summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/include/smb.h6
-rw-r--r--source3/passdb/lookup_sid.c42
-rw-r--r--source3/smbd/conn.c1
-rw-r--r--source3/smbd/service.c8
-rw-r--r--source3/smbd/uid.c11
5 files changed, 47 insertions, 21 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 59c3c32346..a0140fe081 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -573,6 +573,12 @@ typedef struct connection_struct {
*/
struct auth_serversupplied_info *server_info;
+ /*
+ * If the "force group" parameter is set, this is the primary gid that
+ * may be used in the users token, depending on the vuid using this tid.
+ */
+ gid_t force_group_gid;
+
char client_address[INET6_ADDRSTRLEN]; /* String version of client IP address. */
uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 10ff36d51b..9c20042a62 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1309,15 +1309,18 @@ void uid_to_sid(DOM_SID *psid, uid_t uid)
/* Not in cache. Ask winbindd. */
if (!winbind_uid_to_sid(psid, uid)) {
/*
- * We shouldn't return the NULL SID
- * here if winbind was running and
- * couldn't map, as winbind will have
- * added a negative entry that will
- * cause us to go though the
- * legacy_uid_to_sid()
- * function anyway in the case above
- * the next time we ask.
- */
+ * We shouldn't return the NULL SID
+ * here if winbind was running and
+ * couldn't map, as winbind will have
+ * added a negative entry that will
+ * cause us to go though the
+ * legacy_uid_to_sid()
+ * function anyway in the case above
+ * the next time we ask.
+ */
+ DEBUG(5, ("uid_to_sid: winbind failed to find a sid "
+ "for uid %u\n", uid));
+
legacy_uid_to_sid(psid, uid);
return;
}
@@ -1359,15 +1362,18 @@ void gid_to_sid(DOM_SID *psid, gid_t gid)
/* Not in cache. Ask winbindd. */
if (!winbind_gid_to_sid(psid, gid)) {
/*
- * We shouldn't return the NULL SID
- * here if winbind was running and
- * couldn't map, as winbind will have
- * added a negative entry that will
- * cause us to go though the
- * legacy_gid_to_sid()
- * function anyway in the case above
- * the next time we ask.
- */
+ * We shouldn't return the NULL SID
+ * here if winbind was running and
+ * couldn't map, as winbind will have
+ * added a negative entry that will
+ * cause us to go though the
+ * legacy_gid_to_sid()
+ * function anyway in the case above
+ * the next time we ask.
+ */
+ DEBUG(5, ("gid_to_sid: winbind failed to find a sid "
+ "for gid %u\n", gid));
+
legacy_gid_to_sid(psid, gid);
return;
}
diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index 4b467b0312..a52f2d2e96 100644
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -140,6 +140,7 @@ find_again:
return NULL;
}
conn->cnum = i;
+ conn->force_group_gid = (gid_t)-1;
bitmap_set(bmap, i);
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index dcdd69f997..eb16a2601e 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -833,6 +833,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
*pstatus = status;
return NULL;
}
+
+ /*
+ * We need to cache this gid, to use within
+ * change_to_user() separately from the conn->server_info
+ * struct. We only use conn->server_info directly if
+ * "force_user" was set.
+ */
+ conn->force_group_gid = conn->server_info->utok.gid;
}
conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID;
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 4f059bdb59..f8c55b1b8f 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -254,6 +254,8 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
if((group_c = *lp_force_group(snum))) {
+ SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
+
if(group_c == '+') {
/*
@@ -266,15 +268,18 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
int i;
for (i = 0; i < num_groups; i++) {
if (group_list[i]
- == conn->server_info->utok.gid) {
- gid = conn->server_info->utok.gid;
+ == conn->force_group_gid) {
+ conn->server_info->utok.gid =
+ conn->force_group_gid;
+ gid = conn->force_group_gid;
gid_to_sid(&conn->server_info->ptok
->user_sids[1], gid);
break;
}
}
} else {
- gid = conn->server_info->utok.gid;
+ conn->server_info->utok.gid = conn->force_group_gid;
+ gid = conn->force_group_gid;
gid_to_sid(&conn->server_info->ptok->user_sids[1],
gid);
}