Bug 279 - if >32 groups is returned in the net_user_info3 struct, the nt_user_token and unix_token can differ
Summary: if >32 groups is returned in the net_user_info3 struct, the nt_user_token and...
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.0preX
Hardware: Other other
: P2 enhancement
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-08-07 21:45 UTC by Gerald (Jerry) Carter (dead mail address)
Modified: 2005-02-07 08:41 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gerald (Jerry) Carter (dead mail address) 2003-08-07 21:45:59 UTC
smbd calls initgroups() to set the unix group members 
of the existing process and then getgroups() to get the 
list back.  This is truncated to the OS limit (NGROUPS_MAX).  
So the NT_USER_TOKEN (built by the net_sam_logon reply) can 
have more groups than those listed in unix_user token.

2.2. solved this by calling add_supplementary_nt_login_groups()
in register_vuid()
Comment 1 Gerald (Jerry) Carter (dead mail address) 2003-08-07 21:46:48 UTC
See also bug 267
Comment 2 Gerald (Jerry) Carter (dead mail address) 2004-03-01 09:29:48 UTC
this is an OS limitation and not much we can do about it.  Closing it.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-02-07 08:41:26 UTC
originally reported against 3.0.0beta3.  CLeaning out 
non-production release versions.