Bug 1183 - Duplicate GIDs returned (when multiple AD groups mapped to single gid)
Duplicate GIDs returned (when multiple AD groups mapped to single gid)
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: winbind
3.0.1
All Linux
: P4 minor
: none
Assigned To: Samba Bugzilla Account
:
Depends on:
Blocks: 807
  Show dependency treegraph
 
Reported: 2004-03-12 12:00 UTC by John Klinger
Modified: 2005-08-24 10:19 UTC (History)
0 users

See Also:


Attachments
Patch to prevent return of duplicate gid's. (998 bytes, patch)
2004-03-12 12:04 UTC, John Klinger
no flags Details
Fixed previous patch to search only assigned elements, not entire gid array length. (999 bytes, patch)
2004-03-29 13:13 UTC, John Klinger
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description John Klinger 2004-03-12 12:00:38 UTC
We were testing an environment where a number Active Directory global groups
were mapped to a single Unix group. If a user belongs to several groups that map
to the same gid, that gid would be repeated in the groups list, taking up
however many slots were required. With a 16 group limit, this can cause a
problem.

Example:

  Given active directory group AD_G1 is mapped to gid 20001,
  AD_G2 is mapped to 20001, G1 is a local group with gid 2001,
  and myUser belongs to Domain User, AD_G1, AD_G2, and G1.

  Running "id -a myUser" gives:

  uid=10000(myUser) gid=20000(Domain User) groups=20001(G1),20001(G1),20001(G1)

Due to the linux base function, this would apply to all unix os.
Comment 1 John Klinger 2004-03-12 12:04:03 UTC
Created attachment 437 [details]
Patch to prevent return of duplicate gid's.

Patch modifies function _nss_winbind_initgroups_dyn in
nsswitch/winbind_nss_linux.c to check that a newly found gid is not already
present in the return list.
Comment 2 John Klinger 2004-03-29 13:13:31 UTC
Created attachment 459 [details]
Fixed previous patch to search only assigned elements, not entire gid array length.
Comment 3 Gerald (Jerry) Carter 2004-04-19 18:41:13 UTC
Fixed for 3.0.3rc1
Comment 4 Gerald (Jerry) Carter 2005-08-24 10:19:22 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.