summaryrefslogtreecommitdiffstats
path: root/source3
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-08 13:04:44 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-08 13:04:44 +0000
commit394ebc3350b1ede6028b6ecfa4dcac6e4ec5eed6 (patch)
tree3eecf214cd57fecedd32d49a6705af9cd491c634 /source3
parentAdding debian version 2:4.20.0+dfsg-1~exp2. (diff)
downloadsamba-394ebc3350b1ede6028b6ecfa4dcac6e4ec5eed6.tar.xz
samba-394ebc3350b1ede6028b6ecfa4dcac6e4ec5eed6.zip
Merging upstream version 2:4.20.1+dfsg.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/utils/smbcacls.c4
-rw-r--r--source3/winbindd/winbindd_ads.c11
2 files changed, 11 insertions, 4 deletions
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index ff11ba4..e0591ac 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -914,6 +914,10 @@ static uint8_t get_flags_to_propagate(bool is_container,
/* Assume we are not propagating the ACE */
newflags &= ~SEC_ACE_FLAG_INHERITED_ACE;
+
+ /* Inherit-only flag is not propagated to children */
+
+ newflags &= ~SEC_ACE_FLAG_INHERIT_ONLY;
/* all children need to have the SEC_ACE_FLAG_INHERITED_ACE set */
if (acl_cntrinherit || acl_objinherit) {
/*
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 7e572e5..7d63240 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1039,7 +1039,7 @@ static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
}
static NTSTATUS add_primary_group_members(
- ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t rid,
+ ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t rid, const char *domname,
char ***all_members, size_t *num_all_members)
{
char *filter;
@@ -1051,10 +1051,13 @@ static NTSTATUS add_primary_group_members(
char **members;
size_t num_members;
ads_control args;
+ bool all_groupmem = idmap_config_bool(domname, "all_groupmem", false);
filter = talloc_asprintf(
- mem_ctx, "(&(objectCategory=user)(primaryGroupID=%u))",
- (unsigned)rid);
+ mem_ctx,
+ "(&(objectCategory=user)(primaryGroupID=%u)%s)",
+ (unsigned)rid,
+ all_groupmem ? "" : "(uidNumber=*)(!(uidNumber=0))");
if (filter == NULL) {
goto done;
}
@@ -1206,7 +1209,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
DEBUG(10, ("ads lookup_groupmem: got %d sids via extended dn call\n", (int)num_members));
- status = add_primary_group_members(ads, mem_ctx, rid,
+ status = add_primary_group_members(ads, mem_ctx, rid, domain->name,
&members, &num_members);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("%s: add_primary_group_members failed: %s\n",
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-14 16:54:09 +0000