| commit | dc86f0e542aaaf0f352a20b183465fb7eeb4d2e8 | |
| author | Steven Danneman <steven.danneman@isilon.com> | |
| Fri, 27 Feb 2009 16:32:51 +0000 (27 08:32 -0800) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Fri, 6 Mar 2009 07:28:27 +0000 (6 08:28 +0100) | ||
| tree | eb8240fb200464f7a5dbfc5adc5571fec05f5c94 | treesnapshot (tar.gz zip) |
| parent | 57e5390105f40c1ed9167520a7ade967f0833c60 | commitdiff |
s3: fix guest auth when winbindd is running
This fix is very subtle. If a server is configured with "security = share"
and "guest ok = yes" and winbindd is running authorization will fail during
tree connect.
This is due to our inability to map the guest sid S-1-5-21-X-501 to a uid
through sid_to_uid(). Winbindd is unaware of the hard coded mapping
between this sid and whatever uid the name in lp_guestaccount() is assigned.
So sid_to_uid() fails and we exit create_token_from_username() without
ever calling pdb_getsampwsid() which IS aware of the hard coded mapping.
This patch just reorganizes the code, moving sid_to_uid() down to the
block of code in which it is needed, avoiding this early failure.
(cherry picked from commit fbf615dee95d13026fb9d092be8cf956c64eda75)
This fix is very subtle. If a server is configured with "security = share"
and "guest ok = yes" and winbindd is running authorization will fail during
tree connect.
This is due to our inability to map the guest sid S-1-5-21-X-501 to a uid
through sid_to_uid(). Winbindd is unaware of the hard coded mapping
between this sid and whatever uid the name in lp_guestaccount() is assigned.
So sid_to_uid() fails and we exit create_token_from_username() without
ever calling pdb_getsampwsid() which IS aware of the hard coded mapping.
This patch just reorganizes the code, moving sid_to_uid() down to the
block of code in which it is needed, avoiding this early failure.
(cherry picked from commit fbf615dee95d13026fb9d092be8cf956c64eda75)
| source/auth/auth_util.c | diffblobblamehistory |