The Samba-Bugzilla – Attachment 7564 Details for
Bug 8944
smbd doesn't start with ldapsam:trusted options
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
v3-6-test patch
0001-s3-auth-Don-t-lookup-the-system-user-in-pdb.patch (text/plain), 3.91 KB, created by
Andreas Schneider
on 2012-05-15 13:40:55 UTC
(
hide
)
Description:
v3-6-test patch
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2012-05-15 13:40:55 UTC
Size:
3.91 KB
patch
obsolete
>From faaf5157f94b79f00d9c10c1b4cebe0d771059c4 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Mon, 14 May 2012 10:31:32 +0200 >Subject: [PATCH] s3-auth: Don't lookup the system user in pdb. > >This fixes bug #8944, ldapsam:trusted and ipasam. It is an additional >fix for bug #8567 (0528cb5f3a15b72dcb34ece21a3ffb3e7b8d6eb9). > >Signed-off-by: Andreas Schneider <asn@samba.org> >--- > source3/auth/auth_util.c | 103 +++++++++++++++++++++++++++++++++++++++++++--- > 1 file changed, 98 insertions(+), 5 deletions(-) > >diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c >index a904da4..c7e266a 100644 >--- a/source3/auth/auth_util.c >+++ b/source3/auth/auth_util.c >@@ -655,6 +655,44 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, > return NT_STATUS_OK; > } > >+static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx, >+ struct passwd *pwd, >+ struct netr_SamInfo3 *info3) >+{ >+ struct dom_sid domain_sid; >+ const char *tmp; >+ >+ /* Set account name */ >+ tmp = talloc_strdup(mem_ctx, pwd->pw_name); >+ if (tmp == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ init_lsa_String(&info3->base.account_name, tmp); >+ >+ /* Set domain name */ >+ tmp = talloc_strdup(mem_ctx, get_global_sam_name()); >+ if (tmp == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ init_lsa_StringLarge(&info3->base.domain, tmp); >+ >+ /* Domain sid */ >+ sid_copy(&domain_sid, get_global_sam_sid()); >+ >+ info3->base.domain_sid = dom_sid_dup(mem_ctx, &domain_sid); >+ if (info3->base.domain_sid == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ /* Admin rid */ >+ info3->base.rid = DOMAIN_RID_ADMINISTRATOR; >+ >+ /* Primary gid */ >+ info3->base.primary_gid = BUILTIN_RID_ADMINISTRATORS; >+ >+ return NT_STATUS_OK; >+} >+ > static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx, > struct netr_SamInfo3 *info3) > { >@@ -760,7 +798,63 @@ static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **ser > status = NT_STATUS_OK; > done: > TALLOC_FREE(tmp_ctx); >- return NT_STATUS_OK; >+ return status; >+} >+ >+/**************************************************************************** >+ Fake a auth_session_info just from a username (as a >+ session_info structure, with create_local_token() already called on >+ it. >+****************************************************************************/ >+ >+static NTSTATUS make_system_session_info_from_pw(TALLOC_CTX *mem_ctx, >+ struct passwd *pwd, >+ struct auth_serversupplied_info **server_info) >+{ >+ const char *domain = global_myname(); >+ struct netr_SamInfo3 info3; >+ TALLOC_CTX *tmp_ctx; >+ NTSTATUS status; >+ >+ tmp_ctx = talloc_stackframe(); >+ if (tmp_ctx == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ ZERO_STRUCT(info3); >+ >+ status = get_system_info3(tmp_ctx, pwd, &info3); >+ if (!NT_STATUS_IS_OK(status)) { >+ DEBUG(0, ("Failed creating system info3 with %s\n", >+ nt_errstr(status))); >+ goto done; >+ } >+ >+ status = make_server_info_info3(mem_ctx, >+ pwd->pw_name, >+ domain, >+ server_info, >+ &info3); >+ if (!NT_STATUS_IS_OK(status)) { >+ DEBUG(0, ("make_server_info_info3 failed with %s\n", >+ nt_errstr(status))); >+ goto done; >+ } >+ >+ (*server_info)->nss_token = true; >+ >+ /* Now turn the server_info into a session_info with the full token etc */ >+ status = create_local_token(*server_info); >+ if (!NT_STATUS_IS_OK(status)) { >+ DEBUG(0, ("create_local_token failed: %s\n", >+ nt_errstr(status))); >+ goto done; >+ } >+ >+ status = NT_STATUS_OK; >+done: >+ TALLOC_FREE(tmp_ctx); >+ return status; > } > > /*************************************************************************** >@@ -779,10 +873,9 @@ static NTSTATUS make_new_session_info_system(TALLOC_CTX *mem_ctx, > return NT_STATUS_NO_SUCH_USER; > } > >- status = make_serverinfo_from_username(mem_ctx, >- pwd->pw_name, >- false, >- session_info); >+ status = make_system_session_info_from_pw(mem_ctx, >+ pwd, >+ session_info); > TALLOC_FREE(pwd); > if (!NT_STATUS_IS_OK(status)) { > return status; >-- >1.7.9.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7564">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
gd
:
review+
Actions:
View
Attachments on
bug 8944
: 7564