Bug 1081 - sys_getgrouplist_internals(..., gid, groups, ...) returns multiple instances of gid in groups
Summary: sys_getgrouplist_internals(..., gid, groups, ...) returns multiple instances ...
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.2
Hardware: All Solaris
: P3 normal
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
URL:
Keywords:
: 945 1229 (view as bug list)
Depends on:
Blocks: 807
  Show dependency treegraph
 
Reported: 2004-02-15 19:52 UTC by Buck Huppmann
Modified: 2005-11-14 09:29 UTC (History)
2 users (show)

See Also:


Attachments
patch to sys_getgrouplist_internals (2.44 KB, patch)
2004-02-15 19:55 UTC, Buck Huppmann
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Buck Huppmann 2004-02-15 19:52:18 UTC
as previously reported to samba-technical but not yet acted upon, seemingly:

before patch (attached):
[2004/01/23 11:18:18, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 40535
  Primary group is 118 and contains 4 supplementary groups
  Group[  0]: 118
  Group[  1]: 118
  Group[  2]: 18
  Group[  3]: 70

after:
[2004/02/11 17:55:57, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 40535
  Primary group is 118 and contains 3 supplementary groups
  Group[  0]: 118
  Group[  1]: 18
  Group[  2]: 70

which is more than a cosmetic problem, if you're in 16 groups, 'cause
then calls to setgroups() fail in set_sec_ctx(), pop_sec_ctx() etc.
(and those functions don't report the error, leaving you scratching
your head when permissions problems bite)
Comment 1 Buck Huppmann 2004-02-15 19:55:29 UTC
Created attachment 403 [details]
patch to sys_getgrouplist_internals
Comment 2 Gerald (Jerry) Carter (dead mail address) 2004-03-15 14:13:00 UTC
*** Bug 945 has been marked as a duplicate of this bug. ***
Comment 3 Didier Moens 2004-03-16 00:33:13 UTC
Restating my inquiry in comment #3, bug #945 : would implementing an LDAP
backend circumvent the OS magic number group membership limitation (16 on
Solaris, 32 on RHEL) ? Thanks in advance for any hint whatsoever.
Comment 4 Gerald (Jerry) Carter (dead mail address) 2004-03-16 06:17:20 UTC
nope.  those are OS limitations that you will have 
to tweak.  They are outside the scope of Samba.

I am planning on applying the "remove duplicate groups" 
patch however if that will help you.
Comment 5 Gerald (Jerry) Carter (dead mail address) 2004-03-31 07:50:42 UTC
*** Bug 1229 has been marked as a duplicate of this bug. ***
Comment 6 Gerald (Jerry) Carter (dead mail address) 2004-04-19 15:21:35 UTC
I have a variation that will remove all duplicate groups.
Checking it in for 3.0.3rc1.
Comment 7 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:25:41 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 8 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:29:19 UTC
database cleanup