The Samba-Bugzilla – Attachment 5630 Details for
Bug 7357
be813ff2d4a8d85ec from master needs to go into the release branches
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 3.4
7357-3.4.patch (text/plain), 7.70 KB, created by
Volker Lendecke
on 2010-04-13 09:11:38 UTC
(
hide
)
Description:
Patch for 3.4
Filename:
MIME Type:
Creator:
Volker Lendecke
Created:
2010-04-13 09:11:38 UTC
Size:
7.70 KB
patch
obsolete
>From 6eed738fa3847e9c2b4e2544a7ff0ea3bde1bd1f Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 13 Apr 2010 12:09:21 +0200 >Subject: [PATCH] libwbclient: Re-Fix a bug that was fixed with e5741e27c4c > >> r21878: Fix a bug with smbd serving a windows terminal server: If winbind >> decides smbd to be idle it might happen that smbd needs to do a winbind >> operation (for example sid2name) as non-root. This then fails to get the >> privileged pipe. When later on on the same connection another authentication >> request comes in, we try to do the CRAP auth via the non-privileged pipe. >> >> This adds a winbindd_priv_request_response() request that kills the existing >> winbind pipe connection if it's not privileged. > >The fix for this was lost during the conversion to libwbclient. > >Thanks to Ira Cooper <samba@ira.wakeful.net> for pointing this out! > >Volker >--- > nsswitch/libwbclient/wbc_idmap.c | 32 +++++++++++++++--------------- > nsswitch/libwbclient/wbc_pam.c | 13 ++++++----- > nsswitch/libwbclient/wbclient.c | 31 +++++++++++++++++++++++++--- > nsswitch/libwbclient/wbclient_internal.h | 3 ++ > 4 files changed, 53 insertions(+), 26 deletions(-) > >diff --git a/nsswitch/libwbclient/wbc_idmap.c b/nsswitch/libwbclient/wbc_idmap.c >index 5b2ab87..318e963 100644 >--- a/nsswitch/libwbclient/wbc_idmap.c >+++ b/nsswitch/libwbclient/wbc_idmap.c >@@ -222,8 +222,8 @@ wbcErr wbcAllocateUid(uid_t *puid) > > /* Make request */ > >- wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_UID, >- &request, &response); >+ wbc_status = wbcRequestResponsePriv(WINBINDD_ALLOCATE_UID, >+ &request, &response); > BAIL_ON_WBC_ERROR(wbc_status); > > /* Copy out result */ >@@ -252,8 +252,8 @@ wbcErr wbcAllocateGid(gid_t *pgid) > > /* Make request */ > >- wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_GID, >- &request, &response); >+ wbc_status = wbcRequestResponsePriv(WINBINDD_ALLOCATE_GID, >+ &request, &response); > BAIL_ON_WBC_ERROR(wbc_status); > > /* Copy out result */ >@@ -298,8 +298,8 @@ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid) > sizeof(request.data.dual_idmapset.sid)-1); > wbcFreeMemory(sid_string); > >- wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING, >- &request, &response); >+ wbc_status = wbcRequestResponsePriv(WINBINDD_SET_MAPPING, >+ &request, &response); > BAIL_ON_WBC_ERROR(wbc_status); > > done: >@@ -335,8 +335,8 @@ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid) > sizeof(request.data.dual_idmapset.sid)-1); > wbcFreeMemory(sid_string); > >- wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING, >- &request, &response); >+ wbc_status = wbcRequestResponsePriv(WINBINDD_SET_MAPPING, >+ &request, &response); > BAIL_ON_WBC_ERROR(wbc_status); > > done: >@@ -372,8 +372,8 @@ wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid) > sizeof(request.data.dual_idmapset.sid)-1); > wbcFreeMemory(sid_string); > >- wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING, >- &request, &response); >+ wbc_status = wbcRequestResponsePriv(WINBINDD_REMOVE_MAPPING, >+ &request, &response); > BAIL_ON_WBC_ERROR(wbc_status); > > done: >@@ -409,8 +409,8 @@ wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid) > sizeof(request.data.dual_idmapset.sid)-1); > wbcFreeMemory(sid_string); > >- wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING, >- &request, &response); >+ wbc_status = wbcRequestResponsePriv(WINBINDD_REMOVE_MAPPING, >+ &request, &response); > BAIL_ON_WBC_ERROR(wbc_status); > > done: >@@ -434,8 +434,8 @@ wbcErr wbcSetUidHwm(uid_t uid_hwm) > request.data.dual_idmapset.id = uid_hwm; > request.data.dual_idmapset.type = _ID_TYPE_UID; > >- wbc_status = wbcRequestResponse(WINBINDD_SET_HWM, >- &request, &response); >+ wbc_status = wbcRequestResponsePriv(WINBINDD_SET_HWM, >+ &request, &response); > BAIL_ON_WBC_ERROR(wbc_status); > > done: >@@ -459,8 +459,8 @@ wbcErr wbcSetGidHwm(gid_t gid_hwm) > request.data.dual_idmapset.id = gid_hwm; > request.data.dual_idmapset.type = _ID_TYPE_GID; > >- wbc_status = wbcRequestResponse(WINBINDD_SET_HWM, >- &request, &response); >+ wbc_status = wbcRequestResponsePriv(WINBINDD_SET_HWM, >+ &request, &response); > BAIL_ON_WBC_ERROR(wbc_status); > > done: >diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c >index 422665a..7d4f1d1 100644 >--- a/nsswitch/libwbclient/wbc_pam.c >+++ b/nsswitch/libwbclient/wbc_pam.c >@@ -459,9 +459,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, > request.flags |= params->flags; > } > >- wbc_status = wbcRequestResponse(cmd, >- &request, >- &response); >+ if (cmd == WINBINDD_PAM_AUTH_CRAP) { >+ wbc_status = wbcRequestResponsePriv(cmd, &request, &response); >+ } else { >+ wbc_status = wbcRequestResponse(cmd, &request, &response); >+ } > if (response.data.auth.nt_status != 0) { > if (error) { > wbc_status = wbc_create_error_info(NULL, >@@ -513,9 +515,8 @@ wbcErr wbcCheckTrustCredentials(const char *domain, > > /* Send request */ > >- wbc_status = wbcRequestResponse(WINBINDD_CHECK_MACHACC, >- &request, >- &response); >+ wbc_status = wbcRequestResponsePriv(WINBINDD_CHECK_MACHACC, >+ &request, &response); > if (response.data.auth.nt_status != 0) { > if (error) { > wbc_status = wbc_create_error_info(NULL, >diff --git a/nsswitch/libwbclient/wbclient.c b/nsswitch/libwbclient/wbclient.c >index f5c7231..a4ef0be 100644 >--- a/nsswitch/libwbclient/wbclient.c >+++ b/nsswitch/libwbclient/wbclient.c >@@ -29,6 +29,9 @@ > NSS_STATUS winbindd_request_response(int req_type, > struct winbindd_request *request, > struct winbindd_response *response); >+NSS_STATUS winbindd_priv_request_response(int req_type, >+ struct winbindd_request *request, >+ struct winbindd_response *response); > > /** @brief Wrapper around Winbind's send/receive API call > * >@@ -52,16 +55,20 @@ NSS_STATUS winbindd_request_response(int req_type, > --Volker > **********************************************************************/ > >-wbcErr wbcRequestResponse(int cmd, >- struct winbindd_request *request, >- struct winbindd_response *response) >+static wbcErr wbcRequestResponseInt( >+ int cmd, >+ struct winbindd_request *request, >+ struct winbindd_response *response, >+ NSS_STATUS (*fn)(int req_type, >+ struct winbindd_request *request, >+ struct winbindd_response *response)) > { > wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; > NSS_STATUS nss_status; > > /* for some calls the request and/or response can be NULL */ > >- nss_status = winbindd_request_response(cmd, request, response); >+ nss_status = fn(cmd, request, response); > > switch (nss_status) { > case NSS_STATUS_SUCCESS: >@@ -81,6 +88,22 @@ wbcErr wbcRequestResponse(int cmd, > return wbc_status; > } > >+wbcErr wbcRequestResponse(int cmd, >+ struct winbindd_request *request, >+ struct winbindd_response *response) >+{ >+ return wbcRequestResponseInt(cmd, request, response, >+ winbindd_request_response); >+} >+ >+wbcErr wbcRequestResponsePriv(int cmd, >+ struct winbindd_request *request, >+ struct winbindd_response *response) >+{ >+ return wbcRequestResponseInt(cmd, request, response, >+ winbindd_priv_request_response); >+} >+ > /** @brief Translate an error value into a string > * > * @param error >diff --git a/nsswitch/libwbclient/wbclient_internal.h b/nsswitch/libwbclient/wbclient_internal.h >index fc03c54..5ce8207 100644 >--- a/nsswitch/libwbclient/wbclient_internal.h >+++ b/nsswitch/libwbclient/wbclient_internal.h >@@ -28,5 +28,8 @@ wbcErr wbcRequestResponse(int cmd, > struct winbindd_request *request, > struct winbindd_response *response); > >+wbcErr wbcRequestResponsePriv(int cmd, >+ struct winbindd_request *request, >+ struct winbindd_response *response); > > #endif /* _WBCLIENT_INTERNAL_H */ >-- >1.6.5.7 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5630">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 7357
: 5630 |
5631