svn commit: samba r15601 - branches/SAMBA_3_0/source/passdb
branches/SAMBA_3_0/source/smbd trunk/source/passdb trunk/source/smbd
vlendec at samba.org
vlendec at samba.org
Sun May 14 15:24:15 GMT 2006
Author: vlendec
Date: 2006-05-14 15:24:14 +0000 (Sun, 14 May 2006)
New Revision: 15601
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15601
Log:
Fix segfaults with 'security=share' and 'guest only = yes'
Volker
Modified:
branches/SAMBA_3_0/source/passdb/passdb.c
branches/SAMBA_3_0/source/smbd/service.c
trunk/source/passdb/passdb.c
trunk/source/smbd/service.c
Changeset:
Modified: branches/SAMBA_3_0/source/passdb/passdb.c
===================================================================
--- branches/SAMBA_3_0/source/passdb/passdb.c 2006-05-14 14:39:10 UTC (rev 15600)
+++ branches/SAMBA_3_0/source/passdb/passdb.c 2006-05-14 15:24:14 UTC (rev 15601)
@@ -136,6 +136,7 @@
{
const char *guest_account = lp_guestaccount();
const char *domain = global_myname();
+ DOM_SID group_sid;
uint32 urid;
if ( !pwd ) {
@@ -147,6 +148,8 @@
pdb_set_username(user, pwd->pw_name, PDB_SET);
pdb_set_fullname(user, pwd->pw_gecos, PDB_SET);
pdb_set_domain (user, get_global_sam_name(), PDB_DEFAULT);
+ gid_to_sid(&group_sid, pwd->pw_gid);
+ pdb_set_group_sid(user, &group_sid, PDB_SET);
/* save the password structure for later use */
Modified: branches/SAMBA_3_0/source/smbd/service.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/service.c 2006-05-14 14:39:10 UTC (rev 15600)
+++ branches/SAMBA_3_0/source/smbd/service.c 2006-05-14 15:24:14 UTC (rev 15601)
@@ -523,8 +523,12 @@
return NULL;
}
+ conn->nt_user_token = NULL;
+
if (lp_guest_only(snum)) {
const char *guestname = lp_guestaccount();
+ NTSTATUS status2;
+ char *found_username;
guest = True;
pass = getpwnam_alloc(NULL, guestname);
if (!pass) {
@@ -534,11 +538,18 @@
*status = NT_STATUS_NO_SUCH_USER;
return NULL;
}
- fstrcpy(user,pass->pw_name);
+ status2 = create_token_from_username(NULL, pass->pw_name, True,
+ &conn->uid, &conn->gid,
+ &found_username,
+ &conn->nt_user_token);
+ if (!NT_STATUS_IS_OK(status2)) {
+ conn_free(conn);
+ *status = status2;
+ return NULL;
+ }
+ fstrcpy(user, found_username);
+ string_set(&conn->user,user);
conn->force_user = True;
- conn->uid = pass->pw_uid;
- conn->gid = pass->pw_gid;
- string_set(&conn->user,pass->pw_name);
TALLOC_FREE(pass);
DEBUG(3,("Guest only user %s\n",user));
} else if (vuser) {
@@ -570,6 +581,8 @@
fstrcpy(user,vuser->user.unix_name);
guest = vuser->guest;
} else if (lp_security() == SEC_SHARE) {
+ NTSTATUS status2;
+ char *found_username;
/* add it as a possible user name if we
are in share mode security */
add_session_user(lp_servicename(snum));
@@ -582,12 +595,18 @@
return NULL;
}
pass = Get_Pwnam(user);
+ status2 = create_token_from_username(NULL, pass->pw_name, True,
+ &conn->uid, &conn->gid,
+ &found_username,
+ &conn->nt_user_token);
+ if (!NT_STATUS_IS_OK(status2)) {
+ conn_free(conn);
+ *status = status2;
+ return NULL;
+ }
+ fstrcpy(user, found_username);
+ string_set(&conn->user,user);
conn->force_user = True;
- conn->uid = pass->pw_uid;
- conn->gid = pass->pw_gid;
- string_set(&conn->user, pass->pw_name);
- fstrcpy(user, pass->pw_name);
-
} else {
