Fix bug #6155 - "force group" is no longer working as expected.

We need to store the "force group" uid separately from the
conn->server_info token as we need to apply it separately also.
Volker PLEASE CHECK !
Jeremy.

diff --git a/source3/include/smb.h b/source3/include/smb.h
index 59c3c32346de3ff5f71a7c101b7b1dce3274846d..a0140fe0819f6eb9af66639043f129af29a4482c 100644 (file)
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -573,6 +573,12 @@ typedef struct connection_struct {
         */
        struct auth_serversupplied_info *server_info;
 
+       /*
+        * If the "force group" parameter is set, this is the primary gid that
+        * may be used in the users token, depending on the vuid using this tid.
+        */
+       gid_t force_group_gid;
+
        char client_address[INET6_ADDRSTRLEN]; /* String version of client IP address. */
 
        uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */

diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index 4b467b0312a5209863e3293ad20a9877ed34ec5f..a52f2d2e96915de7aaf12814f6c307b1bf12ec63 100644 (file)
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -140,6 +140,7 @@ find_again:
                return NULL;
        }
        conn->cnum = i;
+       conn->force_group_gid = (gid_t)-1;
 
        bitmap_set(bmap, i);
 

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index dcdd69f997cea0861ec7c539751ab31740331384..eb16a2601e312e76d90e63f3401fe781cf42c356 100644 (file)
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -833,6 +833,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
                        *pstatus = status;
                        return NULL;
                }
+
+               /*
+                * We need to cache this gid, to use within
+                * change_to_user() separately from the conn->server_info
+                * struct. We only use conn->server_info directly if
+                * "force_user" was set.
+                */
+               conn->force_group_gid = conn->server_info->utok.gid;
        }
 
        conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID;

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 4f059bdb59894f9efd00ce94e3b9dc2a4f7c786d..f8c55b1b8f8fbe4e6b19c2149a1a28ec9f5410ec 100644 (file)
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -254,6 +254,8 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
 
        if((group_c = *lp_force_group(snum))) {
 
+               SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
+
                if(group_c == '+') {
 
                        /*
@@ -266,15 +268,18 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
                        int i;
                        for (i = 0; i < num_groups; i++) {
                                if (group_list[i]
-                                   == conn->server_info->utok.gid) {
-                                       gid = conn->server_info->utok.gid;
+                                   == conn->force_group_gid) {
+                                       conn->server_info->utok.gid =
+                                               conn->force_group_gid;
+                                       gid = conn->force_group_gid;
                                        gid_to_sid(&conn->server_info->ptok
                                                   ->user_sids[1], gid);
                                        break;
                                }
                        }
                } else {
-                       gid = conn->server_info->utok.gid;
+                       conn->server_info->utok.gid = conn->force_group_gid;
+                       gid = conn->force_group_gid;
                        gid_to_sid(&conn->server_info->ptok->user_sids[1],
                                   gid);
                }