[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-5028-gfbf615d
Jeremy Allison
jra at samba.org
Fri Feb 27 16:33:41 GMT 2009
The branch, v3-3-test has been updated
via fbf615dee95d13026fb9d092be8cf956c64eda75 (commit)
from eb02b1e7fe98f826606d0129b1ba172b8645207a (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit fbf615dee95d13026fb9d092be8cf956c64eda75
Author: Steven Danneman <steven.danneman at isilon.com>
Date: Fri Feb 27 08:32:51 2009 -0800
s3: fix guest auth when winbindd is running
This fix is very subtle. If a server is configured with "security = share"
and "guest ok = yes" and winbindd is running authorization will fail during
tree connect.
This is due to our inability to map the guest sid S-1-5-21-X-501 to a uid
through sid_to_uid(). Winbindd is unaware of the hard coded mapping
between this sid and whatever uid the name in lp_guestaccount() is assigned.
So sid_to_uid() fails and we exit create_token_from_username() without
ever calling pdb_getsampwsid() which IS aware of the hard coded mapping.
This patch just reorganizes the code, moving sid_to_uid() down to the
block of code in which it is needed, avoiding this early failure.
-----------------------------------------------------------------------
Summary of changes:
source/auth/auth_util.c | 14 +++++++-------
1 files changed, 7 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index b84c168..2a535bf 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -789,7 +789,7 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
}
/*
- * Create an artificial NT token given just a username. (Initially indended
+ * Create an artificial NT token given just a username. (Initially intended
* for force user)
*
* We go through lookup_name() to avoid problems we had with 'winbind use
@@ -842,12 +842,6 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
goto done;
}
- if (!sid_to_uid(&user_sid, uid)) {
- DEBUG(1, ("sid_to_uid for %s (%s) failed\n",
- username, sid_string_dbg(&user_sid)));
- goto done;
- }
-
if (sid_check_is_in_our_domain(&user_sid)) {
bool ret;
@@ -905,6 +899,12 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
unix_user:
+ if (!sid_to_uid(&user_sid, uid)) {
+ DEBUG(1, ("sid_to_uid for %s (%s) failed\n",
+ username, sid_string_dbg(&user_sid)));
+ goto done;
+ }
+
uid_to_unix_users_sid(*uid, &user_sid);
pass = getpwuid_alloc(tmp_ctx, *uid);
--
Samba Shared Repository
More information about the samba-cvs
mailing list