bpfire/src/patches/samba/samba-3.6.99-fix_security_server_share_access.patch

From 56bfca66b8597afe731f4624bb9f862bb45f81ba Mon Sep 17 00:00:00 2001
From: Matt Rogers <mrogers@redhat.com>
Date: Mon, 12 Oct 2015 14:46:18 +0200
Subject: [PATCH] PATCHSET33: s3-auch: Fix secuirty = server share access

Resolve user groups in non-winbind path of passwd_to_SamInfo3(), fixing
group memberships with server security.

Signed-off-by: Matt Rogers <mrogers@redhat.com>
---
 source3/auth/server_info.c | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index 1fd9317..91724cc 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -571,7 +571,9 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
 	enum lsa_SidType type;
 	uint32_t num_sids = 0;
 	struct dom_sid *user_sids = NULL;
+	gid_t *gids = NULL;
 	bool ok;
+	int i;
 
 	tmp_ctx = talloc_stackframe();
 
@@ -629,6 +631,29 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
 				    get_global_sam_sid(),
 				    DOMAIN_RID_USERS);
 		}
+
+		if (!getgroups_unix_user(tmp_ctx,
+					 unix_username,
+					 pwd->pw_gid,
+					 &gids,
+					 &num_sids)) {
+			DEBUG(1, ("Failed to get unix user groups.\n"));
+			goto done;
+		}
+
+		if (num_sids == 0) {
+			smb_panic("primary group missing");
+		}
+
+		user_sids = TALLOC_ARRAY(tmp_ctx, struct dom_sid, num_sids);
+
+		if (user_sids == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		for (i = 0; i < num_sids; i++) {
+			gid_to_sid(&user_sids[i], gids[i]);
+		}
 	}
 
 	/* Make sure we have a valid group sid */
@@ -696,6 +721,9 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
 
 	status = NT_STATUS_OK;
 done:
+	if (gids != NULL) {
+		talloc_free(gids);
+	}
 	talloc_free(tmp_ctx);
 
 	return status;
-- 
2.5.0