The Samba-Bugzilla – Bug 2038
winbindd_getgroups() may fail if not all domain groups have a gidNumber assigned
Last modified: 2005-08-24 10:20:48 UTC
This happens with Samba 3.0.8 configured as a domain member server (security =
ADS), the domain being in w2k native mode.
The following code appears twice in the winbindd_getgroups() function in
if (gid_list == NULL)
It's within the two loops which iterate through the list of group memberships.
This has the following consequence: If the loop is executed for the first time
(examining the first group membership) and if THIS (i.e. the first) group has
NO gidNumber assigned (i.e. add_gids_from_group_sid() fails), then the function
fails completely ("goto done;"!), even if some other group (i.e. a non-first
group) has a gidNumber assigned.
The code should either be removed completely (I see no reason why the function
should fail, even if the user has NO unix group membership, this is valid
scenario?!), or it should be at least moved to somewhere after the loops, so it
only fails if no group has a gidNumber assigned (in fact a posix user must have
a group memberships - the primary group; however, this doesn't need to be
checked here, because getpwent() fails already if there is no primary group
Created attachment 772 [details]
Looks good - applied. Moved this check to just before the return.
This is fixed in 3.0.11 (by either guenther or volker) I think.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.