On Thu, 2003-06-12 at 02:36, [EMAIL PROTECTED] wrote: > > Date: Wed Jun 11 16:36:04 2003 > Author: vlendec > > Update of /data/cvs/samba/source/auth > In directory dp.samba.org:/tmp/cvs-serv23485 > > Modified Files: > Tag: SAMBA_3_0 > auth_util.c > Log Message: > Fix 'security = domain' without winbind. This stores the sid we got > from the PDC as a mapping to the uid we got from getpwnam in the > local idmap. > > This should not be worse than the current state, so I decided to > commit it. It is different from abartlet's preliminary patch, but I > believe this is the better solution. Feel free to comment and/or > revert it.
Firstly, thanks for breaking the code into a subfunction, rather than the while loop (that was insane...) + /* This is currently broken. We have two different sources of + information for the primary group: The info3 and + /etc/passwd. To make this work at all, the info3 sid is + mapped to the user's primary group from /etc/passwd. + This is broken, but it basically works. */ + + id.gid = passwd->pw_gid; + result = idmap_set_mapping(group_sid, id, ID_GROUPID); + While I have reservations about the first part of this patch (mapping the user) for the reasons discussed elsewhere (sids changing under people), this part is *really* wrong. A typical setup is to have 'user private groups', where abartlet has group abartlet. This would fail *very badly* when my NT version has me as a 'domain user'. We would change the gid of 'domain users' every time somebody logs in! I think we are stuck with the approach described in my other patch, which is to know that we can't do the mapping, and to avoid it for that reason. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