DEBUG(0, ("invalid VUID (vuser) but not in security=share\n"));
conn_free(conn);
@@ -626,7 +645,6 @@
conn->aio_write_behind_list = NULL;
string_set(&conn->dirpath,"");
string_set(&conn->user,user);
- conn->nt_user_token = NULL;
conn->read_only = lp_readonly(conn->service);
conn->admin_user = False;
Modified: trunk/source/passdb/passdb.c
===================================================================
--- trunk/source/passdb/passdb.c 2006-05-14 14:39:10 UTC (rev 15600)
+++ trunk/source/passdb/passdb.c 2006-05-14 15:24:14 UTC (rev 15601)
@@ -136,6 +136,7 @@
{
const char *guest_account = lp_guestaccount();
const char *domain = global_myname();
+ DOM_SID group_sid;
uint32 urid;
if ( !pwd ) {
@@ -147,6 +148,8 @@
pdb_set_username(user, pwd->pw_name, PDB_SET);
pdb_set_fullname(user, pwd->pw_gecos, PDB_SET);
pdb_set_domain (user, get_global_sam_name(), PDB_DEFAULT);
+ gid_to_sid(&group_sid, pwd->pw_gid);
+ pdb_set_group_sid(user, &group_sid, PDB_SET);
/* save the password structure for later use */
Modified: trunk/source/smbd/service.c
===================================================================
--- trunk/source/smbd/service.c 2006-05-14 14:39:10 UTC (rev 15600)
+++ trunk/source/smbd/service.c 2006-05-14 15:24:14 UTC (rev 15601)
@@ -523,8 +523,12 @@
return NULL;
}
+ conn->nt_user_token = NULL;
+
if (lp_guest_only(snum)) {
const char *guestname = lp_guestaccount();
+ NTSTATUS status2;
+ char *found_username;
guest = True;
pass = getpwnam_alloc(NULL, guestname);
if (!pass) {
@@ -534,11 +538,18 @@
*status = NT_STATUS_NO_SUCH_USER;
return NULL;
}
- fstrcpy(user,pass->pw_name);
+ status2 = create_token_from_username(NULL, pass->pw_name, True,
+ &conn->uid, &conn->gid,
+ &found_username,
+ &conn->nt_user_token);
+ if (!NT_STATUS_IS_OK(status2)) {
+ conn_free(conn);
+ *status = status2;
+ return NULL;
+ }
+ fstrcpy(user, found_username);
+ string_set(&conn->user,user);
conn->force_user = True;
- conn->uid = pass->pw_uid;
- conn->gid = pass->pw_gid;
- string_set(&conn->user,pass->pw_name);
TALLOC_FREE(pass);
DEBUG(3,("Guest only user %s\n",user));
} else if (vuser) {
@@ -570,6 +581,8 @@
fstrcpy(user,vuser->user.unix_name);
guest = vuser->guest;
} else if (lp_security() == SEC_SHARE) {
+ NTSTATUS status2;
+ char *found_username;
/* add it as a possible user name if we
are in share mode security */
add_session_user(lp_servicename(snum));
@@ -582,12 +595,18 @@
return NULL;
}
pass = Get_Pwnam(user);
+ status2 = create_token_from_username(NULL, pass->pw_name, True,
+ &conn->uid, &conn->gid,
+ &found_username,
+ &conn->nt_user_token);
+ if (!NT_STATUS_IS_OK(status2)) {
+ conn_free(conn);
+ *status = status2;
+ return NULL;
+ }
+ fstrcpy(user, found_username);
+ string_set(&conn->user,user);
conn->force_user = True;
- conn->uid = pass->pw_uid;
- conn->gid = pass->pw_gid;
- string_set(&conn->user, pass->pw_name);
- fstrcpy(user, pass->pw_name);
-
} else {
DEBUG(0, ("invalid VUID (vuser) but not in security=share\n"));
conn_free(conn);
@@ -626,7 +645,6 @@
conn->aio_write_behind_list = NULL;
string_set(&conn->dirpath,"");
string_set(&conn->user,user);
- conn->nt_user_token = NULL;
conn->read_only = lp_readonly(conn->service);
conn->admin_user = False;
More information about the samba-cvs
mailing list