The Samba-Bugzilla – Attachment 7090 Details for
Bug 8598
force user fails for active directory users
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed patch
0001-s3-auth-fix-force-user-for-AD-user.patch (text/plain), 2.48 KB, created by
David Disseldorp
on 2011-11-11 15:34:13 UTC
(
hide
)
Description:
proposed patch
Filename:
MIME Type:
Creator:
David Disseldorp
Created:
2011-11-11 15:34:13 UTC
Size:
2.48 KB
patch
obsolete
>From 8fba1740fe1584524f97a1c8c4bb97712c95f2e0 Mon Sep 17 00:00:00 2001 >From: David Disseldorp <ddiss@suse.de> >Date: Thu, 10 Nov 2011 18:34:23 +0100 >Subject: [PATCH] s3-auth: fix force user for AD user > >Do not add a unix_users_domain_name() username prefix prior to the >lookup. This ensures winbind is consulted before a unix user SID is >manually composed. > >Use get_primary_group_sid() only if gid_to_sid() fails lookup. > >https://bugzilla.samba.org/show_bug.cgi?id=8598 >--- > source3/auth/auth_util.c | 18 ++++++++---------- > source3/passdb/lookup_sid.c | 3 +-- > 2 files changed, 9 insertions(+), 12 deletions(-) > >diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c >index fcfed83..f21cbe1 100644 >--- a/source3/auth/auth_util.c >+++ b/source3/auth/auth_util.c >@@ -677,9 +677,9 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, > { > NTSTATUS status; > struct samu *sampass = NULL; >- char *qualified_name = NULL; > TALLOC_CTX *mem_ctx = NULL; > struct dom_sid u_sid; >+ struct dom_sid g_sid; > enum lsa_SidType type; > struct auth_serversupplied_info *result; > >@@ -701,15 +701,7 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, > return NT_STATUS_NO_MEMORY; > } > >- qualified_name = talloc_asprintf(mem_ctx, "%s\\%s", >- unix_users_domain_name(), >- unix_username ); >- if (!qualified_name) { >- TALLOC_FREE(mem_ctx); >- return NT_STATUS_NO_MEMORY; >- } >- >- if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL, >+ if (!lookup_name(mem_ctx, unix_username, LOOKUP_NAME_ALL, > NULL, NULL, > &u_sid, &type)) { > TALLOC_FREE(mem_ctx); >@@ -739,6 +731,12 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, > /* set the user sid to be the calculated u_sid */ > pdb_set_user_sid(sampass, &u_sid, PDB_SET); > >+ /* samu_to_SamInfo3() calls get_primary_group_sid() if mapping fails */ >+ gid_to_sid(&g_sid, pwd->pw_gid); >+ if (!is_null_sid(&g_sid)) { >+ pdb_set_group_sid(sampass, &g_sid, PDB_SET); >+ } >+ > result = make_server_info(NULL); > if (result == NULL) { > TALLOC_FREE(sampass); >diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c >index cfc78ad..3939fee 100644 >--- a/source3/passdb/lookup_sid.c >+++ b/source3/passdb/lookup_sid.c >@@ -55,8 +55,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, > return false; > } > >- p = strchr_m(full_name, '\\'); >- >+ p = strchr_m(full_name, *lp_winbind_separator()); > if (p != NULL) { > domain = talloc_strndup(tmp_ctx, full_name, > PTR_DIFF(p, full_name)); >-- >1.7.3.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7090">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 8598
:
7078
|
7090
|
7542
|
7543
|
7548
|
9469
|
9642
|
9643
|
9644
|
9696
|
9697
|
9699
|
9700
|
9869
|
9870