SOURCES: samba-force-group.patch (NEW) - bug #6155 in 3.3.1

wolvverine wolvverine at pld-linux.org
Thu Mar 12 12:51:17 CET 2009 

Author: wolvverine                   Date: Thu Mar 12 11:51:17 2009 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- bug #6155 in 3.3.1

---- Files affected:
SOURCES:
   samba-force-group.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/samba-force-group.patch
diff -u /dev/null SOURCES/samba-force-group.patch:1.1
--- /dev/null	Thu Mar 12 12:51:17 2009
+++ SOURCES/samba-force-group.patch	Thu Mar 12 12:51:11 2009
@@ -0,0 +1,83 @@
+diff --git a/source/include/smb.h b/source/include/smb.h
+index a98d151..56d9461 100644
+--- a/source/include/smb.h
++++ b/source/include/smb.h
+@@ -597,6 +597,12 @@ typedef struct connection_struct {
+ 	 */
+ 	struct auth_serversupplied_info *server_info;
+ 
++	/*
++	 * If the "force group" parameter is set, this is the primary gid that
++	 * may be used in the users token, depending on the vuid using this tid.
++	 */
++	gid_t force_group_gid;
++
+ 	char client_address[INET6_ADDRSTRLEN]; /* String version of client IP address. */
+ 
+ 	uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */
+diff --git a/source/smbd/conn.c b/source/smbd/conn.c
+index 7f34d2b..a6eafcf 100644
+--- a/source/smbd/conn.c
++++ b/source/smbd/conn.c
+@@ -145,6 +145,7 @@ find_again:
+ 		return NULL;
+ 	}
+ 	conn->cnum = i;
++	conn->force_group_gid = (gid_t)-1;
+ 
+ 	bitmap_set(bmap, i);
+ 
+diff --git a/source/smbd/service.c b/source/smbd/service.c
+index c39584a..5e75fce 100644
+--- a/source/smbd/service.c
++++ b/source/smbd/service.c
+@@ -834,6 +834,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
+ 			*pstatus = status;
+ 			return NULL;
+ 		}
++
++		/*
++		 * We need to cache this gid, to use within
++ 		 * change_to_user() separately from the conn->server_info
++ 		 * struct. We only use conn->server_info directly if
++ 		 * "force_user" was set.
++ 		 */
++		conn->force_group_gid = conn->server_info->utok.gid;
+ 	}
+ 
+ 	conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID;
+diff --git a/source/smbd/uid.c b/source/smbd/uid.c
+index 119a155..02f8cc9 100644
+--- a/source/smbd/uid.c
++++ b/source/smbd/uid.c
+@@ -256,6 +256,8 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
+ 
+ 	if((group_c = *lp_force_group(snum))) {
+ 
++		SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
++
+ 		if(group_c == '+') {
+ 
+ 			/*
+@@ -268,15 +270,18 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
+ 			int i;
+ 			for (i = 0; i < num_groups; i++) {
+ 				if (group_list[i]
+-				    == conn->server_info->utok.gid) {
+-					gid = conn->server_info->utok.gid;
++				    == conn->force_group_gid) {
++					conn->server_info->utok.gid =
++						conn->force_group_gid;
++					gid = conn->force_group_gid;
+ 					gid_to_sid(&conn->server_info->ptok
+ 						   ->user_sids[1], gid);
+ 					break;
+ 				}
+ 			}
+ 		} else {
+-			gid = conn->server_info->utok.gid;
++			conn->server_info->utok.gid = conn->force_group_gid;
++			gid = conn->force_group_gid;
+ 			gid_to_sid(&conn->server_info->ptok->user_sids[1],
+ 				   gid);
+ 		}
================================================================

More information about the pld-cvs-commit mailing list