The Samba-Bugzilla – Attachment 11357 Details for
Bug 9862
Samba "map to guest = Bad uid" doesn't work
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.2
4.2.patch (text/plain), 5.97 KB, created by
Andreas Schneider
on 2015-08-24 08:02:48 UTC
(
hide
)
Description:
patch for 4.2
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2015-08-24 08:02:48 UTC
Size:
5.97 KB
patch
obsolete
>From 4438a33e0e3621e9b178620ba0e543069bf85012 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 19 Aug 2015 16:11:47 +0200 >Subject: [PATCH 1/3] s3-auth: Fix 'map to guest = Bad Uid' support > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 34965d4d98d172e848e2b96fad8a9e0b99288ba7) >--- > source3/auth/auth_util.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > >diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c >index 1c2cf80..dcf173d 100644 >--- a/source3/auth/auth_util.c >+++ b/source3/auth/auth_util.c >@@ -1397,6 +1397,14 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, > &username_was_mapped); > > if (!NT_STATUS_IS_OK(nt_status)) { >+ /* Handle 'map to guest = Bad Uid */ >+ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) && >+ (lp_security() == SEC_ADS || lp_security() == SEC_DOMAIN) && >+ lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) { >+ DEBUG(2, ("Try to map %s to guest account", >+ nt_username)); >+ return make_server_info_guest(mem_ctx, server_info); >+ } > return nt_status; > } > >-- >2.5.0 > > >From e0cfca754ed1c540f3b8a5adcea3bd85aac74930 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 19 Aug 2015 16:24:08 +0200 >Subject: [PATCH 2/3] s3-auth: Pass nt_username to check_account() > >We set nt_username above but do not use it in this function. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit e8c76932e4ac192a00afa3b9731f5921c4b37da6) >--- > source3/auth/auth_util.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > >diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c >index dcf173d..688072e 100644 >--- a/source3/auth/auth_util.c >+++ b/source3/auth/auth_util.c >@@ -1392,9 +1392,12 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, > > /* this call will try to create the user if necessary */ > >- nt_status = check_account(mem_ctx, nt_domain, sent_nt_username, >- &found_username, &pwd, >- &username_was_mapped); >+ nt_status = check_account(mem_ctx, >+ nt_domain, >+ nt_username, >+ &found_username, >+ &pwd, >+ &username_was_mapped); > > if (!NT_STATUS_IS_OK(nt_status)) { > /* Handle 'map to guest = Bad Uid */ >-- >2.5.0 > > >From d8421a1885a60a57fd35115a717a6f4c88133ded Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 19 Aug 2015 16:19:30 +0200 >Subject: [PATCH 3/3] s3-auth: Fix a memory leak in make_server_info_info3() > >We call make_server_info(NULL) and it is possible that we do not free >it, because server_info is not allocated on the memory context we pass >to the function. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 6363c0232c2238e1a782e9c22ef762e3ff9b7563) >--- > source3/auth/auth_util.c | 36 ++++++++++++++++++++++++------------ > 1 file changed, 24 insertions(+), 12 deletions(-) > >diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c >index 688072e..de5d541 100644 >--- a/source3/auth/auth_util.c >+++ b/source3/auth/auth_util.c >@@ -1349,6 +1349,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, > bool username_was_mapped; > struct passwd *pwd; > struct auth_serversupplied_info *result; >+ TALLOC_CTX *tmp_ctx = talloc_stackframe(); > > /* > Here is where we should check the list of >@@ -1357,15 +1358,17 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, > */ > > if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) { >- return NT_STATUS_INVALID_PARAMETER; >+ nt_status = NT_STATUS_INVALID_PARAMETER; >+ goto out; > } > > if (!sid_compose(&group_sid, info3->base.domain_sid, > info3->base.primary_gid)) { >- return NT_STATUS_INVALID_PARAMETER; >+ nt_status = NT_STATUS_INVALID_PARAMETER; >+ goto out; > } > >- nt_username = talloc_strdup(mem_ctx, info3->base.account_name.string); >+ nt_username = talloc_strdup(tmp_ctx, info3->base.account_name.string); > if (!nt_username) { > /* If the server didn't give us one, just use the one we sent > * them */ >@@ -1392,7 +1395,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, > > /* this call will try to create the user if necessary */ > >- nt_status = check_account(mem_ctx, >+ nt_status = check_account(tmp_ctx, > nt_domain, > nt_username, > &found_username, >@@ -1406,15 +1409,20 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, > lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) { > DEBUG(2, ("Try to map %s to guest account", > nt_username)); >- return make_server_info_guest(mem_ctx, server_info); >+ nt_username); >+ nt_status = make_server_info_guest(tmp_ctx, &result); >+ if (NT_STATUS_IS_OK(nt_status)) { >+ *server_info = talloc_move(mem_ctx, &result); >+ } > } >- return nt_status; >+ goto out; > } > >- result = make_server_info(NULL); >+ result = make_server_info(tmp_ctx); > if (result == NULL) { > DEBUG(4, ("make_server_info failed!\n")); >- return NT_STATUS_NO_MEMORY; >+ nt_status = NT_STATUS_NO_MEMORY; >+ goto out; > } > > result->unix_name = talloc_strdup(result, found_username); >@@ -1422,8 +1430,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, > /* copy in the info3 */ > result->info3 = copy_netr_SamInfo3(result, info3); > if (result->info3 == NULL) { >- TALLOC_FREE(result); >- return NT_STATUS_NO_MEMORY; >+ nt_status = NT_STATUS_NO_MEMORY; >+ goto out; > } > > /* Fill in the unix info we found on the way */ >@@ -1453,9 +1461,13 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, > > result->guest = (info3->base.user_flags & NETLOGON_GUEST); > >- *server_info = result; >+ *server_info = talloc_move(mem_ctx, &result); > >- return NT_STATUS_OK; >+ nt_status = NT_STATUS_OK; >+out: >+ talloc_free(tmp_ctx); >+ >+ return nt_status; > } > > /***************************************************************************** >-- >2.5.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11357">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 9862
:
11356
|
11357
|
11358
|
11360
|
11361