svn commit: samba r13045 - in trunk/source: auth smbd
jra at samba.org
jra at samba.org
Fri Jan 20 01:01:19 GMT 2006
Author: jra
Date: 2006-01-20 01:01:17 +0000 (Fri, 20 Jan 2006)
New Revision: 13045
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13045
Log:
Fix the startup problem on a bare server where
the gid of the guest user (nobody) is not mapped
to "Domain Guests". Do that mapping at startup.
Volker please check.
Jeremy.
Modified:
trunk/source/auth/auth_rhosts.c
trunk/source/auth/auth_sam.c
trunk/source/auth/auth_util.c
trunk/source/smbd/server.c
Changeset:
Modified: trunk/source/auth/auth_rhosts.c
===================================================================
--- trunk/source/auth/auth_rhosts.c 2006-01-19 23:04:14 UTC (rev 13044)
+++ trunk/source/auth/auth_rhosts.c 2006-01-20 01:01:17 UTC (rev 13045)
@@ -202,6 +202,9 @@
if (check_hosts_equiv(account)) {
nt_status = make_server_info_sam(server_info, account);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ pdb_free_sam(&account);
+ }
} else {
pdb_free_sam(&account);
nt_status = NT_STATUS_NOT_IMPLEMENTED;
@@ -253,6 +256,9 @@
become_root();
if (check_user_equiv(pdb_get_username(account),client_name(),rhostsfile)) {
nt_status = make_server_info_sam(server_info, account);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ pdb_free_sam(&account);
+ }
} else {
pdb_free_sam(&account);
}
Modified: trunk/source/auth/auth_sam.c
===================================================================
--- trunk/source/auth/auth_sam.c 2006-01-19 23:04:14 UTC (rev 13044)
+++ trunk/source/auth/auth_sam.c 2006-01-20 01:01:17 UTC (rev 13045)
@@ -330,6 +330,7 @@
if (!NT_STATUS_IS_OK(nt_status = make_server_info_sam(server_info, sampass))) {
DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status)));
+ pdb_free_sam(&sampass);
data_blob_free(&user_sess_key);
data_blob_free(&lm_sess_key);
return nt_status;
Modified: trunk/source/auth/auth_util.c
===================================================================
--- trunk/source/auth/auth_util.c 2006-01-19 23:04:14 UTC (rev 13044)
+++ trunk/source/auth/auth_util.c 2006-01-20 01:01:17 UTC (rev 13045)
@@ -567,6 +567,7 @@
result = make_server_info(NULL);
if (result == NULL) {
+ talloc_free(pwd);
return NT_STATUS_NO_MEMORY;
}
@@ -584,6 +585,7 @@
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("pdb_enum_group_memberships failed: %s\n",
nt_errstr(status)));
+ result->sam_account = NULL; /* Don't free on error exit. */
talloc_free(result);
return status;
}
@@ -1134,6 +1136,8 @@
/***************************************************************************
Make (and fill) a user_info struct for a guest login.
+ This *must* succeed for smbd to start. If there is no mapping entry for
+ the guest gid, then create one.
***************************************************************************/
static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_info)
@@ -1165,7 +1169,46 @@
status = make_server_info_sam(server_info, sampass);
if (!NT_STATUS_IS_OK(status)) {
- return status;
+
+ /* If there was no initial group mapping for the nobody user,
+ create one*/
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+ GROUP_MAP map;
+ struct passwd *pwd = getpwnam_alloc(NULL, pdb_get_username(sampass));
+
+ if ( pwd == NULL ) {
+ DEBUG(1, ("No guest user %s!\n",
+ pdb_get_username(sampass)));
+ pdb_free_sam(&sampass);
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ map.gid = pwd->pw_gid;
+ sid_copy(&map.sid, get_global_sam_sid());
+ sid_append_rid(&map.sid, DOMAIN_GROUP_RID_GUESTS);
+ map.sid_name_use = SID_NAME_DOM_GRP;
+ fstrcpy(map.nt_name, "Domain Guests");
+ map.comment[0] = '\0';
+
+ if ( !NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map)) ) {
+ DEBUG(1, ("Could not update group database for guest user %s\n",
+ pdb_get_username(sampass) ));
+ talloc_free(pwd);
+ pdb_free_sam(&sampass);
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ talloc_free(pwd);
+
+ /* And try again. */
+ status = make_server_info_sam(server_info, sampass);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ pdb_free_sam(&sampass);
+ return status;
+ }
}
(*server_info)->guest = True;
@@ -1176,7 +1219,7 @@
nt_errstr(status)));
return status;
}
-
+
/* annoying, but the Guest really does have a session key, and it is
all zeros! */
(*server_info)->user_session_key = data_blob(zeros, sizeof(zeros));
Modified: trunk/source/smbd/server.c
===================================================================
--- trunk/source/smbd/server.c 2006-01-19 23:04:14 UTC (rev 13044)
+++ trunk/source/smbd/server.c 2006-01-20 01:01:17 UTC (rev 13045)
@@ -842,11 +842,6 @@
init_structs();
- if (!init_guest_info()) {
- DEBUG(0,("ERROR: failed to setup guest info.\n"));
- return -1;
- }
-
#ifdef WITH_PROFILE
if (!profile_setup(False)) {
DEBUG(0,("ERROR: failed to setup profiling\n"));
@@ -914,6 +909,11 @@
if (!print_backend_init())
exit(1);
+ if (!init_guest_info()) {
+ DEBUG(0,("ERROR: failed to setup guest info.\n"));
+ return -1;
+ }
+
/* Setup the main smbd so that we can get messages. */
/* don't worry about general printing messages here */
More information about the samba-cvs
mailing list