[PATCH] Support force user when the user's group sid is a wellknown/builtin
Andreas Schneider
asn at samba.org
Mon Nov 23 15:28:01 UTC 2015
On Wednesday 18 November 2015 10:20:02 Uri Simchoni wrote:
> Hi,
>
> This patch provides a more consistent handling of users with a primary
> group that maps to a wellknown SID.
>
> When considering a local user (more precisely, one whose SamInfo3 is
> constructed locally rather than received from a domain controller), it
> is conceivable that the user's UNIX primary gid is mapped to a
> well-known or builtin SID.
>
> If such a user logs on, the logon succeeds, and the SamInfo3 that's
> created during the logon has an RID of 513 (domain users). OTOH, if a
> different user logs on and connects to a share with a "force user"
> pointing to that user, the tree-connect fails with a NT_STATUS_INVALID_SID.
>
> For consistency, this needs fixing and the fix here is for the
> tree-connect to succeed.
>
> This can be viewed as an extension of
> https://bugzilla.samba.org/show_bug.cgi?id=11044 from supporting
> unix-user SIDs to supporting to well-known SIDs as well.
>
> Review/push appreciated.
Great work! We really need more tests in this area. We had far too many
regressions.
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list