[PATCH] Support force user when the user's group sid is a wellknown/builtin
Jeremy Allison
jra at samba.org
Wed Nov 18 22:51:47 UTC 2015
On Wed, Nov 18, 2015 at 10:20:02AM +0200, Uri Simchoni wrote:
> Hi,
>
> This patch provides a more consistent handling of users with a
> primary group that maps to a wellknown SID.
>
> When considering a local user (more precisely, one whose SamInfo3 is
> constructed locally rather than received from a domain controller),
> it is conceivable that the user's UNIX primary gid is mapped to a
> well-known or builtin SID.
>
> If such a user logs on, the logon succeeds, and the SamInfo3 that's
> created during the logon has an RID of 513 (domain users). OTOH, if
> a different user logs on and connects to a share with a "force user"
> pointing to that user, the tree-connect fails with a
> NT_STATUS_INVALID_SID.
>
> For consistency, this needs fixing and the fix here is for the
> tree-connect to succeed.
>
> This can be viewed as an extension of
> https://bugzilla.samba.org/show_bug.cgi?id=11044 from supporting
> unix-user SIDs to supporting to well-known SIDs as well.
>
> Review/push appreciated.
LGTM - really nice work - thanks ! Pushed.
More information about the samba-technical
mailing list