diff -urN samba-2.2.8-grantb.orig/source/lib/util_sid.c samba-2.2.8-grantb/source/lib/util_sid.c --- samba-2.2.8-grantb.orig/source/lib/util_sid.c Tue Apr 8 13:21:42 2003 +++ source/lib/util_sid.c Thu May 29 15:06:03 2003 @@ -715,8 +715,11 @@ sid_copy(&dom, sid); sid_split_rid(&dom, &rid); + /* we need to support the BUILTIN domain for DVA */ +#if 0 if (sid_equal(&dom, &global_sid_Builtin)) return True; +#endif if (sid_equal(&dom, &global_sid_Creator_Owner_Domain)) return True; diff -urN samba-2.2.8-grantb.orig/source/nsswitch/winbindd.h samba-2.2.8-grantb/source/nsswitch/winbindd.h --- samba-2.2.8-grantb.orig/source/nsswitch/winbindd.h Tue Apr 8 13:21:42 2003 +++ source/nsswitch/winbindd.h Thu May 29 19:36:15 2003 @@ -179,7 +179,7 @@ NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, uint32 user_rid, - uint32 *num_groups, uint32 **user_gids); + uint32 *num_sids, DOM_SID **user_sids); /* find all members of the group with the specified group_rid */ NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain, diff -urN samba-2.2.8-grantb.orig/source/nsswitch/winbindd_cache.c samba-2.2.8-grantb/source/nsswitch/winbindd_cache.c --- samba-2.2.8-grantb.orig/source/nsswitch/winbindd_cache.c Tue Apr 8 13:21:42 2003 +++ source/nsswitch/winbindd_cache.c Thu May 29 19:40:45 2003 @@ -189,6 +189,20 @@ return ret; } + +/* pull a SID from a cache entry, using the supplied + talloc context +*/ +static DOM_SID centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx) +{ + DOM_SID ret; + const char *s = centry_string(centry, mem_ctx); + if (!s || !string_to_sid(&ret, s)) { + ZERO_STRUCT(ret); + } + return ret; +} + /* the server is considered down if it can't give us a sequence number */ static BOOL wcache_server_down(struct winbindd_domain *domain) { @@ -372,6 +386,16 @@ centry->ofs += len; } + +/* + push a SID into a centry + */ +static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid) +{ + centry_put_string(centry, sid_string_static(sid)); +} + + /* start a centry for output. When finished, call centry_end() */ @@ -839,7 +863,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, uint32 user_rid, - uint32 *num_groups, uint32 **user_gids) + uint32 *num_sids, DOM_SID **user_sids) { struct winbind_cache *cache = get_cache(domain); struct cache_entry *centry = NULL; @@ -851,14 +875,14 @@ centry = wcache_fetch(cache, domain, "UG/%s/%d", domain->name, user_rid); if (!centry) goto do_query; - *num_groups = centry_uint32(centry); + *num_sids = centry_uint32(centry); - if (*num_groups == 0) goto do_cached; + if (*num_sids == 0) goto do_cached; - (*user_gids) = talloc(mem_ctx, sizeof(**user_gids) * (*num_groups)); - if (! (*user_gids)) smb_panic("lookup_usergroups out of memory"); - for (i=0; i<(*num_groups); i++) { - (*user_gids)[i] = centry_uint32(centry); + (*user_sids) = talloc(mem_ctx, sizeof(**user_sids) * (*num_sids)); + if (! (*user_sids)) smb_panic("lookup_usergroups out of memory"); + for (i=0; i<(*num_sids); i++) { + (*user_sids)[i] = centry_sid(centry, mem_ctx); } do_cached: @@ -867,23 +891,23 @@ return status; do_query: - (*num_groups) = 0; - (*user_gids) = NULL; + (*num_sids) = 0; + (*user_sids) = NULL; /* Return status value returned by seq number check */ if (!NT_STATUS_IS_OK(domain->last_status)) return domain->last_status; - status = cache->backend->lookup_usergroups(domain, mem_ctx, user_rid, num_groups, user_gids); + status = cache->backend->lookup_usergroups(domain, mem_ctx, user_rid, num_sids, user_sids); /* and save it */ refresh_sequence_number(domain, True); centry = centry_start(domain, status); if (!centry) goto skip_save; - centry_put_uint32(centry, *num_groups); - for (i=0; i<(*num_groups); i++) { - centry_put_uint32(centry, (*user_gids)[i]); + centry_put_uint32(centry, *num_sids); + for (i=0; i<(*num_sids); i++) { + centry_put_sid(centry, &(*user_sids)[i]); } centry_end(centry, "UG/%s/%d", domain->name, user_rid); centry_free(centry); diff -urN samba-2.2.8-grantb.orig/source/nsswitch/winbindd_cm.c samba-2.2.8-grantb/source/nsswitch/winbindd_cm.c --- samba-2.2.8-grantb.orig/source/nsswitch/winbindd_cm.c Fri Mar 14 19:50:35 2003 +++ source/nsswitch/winbindd_cm.c Wed May 28 15:22:27 2003 @@ -81,6 +81,10 @@ struct in_addr *ip_list = NULL, dc_ip, exclude_ip; int count, i; + if (strcasecmp(domain, "BUILTIN") == 0) { + domain = lp_workgroup(); + } + zero_ip(&exclude_ip); /* Lookup domain controller name. Try the real PDC first to avoid SAM sync delays */ diff -urN samba-2.2.8-grantb.orig/source/nsswitch/winbindd_group.c samba-2.2.8-grantb/source/nsswitch/winbindd_group.c --- samba-2.2.8-grantb.orig/source/nsswitch/winbindd_group.c Tue Apr 8 13:21:42 2003 +++ source/nsswitch/winbindd_group.c Thu May 29 19:40:13 2003 @@ -123,8 +123,12 @@ /* Append domain name */ - fill_domain_username(name, domain->name, the_name); - + if (strcasecmp(domain->name, "BUILTIN") == 0) { + fill_domain_username(name, lp_workgroup(), the_name); + } else { + fill_domain_username(name, domain->name, the_name); + } + len = strlen(name); /* Add to list or calculate buffer length */ @@ -808,9 +812,9 @@ fstring name_domain, name_user; DOM_SID user_sid; enum SID_NAME_USE name_type; - uint32 user_rid, num_groups, num_gids; + uint32 user_rid, num_sids, num_gids; NTSTATUS status; - uint32 *user_gids; + DOM_SID *user_sids; struct winbindd_domain *domain; enum winbindd_result result = WINBINDD_ERROR; gid_t *gid_list; @@ -854,24 +858,23 @@ sid_split_rid(&user_sid, &user_rid); - status = domain->methods->lookup_usergroups(domain, mem_ctx, user_rid, &num_groups, &user_gids); + status = domain->methods->lookup_usergroups(domain, mem_ctx, user_rid, &num_sids, &user_sids); if (!NT_STATUS_IS_OK(status)) goto done; /* Copy data back to client */ num_gids = 0; - gid_list = malloc(sizeof(gid_t) * num_groups); + gid_list = malloc(sizeof(gid_t) * num_sids); if (state->response.extra_data) goto done; - for (i = 0; i < num_groups; i++) { - if (!winbindd_idmap_get_gid_from_rid(domain->name, - user_gids[i], + for (i = 0; i < num_sids; i++) { + if (!winbindd_idmap_get_gid_from_sid(&user_sids[i], &gid_list[num_gids])) { - DEBUG(1, ("unable to convert group rid %d to gid\n", - user_gids[i])); + DEBUG(1, ("unable to convert group sid %s to gid\n", + sid_string_static(&user_sids[i]))); continue; } diff -urN samba-2.2.8-grantb.orig/source/nsswitch/winbindd_rpc.c samba-2.2.8-grantb/source/nsswitch/winbindd_rpc.c --- samba-2.2.8-grantb.orig/source/nsswitch/winbindd_rpc.c Tue Apr 8 13:21:42 2003 +++ source/nsswitch/winbindd_rpc.c Thu May 29 22:21:06 2003 @@ -370,7 +370,8 @@ DEBUG(5,("Mapped sid to [%s]\\[%s]\n", domains[0], *name)); /* Paranoia */ - if (strcasecmp(domain->name, domains[0]) != 0) { + if (strcasecmp(domain->name, "BUILTIN") != 0 && + strcasecmp(domain->name, domains[0]) != 0) { DEBUG(1, ("domain name from domain param and PDC lookup return differ! (%s vs %s)\n", domain->name, domains[0])); return NT_STATUS_UNSUCCESSFUL; } @@ -555,7 +556,7 @@ static NTSTATUS add_local_groups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, uint32 n_groups, DOM_GID *user_groups, - uint32 *groups_out, uint32 **gids_out) + uint32 *nsids_out, DOM_SID **sids_out) { int i; @@ -588,12 +589,72 @@ if (k == n_groups) { continue; } - (*gids_out) = + (*sids_out) = talloc_realloc(mem_ctx, - (*gids_out), - sizeof(uint32)*((*groups_out)+1)); - (*gids_out)[(*groups_out)] = alias_rid; - (*groups_out)++; + (*sids_out), + sizeof(**sids_out)*((*nsids_out)+1)); + (*sids_out)[(*nsids_out)] = *alias_sid; + (*nsids_out)++; + } + } + + return NT_STATUS_OK; +} + + +/* add any BUILTIN local groups that the user should be a member of */ +static NTSTATUS add_builtin_groups(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 n_groups, DOM_GID *user_groups, + uint32 *nsids_out, DOM_SID **sids_out) +{ + struct winbindd_domain *b_domain; + int i; + + if (strcasecmp(domain->name, "BUILTIN") == 0) { + return NT_STATUS_UNSUCCESSFUL; + } + + b_domain = find_domain_from_name("BUILTIN"); + if (!b_domain) { + return NT_STATUS_UNSUCCESSFUL; + } + + init_alias_cache(b_domain); + if (!b_domain->alias_cache) { + return NT_STATUS_UNSUCCESSFUL; + } + + for (i=0;ialias_cache->num_dom_aliases;i++) { + int j, k; + DOM_SID *alias_sid; + + alias_sid = rid_to_talloced_sid(b_domain, mem_ctx, b_domain->alias_cache->dom_aliases[i].rid); + + for (j=0;jalias_cache->per_alias[i].num_members;j++) { + uint32 alias_rid; + if (b_domain->alias_cache->per_alias[i].alias_types[j] != SID_NAME_DOM_GRP) { + continue; + } + if (!sid_peek_check_rid(&domain->sid, + b_domain->alias_cache->per_alias[i].alias_sid_mem[j], + &alias_rid)) { + continue; + } + for (k=0;kcli, mem_ctx, &hnd->pol, - des_access, &domain->sid, &dom_pol); + des_access, &domain->sid, &dom_pol); } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); @@ -650,7 +709,7 @@ /* Get user handle */ result = cli_samr_open_user(hnd->cli, mem_ctx, &dom_pol, - des_access, user_rid, &user_pol); + des_access, user_rid, &user_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -675,23 +734,26 @@ /* ignore errors from this */ - (*num_groups) = n_groups + n_aliases; + (*num_sids) = n_groups + n_aliases; - (*user_gids) = talloc(mem_ctx, sizeof(uint32) * (*num_groups)); - if (!(*user_gids)) { + (*user_sids) = talloc(mem_ctx, sizeof(**user_sids) * (*num_sids)); + if (!(*user_sids)) { result = NT_STATUS_NO_MEMORY; goto done; } for (i=0;isid); + sid_append_rid(&(*user_sids)[i], user_groups[i].g_rid); } for (;isid); + sid_append_rid(&(*user_sids)[i], alias_rids[i-n_groups]); } - add_local_groups(domain, mem_ctx, n_groups, user_groups, num_groups, user_gids); + add_local_groups(domain, mem_ctx, n_groups, user_groups, num_sids, user_sids); + add_builtin_groups(domain, mem_ctx, n_groups, user_groups, num_sids, user_sids); done: /* Clean up policy handles */ @@ -762,7 +824,8 @@ &group_pol, num_names, &sids); - DEBUG(0,("query aliasmem -> %s\n", nt_errstr(result))); + DEBUG(0,("query aliasmem(%s/%d) -> %s (num_names=%u)\n", + domain->name, group_rid, nt_errstr(result), *num_names)); if (!NT_STATUS_IS_OK(result)) goto done; diff -urN samba-2.2.8-grantb.orig/source/nsswitch/winbindd_util.c samba-2.2.8-grantb/source/nsswitch/winbindd_util.c --- samba-2.2.8-grantb.orig/source/nsswitch/winbindd_util.c Tue Apr 8 13:21:42 2003 +++ source/nsswitch/winbindd_util.c Wed May 28 15:20:18 2003 @@ -149,6 +149,7 @@ domain->name, sid_string_static(&domain->sid))); + DEBUG(1, ("getting trusted domain list\n")); result = cache_methods.trusted_domains(domain, mem_ctx, (uint *)&num_domains, @@ -167,6 +168,10 @@ } } + domain = add_trusted_domain("BUILTIN", &cache_methods); + string_to_sid(&domain->sid, "S-1-5-32"); + + talloc_destroy(mem_ctx); return True; }