[Samba] force group to Unix group in 3.0.25

Fri May 18 17:38:16 GMT 2007

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christian Perrier wrote:
>> Our bug.  I fixed it last night for next week's 3.0.25a release
>> (http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.0).
>>
>> You can either retest against the SAMBA_3_0_25 svn tree or I
>> can send you a patch.
> 
> 
> Jerry, apparently this bug hits Debian's version in etch as it
> appeared after the security fix for CVE-2007-2444. See
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424629
> 
> As you certainly know, upgrading the version in etch 
> to 3.0.25a is out of question, so we need to patch the
> 3.0.24 version to fix this.
>
> So, if you have the patch handy, we'd be deeply interested.

Ah yeah.  I didn't think about that.  Attached.

> Is there a bug report for this issue in Samba's BTS? I can't 
> find one.

Note sure.  We went back and forth with David Rankin on it
getting the necessary information.





cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGTeSIIR7qMdg1EfYRAoygAJ9zPh6jIMt5ri9UzuNLtEgiiDekHQCgndPF
DyDNcagDKoir8QjGfBZPY1o=
=w3wZ
-----END PGP SIGNATURE-----
-------------- next part --------------
=== modified file 'source/smbd/uid.c'

--- source/smbd/uid.c	2007-05-12 16:45:55 +0000
+++ source/smbd/uid.c	2007-05-18 17:33:11 +0000
@@ -151,7 +151,9 @@
 	char group_c;
 	BOOL must_free_token = False;
 	NT_USER_TOKEN *token = NULL;
-
+	int num_groups = 0;
+	gid_t *group_list = NULL;
+	
 	if (!conn) {
 		DEBUG(2,("change_to_user: Connection not open\n"));
 		return(False);
@@ -190,14 +192,14 @@
 	if (conn->force_user) /* security = share sets this too */ {
 		uid = conn->uid;
 		gid = conn->gid;
-		current_user.ut.groups = conn->groups;
-		current_user.ut.ngroups = conn->ngroups;
+	        group_list = conn->groups;
+		num_groups = conn->ngroups;
 		token = conn->nt_user_token;
 	} else if (vuser) {
 		uid = conn->admin_user ? 0 : vuser->uid;
 		gid = vuser->gid;
-		current_user.ut.ngroups = vuser->n_groups;
-		current_user.ut.groups  = vuser->groups;
+		num_groups = vuser->n_groups;
+		group_list  = vuser->groups;
 		token = vuser->nt_user_token;
 	} else {
 		DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
@@ -230,8 +232,8 @@
 			 */
 
 			int i;
-			for (i = 0; i < current_user.ut.ngroups; i++) {
-				if (current_user.ut.groups[i] == conn->gid) {
+			for (i = 0; i < num_groups; i++) {
+				if (group_list[i] == conn->gid) {
 					gid = conn->gid;
 					gid_to_sid(&token->user_sids[1], gid);
 					break;
@@ -243,6 +245,12 @@
 		}
 	}
 	
+	/* Now set current_user since we will immediately also call
+	   set_sec_ctx() */
+
+	current_user.ut.ngroups = num_groups;
+	current_user.ut.groups  = group_list;	
+
 	set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
 		    token);
 

