[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Mon Jul 23 14:13:02 MDT 2012


The branch, master has been updated
       via  a256d61 s3-winbind: Fix bug #9052 resolving our own "Domain Local" groups.
       via  111c215 Fix problem found by Andrew Bartlett - correctly check encrypted flag.
      from  4b64ec5 libcli/smb: set should_encrypt = true if we got SMB2_SESSION_FLAG_ENCRYPT_DATA

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a256d61c505ab10710c7d7152bab4f018cfdcd74
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Jul 20 17:12:09 2012 -0700

    s3-winbind: Fix bug #9052 resolving our own "Domain Local" groups.
    
    We don't resolve our own "Domain Local" groups since bug #7843 has been
    fixed. So we need to add the add resource groups to the sid list too.
    
    Before bug #7843 the "Domain Local" groups were added with a
    lookupuseraliases call, but this isn't done anymore for our domain
    so we need to resolve resource groups here.
    
    When to use Resource Groups:
    http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Mon Jul 23 22:12:30 CEST 2012 on sn-devel-104

commit 111c2159de6e417e7912dc8b26f6d3a2ce20de20
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Jul 23 10:20:26 2012 -0700

    Fix problem found by Andrew Bartlett - correctly check encrypted flag.

-----------------------------------------------------------------------

Summary of changes:
 source3/include/proto.h          |    3 +--
 source3/lib/util_sid.c           |    9 +--------
 source3/smbd/reply.c             |    8 ++++++--
 source3/winbindd/winbindd_pam.c  |    2 +-
 source3/winbindd/winbindd_util.c |   12 +++++++++---
 5 files changed, 18 insertions(+), 16 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 585067e..3a2bf1b 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -549,8 +549,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
 			      const struct netr_SamInfo3 *info3,
 			      struct dom_sid **user_sids,
 			      uint32_t *num_user_sids,
-			      bool include_user_group_rid,
-			      bool skip_ressource_groups);
+			      bool include_user_group_rid);
 
 /* The following definitions come from lib/util_sock.c  */
 
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index f080d3d..f051b7a 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -130,8 +130,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
 			      const struct netr_SamInfo3 *info3,
 			      struct dom_sid **user_sids,
 			      uint32_t *num_user_sids,
-			      bool include_user_group_rid,
-			      bool skip_ressource_groups)
+			      bool include_user_group_rid)
 {
 	NTSTATUS status;
 	struct dom_sid sid;
@@ -191,12 +190,6 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
          */
 
 	for (i = 0; i < info3->sidcount; i++) {
-
-		if (skip_ressource_groups &&
-		    (info3->sids[i].attributes & SE_GROUP_RESOURCE)) {
-			continue;
-		}
-
 		status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
 				      &sid_array, &num_sids);
 		if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 2022af7..97abc85 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -4944,8 +4944,12 @@ static void do_smb1_close(struct tevent_req *req)
 	} else {
 		reply_nterror(smbreq, status);
 	}
-	if (!srv_send_smb(smbreq->sconn, smbreq->outbuf, true,
-			  smbreq->seqnum+1, encrypt, NULL)) {
+	if (!srv_send_smb(smbreq->sconn,
+			smbreq->outbuf,
+			true,
+			smbreq->seqnum+1,
+			IS_CONN_ENCRYPTED(smbreq->conn)||smbreq->encrypted,
+			NULL)) {
 		exit_server_cleanly("handle_aio_read_complete: srv_send_smb "
 				    "failed.");
 	}
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 96956d0..a64cc56 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -308,7 +308,7 @@ static NTSTATUS check_info3_in_group(struct netr_SamInfo3 *info3,
 	status = sid_array_from_info3(talloc_tos(), info3,
 				      &token->sids,
 				      &token->num_sids,
-				      true, false);
+				      true);
 	if (!NT_STATUS_IS_OK(status)) {
 		TALLOC_FREE(frame);
 		return status;
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 162cdf2..52ce1e3 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1033,12 +1033,18 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain,
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	/* Skip Domain local groups outside our domain.
-	   We'll get these from the getsidaliases() RPC call. */
+	/*
+	 * Before bug #7843 the "Domain Local" groups were added with a
+	 * lookupuseraliases call, but this isn't done anymore for our domain
+	 * so we need to resolve resource groups here.
+	 *
+	 * When to use Resource Groups:
+	 * http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx
+	 */
 	status = sid_array_from_info3(mem_ctx, info3,
 				      user_sids,
 				      &num_groups,
-				      false, true);
+				      false);
 
 	if (!NT_STATUS_IS_OK(status)) {
 		TALLOC_FREE(info3);


-- 
Samba Shared Repository


More information about the samba-cvs mailing list