From 569cff72332a0e8fcdb099ccc05bee27d9fa4458 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Dec 2012 14:48:43 +0100 Subject: [PATCH 1/2] s3:auth: fix header comment for user_sid_in_group_sid() This function was created in 1c3c5e2156d9096f60bd53a96b88c2f1001d898a and the header comment contained copy'n'paste errors from the original function user_in_group_sid() that took the user name. Signed-off-by: Michael Adam --- source3/auth/token_util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index a618e21..7c79ef6 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -845,9 +845,9 @@ done: } /*************************************************************************** - Build upon create_token_from_username: + Build upon create_token_from_usersid: - Expensive helper function to figure out whether a user given its name is + Expensive helper function to figure out whether a user given its sid is member of a particular group. ***************************************************************************/ -- 1.7.9.5 From 8be665cd347a5be0d031d22c3263356dbbfa46d7 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Dec 2012 15:06:27 +0100 Subject: [PATCH 2/2] s3:auth: fix create_token_from_sid() to not fail in the winbindd case Commit 1c3c5e2156d9096f60bd53a96b88c2f1001d898a which factored the sid-based variant out of create_token_from_username() broke the case of a user handled by winbindd in that the "found_username" was set to NULL which caused the function to fail with NT_STATUS_NO_MEMORY further down. This patch fixes the function so that the case of found_username == NULL is cleanly separated from the NO_MEMORY case and the caller can provide the username in this case, if required. This fixes bug #9457. Signed-off-by: Michael Adam --- source3/auth/token_util.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 7c79ef6..6f4bce0 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -610,6 +610,11 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx, *found_username = talloc_strdup(mem_ctx, pdb_get_username(sam_acct)); + if (found_username == NULL) { + result = NT_STATUS_NO_MEMORY; + goto done; + } + /* * If the SID from lookup_name() was the guest sid, passdb knows * about the mapping of guest sid to lp_guestaccount() @@ -700,6 +705,10 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx, /* Ensure we're returning the found_username on the right context. */ *found_username = talloc_strdup(mem_ctx, pass->pw_name); + if (found_username == NULL) { + result = NT_STATUS_NO_MEMORY; + goto done; + } } else { /* This user is from winbind, force the primary gid to the @@ -737,7 +746,6 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx, gids = gid; - /* Ensure we're returning the found_username on the right context. */ *found_username = NULL; } @@ -770,7 +778,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx, *token = create_local_nt_token(mem_ctx, user_sid, is_guest, num_group_sids, group_sids); - if ((*token == NULL) || (*found_username == NULL)) { + if (*token == NULL) { result = NT_STATUS_NO_MEMORY; goto done; } -- 1.7.9.5