smb message process, 3.0.1pre3, ldap backend

Jianliang Lu j.lu at tiesse.com
Wed Dec 3 11:15:36 GMT 2003 

There is a strange behavior when a smb message is processed, 
in some smb message process, the switch_message() have found a 
connection that has the user different from the correct user.
In my test I have user "ammsic", RID=1009,UID=2000 that was 
in "admin users", and user "nobody" that has RID=501,UID=99. 
when I logon with "ammsic" I have the conn->user=nobody in some 
smb message switch, the log in attach shows this. That why I got 
the "Access denied" when I would show anything with usrmgr, 
because the change_to_user()set the effective uid in 2000, 
instead of a euid=0.
Now I just put a bypass in change_to_user() (uid.c) to overcome the
problem, it works but is not a correct way. The added code are:

--- uid.c   Wed Dec  3 10:12:45 2003
+++ uid.c.orig  Mon Dec  1 17:54:58 2003
@@ -100,25 +100,11 @@
    BOOL must_free_token = False;
    NT_USER_TOKEN *token = NULL;

    if (!conn) {
        DEBUG(2,("change_to_user: Connection not open\n"));
        return(False);
    }

-   DEBUG(0,("LUJ: change_to_user: (vuid=%d, user=%s, conn->uid=%d, vuser-
>uid=%d) \n"
, vuid, conn->user,conn->uid, vuser->uid));
-
-/* workaround to overcome the problem of admin users (euid=0) <-> nobody */
-   if ((conn->uid != vuser->uid) && (conn->uid)){
-       if (user_in_list(uidtoname(vuser->uid),lp_admin_users(conn->service), 
vuser->g
roups, vuser->n_groups)) {
-           conn->admin_user = True;
-           conn->force_user = True;  /* Admin users are effectivly 'forced' 
*/
-           conn->uid = 0;
-           fstrcpy(conn->user, uidtoname(vuser->uid));
-
-           DEBUG(0,("%s logged in as admin user (root privileges)\n",conn-
>user));
-       }
-   }



-------------------------- LOG ------------------------------
[2003/12/02 17:36:41, 3] smbd/process.c:switch_message(685)
  switch message SMBntcreateX (pid 7259)

[2003/12/02 17:36:41, 0] smbd/uid.c:change_to_user(109)
  LUJ: change_to_user: (vuid=101, user=nobody, connuid=99, vuseruid=2000)

[2003/12/02 17:36:41, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217)
  get_share_security: using default secdesc for IPC$
[2003/12/02 17:36:41, 10] lib/util_seaccess.c:se_map_generic(175)
  se_map_generic(): mapped mask 0x10000000 to 0x001f01ff
[2003/12/02 17:36:41, 10] lib/util_seaccess.c:se_access_check(232)
  se_access_check: requested access 0x00000001, for NT token with 6 entries 
and first
sid S-1-5-21-4259693773-1046680134-4079498953-1009.
[2003/12/02 17:36:41, 3] lib/util_seaccess.c:se_access_check(251)
[2003/12/02 17:36:41, 3] lib/util_seaccess.c:se_access_check(252)
  se_access_check: user sid is S-1-5-21-4259693773-1046680134-4079498953-1009
  se_access_check: also S-1-5-21-4259693773-1046680134-4079498953-513
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
  se_access_check: also S-1-5-21-4259693773-1046680134-4079498953-512
  se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 
101f01ff, current
 desired = 1
[2003/12/02 17:36:41, 5] lib/util_seaccess.c:se_access_check(309)
  se_access_check: access (1) granted.
[2003/12/02 17:36:41, 2] smbd/uid.c:change_to_user(141)
  LUJ: change_to_user: not force_user (uid=2000).
[2003/12/02 17:36:41, 3] smbd/sec_ctx.c:set_sec_ctx(287)
  setting sec ctx (2000, 1001) - sec_ctx_stack_ndx = 0
[2003/12/02 17:36:41, 5] auth/auth_util.c:debug_nt_user_token(490)
  NT user token of user S-1-5-21-4259693773-1046680134-4079498953-1009
  contains 6 SIDs
  SID[  0]: S-1-5-21-4259693773-1046680134-4079498953-1009
  SID[  1]: S-1-5-21-4259693773-1046680134-4079498953-513
  SID[  2]: S-1-1-0
  SID[  3]: S-1-5-2
  SID[  4]: S-1-5-11
  SID[  5]: S-1-5-21-4259693773-1046680134-4079498953-512
[2003/12/02 17:36:41, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 2000
  Primary group is 1001 and contains 3 supplementary groups
  Group[  0]: 1001
  Group[  1]: 1001
  Group[  2]: 1000

[2003/12/02 17:36:41, 0] lib/util_sec.c:set_effective_uid(185)
  LUJ: set_effective_uid: uid=2000

[2003/12/02 17:36:41, 0] lib/util_sec.c:set_effective_uid(188)

cheers,

Jianliang Lu
TieSse s.p.a.     Ivrea (To) - Italy
j.lu at tiesse.com   luj at libero.it
http://www.tiesse.com

More information about the samba-technical mailing list