The Samba-Bugzilla – Attachment 8329 Details for
Bug 9457
map username script with security=ads and winbind broken
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patchset for 4.0
username.map.v4-0-test.patchset (text/plain), 3.44 KB, created by
Michael Adam
on 2012-12-10 14:50:34 UTC
(
hide
)
Description:
Patchset for 4.0
Filename:
MIME Type:
Creator:
Michael Adam
Created:
2012-12-10 14:50:34 UTC
Size:
3.44 KB
patch
obsolete
>From 050e812ae40ff9636da60447f08cef9b178652e5 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Mon, 10 Dec 2012 14:48:43 +0100 >Subject: [PATCH 1/2] s3:auth: fix header comment for user_sid_in_group_sid() > >This function was created in 1c3c5e2156d9096f60bd53a96b88c2f1001d898a >and the header comment contained copy'n'paste errors from the original >function user_in_group_sid() that took the user name. > >Signed-off-by: Michael Adam <obnox@samba.org> >--- > source3/auth/token_util.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c >index aad34cb..af10b24 100644 >--- a/source3/auth/token_util.c >+++ b/source3/auth/token_util.c >@@ -845,9 +845,9 @@ done: > } > > /*************************************************************************** >- Build upon create_token_from_username: >+ Build upon create_token_from_usersid: > >- Expensive helper function to figure out whether a user given its name is >+ Expensive helper function to figure out whether a user given its sid is > member of a particular group. > ***************************************************************************/ > >-- >1.7.9.5 > > >From 64aad76806febf618eafe540776b7d4edcaf46e7 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Mon, 10 Dec 2012 15:06:27 +0100 >Subject: [PATCH 2/2] s3:auth: fix create_token_from_sid() to not fail in the > winbindd case > >Commit 1c3c5e2156d9096f60bd53a96b88c2f1001d898a which factored >the sid-based variant out of create_token_from_username() broke >the case of a user handled by winbindd in that the "found_username" >was set to NULL which caused the function to fail with >NT_STATUS_NO_MEMORY further down. > >This patch fixes the function so that the case of found_username == NULL >is cleanly separated from the NO_MEMORY case and the caller can provide >the username in this case, if required. > >This fixes bug #9457. > >Signed-off-by: Michael Adam <obnox@samba.org> >--- > source3/auth/token_util.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > >diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c >index af10b24..e176fbc 100644 >--- a/source3/auth/token_util.c >+++ b/source3/auth/token_util.c >@@ -610,6 +610,11 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx, > *found_username = talloc_strdup(mem_ctx, > pdb_get_username(sam_acct)); > >+ if (found_username == NULL) { >+ result = NT_STATUS_NO_MEMORY; >+ goto done; >+ } >+ > /* > * If the SID from lookup_name() was the guest sid, passdb knows > * about the mapping of guest sid to lp_guestaccount() >@@ -700,6 +705,10 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx, > > /* Ensure we're returning the found_username on the right context. */ > *found_username = talloc_strdup(mem_ctx, pass->pw_name); >+ if (found_username == NULL) { >+ result = NT_STATUS_NO_MEMORY; >+ goto done; >+ } > } else { > > /* This user is from winbind, force the primary gid to the >@@ -737,7 +746,6 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx, > > gids = gid; > >- /* Ensure we're returning the found_username on the right context. */ > *found_username = NULL; > } > >@@ -770,7 +778,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx, > *token = create_local_nt_token(mem_ctx, user_sid, > is_guest, num_group_sids, group_sids); > >- if ((*token == NULL) || (*found_username == NULL)) { >+ if (*token == NULL) { > result = NT_STATUS_NO_MEMORY; > goto done; > } >-- >1.7.9.5 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
vl
:
review+
Actions:
View
Attachments on
bug 9457
:
8274
|
8328
|
8329
|
8335