The Samba-Bugzilla – Attachment 3968 Details for
Bug 6155
"force group" is no longer working as expected
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 3.3.1
look (text/plain), 2.47 KB, created by
Jeremy Allison
on 2009-03-03 18:05:41 UTC
(
hide
)
Description:
Patch for 3.3.1
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2009-03-03 18:05:41 UTC
Size:
2.47 KB
patch
obsolete
>diff --git a/source/include/smb.h b/source/include/smb.h >index a98d151..56d9461 100644 >--- a/source/include/smb.h >+++ b/source/include/smb.h >@@ -597,6 +597,12 @@ typedef struct connection_struct { > */ > struct auth_serversupplied_info *server_info; > >+ /* >+ * If the "force group" parameter is set, this is the primary gid that >+ * may be used in the users token, depending on the vuid using this tid. >+ */ >+ gid_t force_group_gid; >+ > char client_address[INET6_ADDRSTRLEN]; /* String version of client IP address. */ > > uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */ >diff --git a/source/smbd/conn.c b/source/smbd/conn.c >index 7f34d2b..a6eafcf 100644 >--- a/source/smbd/conn.c >+++ b/source/smbd/conn.c >@@ -145,6 +145,7 @@ find_again: > return NULL; > } > conn->cnum = i; >+ conn->force_group_gid = (gid_t)-1; > > bitmap_set(bmap, i); > >diff --git a/source/smbd/service.c b/source/smbd/service.c >index c39584a..5e75fce 100644 >--- a/source/smbd/service.c >+++ b/source/smbd/service.c >@@ -834,6 +834,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, > *pstatus = status; > return NULL; > } >+ >+ /* >+ * We need to cache this gid, to use within >+ * change_to_user() separately from the conn->server_info >+ * struct. We only use conn->server_info directly if >+ * "force_user" was set. >+ */ >+ conn->force_group_gid = conn->server_info->utok.gid; > } > > conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID; >diff --git a/source/smbd/uid.c b/source/smbd/uid.c >index 119a155..02f8cc9 100644 >--- a/source/smbd/uid.c >+++ b/source/smbd/uid.c >@@ -256,6 +256,8 @@ bool change_to_user(connection_struct *conn, uint16 vuid) > > if((group_c = *lp_force_group(snum))) { > >+ SMB_ASSERT(conn->force_group_gid != (gid_t)-1); >+ > if(group_c == '+') { > > /* >@@ -268,15 +270,18 @@ bool change_to_user(connection_struct *conn, uint16 vuid) > int i; > for (i = 0; i < num_groups; i++) { > if (group_list[i] >- == conn->server_info->utok.gid) { >- gid = conn->server_info->utok.gid; >+ == conn->force_group_gid) { >+ conn->server_info->utok.gid = >+ conn->force_group_gid; >+ gid = conn->force_group_gid; > gid_to_sid(&conn->server_info->ptok > ->user_sids[1], gid); > break; > } > } > } else { >- gid = conn->server_info->utok.gid; >+ conn->server_info->utok.gid = conn->force_group_gid; >+ gid = conn->force_group_gid; > gid_to_sid(&conn->server_info->ptok->user_sids[1], > gid); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3968">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 6155
: 3968