Attachment 11609 Details for Bug 11608 – git-am fix for 4.3.next

[patch] git-am fix for 4.3.next

wkn43.patch (text/plain), 7.42 KB, created by Uri Simchoni on 2015-11-20 18:39:48 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Uri Simchoni

Created: 2015-11-20 18:39:48 UTC

Size: 7.42 KB

patch

obsolete

>From c9fa5ea7d031d4d43258a72d49932b37ec0fe499 Mon Sep 17 00:00:00 2001
>From: Uri Simchoni <uri@samba.org>
>Date: Tue, 17 Nov 2015 21:43:44 +0200
>Subject: [PATCH 1/3] auth: remove a line that has no effect
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11608
>
>Signed-off-by: Uri Simchoni <uri@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 42b7d48f76189b1e138f5cac6489a4d018598c87)
>---
> source3/auth/server_info.c | 2 --
> 1 file changed, 2 deletions(-)
>
>diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
>index b537390..4d046bb 100644
>--- a/source3/auth/server_info.c
>+++ b/source3/auth/server_info.c
>@@ -600,8 +600,6 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
> 		 */
> 		gid_to_sid(&group_sid, pwd->pw_gid);
> 
>-		ZERO_STRUCT(domain_sid);
>-
> 		/*
> 		 * If we are a unix group, set the group_sid to the
> 		 * 'Domain Users' RID of 513 which will always resolve to a
>-- 
>2.4.3
>
>
>From 79d83546ac7765ec990f482fc91519e1aa650461 Mon Sep 17 00:00:00 2001
>From: Uri Simchoni <uri@samba.org>
>Date: Tue, 17 Nov 2015 23:05:10 +0200
>Subject: [PATCH 2/3] auth: consistent handling of well-known alias as primary
> gid
>
>When a local user has its primary group id mapped to a well-known
>alias or a builtin group, smbd accepts logins of such a user, but
>fails tree-connects to shares with a "force user" set to this user
>with an error of NT_STATUS_INVALID_SID.
>
>This fix causes the connect to succeed and the NT token to resemble
>the token that would have been created in a login.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11608
>
>Signed-off-by: Uri Simchoni <uri@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit d8717a038ef82caf05fff611c7cf92aecc436563)
>---
> source3/auth/server_info.c | 23 +++++++++++++++++------
> 1 file changed, 17 insertions(+), 6 deletions(-)
>
>diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
>index 4d046bb..9194cbd 100644
>--- a/source3/auth/server_info.c
>+++ b/source3/auth/server_info.c
>@@ -599,16 +599,27 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
> 		 * will be rejected by other Samba code.
> 		 */
> 		gid_to_sid(&group_sid, pwd->pw_gid);
>+	}
> 
>-		/*
>-		 * If we are a unix group, set the group_sid to the
>-		 * 'Domain Users' RID of 513 which will always resolve to a
>-		 * name.
>-		 */
>-		if (sid_check_is_in_unix_groups(&group_sid)) {
>+	/*
>+	 * If we are a unix group, or a wellknown/builtin alias,
>+	 * set the group_sid to the
>+	 * 'Domain Users' RID of 513 which will always resolve to a
>+	 * name.
>+	 */
>+	if (sid_check_is_in_unix_groups(&group_sid) ||
>+	    sid_check_is_in_builtin(&group_sid) ||
>+	    sid_check_is_in_wellknown_domain(&group_sid)) {
>+		if (sid_check_is_in_unix_users(&user_sid)) {
> 			sid_compose(&group_sid,
> 				    get_global_sam_sid(),
> 				    DOMAIN_RID_USERS);
>+		} else {
>+			sid_copy(&domain_sid, &user_sid);
>+			sid_split_rid(&domain_sid, NULL);
>+			sid_compose(&group_sid,
>+				    &domain_sid,
>+				    DOMAIN_RID_USERS);
> 		}
> 	}
> 
>-- 
>2.4.3
>
>
>From b4046bfc7d5382a19d0fb1309208480aa51c67b5 Mon Sep 17 00:00:00 2001
>From: Uri Simchoni <uri@samba.org>
>Date: Tue, 17 Nov 2015 23:14:36 +0200
>Subject: [PATCH 3/3] selftest: add test for force user and well-known primary
> group
>
>Add a test for connecting to a share with a "force user" whos
>primary unix gid maps to a well-known alias.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11608
>
>Signed-off-by: Uri Simchoni <uri@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>
>Autobuild-User(master): Jeremy Allison <jra@samba.org>
>Autobuild-Date(master): Thu Nov 19 23:20:36 CET 2015 on sn-devel-104
