The Samba-Bugzilla – Attachment 9644 Details for
Bug 8598
force user fails for active directory users
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
v4-0-test patch
look40 (text/plain), 39.56 KB, created by
Andreas Schneider
on 2014-02-05 10:12:50 UTC
(
hide
)
Description:
v4-0-test patch
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2014-02-05 10:12:50 UTC
Size:
39.56 KB
patch
obsolete
>From f6ddf881041388eeeca77f8be81da0a68039570e Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Mon, 16 Dec 2013 12:57:20 +0100 >Subject: [PATCH 1/4] s3-lib: Add winbind_lookup_usersids(). > >Pair-Programmed-With: Guenther Deschner <gd@samba.org> >Signed-off-by: Guenther Deschner <gd@samba.org> >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 241e98d8ee099f9cc5feb835085b4abd2b1ee663) >--- > source3/lib/winbind_util.c | 34 +++++ > source3/lib/winbind_util.h | 4 + > source3/passdb/ABI/pdb-0.1.0.sigs | 305 ++++++++++++++++++++++++++++++++++++++ > source3/wscript_build | 2 +- > 4 files changed, 344 insertions(+), 1 deletion(-) > create mode 100644 source3/passdb/ABI/pdb-0.1.0.sigs > >diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c >index b458ebe..f62682b 100644 >--- a/source3/lib/winbind_util.c >+++ b/source3/lib/winbind_util.c >@@ -342,6 +342,40 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx, > return true; > } > >+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx, >+ const struct dom_sid *user_sid, >+ uint32_t *p_num_sids, >+ struct dom_sid **p_sids) >+{ >+ wbcErr ret; >+ struct wbcDomainSid dom_sid; >+ struct wbcDomainSid *sid_list = NULL; >+ uint32_t num_sids; >+ >+ memcpy(&dom_sid, user_sid, sizeof(dom_sid)); >+ >+ ret = wbcLookupUserSids(&dom_sid, >+ false, >+ &num_sids, >+ &sid_list); >+ if (ret != WBC_ERR_SUCCESS) { >+ return false; >+ } >+ >+ *p_sids = talloc_array(mem_ctx, struct dom_sid, num_sids); >+ if (*p_sids == NULL) { >+ wbcFreeMemory(sid_list); >+ return false; >+ } >+ >+ memcpy(*p_sids, sid_list, sizeof(dom_sid) * num_sids); >+ >+ *p_num_sids = num_sids; >+ wbcFreeMemory(sid_list); >+ >+ return true; >+} >+ > #else /* WITH_WINBIND */ > > struct passwd * winbind_getpwnam(const char * name) >diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h >index 541bb95..abbc5a9 100644 >--- a/source3/lib/winbind_util.h >+++ b/source3/lib/winbind_util.h >@@ -58,5 +58,9 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx, > size_t num_members, > uint32_t **pp_alias_rids, > size_t *p_num_alias_rids); >+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx, >+ const struct dom_sid *user_sid, >+ uint32_t *p_num_sids, >+ struct dom_sid **p_sids); > > #endif /* __LIB__WINBIND_UTIL_H__ */ >diff --git a/source3/passdb/ABI/pdb-0.1.0.sigs b/source3/passdb/ABI/pdb-0.1.0.sigs >new file mode 100644 >index 0000000..2347cef >--- /dev/null >+++ b/source3/passdb/ABI/pdb-0.1.0.sigs >@@ -0,0 +1,305 @@ >+PDB_secrets_clear_domain_protection: bool (const char *) >+PDB_secrets_fetch_domain_guid: bool (const char *, struct GUID *) >+PDB_secrets_fetch_domain_sid: bool (const char *, struct dom_sid *) >+PDB_secrets_mark_domain_protected: bool (const char *) >+PDB_secrets_store_domain_guid: bool (const char *, struct GUID *) >+PDB_secrets_store_domain_sid: bool (const char *, const struct dom_sid *) >+account_policy_get: bool (enum pdb_policy_type, uint32_t *) >+account_policy_get_default: bool (enum pdb_policy_type, uint32_t *) >+account_policy_get_desc: const char *(enum pdb_policy_type) >+account_policy_name_to_typenum: enum pdb_policy_type (const char *) >+account_policy_names_list: void (TALLOC_CTX *, const char ***, int *) >+account_policy_set: bool (enum pdb_policy_type, uint32_t) >+add_initial_entry: NTSTATUS (gid_t, const char *, enum lsa_SidType, const char *, const char *) >+algorithmic_pdb_gid_to_group_rid: uint32_t (gid_t) >+algorithmic_pdb_rid_is_user: bool (uint32_t) >+algorithmic_pdb_uid_to_user_rid: uint32_t (uid_t) >+algorithmic_pdb_user_rid_to_uid: uid_t (uint32_t) >+algorithmic_rid_base: int (void) >+builtin_domain_name: const char *(void) >+cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *) >+cache_account_policy_set: bool (enum pdb_policy_type, uint32_t) >+create_builtin_administrators: NTSTATUS (const struct dom_sid *) >+create_builtin_users: NTSTATUS (const struct dom_sid *) >+decode_account_policy_name: const char *(enum pdb_policy_type) >+get_account_pol_db: struct db_context *(void) >+get_account_policy_attr: const char *(enum pdb_policy_type) >+get_domain_group_from_sid: bool (struct dom_sid, GROUP_MAP *) >+get_primary_group_sid: NTSTATUS (TALLOC_CTX *, const char *, struct passwd **, struct dom_sid **) >+get_privileges_for_sid_as_set: NTSTATUS (TALLOC_CTX *, PRIVILEGE_SET **, struct dom_sid *) >+get_privileges_for_sids: bool (uint64_t *, struct dom_sid *, int) >+get_trust_pw_clear: bool (const char *, char **, const char **, enum netr_SchannelType *) >+get_trust_pw_hash: bool (const char *, uint8_t *, const char **, enum netr_SchannelType *) >+gid_to_sid: void (struct dom_sid *, gid_t) >+gid_to_unix_groups_sid: void (gid_t, struct dom_sid *) >+grab_named_mutex: struct named_mutex *(TALLOC_CTX *, const char *, int) >+grant_all_privileges: bool (const struct dom_sid *) >+grant_privilege_by_name: bool (const struct dom_sid *, const char *) >+grant_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *) >+groupdb_tdb_init: const struct mapping_backend *(void) >+init_account_policy: bool (void) >+init_buffer_from_samu: uint32_t (uint8_t **, struct samu *, bool) >+init_samu_from_buffer: bool (struct samu *, uint32_t, uint8_t *, uint32_t) >+initialize_password_db: bool (bool, struct tevent_context *) >+is_dc_trusted_domain_situation: bool (const char *) >+is_privileged_sid: bool (const struct dom_sid *) >+local_password_change: NTSTATUS (const char *, int, const char *, char **, char **) >+login_cache_delentry: bool (const struct samu *) >+login_cache_init: bool (void) >+login_cache_read: bool (struct samu *, struct login_cache *) >+login_cache_shutdown: bool (void) >+login_cache_write: bool (const struct samu *, const struct login_cache *) >+lookup_builtin_name: bool (const char *, uint32_t *) >+lookup_builtin_rid: bool (TALLOC_CTX *, uint32_t, const char **) >+lookup_global_sam_name: bool (const char *, int, uint32_t *, enum lsa_SidType *) >+lookup_name: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *) >+lookup_name_smbconf: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *) >+lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *) >+lookup_sids: NTSTATUS (TALLOC_CTX *, int, const struct dom_sid **, int, struct lsa_dom_info **, struct lsa_name_info **) >+lookup_unix_group_name: bool (const char *, struct dom_sid *) >+lookup_unix_user_name: bool (const char *, struct dom_sid *) >+lookup_wellknown_name: bool (TALLOC_CTX *, const char *, struct dom_sid *, const char **) >+lookup_wellknown_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **) >+make_pdb_method: NTSTATUS (struct pdb_methods **) >+make_pdb_method_name: NTSTATUS (struct pdb_methods **, const char *) >+max_algorithmic_gid: gid_t (void) >+max_algorithmic_uid: uid_t (void) >+my_sam_name: const char *(void) >+pdb_add_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *) >+pdb_add_group_mapping_entry: NTSTATUS (GROUP_MAP *) >+pdb_add_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) >+pdb_add_sam_account: NTSTATUS (struct samu *) >+pdb_build_fields_present: uint32_t (struct samu *) >+pdb_capabilities: uint32_t (void) >+pdb_copy_sam_account: bool (struct samu *, struct samu *) >+pdb_create_alias: NTSTATUS (const char *, uint32_t *) >+pdb_create_builtin_alias: NTSTATUS (uint32_t) >+pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *) >+pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *) >+pdb_decode_acct_ctrl: uint32_t (const char *) >+pdb_default_add_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *) >+pdb_default_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) >+pdb_default_alias_memberships: NTSTATUS (struct pdb_methods *, TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) >+pdb_default_create_alias: NTSTATUS (struct pdb_methods *, const char *, uint32_t *) >+pdb_default_del_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *) >+pdb_default_delete_alias: NTSTATUS (struct pdb_methods *, const struct dom_sid *) >+pdb_default_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid) >+pdb_default_enum_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) >+pdb_default_enum_group_mapping: NTSTATUS (struct pdb_methods *, const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) >+pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *) >+pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t) >+pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *) >+pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid) >+pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *) >+pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) >+pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *) >+pdb_del_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) >+pdb_del_trusted_domain: NTSTATUS (const char *) >+pdb_del_trusteddom_pw: bool (const char *) >+pdb_delete_alias: NTSTATUS (const struct dom_sid *) >+pdb_delete_dom_group: NTSTATUS (TALLOC_CTX *, uint32_t) >+pdb_delete_group_mapping_entry: NTSTATUS (struct dom_sid) >+pdb_delete_sam_account: NTSTATUS (struct samu *) >+pdb_delete_secret: NTSTATUS (const char *) >+pdb_delete_user: NTSTATUS (TALLOC_CTX *, struct samu *) >+pdb_element_is_changed: bool (const struct samu *, enum pdb_elements) >+pdb_element_is_set_or_changed: bool (const struct samu *, enum pdb_elements) >+pdb_encode_acct_ctrl: char *(uint32_t, size_t) >+pdb_enum_alias_memberships: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) >+pdb_enum_aliasmem: NTSTATUS (const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) >+pdb_enum_group_mapping: bool (const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) >+pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, uint32_t **, size_t *) >+pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, struct dom_sid **, gid_t **, uint32_t *) >+pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct pdb_trusted_domain ***) >+pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***) >+pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***) >+pdb_find_backend_entry: struct pdb_init_function_entry *(const char *) >+pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *) >+pdb_get_acct_ctrl: uint32_t (const struct samu *) >+pdb_get_acct_desc: const char *(const struct samu *) >+pdb_get_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *) >+pdb_get_backend_private_data: void *(const struct samu *, const struct pdb_methods *) >+pdb_get_backends: const struct pdb_init_function_entry *(void) >+pdb_get_bad_password_count: uint16_t (const struct samu *) >+pdb_get_bad_password_time: time_t (const struct samu *) >+pdb_get_code_page: uint16_t (const struct samu *) >+pdb_get_comment: const char *(const struct samu *) >+pdb_get_country_code: uint16_t (const struct samu *) >+pdb_get_dir_drive: const char *(const struct samu *) >+pdb_get_domain: const char *(const struct samu *) >+pdb_get_domain_info: struct pdb_domain_info *(TALLOC_CTX *) >+pdb_get_fullname: const char *(const struct samu *) >+pdb_get_group_rid: uint32_t (struct samu *) >+pdb_get_group_sid: const struct dom_sid *(struct samu *) >+pdb_get_homedir: const char *(const struct samu *) >+pdb_get_hours: const uint8_t *(const struct samu *) >+pdb_get_hours_len: uint32_t (const struct samu *) >+pdb_get_init_flags: enum pdb_value_state (const struct samu *, enum pdb_elements) >+pdb_get_kickoff_time: time_t (const struct samu *) >+pdb_get_lanman_passwd: const uint8_t *(const struct samu *) >+pdb_get_logoff_time: time_t (const struct samu *) >+pdb_get_logon_count: uint16_t (const struct samu *) >+pdb_get_logon_divs: uint16_t (const struct samu *) >+pdb_get_logon_script: const char *(const struct samu *) >+pdb_get_logon_time: time_t (const struct samu *) >+pdb_get_munged_dial: const char *(const struct samu *) >+pdb_get_nt_passwd: const uint8_t *(const struct samu *) >+pdb_get_nt_username: const char *(const struct samu *) >+pdb_get_pass_can_change: bool (const struct samu *) >+pdb_get_pass_can_change_time: time_t (const struct samu *) >+pdb_get_pass_can_change_time_noncalc: time_t (const struct samu *) >+pdb_get_pass_last_set_time: time_t (const struct samu *) >+pdb_get_pass_must_change_time: time_t (const struct samu *) >+pdb_get_plaintext_passwd: const char *(const struct samu *) >+pdb_get_profile_path: const char *(const struct samu *) >+pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *) >+pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **) >+pdb_get_seq_num: bool (time_t *) >+pdb_get_tevent_context: struct tevent_context *(void) >+pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **) >+pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **) >+pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *) >+pdb_get_unknown_6: uint32_t (const struct samu *) >+pdb_get_user_rid: uint32_t (const struct samu *) >+pdb_get_user_sid: const struct dom_sid *(const struct samu *) >+pdb_get_username: const char *(const struct samu *) >+pdb_get_workstations: const char *(const struct samu *) >+pdb_getgrgid: bool (GROUP_MAP *, gid_t) >+pdb_getgrnam: bool (GROUP_MAP *, const char *) >+pdb_getgrsid: bool (GROUP_MAP *, struct dom_sid) >+pdb_gethexhours: bool (const char *, unsigned char *) >+pdb_gethexpwd: bool (const char *, unsigned char *) >+pdb_getsampwnam: bool (struct samu *, const char *) >+pdb_getsampwsid: bool (struct samu *, const struct dom_sid *) >+pdb_gid_to_sid: bool (gid_t, struct dom_sid *) >+pdb_group_rid_to_gid: gid_t (uint32_t) >+pdb_increment_bad_password_count: bool (struct samu *) >+pdb_is_password_change_time_max: bool (time_t) >+pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *, const char **, enum lsa_SidType *) >+pdb_new_rid: bool (uint32_t *) >+pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) >+pdb_nop_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid) >+pdb_nop_enum_group_mapping: NTSTATUS (struct pdb_methods *, enum lsa_SidType, GROUP_MAP **, size_t *, bool) >+pdb_nop_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t) >+pdb_nop_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *) >+pdb_nop_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid) >+pdb_nop_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) >+pdb_rename_sam_account: NTSTATUS (struct samu *, const char *) >+pdb_search_aliases: struct pdb_search *(TALLOC_CTX *, const struct dom_sid *) >+pdb_search_entries: uint32_t (struct pdb_search *, uint32_t, uint32_t, struct samr_displayentry **) >+pdb_search_groups: struct pdb_search *(TALLOC_CTX *) >+pdb_search_init: struct pdb_search *(TALLOC_CTX *, enum pdb_search_type) >+pdb_search_users: struct pdb_search *(TALLOC_CTX *, uint32_t) >+pdb_set_account_policy: bool (enum pdb_policy_type, uint32_t) >+pdb_set_acct_ctrl: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_acct_desc: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *) >+pdb_set_backend_private_data: bool (struct samu *, void *, void (*)(void **), const struct pdb_methods *, enum pdb_value_state) >+pdb_set_bad_password_count: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_bad_password_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_code_page: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_comment: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_country_code: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_dir_drive: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_domain: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_fullname: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_group_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state) >+pdb_set_group_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_homedir: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_hours: bool (struct samu *, const uint8_t *, int, enum pdb_value_state) >+pdb_set_hours_len: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_init_flags: bool (struct samu *, enum pdb_elements, enum pdb_value_state) >+pdb_set_kickoff_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_lanman_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state) >+pdb_set_logoff_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_logon_count: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_logon_divs: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_logon_script: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_logon_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_munged_dial: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_nt_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state) >+pdb_set_nt_username: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_pass_can_change: bool (struct samu *, bool) >+pdb_set_pass_can_change_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_pass_last_set_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_plaintext_passwd: bool (struct samu *, const char *) >+pdb_set_plaintext_pw_only: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_profile_path: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_pw_history: bool (struct samu *, const uint8_t *, uint32_t, enum pdb_value_state) >+pdb_set_secret: NTSTATUS (const char *, DATA_BLOB *, DATA_BLOB *, struct security_descriptor *) >+pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_trusted_domain *) >+pdb_set_trusteddom_pw: bool (const char *, const char *, const struct dom_sid *) >+pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *) >+pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **) >+pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state) >+pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_user_sid_from_string: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_username: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_workstations: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_sethexhours: void (char *, const unsigned char *) >+pdb_sethexpwd: void (char *, const unsigned char *, uint32_t) >+pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *) >+pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, struct unixid *) >+pdb_uid_to_sid: bool (uid_t, struct dom_sid *) >+pdb_update_autolock_flag: bool (struct samu *, bool *) >+pdb_update_bad_password_count: bool (struct samu *, bool *) >+pdb_update_group_mapping_entry: NTSTATUS (GROUP_MAP *) >+pdb_update_login_attempts: NTSTATUS (struct samu *, bool) >+pdb_update_sam_account: NTSTATUS (struct samu *) >+privilege_create_account: NTSTATUS (const struct dom_sid *) >+privilege_delete_account: NTSTATUS (const struct dom_sid *) >+privilege_enum_sids: NTSTATUS (enum sec_privilege, TALLOC_CTX *, struct dom_sid **, int *) >+privilege_enumerate_accounts: NTSTATUS (struct dom_sid **, int *) >+revoke_all_privileges: bool (const struct dom_sid *) >+revoke_privilege_by_name: bool (const struct dom_sid *, const char *) >+revoke_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *) >+samu_alloc_rid_unix: NTSTATUS (struct pdb_methods *, struct samu *, const struct passwd *) >+samu_new: struct samu *(TALLOC_CTX *) >+samu_set_unix: NTSTATUS (struct samu *, const struct passwd *) >+secrets_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***) >+sid_check_is_builtin: bool (const struct dom_sid *) >+sid_check_is_for_passdb: bool (const struct dom_sid *) >+sid_check_is_in_builtin: bool (const struct dom_sid *) >+sid_check_is_in_unix_groups: bool (const struct dom_sid *) >+sid_check_is_in_unix_users: bool (const struct dom_sid *) >+sid_check_is_in_wellknown_domain: bool (const struct dom_sid *) >+sid_check_is_unix_groups: bool (const struct dom_sid *) >+sid_check_is_unix_users: bool (const struct dom_sid *) >+sid_check_is_wellknown_builtin: bool (const struct dom_sid *) >+sid_check_is_wellknown_domain: bool (const struct dom_sid *, const char **) >+sid_check_object_is_for_passdb: bool (const struct dom_sid *) >+sid_to_gid: bool (const struct dom_sid *, gid_t *) >+sid_to_uid: bool (const struct dom_sid *, uid_t *) >+sids_to_unixids: bool (const struct dom_sid *, uint32_t, struct unixid *) >+smb_add_user_group: int (const char *, const char *) >+smb_create_group: int (const char *, gid_t *) >+smb_delete_group: int (const char *) >+smb_delete_user_group: int (const char *, const char *) >+smb_nscd_flush_group_cache: void (void) >+smb_nscd_flush_user_cache: void (void) >+smb_register_passdb: NTSTATUS (int, const char *, pdb_init_function) >+smb_set_primary_group: int (const char *, const char *) >+uid_to_sid: void (struct dom_sid *, uid_t) >+uid_to_unix_users_sid: void (uid_t, struct dom_sid *) >+unix_groups_domain_name: const char *(void) >+unix_users_domain_name: const char *(void) >+unixid_from_both: void (struct unixid *, uint32_t) >+unixid_from_gid: void (struct unixid *, uint32_t) >+unixid_from_uid: void (struct unixid *, uint32_t) >+wb_is_trusted_domain: wbcErr (const char *) >+winbind_allocate_gid: bool (gid_t *) >+winbind_allocate_uid: bool (uid_t *) >+winbind_get_groups: bool (TALLOC_CTX *, const char *, uint32_t *, gid_t **) >+winbind_get_sid_aliases: bool (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) >+winbind_getpwnam: struct passwd *(const char *) >+winbind_getpwsid: struct passwd *(const struct dom_sid *) >+winbind_gid_to_sid: bool (struct dom_sid *, gid_t) >+winbind_lookup_name: bool (const char *, const char *, struct dom_sid *, enum lsa_SidType *) >+winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, int, uint32_t *, const char **, const char ***, enum lsa_SidType **) >+winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *) >+winbind_lookup_usersids: bool (TALLOC_CTX *, const struct dom_sid *, uint32_t *, struct dom_sid **) >+winbind_ping: bool (void) >+winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *) >+winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *) >+winbind_uid_to_sid: bool (struct dom_sid *, uid_t) >diff --git a/source3/wscript_build b/source3/wscript_build >index 924bde7..a01d8d7 100755 >--- a/source3/wscript_build >+++ b/source3/wscript_build >@@ -734,7 +734,7 @@ bld.SAMBA3_LIBRARY('pdb', > passdb/lookup_sid.h''', > abi_match=private_pdb_match, > abi_directory='passdb/ABI', >- vnum='0', >+ vnum='0.1.0', > vars=locals()) > > bld.SAMBA3_LIBRARY('smbldaphelper', >-- >1.8.5.2 > > >From 42c5f225e4e6645efb339e281446503ac43fa98c Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 13 Dec 2013 19:08:34 +0100 >Subject: [PATCH 2/4] s3-auth: Add passwd_to_SamInfo3(). > >First this function tries to contacts winbind if the user is a domain >user to get valid information about it. If winbind isn't running it will >try to create everything from the passwd struct. This is not always >reliable but works in most cases. It improves the current situation >which doesn't talk to winbind at all. > >Pair-Programmed-With: Guenther Deschner <gd@samba.org> >Signed-off-by: Guenther Deschner <gd@samba.org> >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 1bb11c7744df6928cb8a096373ab920366b38770) >--- > source3/auth/proto.h | 4 ++ > source3/auth/server_info.c | 116 +++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 120 insertions(+) > >diff --git a/source3/auth/proto.h b/source3/auth/proto.h >index 76661fc..8385e66 100644 >--- a/source3/auth/proto.h >+++ b/source3/auth/proto.h >@@ -286,6 +286,10 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, > const char *login_server, > struct netr_SamInfo3 **_info3, > struct extra_auth_info *extra); >+NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, >+ const char *unix_username, >+ const struct passwd *pwd, >+ struct netr_SamInfo3 **pinfo3); > struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, > struct netr_SamInfo3 *orig); > struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx, >diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c >index d2b7d6e..46d8178 100644 >--- a/source3/auth/server_info.c >+++ b/source3/auth/server_info.c >@@ -24,6 +24,7 @@ > #include "../libcli/security/security.h" > #include "rpc_client/util_netlogon.h" > #include "nsswitch/libwbclient/wbclient.h" >+#include "lib/winbind_util.h" > #include "passdb.h" > > #undef DBGC_CLASS >@@ -436,6 +437,121 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, > return NT_STATUS_OK; > } > >+NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, >+ const char *unix_username, >+ const struct passwd *pwd, >+ struct netr_SamInfo3 **pinfo3) >+{ >+ struct netr_SamInfo3 *info3; >+ NTSTATUS status; >+ TALLOC_CTX *tmp_ctx; >+ const char *domain_name = NULL; >+ const char *user_name = NULL; >+ struct dom_sid domain_sid; >+ struct dom_sid user_sid; >+ struct dom_sid group_sid; >+ enum lsa_SidType type; >+ uint32_t num_sids = 0; >+ struct dom_sid *user_sids = NULL; >+ bool ok; >+ >+ tmp_ctx = talloc_stackframe(); >+ >+ ok = lookup_name_smbconf(tmp_ctx, >+ unix_username, >+ LOOKUP_NAME_ALL, >+ &domain_name, >+ &user_name, >+ &user_sid, >+ &type); >+ if (!ok) { >+ status = NT_STATUS_NO_SUCH_USER; >+ goto done; >+ } >+ >+ if (type != SID_NAME_USER) { >+ status = NT_STATUS_NO_SUCH_USER; >+ goto done; >+ } >+ >+ ok = winbind_lookup_usersids(tmp_ctx, >+ &user_sid, >+ &num_sids, >+ &user_sids); >+ /* Check if winbind is running */ >+ if (ok) { >+ /* >+ * Winbind is running and the first element of the user_sids >+ * is the primary group. >+ */ >+ if (num_sids > 0) { >+ group_sid = user_sids[0]; >+ } >+ } else { >+ /* >+ * Winbind is not running, create the group_sid from the >+ * group id. >+ */ >+ gid_to_sid(&group_sid, pwd->pw_gid); >+ } >+ >+ /* Make sure we have a valid group sid */ >+ ok = !is_null_sid(&group_sid); >+ if (!ok) { >+ status = NT_STATUS_NO_SUCH_USER; >+ goto done; >+ } >+ >+ /* Construct a netr_SamInfo3 from the information we have */ >+ info3 = talloc_zero(tmp_ctx, struct netr_SamInfo3); >+ if (!info3) { >+ status = NT_STATUS_NO_MEMORY; >+ goto done; >+ } >+ >+ info3->base.account_name.string = talloc_strdup(info3, unix_username); >+ if (info3->base.account_name.string == NULL) { >+ status = NT_STATUS_NO_MEMORY; >+ goto done; >+ } >+ >+ ZERO_STRUCT(domain_sid); >+ >+ sid_copy(&domain_sid, &user_sid); >+ sid_split_rid(&domain_sid, &info3->base.rid); >+ info3->base.domain_sid = dom_sid_dup(info3, &domain_sid); >+ >+ ok = sid_peek_check_rid(&domain_sid, &group_sid, >+ &info3->base.primary_gid); >+ if (!ok) { >+ DEBUG(1, ("The primary group domain sid(%s) does not " >+ "match the domain sid(%s) for %s(%s)\n", >+ sid_string_dbg(&group_sid), >+ sid_string_dbg(&domain_sid), >+ unix_username, >+ sid_string_dbg(&user_sid))); >+ status = NT_STATUS_INVALID_SID; >+ goto done; >+ } >+ >+ info3->base.acct_flags = ACB_NORMAL; >+ >+ if (num_sids) { >+ status = group_sids_to_info3(info3, user_sids, num_sids); >+ if (!NT_STATUS_IS_OK(status)) { >+ goto done; >+ } >+ } >+ >+ *pinfo3 = talloc_steal(mem_ctx, info3); >+ >+ status = NT_STATUS_OK; >+done: >+ talloc_free(tmp_ctx); >+ >+ return status; >+} >+ > #undef RET_NOMEM > > #define RET_NOMEM(ptr) do { \ >-- >1.8.5.2 > > >From e4e60f0a30edd781219ac3fefd94821b05d8d78d Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 13 Dec 2013 19:11:01 +0100 >Subject: [PATCH 3/4] s3-auth: Pass talloc context to make_server_info_pw(). > >Pair-Programmed-With: Guenther Deschner <gd@samba.org> >Signed-off-by: Guenther Deschner <gd@samba.org> >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 1b59c9743cf3fbd66b0b8b52162b2cc8d922e5cf) >--- > source3/auth/auth_unix.c | 7 +++++-- > source3/auth/auth_util.c | 52 +++++++++++++++++++++++++++++------------------- > source3/auth/proto.h | 7 ++++--- > source3/auth/user_krb5.c | 5 +---- > 4 files changed, 42 insertions(+), 29 deletions(-) > >diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c >index c8b5435..7b483a2 100644 >--- a/source3/auth/auth_unix.c >+++ b/source3/auth/auth_unix.c >@@ -67,8 +67,11 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context, > unbecome_root(); > > if (NT_STATUS_IS_OK(nt_status)) { >- if (pass) { >- make_server_info_pw(server_info, pass->pw_name, pass); >+ if (pass != NULL) { >+ nt_status = make_server_info_pw(mem_ctx, >+ pass->pw_name, >+ pass, >+ server_info); > } else { > /* we need to do somthing more useful here */ > nt_status = NT_STATUS_NO_SUCH_USER; >diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c >index d0b0b7d..7e96be1 100644 >--- a/source3/auth/auth_util.c >+++ b/source3/auth/auth_util.c >@@ -639,14 +639,15 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, > to a struct samu > ***************************************************************************/ > >-NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, >- char *unix_username, >- struct passwd *pwd) >+NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx, >+ const char *unix_username, >+ const struct passwd *pwd, >+ struct auth_serversupplied_info **server_info) > { > NTSTATUS status; > struct samu *sampass = NULL; > char *qualified_name = NULL; >- TALLOC_CTX *mem_ctx = NULL; >+ TALLOC_CTX *tmp_ctx; > struct dom_sid u_sid; > enum lsa_SidType type; > struct auth_serversupplied_info *result; >@@ -664,27 +665,27 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, > * plaintext passwords were used with no SAM backend. > */ > >- mem_ctx = talloc_init("make_server_info_pw_tmp"); >- if (!mem_ctx) { >+ tmp_ctx = talloc_stackframe(); >+ if (tmp_ctx == NULL) { > return NT_STATUS_NO_MEMORY; > } > >- qualified_name = talloc_asprintf(mem_ctx, "%s\\%s", >+ qualified_name = talloc_asprintf(tmp_ctx, "%s\\%s", > unix_users_domain_name(), > unix_username ); > if (!qualified_name) { >- TALLOC_FREE(mem_ctx); >+ TALLOC_FREE(tmp_ctx); > return NT_STATUS_NO_MEMORY; > } > >- if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL, >+ if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL, > NULL, NULL, > &u_sid, &type)) { >- TALLOC_FREE(mem_ctx); >+ TALLOC_FREE(tmp_ctx); > return NT_STATUS_NO_SUCH_USER; > } > >- TALLOC_FREE(mem_ctx); >+ TALLOC_FREE(tmp_ctx); > > if (type != SID_NAME_USER) { > return NT_STATUS_NO_SUCH_USER; >@@ -707,7 +708,7 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, > /* set the user sid to be the calculated u_sid */ > pdb_set_user_sid(sampass, &u_sid, PDB_SET); > >- result = make_server_info(NULL); >+ result = make_server_info(mem_ctx); > if (result == NULL) { > TALLOC_FREE(sampass); > return NT_STATUS_NO_MEMORY; >@@ -992,25 +993,36 @@ NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx, > struct passwd *pwd; > NTSTATUS status; > struct auth_serversupplied_info *result; >+ TALLOC_CTX *tmp_ctx; > >- pwd = Get_Pwnam_alloc(talloc_tos(), username); >- if (pwd == NULL) { >- return NT_STATUS_NO_SUCH_USER; >+ tmp_ctx = talloc_stackframe(); >+ if (tmp_ctx == NULL) { >+ return NT_STATUS_NO_MEMORY; > } > >- status = make_server_info_pw(&result, pwd->pw_name, pwd); >+ pwd = Get_Pwnam_alloc(tmp_ctx, username); >+ if (pwd == NULL) { >+ status = NT_STATUS_NO_SUCH_USER; >+ goto done; >+ } > >+ status = make_server_info_pw(tmp_ctx, pwd->pw_name, pwd, &result); > if (!NT_STATUS_IS_OK(status)) { >- return status; >+ goto done; > } > > result->nss_token = true; > result->guest = is_guest; > > /* Now turn the server_info into a session_info with the full token etc */ >- status = create_local_token(mem_ctx, result, NULL, pwd->pw_name, session_info); >- TALLOC_FREE(result); >- TALLOC_FREE(pwd); >+ status = create_local_token(mem_ctx, >+ result, >+ NULL, >+ pwd->pw_name, >+ session_info); >+ >+done: >+ talloc_free(tmp_ctx); > > return status; > } >diff --git a/source3/auth/proto.h b/source3/auth/proto.h >index 8385e66..7abca07 100644 >--- a/source3/auth/proto.h >+++ b/source3/auth/proto.h >@@ -206,9 +206,10 @@ bool user_in_group_sid(const char *username, const struct dom_sid *group_sid); > bool user_sid_in_group_sid(const struct dom_sid *sid, const struct dom_sid *group_sid); > bool user_in_group(const char *username, const char *groupname); > struct passwd; >-NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, >- char *unix_username, >- struct passwd *pwd); >+NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx, >+ const char *unix_username, >+ const struct passwd *pwd, >+ struct auth_serversupplied_info **server_info); > NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx, > const char *username, > bool is_guest, >diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c >index 974a8aa..7d44285 100644 >--- a/source3/auth/user_krb5.c >+++ b/source3/auth/user_krb5.c >@@ -242,7 +242,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx, > */ > DEBUG(10, ("didn't find user %s in passdb, calling " > "make_server_info_pw\n", username)); >- status = make_server_info_pw(&tmp, username, pw); >+ status = make_server_info_pw(mem_ctx, username, pw, &tmp); > } > > TALLOC_FREE(sampass); >@@ -253,9 +253,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx, > return status; > } > >- /* Steal tmp server info into the server_info pointer. */ >- server_info = talloc_move(mem_ctx, &tmp); >- > /* make_server_info_pw does not set the domain. Without this > * we end up with the local netbios name in substitutions for > * %D. */ >-- >1.8.5.2 > > >From 88dab0ac7929fc0e092e4ae9c0a7a3a9ba0172f2 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 13 Dec 2013 19:19:02 +0100 >Subject: [PATCH 4/4] s3-auth: Add passwd_to_SamInfo3(). > >Correctly lookup users which come from smb.conf. passwd_to_SamInfo3() >tries to contact winbind if the user is a domain user to get >valid information about it. If winbind isn't running it will try to >create everything from the passwd struct. This is not always reliable >but works in most cases. It improves the current situation which doesn't >talk to winbind at all. