[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5034-gda340c6

Jeremy Allison jra at samba.org
Wed Mar 4 00:11:14 GMT 2009


The branch, v3-3-test has been updated
       via  da340c674d52d79cd4c45ab961a8fd7a204f7a67 (commit)
      from  c4d05e8e1fc776dd9c528513346256cf35c9f226 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit da340c674d52d79cd4c45ab961a8fd7a204f7a67
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Mar 3 16:05:47 2009 -0800

    Fix bug #6155 - "force group" is no longer working as expected.
    We need to store the "force group" uid separately from the
    conn->server_info token as we need to apply it separately also.
    Volker PLEASE CHECK !
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source/include/smb.h  |    6 ++++++
 source/smbd/conn.c    |    1 +
 source/smbd/service.c |    8 ++++++++
 source/smbd/uid.c     |   11 ++++++++---
 4 files changed, 23 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/include/smb.h b/source/include/smb.h
index a98d151..56d9461 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -597,6 +597,12 @@ typedef struct connection_struct {
 	 */
 	struct auth_serversupplied_info *server_info;
 
+	/*
+	 * If the "force group" parameter is set, this is the primary gid that
+	 * may be used in the users token, depending on the vuid using this tid.
+	 */
+	gid_t force_group_gid;
+
 	char client_address[INET6_ADDRSTRLEN]; /* String version of client IP address. */
 
 	uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */
diff --git a/source/smbd/conn.c b/source/smbd/conn.c
index 7f34d2b..a6eafcf 100644
--- a/source/smbd/conn.c
+++ b/source/smbd/conn.c
@@ -145,6 +145,7 @@ find_again:
 		return NULL;
 	}
 	conn->cnum = i;
+	conn->force_group_gid = (gid_t)-1;
 
 	bitmap_set(bmap, i);
 
diff --git a/source/smbd/service.c b/source/smbd/service.c
index c39584a..5e75fce 100644
--- a/source/smbd/service.c
+++ b/source/smbd/service.c
@@ -834,6 +834,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 			*pstatus = status;
 			return NULL;
 		}
+
+		/*
+		 * We need to cache this gid, to use within
+ 		 * change_to_user() separately from the conn->server_info
+ 		 * struct. We only use conn->server_info directly if
+ 		 * "force_user" was set.
+ 		 */
+		conn->force_group_gid = conn->server_info->utok.gid;
 	}
 
 	conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID;
diff --git a/source/smbd/uid.c b/source/smbd/uid.c
index 119a155..02f8cc9 100644
--- a/source/smbd/uid.c
+++ b/source/smbd/uid.c
@@ -256,6 +256,8 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
 
 	if((group_c = *lp_force_group(snum))) {
 
+		SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
+
 		if(group_c == '+') {
 
 			/*
@@ -268,15 +270,18 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
 			int i;
 			for (i = 0; i < num_groups; i++) {
 				if (group_list[i]
-				    == conn->server_info->utok.gid) {
-					gid = conn->server_info->utok.gid;
+				    == conn->force_group_gid) {
+					conn->server_info->utok.gid =
+						conn->force_group_gid;
+					gid = conn->force_group_gid;
 					gid_to_sid(&conn->server_info->ptok
 						   ->user_sids[1], gid);
 					break;
 				}
 			}
 		} else {
-			gid = conn->server_info->utok.gid;
+			conn->server_info->utok.gid = conn->force_group_gid;
+			gid = conn->force_group_gid;
 			gid_to_sid(&conn->server_info->ptok->user_sids[1],
 				   gid);
 		}


-- 
Samba Shared Repository


More information about the samba-cvs mailing list