The branch, master has been updated
via a256d61 s3-winbind: Fix bug #9052 resolving our own "Domain Local"
groups.
via 111c215 Fix problem found by Andrew Bartlett - correctly check
encrypted flag.
from 4b64ec5 libcli/smb: set should_encrypt = true if we got
SMB2_SESSION_FLAG_ENCRYPT_DATA
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a256d61c505ab10710c7d7152bab4f018cfdcd74
Author: Andreas Schneider <a...@samba.org>
Date: Fri Jul 20 17:12:09 2012 -0700
s3-winbind: Fix bug #9052 resolving our own "Domain Local" groups.
We don't resolve our own "Domain Local" groups since bug #7843 has been
fixed. So we need to add the add resource groups to the sid list too.
Before bug #7843 the "Domain Local" groups were added with a
lookupuseraliases call, but this isn't done anymore for our domain
so we need to resolve resource groups here.
When to use Resource Groups:
http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx
Signed-off-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Mon Jul 23 22:12:30 CEST 2012 on sn-devel-104
commit 111c2159de6e417e7912dc8b26f6d3a2ce20de20
Author: Jeremy Allison <j...@samba.org>
Date: Mon Jul 23 10:20:26 2012 -0700
Fix problem found by Andrew Bartlett - correctly check encrypted flag.
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 3 +--
source3/lib/util_sid.c | 9 +--------
source3/smbd/reply.c | 8 ++++++--
source3/winbindd/winbindd_pam.c | 2 +-
source3/winbindd/winbindd_util.c | 12 +++++++++---
5 files changed, 18 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 585067e..3a2bf1b 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -549,8 +549,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
const struct netr_SamInfo3 *info3,
struct dom_sid **user_sids,
uint32_t *num_user_sids,
- bool include_user_group_rid,
- bool skip_ressource_groups);
+ bool include_user_group_rid);
/* The following definitions come from lib/util_sock.c */
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index f080d3d..f051b7a 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -130,8 +130,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
const struct netr_SamInfo3 *info3,
struct dom_sid **user_sids,
uint32_t *num_user_sids,
- bool include_user_group_rid,
- bool skip_ressource_groups)
+ bool include_user_group_rid)
{
NTSTATUS status;
struct dom_sid sid;
@@ -191,12 +190,6 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
*/
for (i = 0; i < info3->sidcount; i++) {
-
- if (skip_ressource_groups &&
- (info3->sids[i].attributes & SE_GROUP_RESOURCE)) {
- continue;
- }
-
status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
&sid_array, &num_sids);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 2022af7..97abc85 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -4944,8 +4944,12 @@ static void do_smb1_close(struct tevent_req *req)
} else {
reply_nterror(smbreq, status);
}
- if (!srv_send_smb(smbreq->sconn, smbreq->outbuf, true,
- smbreq->seqnum+1, encrypt, NULL)) {
+ if (!srv_send_smb(smbreq->sconn,
+ smbreq->outbuf,
+ true,
+ smbreq->seqnum+1,
+ IS_CONN_ENCRYPTED(smbreq->conn)||smbreq->encrypted,
+ NULL)) {
exit_server_cleanly("handle_aio_read_complete: srv_send_smb "
"failed.");
}
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 96956d0..a64cc56 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -308,7 +308,7 @@ static NTSTATUS check_info3_in_group(struct netr_SamInfo3
*info3,
status = sid_array_from_info3(talloc_tos(), info3,
&token->sids,
&token->num_sids,
- true, false);
+ true);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 162cdf2..52ce1e3 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1033,12 +1033,18 @@ NTSTATUS lookup_usergroups_cached(struct
winbindd_domain *domain,
return NT_STATUS_UNSUCCESSFUL;
}
- /* Skip Domain local groups outside our domain.
- We'll get these from the getsidaliases() RPC call. */
+ /*
+ * Before bug #7843 the "Domain Local" groups were added with a
+ * lookupuseraliases call, but this isn't done anymore for our domain
+ * so we need to resolve resource groups here.
+ *
+ * When to use Resource Groups:
+ * http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx
+ */
status = sid_array_from_info3(mem_ctx, info3,
user_sids,
&num_groups,
- false, true);
+ false);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(info3);
--
Samba Shared Repository
