The Samba-Bugzilla – Attachment 8908 Details for
Bug 9465
Unable to setup messaging listener for '/usr/local/samba/private/smbd.tmp/msg/msg.17364.2':NT_STATUS_ACCESS_DENIED
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patches cherry-picked from master
0001-s3-rpc_server-Ensure-we-are-root-when-starting-and-u.patch (text/plain), 2.78 KB, created by
Andrew Bartlett
on 2013-05-21 22:38:20 UTC
(
hide
)
Description:
patches cherry-picked from master
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2013-05-21 22:38:20 UTC
Size:
2.78 KB
patch
obsolete
>From 2739336e8321a490e7b9dc85bc5f6ea9cc8df8cd Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 2 May 2013 16:29:21 +1200 >Subject: [PATCH] s3-rpc_server: Ensure we are root when starting and usiing > gensec > >This fixes bug 9465. > >Andrew Bartlett > >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 10f6926aaa6a8c49b29e183d12f6f767072ecff7) >--- > source3/rpc_server/dcesrv_auth_generic.c | 38 +++++++++++++++++++++++++++----- > 1 file changed, 32 insertions(+), 6 deletions(-) > >diff --git a/source3/rpc_server/dcesrv_auth_generic.c b/source3/rpc_server/dcesrv_auth_generic.c >index c4c08b2..77d76fc 100644 >--- a/source3/rpc_server/dcesrv_auth_generic.c >+++ b/source3/rpc_server/dcesrv_auth_generic.c >@@ -24,12 +24,12 @@ > #include "auth.h" > #include "auth/gensec/gensec.h" > >-NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx, >- uint8_t auth_type, uint8_t auth_level, >- DATA_BLOB *token_in, >- DATA_BLOB *token_out, >- const struct tsocket_address *remote_address, >- struct gensec_security **ctx) >+static NTSTATUS auth_generic_server_authtype_start_as_root(TALLOC_CTX *mem_ctx, >+ uint8_t auth_type, uint8_t auth_level, >+ DATA_BLOB *token_in, >+ DATA_BLOB *token_out, >+ const struct tsocket_address *remote_address, >+ struct gensec_security **ctx) > { > struct gensec_security *gensec_security = NULL; > NTSTATUS status; >@@ -62,6 +62,27 @@ NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx, > return NT_STATUS_OK; > } > >+NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx, >+ uint8_t auth_type, uint8_t auth_level, >+ DATA_BLOB *token_in, >+ DATA_BLOB *token_out, >+ const struct tsocket_address *remote_address, >+ struct gensec_security **ctx) >+{ >+ NTSTATUS status; >+ become_root(); >+ >+ /* this has to be done as root in order to create the messaging socket */ >+ status = auth_generic_server_authtype_start_as_root(mem_ctx, >+ auth_type, auth_level, >+ token_in, >+ token_out, >+ remote_address, >+ ctx); >+ unbecome_root(); >+ return status; >+} >+ > NTSTATUS auth_generic_server_step(struct gensec_security *gensec_security, > TALLOC_CTX *mem_ctx, > DATA_BLOB *token_in, >@@ -101,7 +122,12 @@ NTSTATUS auth_generic_server_get_user_info(struct gensec_security *gensec_securi > { > NTSTATUS status; > >+ /* this has to be done as root in order to get to the >+ * messaging sockets for IDMAP and privilege.ldb in the AD >+ * DC */ >+ become_root(); > status = gensec_session_info(gensec_security, mem_ctx, session_info); >+ unbecome_root(); > if (!NT_STATUS_IS_OK(status)) { > DEBUG(1, (__location__ ": Failed to get authenticated user " > "info: %s\n", nt_errstr(status))); >-- >1.7.11.7 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=8908">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 9465
:
8845
|
8879
| 8908