svn commit: samba r13045 - in trunk/source: auth smbd

[jra at samba.org]

Author: jra
Date: 2006-01-20 01:01:17 +0000 (Fri, 20 Jan 2006)
New Revision: 13045

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13045

Log:
Fix the startup problem on a bare server where
the gid of the guest user (nobody) is not mapped
to "Domain Guests". Do that mapping at startup.
Volker please check.
Jeremy.

Modified:
   trunk/source/auth/auth_rhosts.c
   trunk/source/auth/auth_sam.c
   trunk/source/auth/auth_util.c
   trunk/source/smbd/server.c


Changeset:
Modified: trunk/source/auth/auth_rhosts.c
===================================================================
--- trunk/source/auth/auth_rhosts.c	2006-01-19 23:04:14 UTC (rev 13044)
+++ trunk/source/auth/auth_rhosts.c	2006-01-20 01:01:17 UTC (rev 13045)
@@ -202,6 +202,9 @@
 
 	if (check_hosts_equiv(account)) {
 		nt_status = make_server_info_sam(server_info, account);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			pdb_free_sam(&account);
+		}
 	} else {
 		pdb_free_sam(&account);
 		nt_status = NT_STATUS_NOT_IMPLEMENTED;
@@ -253,6 +256,9 @@
 		become_root();
 		if (check_user_equiv(pdb_get_username(account),client_name(),rhostsfile)) {
 			nt_status = make_server_info_sam(server_info, account);
+			if (!NT_STATUS_IS_OK(nt_status)) {
+				pdb_free_sam(&account);
+			}
 		} else {
 			pdb_free_sam(&account);
 		}

Modified: trunk/source/auth/auth_sam.c
===================================================================
--- trunk/source/auth/auth_sam.c	2006-01-19 23:04:14 UTC (rev 13044)
+++ trunk/source/auth/auth_sam.c	2006-01-20 01:01:17 UTC (rev 13045)
@@ -330,6 +330,7 @@
 
 	if (!NT_STATUS_IS_OK(nt_status = make_server_info_sam(server_info, sampass))) {		
 		DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status)));
+		pdb_free_sam(&sampass);
 		data_blob_free(&user_sess_key);
 		data_blob_free(&lm_sess_key);
 		return nt_status;

Modified: trunk/source/auth/auth_util.c
===================================================================
--- trunk/source/auth/auth_util.c	2006-01-19 23:04:14 UTC (rev 13044)
+++ trunk/source/auth/auth_util.c	2006-01-20 01:01:17 UTC (rev 13045)
@@ -567,6 +567,7 @@
 
 	result = make_server_info(NULL);
 	if (result == NULL) {
+		talloc_free(pwd);
 		return NT_STATUS_NO_MEMORY;
 	}
 
@@ -584,6 +585,7 @@
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(10, ("pdb_enum_group_memberships failed: %s\n",
 			   nt_errstr(status)));
+		result->sam_account = NULL; /* Don't free on error exit. */
 		talloc_free(result);
 		return status;
 	}
@@ -1134,6 +1136,8 @@
 
 /***************************************************************************
  Make (and fill) a user_info struct for a guest login.
+ This *must* succeed for smbd to start. If there is no mapping entry for
+ the guest gid, then create one.
 ***************************************************************************/
 
 static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_info)
@@ -1165,7 +1169,46 @@
 	status = make_server_info_sam(server_info, sampass);
 
 	if (!NT_STATUS_IS_OK(status)) {
-		return status;
+
+		/* If there was no initial group mapping for the nobody user,
+		   create one*/
+
+		if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+			GROUP_MAP map;
+			struct passwd *pwd = getpwnam_alloc(NULL, pdb_get_username(sampass));
+
+			if ( pwd == NULL )  {
+				DEBUG(1, ("No guest user %s!\n",
+					  pdb_get_username(sampass)));
+				pdb_free_sam(&sampass);
+				return NT_STATUS_NO_SUCH_USER;
+			}
+
+			map.gid = pwd->pw_gid;
+			sid_copy(&map.sid, get_global_sam_sid());
+			sid_append_rid(&map.sid, DOMAIN_GROUP_RID_GUESTS);
+			map.sid_name_use = SID_NAME_DOM_GRP;
+			fstrcpy(map.nt_name, "Domain Guests");
+			map.comment[0] = '\0';
+
+			if ( !NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map)) ) {
+				DEBUG(1, ("Could not update group database for guest user %s\n",
+					pdb_get_username(sampass) ));
+				talloc_free(pwd);
+				pdb_free_sam(&sampass);
+				return NT_STATUS_NO_SUCH_USER;
+			}
+
+			talloc_free(pwd);
+
+			/* And try again. */
+			status = make_server_info_sam(server_info, sampass);
+		}
+
+		if (!NT_STATUS_IS_OK(status)) {
+			pdb_free_sam(&sampass);
+			return status;
+		}
 	}
 	
 	(*server_info)->guest = True;
@@ -1176,7 +1219,7 @@
 			   nt_errstr(status)));
 		return status;
 	}
-		
+
 	/* annoying, but the Guest really does have a session key, and it is
 	   all zeros! */
 	(*server_info)->user_session_key = data_blob(zeros, sizeof(zeros));

Modified: trunk/source/smbd/server.c
===================================================================
--- trunk/source/smbd/server.c	2006-01-19 23:04:14 UTC (rev 13044)
+++ trunk/source/smbd/server.c	2006-01-20 01:01:17 UTC (rev 13045)
@@ -842,11 +842,6 @@
 
 	init_structs();
 
-	if (!init_guest_info()) {
-		DEBUG(0,("ERROR: failed to setup guest info.\n"));
-		return -1;
-	}
-
 #ifdef WITH_PROFILE
 	if (!profile_setup(False)) {
 		DEBUG(0,("ERROR: failed to setup profiling\n"));
@@ -914,6 +909,11 @@
 	if (!print_backend_init())
 		exit(1);
 
+	if (!init_guest_info()) {
+		DEBUG(0,("ERROR: failed to setup guest info.\n"));
+		return -1;
+	}
+
 	/* Setup the main smbd so that we can get messages. */
 	/* don't worry about general printing messages here */