From bd66d27e4e1ee9454e99a1f627292f2352d7a631 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 19 Aug 2015 16:11:47 +0200 Subject: [PATCH 1/3] s3-auth: Fix 'map to guest = Bad Uid' support BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner (cherry picked from commit 34965d4d98d172e848e2b96fad8a9e0b99288ba7) --- source3/auth/auth_util.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 69e150f..593ecfb 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1397,6 +1397,14 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, &username_was_mapped); if (!NT_STATUS_IS_OK(nt_status)) { + /* Handle 'map to guest = Bad Uid */ + if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) && + (lp_security() == SEC_ADS || lp_security() == SEC_DOMAIN) && + lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) { + DBG_NOTICE("Try to map %s to guest account", + nt_username); + return make_server_info_guest(mem_ctx, server_info); + } return nt_status; } -- 2.5.0 From 2669307dd3c745590e13d759cfba12d46ef3c9f8 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 19 Aug 2015 16:24:08 +0200 Subject: [PATCH 2/3] s3-auth: Pass nt_username to check_account() We set nt_username above but do not use it in this function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner (cherry picked from commit e8c76932e4ac192a00afa3b9731f5921c4b37da6) --- source3/auth/auth_util.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 593ecfb..fd498fa 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1392,9 +1392,12 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* this call will try to create the user if necessary */ - nt_status = check_account(mem_ctx, nt_domain, sent_nt_username, - &found_username, &pwd, - &username_was_mapped); + nt_status = check_account(mem_ctx, + nt_domain, + nt_username, + &found_username, + &pwd, + &username_was_mapped); if (!NT_STATUS_IS_OK(nt_status)) { /* Handle 'map to guest = Bad Uid */ -- 2.5.0 From 5bee82b1f48242e03fc21e68ea96f2d866ac05dd Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 19 Aug 2015 16:19:30 +0200 Subject: [PATCH 3/3] s3-auth: Fix a memory leak in make_server_info_info3() We call make_server_info(NULL) and it is possible that we do not free it, because server_info is not allocated on the memory context we pass to the function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner (cherry picked from commit 6363c0232c2238e1a782e9c22ef762e3ff9b7563) --- source3/auth/auth_util.c | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index fd498fa..b079d04 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1349,6 +1349,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, bool username_was_mapped; struct passwd *pwd; struct auth_serversupplied_info *result; + TALLOC_CTX *tmp_ctx = talloc_stackframe(); /* Here is where we should check the list of @@ -1357,15 +1358,17 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, */ if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) { - return NT_STATUS_INVALID_PARAMETER; + nt_status = NT_STATUS_INVALID_PARAMETER; + goto out; } if (!sid_compose(&group_sid, info3->base.domain_sid, info3->base.primary_gid)) { - return NT_STATUS_INVALID_PARAMETER; + nt_status = NT_STATUS_INVALID_PARAMETER; + goto out; } - nt_username = talloc_strdup(mem_ctx, info3->base.account_name.string); + nt_username = talloc_strdup(tmp_ctx, info3->base.account_name.string); if (!nt_username) { /* If the server didn't give us one, just use the one we sent * them */ @@ -1392,7 +1395,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* this call will try to create the user if necessary */ - nt_status = check_account(mem_ctx, + nt_status = check_account(tmp_ctx, nt_domain, nt_username, &found_username, @@ -1406,15 +1409,19 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) { DBG_NOTICE("Try to map %s to guest account", nt_username); - return make_server_info_guest(mem_ctx, server_info); + nt_status = make_server_info_guest(tmp_ctx, &result); + if (NT_STATUS_IS_OK(nt_status)) { + *server_info = talloc_move(mem_ctx, &result); + } } - return nt_status; + goto out; } - result = make_server_info(NULL); + result = make_server_info(tmp_ctx); if (result == NULL) { DEBUG(4, ("make_server_info failed!\n")); - return NT_STATUS_NO_MEMORY; + nt_status = NT_STATUS_NO_MEMORY; + goto out; } result->unix_name = talloc_strdup(result, found_username); @@ -1422,8 +1429,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* copy in the info3 */ result->info3 = copy_netr_SamInfo3(result, info3); if (result->info3 == NULL) { - TALLOC_FREE(result); - return NT_STATUS_NO_MEMORY; + nt_status = NT_STATUS_NO_MEMORY; + goto out; } /* Fill in the unix info we found on the way */ @@ -1453,9 +1460,13 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, result->guest = (info3->base.user_flags & NETLOGON_GUEST); - *server_info = result; + *server_info = talloc_move(mem_ctx, &result); - return NT_STATUS_OK; + nt_status = NT_STATUS_OK; +out: + talloc_free(tmp_ctx); + + return nt_status; } /***************************************************************************** -- 2.5.0