]>
Commit | Line | Data |
---|---|---|
1d13e637 AF |
1 | From 56bfca66b8597afe731f4624bb9f862bb45f81ba Mon Sep 17 00:00:00 2001 |
2 | From: Matt Rogers <mrogers@redhat.com> | |
3 | Date: Mon, 12 Oct 2015 14:46:18 +0200 | |
4 | Subject: [PATCH] PATCHSET33: s3-auch: Fix secuirty = server share access | |
5 | ||
6 | Resolve user groups in non-winbind path of passwd_to_SamInfo3(), fixing | |
7 | group memberships with server security. | |
8 | ||
9 | Signed-off-by: Matt Rogers <mrogers@redhat.com> | |
10 | --- | |
11 | source3/auth/server_info.c | 28 ++++++++++++++++++++++++++++ | |
12 | 1 file changed, 28 insertions(+) | |
13 | ||
14 | diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c | |
15 | index 1fd9317..91724cc 100644 | |
16 | --- a/source3/auth/server_info.c | |
17 | +++ b/source3/auth/server_info.c | |
18 | @@ -571,7 +571,9 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, | |
19 | enum lsa_SidType type; | |
20 | uint32_t num_sids = 0; | |
21 | struct dom_sid *user_sids = NULL; | |
22 | + gid_t *gids = NULL; | |
23 | bool ok; | |
24 | + int i; | |
25 | ||
26 | tmp_ctx = talloc_stackframe(); | |
27 | ||
28 | @@ -629,6 +631,29 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, | |
29 | get_global_sam_sid(), | |
30 | DOMAIN_RID_USERS); | |
31 | } | |
32 | + | |
33 | + if (!getgroups_unix_user(tmp_ctx, | |
34 | + unix_username, | |
35 | + pwd->pw_gid, | |
36 | + &gids, | |
37 | + &num_sids)) { | |
38 | + DEBUG(1, ("Failed to get unix user groups.\n")); | |
39 | + goto done; | |
40 | + } | |
41 | + | |
42 | + if (num_sids == 0) { | |
43 | + smb_panic("primary group missing"); | |
44 | + } | |
45 | + | |
46 | + user_sids = TALLOC_ARRAY(tmp_ctx, struct dom_sid, num_sids); | |
47 | + | |
48 | + if (user_sids == NULL) { | |
49 | + return NT_STATUS_NO_MEMORY; | |
50 | + } | |
51 | + | |
52 | + for (i = 0; i < num_sids; i++) { | |
53 | + gid_to_sid(&user_sids[i], gids[i]); | |
54 | + } | |
55 | } | |
56 | ||
57 | /* Make sure we have a valid group sid */ | |
58 | @@ -696,6 +721,9 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, | |
59 | ||
60 | status = NT_STATUS_OK; | |
61 | done: | |
62 | + if (gids != NULL) { | |
63 | + talloc_free(gids); | |
64 | + } | |
65 | talloc_free(tmp_ctx); | |
66 | ||
67 | return status; | |
68 | -- | |
69 | 2.5.0 | |
70 |