[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Thu May 20 23:56:07 MDT 2010


The branch, master has been updated
       via  80b4d50... Revert "Make -k a simple non-bool option."
       via  91807d9... s4:auth Error out when a memberOf DN does not have a SID
      from  783cd32... s4-smbtorture: add kernel_mode_registry_path().

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 80b4d50603fb54011396f0d868ffc9907247d2af
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri May 21 15:04:36 2010 +1000

    Revert "Make -k a simple non-bool option."
    
    This reverts commit 2bbf055dbb15ea99b80ae66adc906ad5494a3999.
    
    This change broke 'make test', because the current syntax is deliberate
    and an integral part of how Samba4 uses Kerberos.
    
    If a change like this is to be implemented, then careful review of all
    our test scripts must be taken first, and then new options such as
    --dont-use-kerberos, --may-use-kerberos and --must-use-kerberos
    should be added.
    
    Andrew Bartlett

commit 91807d9dd59b3b99250e5e52f84748710be3c360
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri May 21 15:02:22 2010 +1000

    s4:auth Error out when a memberOf DN does not have a SID
    
    We previously segfaulted if this was not the case.
    
    Andrew Bartlett

-----------------------------------------------------------------------

Summary of changes:
 source4/auth/sam.c                     |   21 ++++++++-------------
 source4/lib/cmdline/popt_credentials.c |    9 +++++++++
 2 files changed, 17 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index d5dc4de..2cc8118 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -308,13 +308,11 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
 	int ret;
 	bool already_there;
 	struct ldb_dn *dn;
-	struct dom_sid *sid;
+	struct dom_sid sid;
 	TALLOC_CTX *tmp_ctx;
 	struct ldb_result *res;
 	NTSTATUS status;
-	const struct ldb_val *v;
 	const struct ldb_message_element *el;
-	enum ndr_err_code ndr_err;
 
 	if (*res_sids == NULL) {
 		*num_res_sids = 0;
@@ -322,19 +320,16 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
 
 	tmp_ctx = talloc_new(res_sids_ctx);
 
-	sid = talloc(tmp_ctx, struct dom_sid);
-	NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sid, tmp_ctx);
-
 	dn = ldb_dn_from_ldb_val(tmp_ctx, sam_ctx, dn_val);
 	if (dn == NULL) {
 		talloc_free(tmp_ctx);
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
-	v = ldb_dn_get_extended_component(dn, "SID");
-
-	ndr_err = ndr_pull_struct_blob(v, sid, sid,
-				       (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+	status = dsdb_get_extended_dn_sid(dn, &sid, "SID");
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, (__location__ "when parsing DN %s we failed to find or parse SID component, so we cannot calculate the group token: %s",
+			  ldb_dn_get_extended_linearized(tmp_ctx, dn, 1), 
+			  nt_errstr(status)));
 		talloc_free(tmp_ctx);
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
@@ -344,7 +339,7 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
 	} else {
 		/* This is an O(n^2) linear search */
 		already_there = sids_contains_sid((const struct dom_sid**) *res_sids,
-						  *num_res_sids, sid);
+						  *num_res_sids, &sid);
 		if (already_there) {
 			return NT_STATUS_OK;
 		}
@@ -373,7 +368,7 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
 		*res_sids = talloc_realloc(res_sids_ctx, *res_sids,
 			struct dom_sid *, *num_res_sids + 1);
 		NT_STATUS_HAVE_NO_MEMORY(*res_sids);
-		(*res_sids)[*num_res_sids] = talloc_steal(*res_sids, sid);
+		(*res_sids)[*num_res_sids] = talloc_steal(*res_sids, &sid);
 		++(*num_res_sids);
 	}
 
diff --git a/source4/lib/cmdline/popt_credentials.c b/source4/lib/cmdline/popt_credentials.c
index 384024f..80f71eb 100644
--- a/source4/lib/cmdline/popt_credentials.c
+++ b/source4/lib/cmdline/popt_credentials.c
@@ -103,6 +103,15 @@ static void popt_common_credentials_callback(poptContext con,
 	case OPT_KERBEROS:
 	{
 		bool use_kerberos = true;
+		/* Force us to only use kerberos */
+		if (arg) {
+			if (!set_boolean(arg, &use_kerberos)) {
+				fprintf(stderr, "Error parsing -k %s\n", arg);
+				exit(1);
+				break;
+			}
+		}
+		
 		cli_credentials_set_kerberos_state(cmdline_credentials, 
 						   use_kerberos 
 						   ? CRED_MUST_USE_KERBEROS


-- 
Samba Shared Repository


More information about the samba-cvs mailing list