwent)) { >+ /* Works well with pdb LDAP, BUT !!Error!! while using pdb TDB : pdb_tdb.c invalidates >+ the iterator in tdb_update_sam (called by pdb_update_sam_account). The result is >+ an iterator error in the next pdb_getsampwent of the loop. MUST BE CORRECTED*/ >+ d_printf("Successully updated primary group SID for user %s\n", usrname); >+ } >+ else { >+ d_printf("Could not update primary group SID for user %s\n", usrname); >+ } >+ } >+ } >+ pdb_free_sam(&sam_pwent); >+ } >+ pdb_free_sam(&sam_pwent); >+ pdb_endsampwent(); >+ >+ return True; >+} >+ > /********************************************************* > Dump a GROUP_MAP entry to stdout (long or short listing) > **********************************************************/ >@@ -287,6 +346,9 @@ > } > > d_printf("Successully added group %s to the mapping db\n", ntgroup); >+ >+ update_users_primgroup_sid(gid, string_sid); >+ > return 0; > } > >@@ -303,6 +365,9 @@ > int i; > gid_t gid; > >+ gid_t old_gid; >+ fstring usrsid = ""; >+ > /* get the options */ > for ( i=0; i<argc; i++ ) { > if ( !StrnCaseCmp(argv[i], "ntgroup", strlen("ntgroup")) ) { >@@ -398,6 +463,8 @@ > if ( ntgroup[0] ) > fstrcpy( map.nt_name, ntgroup ); > >+ /* Keep old gid in memory then change it if needed */ >+ old_gid = map.gid; > if ( unixgrp[0] ) { > gid = nametogid( unixgrp ); > if ( gid == -1 ) { >@@ -416,6 +483,16 @@ > > d_printf("Updated mapping entry for %s\n", ntgroup); > >+ /* If gid changed we may need to update user SIDs */ >+ if(old_gid != map.gid) { >+ /* Compute primary group SID for users belonging to the old gid that is no longer mapped */ >+ update_users_primgroup_sid(old_gid, NULL); >+ >+ /* Update primary group SID for users belonging to the new gid mapped to the existing SID */ >+ sid_to_string(usrsid, &sid); >+ update_users_primgroup_sid(gid, usrsid); >+ } >+ > return 0; > } > >@@ -426,6 +503,9 @@ > fstring sid_string = ""; > int i; > >+ gid_t old_gid; >+ fstring usrsid = ""; >+ > /* get the options */ > for ( i=0; i<argc; i++ ) { > if ( !StrnCaseCmp(argv[i], "ntgroup", strlen("ntgroup")) ) { >@@ -463,6 +543,13 @@ > return -1; > } > >+ /* Keep in memory the old gid */ >+ if (!NT_STATUS_IS_OK(sid_to_gid(&sid, &old_gid)) ) { >+ sid_to_string(usrsid, &sid); >+ d_printf("Unable to resolve SID %s to gid\n", usrsid); >+ return -1; >+ } >+ > if ( !pdb_delete_group_mapping_entry(sid) ) { > printf("Failed to removing group %s from the mapping db!\n", ntgroup); > return -1; >@@ -470,6 +557,9 @@ > > d_printf("Sucessfully removed %s from the mapping db\n", ntgroup); > >+ /* Compute primary group SID for users belonging to the old gid that is no longer mapped */ >+ update_users_primgroup_sid(old_gid, NULL); >+ > return 0; > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=374">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1016
: 374