summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2013-07-26 11:32:34 +0200
committerMichael Adam <obnox@samba.org>2013-07-29 12:53:54 +0200
commit6e41745173989dff1b4e2f03e174e9d1020857d5 (patch)
tree71dfa3251e36e409a89489b513c7c112aa47b194
parentf62219e71af69ec8b331500b75fd5fd77d51a636 (diff)
downloadsamba-6e41745173989dff1b4e2f03e174e9d1020857d5.tar.gz
samba-6e41745173989dff1b4e2f03e174e9d1020857d5.tar.bz2
samba-6e41745173989dff1b4e2f03e174e9d1020857d5.zip
s3:winbind: fix the getgroups implementation to include the user sid's GID in case of ID_TYPE_BOTH
This is important for acl checks on the unix level where only a group ace has been added to the ACL for the user sid, e.g. when accessing Files with nfs or local unix processes. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--source3/winbindd/winbindd_getgroups.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/source3/winbindd/winbindd_getgroups.c b/source3/winbindd/winbindd_getgroups.c
index bed8877cab..3d52ce8329 100644
--- a/source3/winbindd/winbindd_getgroups.c
+++ b/source3/winbindd/winbindd_getgroups.c
@@ -124,15 +124,17 @@ static void winbindd_getgroups_gettoken_done(struct tevent_req *subreq)
/*
* Convert the group SIDs to gids. state->sids[0] contains the user
- * sid, so start at index 1.
+ * sid. If the idmap backend uses ID_TYPE_BOTH, we might need the
+ * the id of the user sid in the list of group sids, so map the
+ * complete token.
*/
- state->gids = talloc_array(state, gid_t, state->num_sids-1);
+ state->gids = talloc_array(state, gid_t, state->num_sids);
if (tevent_req_nomem(state->gids, req)) {
return;
}
state->num_gids = 0;
- state->next_sid = 1;
+ state->next_sid = 0;
subreq = wb_sids2xids_send(state, state->ev,
&state->sids[state->next_sid], 1);