CVS update: samba/source/smbd
Andrew Bartlett
abartlet at pcug.org.au
Sat Nov 3 21:14:15 EST 2001
Jeremy Allison wrote:
>
> On Sat, Nov 03, 2001 at 02:07:16PM +1100, Andrew Bartlett wrote:
> > Jeremy Allison wrote:
> > >
> > > Date: Fri Nov 2 18:00:49 2001
> > > Author: jra
> > >
> > > Update of /data/cvs/samba/source/smbd
> > > In directory va:/tmp/cvs-serv27527/smbd
> > >
> > > Modified Files:
> > > Tag: SAMBA_2_2
> > > password.c reply.c uid.c
> > > Log Message:
> > > Added extra group info into 2.2.3.
> > > Jeremy.
> >
> > Is this the right way to do things?
>
> Yes, I think so.
>
> > What happens if the remote group
> > can't be represented as a local gid_t?
>
> Then it is ignored when the calculation is done to create a gid_t.
Which brings us back to where we started.
The problem was that users could be denied access to a resource due to
their membership of a global group, but becouse we didn't know about
that membership we didn't deny them access.
My understanding of the original problem was:
- ACL can be constructed that use Win2k global groups
- These groups don't show up via winbind's getgroups() becouse of
protocol limitations, and are only avaliable via the info3 aquired from
a domain logon.
- Therfore the entry in the ACL is ignored.
With this fix, don't we still have the problem:
- ACL constructed using groups (need not even be global)
- These groups are not expressed in the /etc/groups (becouse winbind
doesn't yet exist on SCO etc)
- Therfore the entry in the ACL is ignored.
> > I think we should do it both ways: Use the local groups where they are
> > available (becouse there may well be local file premissions associated
> > with them) but also store them in the NT_USER_TOKEN no matter what -
> > becouse many sites run security=domain but without winbind, and they
> > will still have this problem.
>
> I don't think so. You end up with a disconnect between
> the group lists associated with the uid_t and the group lists
> in the token. This isn't a good idea (IMHO).
I understand the concern, but I think we need to deal with this issue
properly. I want Samba to run without reference to the local system,
for things like:
- Non-root mode
- Non-filesystem VFS.
In particular, the combination of the two.
Would it be sufficient to ensure that NT_USER_TOKEN is always a superset
of the gid_t list?
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Samba Team member, Build Farm maintainer abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-cvs
mailing list