+++ /dev/null
-From 56bfca66b8597afe731f4624bb9f862bb45f81ba Mon Sep 17 00:00:00 2001
-From: Matt Rogers <mrogers@redhat.com>
-Date: Mon, 12 Oct 2015 14:46:18 +0200
-Subject: [PATCH] PATCHSET33: s3-auch: Fix secuirty = server share access
-
-Resolve user groups in non-winbind path of passwd_to_SamInfo3(), fixing
-group memberships with server security.
-
-Signed-off-by: Matt Rogers <mrogers@redhat.com>
----
- source3/auth/server_info.c | 28 ++++++++++++++++++++++++++++
- 1 file changed, 28 insertions(+)
-
-diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
-index 1fd9317..91724cc 100644
---- a/source3/auth/server_info.c
-+++ b/source3/auth/server_info.c
-@@ -571,7 +571,9 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
- enum lsa_SidType type;
- uint32_t num_sids = 0;
- struct dom_sid *user_sids = NULL;
-+ gid_t *gids = NULL;
- bool ok;
-+ int i;
-
- tmp_ctx = talloc_stackframe();
-
-@@ -629,6 +631,29 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
- get_global_sam_sid(),
- DOMAIN_RID_USERS);
- }
-+
-+ if (!getgroups_unix_user(tmp_ctx,
-+ unix_username,
-+ pwd->pw_gid,
-+ &gids,
-+ &num_sids)) {
-+ DEBUG(1, ("Failed to get unix user groups.\n"));
-+ goto done;
-+ }
-+
-+ if (num_sids == 0) {
-+ smb_panic("primary group missing");
-+ }
-+
-+ user_sids = TALLOC_ARRAY(tmp_ctx, struct dom_sid, num_sids);
-+
-+ if (user_sids == NULL) {
-+ return NT_STATUS_NO_MEMORY;
-+ }
-+
-+ for (i = 0; i < num_sids; i++) {
-+ gid_to_sid(&user_sids[i], gids[i]);
-+ }
- }
-
- /* Make sure we have a valid group sid */
-@@ -696,6 +721,9 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
-
- status = NT_STATUS_OK;
- done:
-+ if (gids != NULL) {
-+ talloc_free(gids);
-+ }
- talloc_free(tmp_ctx);
-
- return status;
---
-2.5.0
-
projects / ipfire-2.x.git / blobdiff