Index: PR-4741524/samba/source/utils/pdbedit.c
===================================================================
--- PR-4741524.orig/samba/source/utils/pdbedit.c
+++ PR-4741524/samba/source/utils/pdbedit.c
@@ -529,7 +529,7 @@ static int new_machine (struct pdb_conte
fstrcat(machineaccount, "$");
if ((pwd = getpwnam_alloc(machineaccount))) {
- if (!NT_STATUS_IS_OK(pdb_init_sam_pw( &sam_pwent, pwd))) {
+ if (!NT_STATUS_IS_OK(pdb_init_sam_pw( &sam_pwent, pwd, False))) {
fprintf(stderr, "Could not init sam from pw\n");
passwd_free(&pwd);
return -1;
Index: PR-4741524/samba/source/auth/auth_util.c
===================================================================
--- PR-4741524.orig/samba/source/auth/auth_util.c
+++ PR-4741524/samba/source/auth/auth_util.c
@@ -107,7 +107,7 @@ NTSTATUS auth_get_sam_account(const char
if (!pass)
return NT_STATUS_NO_SUCH_USER;
- if (!NT_STATUS_IS_OK(nt_status = pdb_fill_sam_pw(*account, pass))) {
+ if (!NT_STATUS_IS_OK(nt_status = pdb_fill_sam_pw(*account, pass, True))) {
return nt_status;
}
}
@@ -660,7 +660,11 @@ static NTSTATUS get_user_groups(const ch
/* Try winbind first */
+#ifdef WITH_OPENDIRECTORY
+ if ( strchr(username, *lp_winbind_separator()) && !lp_opendirectory()) {
+#else
if ( strchr(username, *lp_winbind_separator()) ) {
+#endif
n_unix_groups = winbind_getgroups( username, unix_groups );
DEBUG(10,("get_user_groups: winbind_getgroups(%s): result = %s\n", username,
@@ -857,7 +861,7 @@ NTSTATUS make_server_info_pw(auth_server
{
NTSTATUS nt_status;
SAM_ACCOUNT *sampass = NULL;
- if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(&sampass, pwd))) {
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(&sampass, pwd, True))) {
return nt_status;
}
if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info))) {
@@ -964,7 +968,7 @@ static NTSTATUS fill_sam_account(TALLOC_
DEBUG(5,("fill_sam_account: located username was [%s]\n",
*found_username));
- return pdb_init_sam_pw(sam_account, passwd);
+ return pdb_init_sam_pw(sam_account, passwd, True);
}
/****************************************************************************
Index: PR-4741524/samba/source/passdb/passdb.c
===================================================================
--- PR-4741524.orig/samba/source/passdb/passdb.c
+++ PR-4741524/samba/source/passdb/passdb.c
@@ -185,12 +185,15 @@ NTSTATUS pdb_init_sam(SAM_ACCOUNT **user
* SSS
***************************************************************************/
-static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd *pwd)
+static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd *pwd, BOOL idmap)
{
const char *guest_account = lp_guestaccount();
GROUP_MAP map;
BOOL ret;
+ DOM_SID user_sid;
+ DOM_SID group_sid;
+
if (!account_data || !pwd) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -213,7 +216,12 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACC
}
}
- if (!pdb_set_user_sid_from_rid(account_data, algorithmic_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
+ if (idmap && NT_STATUS_IS_OK(uid_to_sid(&user_sid, pwd->pw_uid))) {
+ if (!pdb_set_user_sid(account_data, &user_sid, PDB_SET)) {
+ DEBUG(0,("Can't set User SID from mapped UID\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ } else if (!pdb_set_user_sid_from_rid(account_data, algorithmic_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
DEBUG(0,("Can't set User SID from RID!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
@@ -230,7 +238,12 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACC
}
}
else {
- if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
+ if (idmap && NT_STATUS_IS_OK(gid_to_sid(&group_sid, pwd->pw_gid))) {
+ if (!pdb_set_group_sid(account_data, &group_sid, PDB_SET)) {
+ DEBUG(0,("Can't set Group SID from mapped GID\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ } else if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
DEBUG(0,("Can't set Group SID\n"));
return NT_STATUS_INVALID_PARAMETER;
}
@@ -241,9 +254,12 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACC
/*************************************************************
Initialises a struct sam_passwd with sane values.
+
+ The idmap parameter determines whether non-algorithmic (eg.
+ winbindd) mapping is done of the user's primary UID/GID.
