Fix show-stopper for 3.2. Smbd depends on group SID

position zero being the primary group sid. Authenicating
via winbindd call returned a non-sorted sid list. This
fixes is for both a winbindd call and a pac list from
an info3 struct. Without this we mess up the
primary group associated with created files. Found by
Herb.
Jeremy.
(This used to be commit cb925dec85cfc4cfc194c3ff76dbeba2bd2178d7)

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 98884eaddbfb77e7d2bd15291a3d4ffb77e36a38..9220df01c001ea7b8a9e4e3f6c0448f4b7653214 100644 (file)
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -26,6 +26,34 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
 
+/****************************************************************************
+ Ensure primary group SID is always at position 0 in a 
+ auth_serversupplied_info struct.
+****************************************************************************/
+
+static void sort_sid_array_for_smbd(auth_serversupplied_info *result,
+                               const DOM_SID *pgroup_sid)
+{
+       unsigned int i;
+
+       if (!result->sids) {
+               return;
+       }
+
+       if (sid_compare(&result->sids[0], pgroup_sid)==0) {
+               return;
+       }
+
+       for (i = 1; i < result->num_sids; i++) {
+               if (sid_compare(pgroup_sid,
+                               &result->sids[i]) == 0) {
+                       sid_copy(&result->sids[i], &result->sids[0]);
+                       sid_copy(&result->sids[0], pgroup_sid);
+                       return;
+               }
+       }
+}
+
 /****************************************************************************
  Create a UNIX user on demand.
 ****************************************************************************/
@@ -1742,6 +1770,9 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
                return nt_status;
        }
 
+       /* Ensure the primary group sid is at position 0. */
+       sort_sid_array_for_smbd(result, &group_sid);
+
        result->login_server = talloc_strdup(result,
                                             info3->base.logon_server.string);
 
@@ -1987,6 +2018,9 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
                memcpy(&result->sids[i], &info->sids[i+2].sid, sizeof(result->sids[i]));
        }
 
+       /* Ensure the primary group sid is at position 0. */
+       sort_sid_array_for_smbd(result, &group_sid);
+
        /* ensure we are never given NULL session keys */
 
        ZERO_STRUCT(zeros);