]> git.ipfire.org Git - ipfire-2.x.git/blobdiff - src/patches/samba/samba-3.6.99-fix_force_group.patch
projects / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
samba: add current RHEL6 patches
[ipfire-2.x.git] / src / patches / samba / samba-3.6.99-fix_force_group.patch
diff --git a/src/patches/samba/samba-3.6.99-fix_force_group.patch b/src/patches/samba/samba-3.6.99-fix_force_group.patch
new file mode 100644 (file)
index 0000000..2d4bb95
--- /dev/null
+++ b/src/patches/samba/samba-3.6.99-fix_force_group.patch
@@ -0,0 +1,68 @@
+From a502759e2e20e8001355b26d1e974a7116d78b92 Mon Sep 17 00:00:00 2001
+From: Justin Maggard <jmaggard@netgear.com>
+Date: Tue, 21 Jul 2015 15:17:30 -0700
+Subject: [PATCH] PATCHSET27: s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid
+ lookup.
+
+Somewhere along the line, a config line like "valid users = @foo"
+broke when "foo" also exists as a user.
+
+user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP
+flag; but lookup_name() was not respecting that flag, and went ahead and looked
+for users anyway.
+
+Regression test to follow.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320
+
+Signed-off-by: Justin Maggard <jmaggard@netgear.com>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org>
+
+Autobuild-User(master): Jeremy Allison <jra@samba.org>
+Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104
+
+(cherry picked from commit dc99d451bf23668d73878847219682fced547622)
+---
+ source3/passdb/lookup_sid.c | 4 ++--
+ source3/passdb/lookup_sid.h | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
+index dcc2911..18d0e37 100644
+--- a/source3/passdb/lookup_sid.c
++++ b/source3/passdb/lookup_sid.c
+@@ -119,7 +119,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
+                       goto ok;
+       }
+-      if (((flags & LOOKUP_NAME_NO_NSS) == 0)
++      if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
+           && strequal(domain, unix_users_domain_name())) {
+               if (lookup_unix_user_name(name, &sid)) {
+                       type = SID_NAME_USER;
+@@ -292,7 +292,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
+       /* 11. Ok, windows would end here. Samba has two more options:
+                Unmapped users and unmapped groups */
+-      if (((flags & LOOKUP_NAME_NO_NSS) == 0)
++      if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
+           && lookup_unix_user_name(name, &sid)) {
+               domain = talloc_strdup(tmp_ctx, unix_users_domain_name());
+               type = SID_NAME_USER;
+diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h
+index b2f5cf5..4b26e0a 100644
+--- a/source3/passdb/lookup_sid.h
++++ b/source3/passdb/lookup_sid.h
+@@ -29,7 +29,7 @@
+ #define LOOKUP_NAME_NONE              0x00000000
+ #define LOOKUP_NAME_ISOLATED             0x00000001  /* Look up unqualified names */
+ #define LOOKUP_NAME_REMOTE               0x00000002  /* Ask others */
+-#define LOOKUP_NAME_GROUP                0x00000004  /* (unused) This is a NASTY hack for
++#define LOOKUP_NAME_GROUP                0x00000004  /* This is a NASTY hack for
+                                                       valid users = @foo where foo also
+                                                       exists in as user. */
+ #define LOOKUP_NAME_NO_NSS             0x00000008  /* no NSS calls to avoid
+-- 
+2.5.0
+
IPFire 2.x development tree