[SCM] Samba Shared Repository - branch v3-6-test updated

Karolin Seeger kseeger at samba.org
Wed May 23 13:03:56 MDT 2012


The branch, v3-6-test has been updated
       via  96b6f3a s3-auth: Don't lookup the system user in pdb.
      from  865eca1 Check the return from create_acl_blob

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 96b6f3a4777fa3288ee071e01bf293c28002fc5f
Author: Andreas Schneider <asn at samba.org>
Date:   Mon May 14 10:31:32 2012 +0200

    s3-auth: Don't lookup the system user in pdb.
    
    This fixes bug #8944, ldapsam:trusted and ipasam. It is an additional
    fix for bug #8567 (0528cb5f3a15b72dcb34ece21a3ffb3e7b8d6eb9).
    
    Signed-off-by: Andreas Schneider <asn at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/auth/auth_util.c |  103 +++++++++++++++++++++++++++++++++++++++++++--
 1 files changed, 98 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index a904da4..c7e266a 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -655,6 +655,44 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
 	return NT_STATUS_OK;
 }
 
+static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx,
+				 struct passwd *pwd,
+				 struct netr_SamInfo3 *info3)
+{
+	struct dom_sid domain_sid;
+	const char *tmp;
+
+	/* Set account name */
+	tmp = talloc_strdup(mem_ctx, pwd->pw_name);
+	if (tmp == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	init_lsa_String(&info3->base.account_name, tmp);
+
+	/* Set domain name */
+	tmp = talloc_strdup(mem_ctx, get_global_sam_name());
+	if (tmp == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	init_lsa_StringLarge(&info3->base.domain, tmp);
+
+	/* Domain sid */
+	sid_copy(&domain_sid, get_global_sam_sid());
+
+	info3->base.domain_sid = dom_sid_dup(mem_ctx, &domain_sid);
+	if (info3->base.domain_sid == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Admin rid */
+	info3->base.rid = DOMAIN_RID_ADMINISTRATOR;
+
+	/* Primary gid */
+	info3->base.primary_gid = BUILTIN_RID_ADMINISTRATORS;
+
+	return NT_STATUS_OK;
+}
+
 static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx,
 				struct netr_SamInfo3 *info3)
 {
@@ -760,7 +798,63 @@ static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **ser
 	status = NT_STATUS_OK;
 done:
 	TALLOC_FREE(tmp_ctx);
-	return NT_STATUS_OK;
+	return status;
+}
+
+/****************************************************************************
+  Fake a auth_session_info just from a username (as a
+  session_info structure, with create_local_token() already called on
+  it.
+****************************************************************************/
+
+static NTSTATUS make_system_session_info_from_pw(TALLOC_CTX *mem_ctx,
+						 struct passwd *pwd,
+						 struct auth_serversupplied_info **server_info)
+{
+	const char *domain = global_myname();
+	struct netr_SamInfo3 info3;
+	TALLOC_CTX *tmp_ctx;
+	NTSTATUS status;
+
+	tmp_ctx = talloc_stackframe();
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ZERO_STRUCT(info3);
+
+	status = get_system_info3(tmp_ctx, pwd, &info3);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Failed creating system info3 with %s\n",
+			  nt_errstr(status)));
+		goto done;
+	}
+
+	status = make_server_info_info3(mem_ctx,
+					pwd->pw_name,
+					domain,
+					server_info,
+					&info3);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("make_server_info_info3 failed with %s\n",
+			  nt_errstr(status)));
+		goto done;
+	}
+
+	(*server_info)->nss_token = true;
+
+	/* Now turn the server_info into a session_info with the full token etc */
+	status = create_local_token(*server_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("create_local_token failed: %s\n",
+			  nt_errstr(status)));
+		goto done;
+	}
+
+	status = NT_STATUS_OK;
+done:
+	TALLOC_FREE(tmp_ctx);
+	return status;
 }
 
 /***************************************************************************
@@ -779,10 +873,9 @@ static NTSTATUS make_new_session_info_system(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
-	status = make_serverinfo_from_username(mem_ctx,
-					     pwd->pw_name,
-					     false,
-					     session_info);
+	status = make_system_session_info_from_pw(mem_ctx,
+						  pwd,
+						  session_info);
 	TALLOC_FREE(pwd);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list