]>
Commit | Line | Data |
---|---|---|
1d13e637 AF |
1 | From a502759e2e20e8001355b26d1e974a7116d78b92 Mon Sep 17 00:00:00 2001 |
2 | From: Justin Maggard <jmaggard@netgear.com> | |
3 | Date: Tue, 21 Jul 2015 15:17:30 -0700 | |
4 | Subject: [PATCH] PATCHSET27: s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid | |
5 | lookup. | |
6 | ||
7 | Somewhere along the line, a config line like "valid users = @foo" | |
8 | broke when "foo" also exists as a user. | |
9 | ||
10 | user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP | |
11 | flag; but lookup_name() was not respecting that flag, and went ahead and looked | |
12 | for users anyway. | |
13 | ||
14 | Regression test to follow. | |
15 | ||
16 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320 | |
17 | ||
18 | Signed-off-by: Justin Maggard <jmaggard@netgear.com> | |
19 | Reviewed-by: Jeremy Allison <jra@samba.org> | |
20 | Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org> | |
21 | ||
22 | Autobuild-User(master): Jeremy Allison <jra@samba.org> | |
23 | Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104 | |
24 | ||
25 | (cherry picked from commit dc99d451bf23668d73878847219682fced547622) | |
26 | --- | |
27 | source3/passdb/lookup_sid.c | 4 ++-- | |
28 | source3/passdb/lookup_sid.h | 2 +- | |
29 | 2 files changed, 3 insertions(+), 3 deletions(-) | |
30 | ||
31 | diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c | |
32 | index dcc2911..18d0e37 100644 | |
33 | --- a/source3/passdb/lookup_sid.c | |
34 | +++ b/source3/passdb/lookup_sid.c | |
35 | @@ -119,7 +119,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, | |
36 | goto ok; | |
37 | } | |
38 | ||
39 | - if (((flags & LOOKUP_NAME_NO_NSS) == 0) | |
40 | + if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0) | |
41 | && strequal(domain, unix_users_domain_name())) { | |
42 | if (lookup_unix_user_name(name, &sid)) { | |
43 | type = SID_NAME_USER; | |
44 | @@ -292,7 +292,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, | |
45 | /* 11. Ok, windows would end here. Samba has two more options: | |
46 | Unmapped users and unmapped groups */ | |
47 | ||
48 | - if (((flags & LOOKUP_NAME_NO_NSS) == 0) | |
49 | + if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0) | |
50 | && lookup_unix_user_name(name, &sid)) { | |
51 | domain = talloc_strdup(tmp_ctx, unix_users_domain_name()); | |
52 | type = SID_NAME_USER; | |
53 | diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h | |
54 | index b2f5cf5..4b26e0a 100644 | |
55 | --- a/source3/passdb/lookup_sid.h | |
56 | +++ b/source3/passdb/lookup_sid.h | |
57 | @@ -29,7 +29,7 @@ | |
58 | #define LOOKUP_NAME_NONE 0x00000000 | |
59 | #define LOOKUP_NAME_ISOLATED 0x00000001 /* Look up unqualified names */ | |
60 | #define LOOKUP_NAME_REMOTE 0x00000002 /* Ask others */ | |
61 | -#define LOOKUP_NAME_GROUP 0x00000004 /* (unused) This is a NASTY hack for | |
62 | +#define LOOKUP_NAME_GROUP 0x00000004 /* This is a NASTY hack for | |
63 | valid users = @foo where foo also | |
64 | exists in as user. */ | |
65 | #define LOOKUP_NAME_NO_NSS 0x00000008 /* no NSS calls to avoid | |
66 | -- | |
67 | 2.5.0 | |
68 |