]> git.ipfire.org Git - ipfire-2.x.git/blame - src/patches/samba/samba-3.6.99-fix_force_group.patch
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata
[ipfire-2.x.git] / src / patches / samba / samba-3.6.99-fix_force_group.patch
CommitLineData
1d13e637
AF
1From a502759e2e20e8001355b26d1e974a7116d78b92 Mon Sep 17 00:00:00 2001
2From: Justin Maggard <jmaggard@netgear.com>
3Date: Tue, 21 Jul 2015 15:17:30 -0700
4Subject: [PATCH] PATCHSET27: s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid
5 lookup.
6
7Somewhere along the line, a config line like "valid users = @foo"
8broke when "foo" also exists as a user.
9
10user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP
11flag; but lookup_name() was not respecting that flag, and went ahead and looked
12for users anyway.
13
14Regression test to follow.
15
16BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320
17
18Signed-off-by: Justin Maggard <jmaggard@netgear.com>
19Reviewed-by: Jeremy Allison <jra@samba.org>
20Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org>
21
22Autobuild-User(master): Jeremy Allison <jra@samba.org>
23Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104
24
25(cherry picked from commit dc99d451bf23668d73878847219682fced547622)
26---
27 source3/passdb/lookup_sid.c | 4 ++--
28 source3/passdb/lookup_sid.h | 2 +-
29 2 files changed, 3 insertions(+), 3 deletions(-)
30
31diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
32index dcc2911..18d0e37 100644
33--- a/source3/passdb/lookup_sid.c
34+++ b/source3/passdb/lookup_sid.c
35@@ -119,7 +119,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
36 goto ok;
37 }
38
39- if (((flags & LOOKUP_NAME_NO_NSS) == 0)
40+ if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
41 && strequal(domain, unix_users_domain_name())) {
42 if (lookup_unix_user_name(name, &sid)) {
43 type = SID_NAME_USER;
44@@ -292,7 +292,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
45 /* 11. Ok, windows would end here. Samba has two more options:
46 Unmapped users and unmapped groups */
47
48- if (((flags & LOOKUP_NAME_NO_NSS) == 0)
49+ if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
50 && lookup_unix_user_name(name, &sid)) {
51 domain = talloc_strdup(tmp_ctx, unix_users_domain_name());
52 type = SID_NAME_USER;
53diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h
54index b2f5cf5..4b26e0a 100644
55--- a/source3/passdb/lookup_sid.h
56+++ b/source3/passdb/lookup_sid.h
57@@ -29,7 +29,7 @@
58 #define LOOKUP_NAME_NONE 0x00000000
59 #define LOOKUP_NAME_ISOLATED 0x00000001 /* Look up unqualified names */
60 #define LOOKUP_NAME_REMOTE 0x00000002 /* Ask others */
61-#define LOOKUP_NAME_GROUP 0x00000004 /* (unused) This is a NASTY hack for
62+#define LOOKUP_NAME_GROUP 0x00000004 /* This is a NASTY hack for
63 valid users = @foo where foo also
64 exists in as user. */
65 #define LOOKUP_NAME_NO_NSS 0x00000008 /* no NSS calls to avoid
66--
672.5.0
68