From dbda3ad9e0c95511e601a1079f48b8737aa00d53 Mon Sep 17 00:00:00 2001 From: David Disseldorp Date: Thu, 10 Nov 2011 18:34:23 +0100 Subject: [PATCH] s3-auth: Fix force user with ADS member. Correctly lookup users which come from smb.conf. BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 Signed-off-by: Andreas Schneider --- source3/auth/auth_util.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index ceaa706..0d19c6e 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -645,11 +645,12 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, { NTSTATUS status; struct samu *sampass = NULL; - char *qualified_name = NULL; TALLOC_CTX *mem_ctx = NULL; struct dom_sid u_sid; + struct dom_sid g_sid; enum lsa_SidType type; struct auth_serversupplied_info *result; + bool ok; /* * The SID returned in server_info->sam_account is based @@ -669,17 +670,14 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, return NT_STATUS_NO_MEMORY; } - qualified_name = talloc_asprintf(mem_ctx, "%s\\%s", - unix_users_domain_name(), - unix_username ); - if (!qualified_name) { - TALLOC_FREE(mem_ctx); - return NT_STATUS_NO_MEMORY; - } - - if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL, - NULL, NULL, - &u_sid, &type)) { + ok = lookup_name_smbconf(mem_ctx, + unix_username, + LOOKUP_NAME_ALL, + NULL, + NULL, + &u_sid, + &type); + if (!ok) { TALLOC_FREE(mem_ctx); return NT_STATUS_NO_SUCH_USER; } @@ -707,6 +705,15 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, /* set the user sid to be the calculated u_sid */ pdb_set_user_sid(sampass, &u_sid, PDB_SET); + /* + * samu_to_SamInfo3() calls get_primary_group_sid() which fails + * if the domain_sid is not equal to the global sam sid + */ + gid_to_sid(&g_sid, pwd->pw_gid); + if (!is_null_sid(&g_sid)) { + pdb_set_group_sid(sampass, &g_sid, PDB_SET); + } + result = make_server_info(NULL); if (result == NULL) { TALLOC_FREE(sampass); -- 1.8.4.3