1 From a502759e2e20e8001355b26d1e974a7116d78b92 Mon Sep 17 00:00:00 2001
2 From: Justin Maggard <jmaggard@netgear.com>
3 Date: Tue, 21 Jul 2015 15:17:30 -0700
4 Subject: [PATCH] PATCHSET27: s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid
7 Somewhere along the line, a config line like "valid users = @foo"
8 broke when "foo" also exists as a user.
10 user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP
11 flag; but lookup_name() was not respecting that flag, and went ahead and looked
14 Regression test to follow.
16 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320
18 Signed-off-by: Justin Maggard <jmaggard@netgear.com>
19 Reviewed-by: Jeremy Allison <jra@samba.org>
20 Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org>
22 Autobuild-User(master): Jeremy Allison <jra@samba.org>
23 Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104
25 (cherry picked from commit dc99d451bf23668d73878847219682fced547622)
27 source3/passdb/lookup_sid.c | 4 ++--
28 source3/passdb/lookup_sid.h | 2 +-
29 2 files changed, 3 insertions(+), 3 deletions(-)
31 diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
32 index dcc2911..18d0e37 100644
33 --- a/source3/passdb/lookup_sid.c
34 +++ b/source3/passdb/lookup_sid.c
35 @@ -119,7 +119,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
39 - if (((flags & LOOKUP_NAME_NO_NSS) == 0)
40 + if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
41 && strequal(domain, unix_users_domain_name())) {
42 if (lookup_unix_user_name(name, &sid)) {
44 @@ -292,7 +292,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
45 /* 11. Ok, windows would end here. Samba has two more options:
46 Unmapped users and unmapped groups */
48 - if (((flags & LOOKUP_NAME_NO_NSS) == 0)
49 + if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
50 && lookup_unix_user_name(name, &sid)) {
51 domain = talloc_strdup(tmp_ctx, unix_users_domain_name());
53 diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h
54 index b2f5cf5..4b26e0a 100644
55 --- a/source3/passdb/lookup_sid.h
56 +++ b/source3/passdb/lookup_sid.h
58 #define LOOKUP_NAME_NONE 0x00000000
59 #define LOOKUP_NAME_ISOLATED 0x00000001 /* Look up unqualified names */
60 #define LOOKUP_NAME_REMOTE 0x00000002 /* Ask others */
61 -#define LOOKUP_NAME_GROUP 0x00000004 /* (unused) This is a NASTY hack for
62 +#define LOOKUP_NAME_GROUP 0x00000004 /* This is a NASTY hack for
63 valid users = @foo where foo also
65 #define LOOKUP_NAME_NO_NSS 0x00000008 /* no NSS calls to avoid