samba-cvs.cvs
[Top] [All Lists]

svn commit: samba r13683 - branches/SAMBA_3_0/source/passdb trunk/source

Subject: svn commit: samba r13683 - branches/SAMBA_3_0/source/passdb trunk/source/passdb
From:
Date: Fri, 24 Feb 2006 22:26:53 +0000 GMT
Author: vlendec
Date: 2006-02-24 22:26:53 +0000 (Fri, 24 Feb 2006)
New Revision: 13683

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13683

Log:
Fix the 'valid users = +users' problem I introduced.

Volker
Modified:
   branches/SAMBA_3_0/source/passdb/lookup_sid.c
   trunk/source/passdb/lookup_sid.c


Changeset:
Modified: branches/SAMBA_3_0/source/passdb/lookup_sid.c
===================================================================
--- branches/SAMBA_3_0/source/passdb/lookup_sid.c       2006-02-24 22:04:07 UTC 
(rev 13682)
+++ branches/SAMBA_3_0/source/passdb/lookup_sid.c       2006-02-24 22:26:53 UTC 
(rev 13683)
@@ -116,6 +116,25 @@
                goto failed;
        }
 
+       /*
+        * Nasty hack necessary for too common scenarios:
+        *
+        * For 'valid users = +users' we know "users" is most probably not
+        * BUILTIN\users but the unix group users. This hack requires the
+        * admin to explicitly qualify BUILTIN if BUILTIN\users is meant.
+        *
+        * Please note that LOOKUP_NAME_GROUP can not be requested via for
+        * example lsa_lookupnames, it only comes into this routine via
+        * the expansion of group names coming in from smb.conf
+        */
+
+       if ((flags & LOOKUP_NAME_GROUP) &&
+           (lookup_unix_group_name(name, &sid))) {
+               domain = talloc_strdup(tmp_ctx, unix_groups_domain_name());
+               type = SID_NAME_DOM_GRP;
+               goto ok;
+       }
+
        /* Now the guesswork begins, we haven't been given an explicit
         * domain. Try the sequence as documented on
         * 
http://msdn.microsoft.com/library/en-us/secmgmt/security/lsalookupnames.asp

Modified: trunk/source/passdb/lookup_sid.c
===================================================================
--- trunk/source/passdb/lookup_sid.c    2006-02-24 22:04:07 UTC (rev 13682)
+++ trunk/source/passdb/lookup_sid.c    2006-02-24 22:26:53 UTC (rev 13683)
@@ -116,6 +116,25 @@
                goto failed;
        }
 
+       /*
+        * Nasty hack necessary for too common scenarios:
+        *
+        * For 'valid users = +users' we know "users" is most probably not
+        * BUILTIN\users but the unix group users. This hack requires the
+        * admin to explicitly qualify BUILTIN if BUILTIN\users is meant.
+        *
+        * Please note that LOOKUP_NAME_GROUP can not be requested via for
+        * example lsa_lookupnames, it only comes into this routine via
+        * the expansion of group names coming in from smb.conf
+        */
+
+       if ((flags & LOOKUP_NAME_GROUP) &&
+           (lookup_unix_group_name(name, &sid))) {
+               domain = talloc_strdup(tmp_ctx, unix_groups_domain_name());
+               type = SID_NAME_DOM_GRP;
+               goto ok;
+       }
+
        /* Now the guesswork begins, we haven't been given an explicit
         * domain. Try the sequence as documented on
         * 
http://msdn.microsoft.com/library/en-us/secmgmt/security/lsalookupnames.asp

<Prev in Thread] Current Thread [Next in Thread>
  • svn commit: samba r13683 - branches/SAMBA_3_0/source/passdb trunk/source/passdb, vlendec <=