>(cherry picked from commit d451bbaee2e025d4135f686c0f220d6337dbf38e)
>---
> selftest/target/Samba3.pm                   | 18 +++++++++++++++++-
> source3/script/tests/test_smbclient_auth.sh |  1 +
> 2 files changed, 18 insertions(+), 1 deletion(-)
>
>diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
>index 774d7a0..931667e 100755
>--- a/selftest/target/Samba3.pm
>+++ b/selftest/target/Samba3.pm
>@@ -1202,7 +1202,9 @@ sub provision($$$$$$$$)
> 
> 	my ($max_uid, $max_gid);
> 	my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2);
>+	my ($uid_pdbtest_wkn);
> 	my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins);
>+	my ($gid_everyone);
> 
> 	if ($unix_uid < 0xffff - 4) {
> 		$max_uid = 0xffff;
>@@ -1214,8 +1216,9 @@ sub provision($$$$$$$$)
> 	$uid_nobody = $max_uid - 2;
> 	$uid_pdbtest = $max_uid - 3;
> 	$uid_pdbtest2 = $max_uid - 4;
>+	$uid_pdbtest_wkn = $max_uid - 6;
> 
>-	if ($unix_gids[0] < 0xffff - 5) {
>+	if ($unix_gids[0] < 0xffff - 7) {
> 		$max_gid = 0xffff;
> 	} else {
> 		$max_gid = $unix_gids[0];
>@@ -1226,6 +1229,7 @@ sub provision($$$$$$$$)
> 	$gid_root = $max_gid - 3;
> 	$gid_domusers = $max_gid - 4;
> 	$gid_domadmins = $max_gid - 5;
>+	$gid_everyone = $max_gid - 7;
> 
> 	##
> 	## create conffile
>@@ -1368,9 +1372,15 @@ sub provision($$$$$$$$)
>         force user = $unix_name
>         guest ok = yes
> [forceuser_unixonly]
>+	comment = force a user with unix user SID and group SID
> 	path = $shrdir
> 	force user = pdbtest
> 	guest ok = yes
>+[forceuser_wkngroup]
>+	comment = force a user with well-known group SID
>+	path = $shrdir
>+	force user = pdbtest_wkn
>+	guest ok = yes
> [forcegroup]
> 	path = $shrdir
>         force group = nogroup
>@@ -1497,6 +1507,7 @@ sub provision($$$$$$$$)
> $unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false
> pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
> pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
>+pdbtest_wkn:x:$uid_pdbtest_wkn:$gid_everyone:pdbtest_wkn gecos:$prefix_abs:/bin/false
> ";
> 	if ($unix_uid != 0) {
> 		print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false
>@@ -1513,6 +1524,7 @@ nogroup:x:$gid_nogroup:nobody
> $unix_name-group:x:$unix_gids[0]:
> domusers:X:$gid_domusers:
> domadmins:X:$gid_domadmins:
>+everyone:x:$gid_everyone:
> ";
> 	if ($unix_gids[0] != 0) {
> 		print GROUP "root:x:$gid_root:
>@@ -1705,6 +1717,10 @@ sub wait_for_start($$$$$)
> 	if ($ret != 0) {
> 	    return 1;
> 	}
>+	$ret = system(Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin");
>+	if ($ret != 0) {
>+	    return 1;
>+	}
> 
> 	if ($winbindd eq "yes") {
> 	    # note: creating builtin groups requires winbindd for the
>diff --git a/source3/script/tests/test_smbclient_auth.sh b/source3/script/tests/test_smbclient_auth.sh
>index 24e98b1..057414c 100755
>--- a/source3/script/tests/test_smbclient_auth.sh
>+++ b/source3/script/tests/test_smbclient_auth.sh
>@@ -28,5 +28,6 @@ testit "smbclient //$SERVER/tmpguest as anon" $SMBCLIENT //$SERVER/tmpguest $CON
> testit "smbclient //$SERVER/forceuser" $SMBCLIENT //$SERVER/forceuser $CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -p 139 -c quit $ADDARGS
> testit "smbclient //$SERVER/forceuser as anon" $SMBCLIENT //$SERVER/forceuser $CONFIGURATION -U% -I $SERVER_IP -p 139 -c quit $ADDARGS
> testit "smbclient //$SERVER/forceuser_unixonly" $SMBCLIENT //$SERVER/forceuser_unixonly $CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -p 139 -c quit $ADDARGS
>+testit "smbclient //$SERVER/forceuser_wkngroup" $SMBCLIENT //$SERVER/forceuser_wkngroup $CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -p 139 -c quit $ADDARGS
> testit "smbclient //$SERVER/forcegroup" $SMBCLIENT //$SERVER/forcegroup $CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -p 139 -c quit $ADDARGS
> testit "smbclient //$SERVER/forcegroup as anon" $SMBCLIENT //$SERVER/forcegroup $CONFIGURATION -U% -I $SERVER_IP -p 139 -c quit $ADDARGS
>-- 
>2.4.3
>

Flags:

jra: review+

Actions: View

Attachments on bug 11608: 11609