************************************************************/
-NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
+NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd, BOOL idmap)
{
NTSTATUS ret;
@@ -270,7 +286,7 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sa
-- abartlet 11-May-02
*/
- ret = pdb_set_sam_sids(sam_account, pwd);
+ ret = pdb_set_sam_sids(sam_account, pwd, idmap);
if (!NT_STATUS_IS_OK(ret)) return ret;
/* check if this is a user account or a machine account */
@@ -321,7 +337,7 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sa
Initialises a struct sam_passwd with sane values.
************************************************************/
-NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd)
+NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd, BOOL idmap)
{
NTSTATUS nt_status;
@@ -335,7 +351,7 @@ NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **n
return nt_status;
}
- if (!NT_STATUS_IS_OK(nt_status = pdb_fill_sam_pw(*new_sam_acct, pwd))) {
+ if (!NT_STATUS_IS_OK(nt_status = pdb_fill_sam_pw(*new_sam_acct, pwd, idmap))) {
pdb_free_sam(new_sam_acct);
new_sam_acct = NULL;
return nt_status;
@@ -357,12 +373,25 @@ NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **
struct passwd *pwd;
BOOL ret;
+ if (lp_opendirectory()) /* computer accounts not available via getpwnam */
+ {
+ pdb_init_sam(new_sam_acct);
+ become_root();
+ ret = pdb_getsampwnam(*new_sam_acct, username);
+ unbecome_root();
+
+ if (ret != True) {
+ pdb_free_sam(new_sam_acct);
+ *new_sam_acct = NULL;
+ DEBUG(0, ("could not find new user/computer %s in passdb.\n", username));
+ }
+ } else {
pwd = Get_Pwnam(username);
if (!pwd)
return NT_STATUS_NO_SUCH_USER;
- if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(new_sam_acct, pwd))) {
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(new_sam_acct, pwd, False))) {
*new_sam_acct = NULL;
return nt_status;
}
@@ -376,6 +405,7 @@ NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **
/* set the new SID */
ret = pdb_set_user_sid_from_rid( *new_sam_acct, rid, PDB_SET );
+ }
return (ret ? NT_STATUS_OK : NT_STATUS_NO_SUCH_USER);
}
Index: PR-4741524/samba/source/passdb/pdb_smbpasswd.c
===================================================================
--- PR-4741524.orig/samba/source/passdb/pdb_smbpasswd.c
+++ PR-4741524/samba/source/passdb/pdb_smbpasswd.c
@@ -1206,7 +1206,7 @@ static BOOL build_sam_account(struct smb
return False;
}
- if (!NT_STATUS_IS_OK(pdb_fill_sam_pw(sam_pass, pwfile)))
+ if (!NT_STATUS_IS_OK(pdb_fill_sam_pw(sam_pass, pwfile, False)))
return False;
passwd_free(&pwfile);
Index: PR-4741524/samba/source/lib/username.c
===================================================================
--- PR-4741524.orig/samba/source/lib/username.c
+++ PR-4741524/samba/source/lib/username.c
@@ -217,18 +217,18 @@ static struct passwd *Get_Pwnam_internal
if (!user || !(*user))
return(NULL);
+ /* Try as given, if username wasn't originally lowercase */
+ DEBUG(5,("Trying _Get_Pwnam(), username as given is %s\n", user));
+ ret = getpwnam_alloc(user);
+ if(ret)
+ goto done;
+
/* Try in all lower case first as this is the most
common case on UNIX systems */
strlower_m(user2);
+ if(strcmp(user, user2) != 0) {
DEBUG(5,("Trying _Get_Pwnam(), username as lowercase is %s\n",user2));
ret = getpwnam_alloc(user2);
- if(ret)
- goto done;
-
- /* Try as given, if username wasn't originally lowercase */
- if(strcmp(user, user2) != 0) {
- DEBUG(5,("Trying _Get_Pwnam(), username as given is %s\n", user));
- ret = getpwnam_alloc(user);
if(ret)
goto done;
}
Index: PR-4741524/samba/source/passdb/lookup_sid.c
===================================================================
--- PR-4741524.orig/samba/source/passdb/lookup_sid.c
+++ PR-4741524/samba/source/passdb/lookup_sid.c
@@ -304,7 +304,7 @@ NTSTATUS uid_to_sid(DOM_SID *psid, uid_t
if ( lp_server_role()==ROLE_DOMAIN_MEMBER
|| (lp_idmap_uid(&low, &high) && uid >= low && uid <= high) )
{
- if (winbind_uid_to_sid(psid, uid)) {
+ if (!lp_opendirectory() && winbind_uid_to_sid(psid, uid)) {
DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
(unsigned int)uid, sid_to_string(sid, psid)));