From 6e41745173989dff1b4e2f03e174e9d1020857d5 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 26 Jul 2013 11:32:34 +0200 Subject: s3:winbind: fix the getgroups implementation to include the user sid's GID in case of ID_TYPE_BOTH This is important for acl checks on the unix level where only a group ace has been added to the ACL for the user sid, e.g. when accessing Files with nfs or local unix processes. Signed-off-by: Michael Adam Reviewed-by: Stefan Metzmacher --- source3/winbindd/winbindd_getgroups.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/source3/winbindd/winbindd_getgroups.c b/source3/winbindd/winbindd_getgroups.c index bed8877cab..3d52ce8329 100644 --- a/source3/winbindd/winbindd_getgroups.c +++ b/source3/winbindd/winbindd_getgroups.c @@ -124,15 +124,17 @@ static void winbindd_getgroups_gettoken_done(struct tevent_req *subreq) /* * Convert the group SIDs to gids. state->sids[0] contains the user - * sid, so start at index 1. + * sid. If the idmap backend uses ID_TYPE_BOTH, we might need the + * the id of the user sid in the list of group sids, so map the + * complete token. */ - state->gids = talloc_array(state, gid_t, state->num_sids-1); + state->gids = talloc_array(state, gid_t, state->num_sids); if (tevent_req_nomem(state->gids, req)) { return; } state->num_gids = 0; - state->next_sid = 1; + state->next_sid = 0; subreq = wb_sids2xids_send(state, state->ev, &state->sids[state->next_sid], 1); -- cgit