The Samba-Bugzilla – Attachment 2116 Details for
Bug 4047
post~3.0.22 group-membership handling undesirable
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to patch-3.0.23b-3.0.23c-gwc-1.diffs-patched code
patch-3.0.23b-3.0.23c-gwc-1.diffs.patch.1 (text/plain), 4.64 KB, created by
Buck Huppmann
on 2006-08-30 12:28:24 UTC
(
hide
)
Description:
patch to patch-3.0.23b-3.0.23c-gwc-1.diffs-patched code
Filename:
MIME Type:
Creator:
Buck Huppmann
Created:
2006-08-30 12:28:24 UTC
Size:
4.64 KB
patch
obsolete
>--- samba-3.0.23b/source/auth/auth_util.c.gwc 2006-08-29 16:06:48.000000000 -0400 >+++ samba-3.0.23b/source/auth/auth_util.c 2006-08-29 16:24:21.000000000 -0400 >@@ -551,40 +551,21 @@ > return result; > } > >+ > /*************************************************************************** >- Make (and fill) a user_info struct from a struct samu >+ Fill in the the UNIX-group-derived SIDs of a server_info struct. > ***************************************************************************/ > >-NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, >- struct samu *sampass) >+static NTSTATUS fill_in_unix_group_sids(struct samu *sampass, >+ auth_serversupplied_info *result) > { >+ > NTSTATUS status; >- struct passwd *pwd; > gid_t *gids; >- auth_serversupplied_info *result; > int i; > size_t num_gids; > DOM_SID unix_group_sid; > >- >- if ( !(pwd = getpwnam_alloc(NULL, pdb_get_username(sampass))) ) { >- DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n", >- pdb_get_username(sampass))); >- return NT_STATUS_NO_SUCH_USER; >- } >- >- if ( !(result = make_server_info(NULL)) ) { >- TALLOC_FREE(pwd); >- return NT_STATUS_NO_MEMORY; >- } >- >- result->sam_account = sampass; >- result->unix_name = talloc_strdup(result, pwd->pw_name); >- result->gid = pwd->pw_gid; >- result->uid = pwd->pw_uid; >- >- TALLOC_FREE(pwd); >- > status = pdb_enum_group_memberships(result, sampass, > &result->sids, &gids, > &result->num_sids); >@@ -592,8 +573,6 @@ > if (!NT_STATUS_IS_OK(status)) { > DEBUG(10, ("pdb_enum_group_memberships failed: %s\n", > nt_errstr(status))); >- result->sam_account = NULL; /* Don't free on error exit. */ >- TALLOC_FREE(result); > return status; > } > >@@ -607,8 +586,7 @@ > num_gids = result->num_sids; > for ( i=0; i<num_gids; i++ ) { > if ( !gid_to_unix_groups_sid( gids[i], &unix_group_sid ) ) { >- DEBUG(1,("make_server_info_sam: Failed to create SID " >- "for gid %d!\n", gids[i])); >+ DEBUG(1,("Failed to create SID for gid %d!\n", gids[i])); > continue; > } > add_sid_to_array_unique( result, &unix_group_sid, >@@ -621,6 +599,52 @@ > > TALLOC_FREE(gids); > >+ return NT_STATUS_OK; >+} >+ >+ >+/*************************************************************************** >+ Make (and fill) a user_info struct from a struct samu >+***************************************************************************/ >+ >+NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, >+ struct samu *sampass) >+{ >+ NTSTATUS status; >+ struct passwd *pwd; >+ gid_t *gids; >+ auth_serversupplied_info *result; >+ int i; >+ size_t num_gids; >+ DOM_SID unix_group_sid; >+ >+ >+ if ( !(pwd = getpwnam_alloc(NULL, pdb_get_username(sampass))) ) { >+ DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n", >+ pdb_get_username(sampass))); >+ return NT_STATUS_NO_SUCH_USER; >+ } >+ >+ if ( !(result = make_server_info(NULL)) ) { >+ TALLOC_FREE(pwd); >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ result->sam_account = sampass; >+ result->unix_name = talloc_strdup(result, pwd->pw_name); >+ result->gid = pwd->pw_gid; >+ result->uid = pwd->pw_uid; >+ >+ TALLOC_FREE(pwd); >+ >+ status = fill_in_unix_group_sids(sampass, result); >+ >+ if (!NT_STATUS_IS_OK(status)) { >+ result->sam_account = NULL; /* Don't free on error exit. */ >+ TALLOC_FREE(result); >+ return status; >+ } >+ > DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n", > pdb_get_username(sampass), result->unix_name)); > >@@ -1343,22 +1367,14 @@ > result->uid = pwd->pw_uid; > result->gid = pwd->pw_gid; > >- status = pdb_enum_group_memberships(result, sampass, >- &result->sids, &gids, >- &result->num_sids); >+ status = fill_in_unix_group_sids(sampass, result); > > if (!NT_STATUS_IS_OK(status)) { >- DEBUG(10, ("pdb_enum_group_memberships failed: %s\n", >- nt_errstr(status))); >+ TALLOC_FREE(sampass); > TALLOC_FREE(result); > return status; > } > >- /* For now we throw away the gids and convert via sid_to_gid >- * later. This needs fixing, but I'd like to get the code straight and >- * simple first. */ >- TALLOC_FREE(gids); >- > *server_info = result; > > return NT_STATUS_OK; >@@ -1810,6 +1826,7 @@ > info3->gids[i].g_rid)) { > DEBUG(3,("could not append additional group rid " > "0x%x\n", info3->gids[i].g_rid)); >+ TALLOC_FREE(sam_account); > TALLOC_FREE(result); > return NT_STATUS_INVALID_PARAMETER; > } >@@ -1817,6 +1834,15 @@ > &result->num_sids); > } > >+ nt_status = fill_in_unix_group_sids(sam_account, result); >+ >+ if (!NT_STATUS_IS_OK(nt_status)) { >+ /* XXX is this worth error-ing out */ >+ TALLOC_FREE(sam_account); >+ TALLOC_FREE(result); >+ return nt_status; >+ } >+ > /* Copy 'other' sids. We need to do sid filtering here to > prevent possible elevation of privileges. See: >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2116">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 4047
:
2103
| 2116 |
2117