The Samba-Bugzilla – Attachment 14790 Details for
Bug 13690
Adding `force group = ...` to an active SMB sessoin causes PANIC
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.7.x and above.
0001-smbd-uid-Don-t-crash-if-force-group-is-added-to-an-e.patch (text/plain), 2.60 KB, created by
Jeremy Allison
on 2019-01-18 22:27:15 UTC
(
hide
)
Description:
git-am fix for 4.7.x and above.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2019-01-18 22:27:15 UTC
Size:
2.60 KB
patch
obsolete
>From a8294603e780aef2900688260039d30351976315 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Fri, 18 Jan 2019 14:24:30 -0800 >Subject: [PATCH] smbd: uid: Don't crash if 'force group' is added to an > existing share connection. > >smbd could crash if "force group" is added to a >share definition whilst an existing connection >to that share exists. In that case, don't change >the existing credentials for force group, only >do so for new connections. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690 > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > source3/smbd/uid.c | 35 +++++++++++++++++++++++++++++++++-- > 1 file changed, 33 insertions(+), 2 deletions(-) > >diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c >index 7aecea5f857..a4bcb747d37 100644 >--- a/source3/smbd/uid.c >+++ b/source3/smbd/uid.c >@@ -291,6 +291,7 @@ static bool change_to_user_internal(connection_struct *conn, > int snum; > gid_t gid; > uid_t uid; >+ const char *force_group_name; > char group_c; > int num_groups = 0; > gid_t *group_list = NULL; >@@ -330,9 +331,39 @@ static bool change_to_user_internal(connection_struct *conn, > * See if we should force group for this service. If so this overrides > * any group set in the force user code. > */ >- if((group_c = *lp_force_group(talloc_tos(), snum))) { >+ force_group_name = lp_force_group(talloc_tos(), snum); >+ group_c = *force_group_name; > >- SMB_ASSERT(conn->force_group_gid != (gid_t)-1); >+ if ((group_c != '\0') && (conn->force_group_gid == (gid_t)-1)) { >+ /* >+ * This can happen if "force group" is added to a >+ * share definition whilst an existing connection >+ * to that share exists. In that case, don't change >+ * the existing credentials for force group, only >+ * do so for new connections. >+ * >+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690 >+ */ >+ DBG_INFO("Not forcing group %s on existing connection to " >+ "share %s for SMB user %s (unix user %s)\n", >+ force_group_name, >+ lp_const_servicename(snum), >+ session_info->unix_info->sanitized_username, >+ session_info->unix_info->unix_name); >+ } >+ >+ if((group_c != '\0') && (conn->force_group_gid != (gid_t)-1)) { >+ /* >+ * Only force group for connections where >+ * conn->force_group_gid has already been set >+ * to the correct value (i.e. the connection >+ * happened after the 'force group' definition >+ * was added to the share definition. Connections >+ * that were made before force group was added >+ * should stay with their existing credentials. >+ * >+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690 >+ */ > > if (group_c == '+') { > int i; >-- >2.20.1.321.g9e740568ce-goog >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13690
:
14790
|
14797
|
14802
|
14803