src/patches/samba/samba-3.6.99-fix_security_server_share_access.patch

   1 From 56bfca66b8597afe731f4624bb9f862bb45f81ba Mon Sep 17 00:00:00 2001
   2 From: Matt Rogers <mrogers@redhat.com>
   3 Date: Mon, 12 Oct 2015 14:46:18 +0200
   4 Subject: [PATCH] PATCHSET33: s3-auch: Fix secuirty = server share access
   5
   6 Resolve user groups in non-winbind path of passwd_to_SamInfo3(), fixing
   7 group memberships with server security.
   8
   9 Signed-off-by: Matt Rogers <mrogers@redhat.com>
  10 ---
  11  source3/auth/server_info.c | 28 ++++++++++++++++++++++++++++
  12  1 file changed, 28 insertions(+)
  13
  14 diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
  15 index 1fd9317..91724cc 100644
  16 --- a/source3/auth/server_info.c
  17 +++ b/source3/auth/server_info.c
  18 @@ -571,7 +571,9 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
  19         enum lsa_SidType type;
  20         uint32_t num_sids = 0;
  21         struct dom_sid *user_sids = NULL;
  22 +       gid_t *gids = NULL;
  23         bool ok;
  24 +       int i;
  25
  26         tmp_ctx = talloc_stackframe();
  27
  28 @@ -629,6 +631,29 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
  29                                     get_global_sam_sid(),
  30                                     DOMAIN_RID_USERS);
  31                 }
  32 +
  33 +               if (!getgroups_unix_user(tmp_ctx,
  34 +                                        unix_username,
  35 +                                        pwd->pw_gid,
  36 +                                        &gids,
  37 +                                        &num_sids)) {
  38 +                       DEBUG(1, ("Failed to get unix user groups.\n"));
  39 +                       goto done;
  40 +               }
  41 +
  42 +               if (num_sids == 0) {
  43 +                       smb_panic("primary group missing");
  44 +               }
  45 +
  46 +               user_sids = TALLOC_ARRAY(tmp_ctx, struct dom_sid, num_sids);
  47 +
  48 +               if (user_sids == NULL) {
  49 +                       return NT_STATUS_NO_MEMORY;
  50 +               }
  51 +
  52 +               for (i = 0; i < num_sids; i++) {
  53 +                       gid_to_sid(&user_sids[i], gids[i]);
  54 +               }
  55         }
  56
  57         /* Make sure we have a valid group sid */
  58 @@ -696,6 +721,9 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
  59
  60         status = NT_STATUS_OK;
  61  done:
  62 +       if (gids != NULL) {
  63 +               talloc_free(gids);
  64 +       }
  65         talloc_free(tmp_ctx);
  66
  67         return status;
  68 --
  69 2.5.0
  70