[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-5034-gda340c6
Jeremy Allison
jra at samba.org
Wed Mar 4 00:11:14 GMT 2009
The branch, v3-3-test has been updated
via da340c674d52d79cd4c45ab961a8fd7a204f7a67 (commit)
from c4d05e8e1fc776dd9c528513346256cf35c9f226 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit da340c674d52d79cd4c45ab961a8fd7a204f7a67
Author: Jeremy Allison <jra at samba.org>
Date: Tue Mar 3 16:05:47 2009 -0800
Fix bug #6155 - "force group" is no longer working as expected.
We need to store the "force group" uid separately from the
conn->server_info token as we need to apply it separately also.
Volker PLEASE CHECK !
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/include/smb.h | 6 ++++++
source/smbd/conn.c | 1 +
source/smbd/service.c | 8 ++++++++
source/smbd/uid.c | 11 ++++++++---
4 files changed, 23 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/smb.h b/source/include/smb.h
index a98d151..56d9461 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -597,6 +597,12 @@ typedef struct connection_struct {
*/
struct auth_serversupplied_info *server_info;
+ /*
+ * If the "force group" parameter is set, this is the primary gid that
+ * may be used in the users token, depending on the vuid using this tid.
+ */
+ gid_t force_group_gid;
+
char client_address[INET6_ADDRSTRLEN]; /* String version of client IP address. */
uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */
diff --git a/source/smbd/conn.c b/source/smbd/conn.c
index 7f34d2b..a6eafcf 100644
--- a/source/smbd/conn.c
+++ b/source/smbd/conn.c
@@ -145,6 +145,7 @@ find_again:
return NULL;
}
conn->cnum = i;
+ conn->force_group_gid = (gid_t)-1;
bitmap_set(bmap, i);
diff --git a/source/smbd/service.c b/source/smbd/service.c
index c39584a..5e75fce 100644
--- a/source/smbd/service.c
+++ b/source/smbd/service.c
@@ -834,6 +834,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
*pstatus = status;
return NULL;
}
+
+ /*
+ * We need to cache this gid, to use within
+ * change_to_user() separately from the conn->server_info
+ * struct. We only use conn->server_info directly if
+ * "force_user" was set.
+ */
+ conn->force_group_gid = conn->server_info->utok.gid;
}
conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID;
diff --git a/source/smbd/uid.c b/source/smbd/uid.c
index 119a155..02f8cc9 100644
--- a/source/smbd/uid.c
+++ b/source/smbd/uid.c
@@ -256,6 +256,8 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
if((group_c = *lp_force_group(snum))) {
+ SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
+
if(group_c == '+') {
/*
@@ -268,15 +270,18 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
int i;
for (i = 0; i < num_groups; i++) {
if (group_list[i]
- == conn->server_info->utok.gid) {
- gid = conn->server_info->utok.gid;
+ == conn->force_group_gid) {
+ conn->server_info->utok.gid =
+ conn->force_group_gid;
+ gid = conn->force_group_gid;
gid_to_sid(&conn->server_info->ptok
->user_sids[1], gid);
break;
}
}
} else {
- gid = conn->server_info->utok.gid;
+ conn->server_info->utok.gid = conn->force_group_gid;
+ gid = conn->force_group_gid;
gid_to_sid(&conn->server_info->ptok->user_sids[1],
gid);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list