diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2009-03-04 14:10:41 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2009-03-04 14:10:41 +1100 |
| commit | 8ee0cc24b8302097bccae7891cb6f9c0547a1815 (patch) | |
| tree | 3fb0605641da1230b34912ac725ff2f09f51af8f | |
| parent | 52542e1affbaad3a29d913ced06f6c5ae0d7b4ad (diff) | |
| parent | ef89c4bc0db2e9ba48f4dac1fd381e4cc6c8ca7d (diff) | |
| download | samba-8ee0cc24b8302097bccae7891cb6f9c0547a1815.tar.gz samba-8ee0cc24b8302097bccae7891cb6f9c0547a1815.tar.bz2 samba-8ee0cc24b8302097bccae7891cb6f9c0547a1815.zip | |
Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
| -rw-r--r-- | source3/include/smb.h | 6 | ||||
| -rw-r--r-- | source3/passdb/lookup_sid.c | 42 | ||||
| -rw-r--r-- | source3/smbd/conn.c | 1 | ||||
| -rw-r--r-- | source3/smbd/service.c | 8 | ||||
| -rw-r--r-- | source3/smbd/uid.c | 11 |
5 files changed, 47 insertions, 21 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h index 59c3c32346..a0140fe081 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -573,6 +573,12 @@ typedef struct connection_struct { */ struct auth_serversupplied_info *server_info; + /* + * If the "force group" parameter is set, this is the primary gid that + * may be used in the users token, depending on the vuid using this tid. + */ + gid_t force_group_gid; + char client_address[INET6_ADDRSTRLEN]; /* String version of client IP address. */ uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */ diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 10ff36d51b..9c20042a62 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1309,15 +1309,18 @@ void uid_to_sid(DOM_SID *psid, uid_t uid) /* Not in cache. Ask winbindd. */ if (!winbind_uid_to_sid(psid, uid)) { /* - * We shouldn't return the NULL SID - * here if winbind was running and - * couldn't map, as winbind will have - * added a negative entry that will - * cause us to go though the - * legacy_uid_to_sid() - * function anyway in the case above - * the next time we ask. - */ + * We shouldn't return the NULL SID + * here if winbind was running and + * couldn't map, as winbind will have + * added a negative entry that will + * cause us to go though the + * legacy_uid_to_sid() + * function anyway in the case above + * the next time we ask. + */ + DEBUG(5, ("uid_to_sid: winbind failed to find a sid " + "for uid %u\n", uid)); + legacy_uid_to_sid(psid, uid); return; } @@ -1359,15 +1362,18 @@ void gid_to_sid(DOM_SID *psid, gid_t gid) /* Not in cache. Ask winbindd. */ if (!winbind_gid_to_sid(psid, gid)) { /* - * We shouldn't return the NULL SID - * here if winbind was running and - * couldn't map, as winbind will have - * added a negative entry that will - * cause us to go though the - * legacy_gid_to_sid() - * function anyway in the case above - * the next time we ask. - */ + * We shouldn't return the NULL SID + * here if winbind was running and + * couldn't map, as winbind will have + * added a negative entry that will + * cause us to go though the + * legacy_gid_to_sid() + * function anyway in the case above + * the next time we ask. + */ + DEBUG(5, ("gid_to_sid: winbind failed to find a sid " + "for gid %u\n", gid)); + legacy_gid_to_sid(psid, gid); return; } diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c index 4b467b0312..a52f2d2e96 100644 --- a/source3/smbd/conn.c +++ b/source3/smbd/conn.c @@ -140,6 +140,7 @@ find_again: return NULL; } conn->cnum = i; + conn->force_group_gid = (gid_t)-1; bitmap_set(bmap, i); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index dcdd69f997..eb16a2601e 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -833,6 +833,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, *pstatus = status; return NULL; } + + /* + * We need to cache this gid, to use within + * change_to_user() separately from the conn->server_info + * struct. We only use conn->server_info directly if + * "force_user" was set. + */ + conn->force_group_gid = conn->server_info->utok.gid; } conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID; diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 4f059bdb59..f8c55b1b8f 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -254,6 +254,8 @@ bool change_to_user(connection_struct *conn, uint16 vuid) if((group_c = *lp_force_group(snum))) { + SMB_ASSERT(conn->force_group_gid != (gid_t)-1); + if(group_c == '+') { /* @@ -266,15 +268,18 @@ bool change_to_user(connection_struct *conn, uint16 vuid) int i; for (i = 0; i < num_groups; i++) { if (group_list[i] - == conn->server_info->utok.gid) { - gid = conn->server_info->utok.gid; + == conn->force_group_gid) { + conn->server_info->utok.gid = + conn->force_group_gid; + gid = conn->force_group_gid; gid_to_sid(&conn->server_info->ptok ->user_sids[1], gid); break; } } } else { - gid = conn->server_info->utok.gid; + conn->server_info->utok.gid = conn->force_group_gid; + gid = conn->force_group_gid; gid_to_sid(&conn->server_info->ptok->user_sids[1], gid); } |