Bug 279 - if >32 groups is returned in the net_user_info3 struct, the nt_user_token and unix_token can differ
Summary: if >32 groups is returned in the net_user_info3 struct, the nt_user_token and...
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.0preX
Hardware: Other other
: P2 enhancement
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-08-07 21:45 UTC by Gerald (Jerry) Carter (dead mail address)
Modified: 2005-02-07 08:41 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gerald (Jerry) Carter (dead mail address) 2003-08-07 21:45:59 UTC 
smbd calls initgroups() to set the unix group members 
of the existing process and then getgroups() to get the 
list back.  This is truncated to the OS limit (NGROUPS_MAX).  
So the NT_USER_TOKEN (built by the net_sam_logon reply) can 
have more groups than those listed in unix_user token.

2.2. solved this by calling add_supplementary_nt_login_groups()
in register_vuid()
Comment 1 Gerald (Jerry) Carter (dead mail address) 2003-08-07 21:46:48 UTC 
See also bug 267
Comment 2 Gerald (Jerry) Carter (dead mail address) 2004-03-01 09:29:48 UTC 
this is an OS limitation and not much we can do about it.  Closing it.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-02-07 08:41:26 UTC 
originally reported against 3.0.0beta3.  CLeaning out 
non-production release versions.