[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-75-g61bedb4

Steven Danneman sdanneman at samba.org
Fri Feb 27 03:50:05 GMT 2009 

The branch, master has been updated
       via  61bedb4263a73121bde3fb18295bc0abc4ccbcb2 (commit)
      from  b7b287d41720ec15eff234ffc96c2fa628e8a6e8 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 61bedb4263a73121bde3fb18295bc0abc4ccbcb2
Author: Steven Danneman <steven.danneman at isilon.com>
Date:   Thu Feb 26 17:47:32 2009 -0800

    s3: fix guest auth when winbindd is running
    
    This fix is very subtle.  If a server is configured with "security = share"
    and "guest ok = yes" and winbindd is running authorization will fail during
    tree connect.
    
    This is due to our inability to map the guest sid S-1-5-21-X-501 to a uid
    through sid_to_uid().  Winbindd is unaware of the hard coded mapping
    between this sid and whatever uid the name in lp_guestaccount() is assigned.
    So sid_to_uid() fails and we exit create_token_from_username() without
    ever calling pdb_getsampwsid() which IS aware of the hard coded mapping.
    
    This patch just reorganizes the code, moving sid_to_uid() down to the
    block of code in which it is needed, avoiding this early failure.

-----------------------------------------------------------------------

Summary of changes:
 source3/auth/auth_util.c |   14 +++++++-------
 1 files changed, 7 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 1f00e22..c39aa85 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -806,7 +806,7 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 }
 
 /*
- * Create an artificial NT token given just a username. (Initially indended
+ * Create an artificial NT token given just a username. (Initially intended
  * for force user)
  *
  * We go through lookup_name() to avoid problems we had with 'winbind use
@@ -859,12 +859,6 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 		goto done;
 	}
 
-	if (!sid_to_uid(&user_sid, uid)) {
-		DEBUG(1, ("sid_to_uid for %s (%s) failed\n",
-			  username, sid_string_dbg(&user_sid)));
-		goto done;
-	}
-
 	if (sid_check_is_in_our_domain(&user_sid)) {
 		bool ret;
 
@@ -922,6 +916,12 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 
 	unix_user:
 
+		if (!sid_to_uid(&user_sid, uid)) {
+			DEBUG(1, ("sid_to_uid for %s (%s) failed\n",
+				  username, sid_string_dbg(&user_sid)));
+			goto done;
+		}
+
 		uid_to_unix_users_sid(*uid, &user_sid);
 
 		pass = getpwuid_alloc(tmp_ctx, *uid);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list