1 From 56bfca66b8597afe731f4624bb9f862bb45f81ba Mon Sep 17 00:00:00 2001
2 From: Matt Rogers <mrogers@redhat.com>
3 Date: Mon, 12 Oct 2015 14:46:18 +0200
4 Subject: [PATCH] PATCHSET33: s3-auch: Fix secuirty = server share access
6 Resolve user groups in non-winbind path of passwd_to_SamInfo3(), fixing
7 group memberships with server security.
9 Signed-off-by: Matt Rogers <mrogers@redhat.com>
11 source3/auth/server_info.c | 28 ++++++++++++++++++++++++++++
12 1 file changed, 28 insertions(+)
14 diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
15 index 1fd9317..91724cc 100644
16 --- a/source3/auth/server_info.c
17 +++ b/source3/auth/server_info.c
18 @@ -571,7 +571,9 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
19 enum lsa_SidType type;
20 uint32_t num_sids = 0;
21 struct dom_sid *user_sids = NULL;
26 tmp_ctx = talloc_stackframe();
28 @@ -629,6 +631,29 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
33 + if (!getgroups_unix_user(tmp_ctx,
38 + DEBUG(1, ("Failed to get unix user groups.\n"));
42 + if (num_sids == 0) {
43 + smb_panic("primary group missing");
46 + user_sids = TALLOC_ARRAY(tmp_ctx, struct dom_sid, num_sids);
48 + if (user_sids == NULL) {
49 + return NT_STATUS_NO_MEMORY;
52 + for (i = 0; i < num_sids; i++) {
53 + gid_to_sid(&user_sids[i], gids[i]);
57 /* Make sure we have a valid group sid */
58 @@ -696,6 +721,9 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
60 status = NT_STATUS_OK;