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 > >Pair-Programmed-With: Guenther Deschner <gd@samba.org> >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Wed Feb 5 01:40:38 CET 2014 on sn-devel-104 > >(cherry picked from commit 40e6456b5896e934fcd581c2cac2389984256e09) >--- > source3/auth/auth_util.c | 87 +++++++++------------------------------------- > source3/auth/server_info.c | 22 ++++++++++-- > 2 files changed, 36 insertions(+), 73 deletions(-) > >diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c >index 7e96be1..f4c61ef 100644 >--- a/source3/auth/auth_util.c >+++ b/source3/auth/auth_util.c >@@ -645,98 +645,43 @@ NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx, > struct auth_serversupplied_info **server_info) > { > NTSTATUS status; >- struct samu *sampass = NULL; >- char *qualified_name = NULL; >- TALLOC_CTX *tmp_ctx; >- struct dom_sid u_sid; >- enum lsa_SidType type; >+ TALLOC_CTX *tmp_ctx = NULL; > struct auth_serversupplied_info *result; > >- /* >- * The SID returned in server_info->sam_account is based >- * on our SAM sid even though for a pure UNIX account this should >- * not be the case as it doesn't really exist in the SAM db. >- * This causes lookups on "[in]valid users" to fail as they >- * will lookup this name as a "Unix User" SID to check against >- * the user token. Fix this by adding the "Unix User"\unix_username >- * SID to the sid array. The correct fix should probably be >- * changing the server_info->sam_account user SID to be a >- * S-1-22 Unix SID, but this might break old configs where >- * plaintext passwords were used with no SAM backend. >- */ >- > tmp_ctx = talloc_stackframe(); > if (tmp_ctx == NULL) { > return NT_STATUS_NO_MEMORY; > } > >- qualified_name = talloc_asprintf(tmp_ctx, "%s\\%s", >- unix_users_domain_name(), >- unix_username ); >- if (!qualified_name) { >- TALLOC_FREE(tmp_ctx); >- return NT_STATUS_NO_MEMORY; >- } >- >- if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL, >- NULL, NULL, >- &u_sid, &type)) { >- TALLOC_FREE(tmp_ctx); >- return NT_STATUS_NO_SUCH_USER; >- } >- >- TALLOC_FREE(tmp_ctx); >- >- if (type != SID_NAME_USER) { >- return NT_STATUS_NO_SUCH_USER; >- } >- >- if ( !(sampass = samu_new( NULL )) ) { >- return NT_STATUS_NO_MEMORY; >- } >- >- status = samu_set_unix( sampass, pwd ); >- if (!NT_STATUS_IS_OK(status)) { >- return status; >- } >- >- /* In pathological cases the above call can set the account >- * name to the DOMAIN\username form. Reset the account name >- * using unix_username */ >- pdb_set_username(sampass, unix_username, PDB_SET); >- >- /* set the user sid to be the calculated u_sid */ >- pdb_set_user_sid(sampass, &u_sid, PDB_SET); >- >- result = make_server_info(mem_ctx); >+ result = make_server_info(tmp_ctx); > if (result == NULL) { >- TALLOC_FREE(sampass); >- return NT_STATUS_NO_MEMORY; >+ status = NT_STATUS_NO_MEMORY; >+ goto done; > } > >- status = samu_to_SamInfo3(result, sampass, lp_netbios_name(), >- &result->info3, &result->extra); >- TALLOC_FREE(sampass); >+ status = passwd_to_SamInfo3(result, >+ unix_username, >+ pwd, >+ &result->info3); > if (!NT_STATUS_IS_OK(status)) { >- DEBUG(10, ("Failed to convert samu to info3: %s\n", >- nt_errstr(status))); >- TALLOC_FREE(result); >- return status; >+ goto done; > } > > result->unix_name = talloc_strdup(result, unix_username); >- > if (result->unix_name == NULL) { >- TALLOC_FREE(result); >- return NT_STATUS_NO_MEMORY; >+ status = NT_STATUS_NO_MEMORY; >+ goto done; > } > > result->utok.uid = pwd->pw_uid; > result->utok.gid = pwd->pw_gid; > >- *server_info = result; >+ *server_info = talloc_steal(mem_ctx, result); >+ status = NT_STATUS_OK; >+done: >+ talloc_free(tmp_ctx); > >- return NT_STATUS_OK; >+ return status; > } > > static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx, >diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c >index 46d8178..43711d5 100644 >--- a/source3/auth/server_info.c >+++ b/source3/auth/server_info.c >@@ -489,10 +489,28 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, > } > } else { > /* >- * Winbind is not running, create the group_sid from the >- * group id. >+ * Winbind is not running, try to create the group_sid from the >+ * passwd group id. >+ */ >+ >+ /* >+ * This can lead to a primary group of S-1-22-2-XX which >+ * will be rejected by other Samba code. > */ > gid_to_sid(&group_sid, pwd->pw_gid); >+ >+ ZERO_STRUCT(domain_sid); >+ >+ /* >+ * If we are a unix group, set the group_sid to the >+ * 'Domain Users' RID of 513 which will always resolve to a >+ * name. >+ */ >+ if (sid_check_is_in_unix_groups(&group_sid)) { >+ sid_compose(&group_sid, >+ get_global_sam_sid(), >+ DOMAIN_RID_USERS); >+ } > } > > /* Make sure we have a valid group sid */ >-- >1.8.5.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
ddiss
:
review+
Actions:
View
Attachments on
bug 8598
:
7078
|
7090
|
7542
|
7543
|
7548
|
9469
|
9642
|
9643
|
9644
|
9696
|
9697
|
9699
|
9700
|
9869
|
9870