From: Andrew Bartlett Date: Tue, 21 Aug 2012 04:56:45 +0000 (+1000) Subject: s3-passdb: Allow pdb_sid_to_id to work on any SID X-Git-Url: http://git.samba.org/samba.git/?a=commitdiff_plain;h=02e25b2a43ae02205a3412f862a1482d24b70aa4;p=kai%2Fsamba.git s3-passdb: Allow pdb_sid_to_id to work on any SID This is needed so that pdb_samba4 can map any SID during a provision. At runtime, winbindd will be asked first, but this shortcut direct to the ldb file makes it possible to set the permissions on the sysvol share at provision time. Andrew Bartlett --- diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index a2d793feb32..26ce41cc09e 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1084,20 +1084,16 @@ static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid) static bool legacy_sid_to_unixid(const struct dom_sid *psid, struct unixid *id) { GROUP_MAP *map; - if (sid_check_is_in_our_sam(psid)) { - bool ret; - - become_root(); - ret = pdb_sid_to_id(psid, id); - unbecome_root(); - - if (ret) { - goto done; - } - - /* This was ours, but it was not mapped. Fail */ + bool ret; + + become_root(); + ret = pdb_sid_to_id(psid, id); + unbecome_root(); + + if (ret) { + goto done; } - + if ((sid_check_is_in_builtin(psid) || sid_check_is_in_wellknown_domain(psid))) { bool ret; diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index cdbb378e947..d24301ab97c 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -1429,6 +1429,11 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods, uint32_t rid; id->id = -1; + if (!sid_check_is_in_our_sam(sid)) { + /* Not our SID */ + return False; + } + mem_ctx = talloc_new(NULL); if (mem_ctx == NULL) { diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 9b4d8a6a4dd..ffd57431cec 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -4938,6 +4938,11 @@ static bool ldapsam_sid_to_id(struct pdb_methods *methods, TALLOC_CTX *mem_ctx; + if (!sid_check_is_in_our_sam(sid)) { + /* Not our SID */ + return False; + } + mem_ctx = talloc_new(NULL); if (mem_ctx == NULL) { DEBUG(0, ("talloc_new failed\n"));