Bug 11608 - Cannot force local user if gid maps to a wellknown/builtin SID
Cannot force local user if gid maps to a wellknown/builtin SID
Status: RESOLVED FIXED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services
4.3.1
All All
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-18 08:07 UTC by Uri Simchoni
Modified: 2015-11-24 08:39 UTC (History)
2 users (show)

See Also:


Attachments
git-am fix for 4.3.next (7.42 KB, patch)
2015-11-20 18:39 UTC, Uri Simchoni
jra: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Uri Simchoni 2015-11-18 08:07:10 UTC
When considering a "local" user, it is conceivable that the user's UNIX primary gid is mapped to a well-known or builtin SID. If such a user logs on, the logon succeeds, and the SamInfo3 that's created during the logon has an RID of 513 (domain users). OTOH, if a different user logs on and connects to a share with a "force user" pointing to that user, the tree-connect fails with a NT_STATUS_INVALID_SID.

This is similar in a way to https://bugzilla.samba.org/show_bug.cgi?id=11044
Comment 1 Uri Simchoni 2015-11-20 18:39:48 UTC
Created attachment 11609 [details]
git-am fix for 4.3.next
Comment 2 Jeremy Allison 2015-11-20 22:29:00 UTC
Comment on attachment 11609 [details]
git-am fix for 4.3.next

LGTM.
Comment 3 Jeremy Allison 2015-11-20 22:29:23 UTC
Re-assigning to Karolin for inclusion in 4.3.next.
Comment 4 Jeremy Allison 2015-11-20 22:29:29 UTC
uri@samba.org
Comment 5 Karolin Seeger 2015-11-23 11:43:04 UTC
(In reply to Jeremy Allison from comment #3)
Pushed to autobuild-v4-3-test.
Comment 6 Karolin Seeger 2015-11-24 08:39:00 UTC
(In reply to Karolin Seeger from comment #5)
Pushed to v4-3-test.
Closing out bug report.

Thanks!