*/
struct auth_serversupplied_info *server_info;
+ /*
+ * If the "force group" parameter is set, this is the primary gid that
+ * may be used in the users token, depending on the vuid using this tid.
+ */
+ gid_t force_group_gid;
+
char client_address[INET6_ADDRSTRLEN]; /* String version of client IP address. */
uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */
*pstatus = status;
return NULL;
}
+
+ /*
+ * We need to cache this gid, to use within
+ * change_to_user() separately from the conn->server_info
+ * struct. We only use conn->server_info directly if
+ * "force_user" was set.
+ */
+ conn->force_group_gid = conn->server_info->utok.gid;
}
conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID;
if((group_c = *lp_force_group(snum))) {
+ SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
+
if(group_c == '+') {
/*
int i;
for (i = 0; i < num_groups; i++) {
if (group_list[i]
- == conn->server_info->utok.gid) {
- gid = conn->server_info->utok.gid;
+ == conn->force_group_gid) {
+ conn->server_info->utok.gid =
+ conn->force_group_gid;
+ gid = conn->force_group_gid;
gid_to_sid(&conn->server_info->ptok
->user_sids[1], gid);
break;
}
}
} else {
- gid = conn->server_info->utok.gid;
+ conn->server_info->utok.gid = conn->force_group_gid;
+ gid = conn->force_group_gid;
gid_to_sid(&conn->server_info->ptok->user_sids[1],
gid);
}