return ret;
}
-/* Initialize idmap withWellknown SIDs like Guest, that are necessary
- * to make samba run properly */
+/***************************************************************************
+ Check first, call set_mapping if it doesn't already exist.
+***************************************************************************/
+
+static NTSTATUS wellknown_id_init(DOM_SID *sid, unid_t id, int flags)
+{
+ unid_t storedid;
+ int qflags = flags | ID_QUERY_ONLY;
+
+ if (!NT_STATUS_IS_OK(idmap_get_id_from_sid(&storedid, &qflags, sid))) {
+ return idmap_set_mapping(sid, id, flags);
+ } else {
+ if (flags == ID_USERID && id.uid != storedid.uid) {
+ DEBUG(0,("wellknown_id_init: WARNING ! Stored uid %u for SID %s is not the same as the requested uid %u\n",
+ (unsigned int)storedid.uid, sid_string_static(sid), (unsigned int)id.uid ));
+ DEBUG(0,("wellknown_id_init: Attempting to overwrite old mapping with new.\n"));
+ return idmap_set_mapping(sid, id, flags);
+ } else if (flags == ID_GROUPID && id.gid != storedid.gid) {
+ DEBUG(0,("wellknown_id_init: WARNING ! Stored gid %u for SID %s is not the same as the requested gid %u\n",
+ (unsigned int)storedid.gid, sid_string_static(sid), (unsigned int)id.gid ));
+ DEBUG(0,("wellknown_id_init: Attempting to overwrite old mapping with new.\n"));
+ return idmap_set_mapping(sid, id, flags);
+ }
+ }
+ return NT_STATUS_OK;
+}
+
+/***************************************************************************
+ Initialize idmap withWellknown SIDs like Guest, that are necessary
+ to make samba run properly.
+***************************************************************************/
+
BOOL idmap_init_wellknown_sids(void)
{
const char *guest_account = lp_guestaccount();
int num_entries=0;
DOM_SID sid;
unid_t id;
- int flags;
if (!(guest_account && *guest_account)) {
DEBUG(1, ("NULL guest account!?!?\n"));
return False;
}
- flags = ID_USERID;
+ /* Fill in the SID for the guest account. */
id.uid = pass->pw_uid;
sid_copy(&sid, get_global_sam_sid());
sid_append_rid(&sid, DOMAIN_USER_RID_GUEST);
- if (!NT_STATUS_IS_OK(idmap_set_mapping(&sid, id, flags))) {
+
+ if (!NT_STATUS_IS_OK(wellknown_id_init(&sid, id, ID_USERID))) {
passwd_free(&pass);
return False;
}
+ /* check if DOMAIN_GROUP_RID_GUESTS SID is set, if not store the
+ * guest account gid as mapping */
+ id.gid = pass->pw_gid;
+ sid_copy(&sid, get_global_sam_sid());
+ sid_append_rid(&sid, DOMAIN_GROUP_RID_GUESTS);
+ if (!NT_STATUS_IS_OK(wellknown_id_init(&sid, id, ID_GROUPID))) {
+ passwd_free(&pass);
+ return False;
+ }
+
+ passwd_free(&pass);
/* now fill in group mappings */
if(pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED)) {
int i;
for (i = 0; i < num_entries; i++) {
id.gid = map[i].gid;
- idmap_set_mapping(&map[i].sid, id, ID_GROUPID);
+ wellknown_id_init(&map[i].sid, id, ID_GROUPID);
}
SAFE_FREE(map);
}
- /* check if DOMAIN_GROUP_RID_GUESTS SID is set, if not store the
- * guest account gid as mapping */
- flags = ID_GROUPID | ID_QUERY_ONLY;
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, DOMAIN_GROUP_RID_GUESTS);
- if (!NT_STATUS_IS_OK(idmap_get_id_from_sid(&id, &flags, &sid))) {
- flags = ID_GROUPID;
- id.gid = pass->pw_gid;
- if (!NT_STATUS_IS_OK(idmap_set_mapping(&sid, id, flags))) {
- passwd_free(&pass);
- return False;
- }
- }
-
- passwd_free(&pass);
return True;
}
git.samba.org / bbaumbach / samba-autobuild / .git / commitdiff