smb message process, 3.0.1pre3, ldap backend
Jianliang Lu
j.lu at tiesse.com
Wed Dec 3 11:15:36 GMT 2003
There is a strange behavior when a smb message is processed,
in some smb message process, the switch_message() have found a
connection that has the user different from the correct user.
In my test I have user "ammsic", RID=1009,UID=2000 that was
in "admin users", and user "nobody" that has RID=501,UID=99.
when I logon with "ammsic" I have the conn->user=nobody in some
smb message switch, the log in attach shows this. That why I got
the "Access denied" when I would show anything with usrmgr,
because the change_to_user()set the effective uid in 2000,
instead of a euid=0.
Now I just put a bypass in change_to_user() (uid.c) to overcome the
problem, it works but is not a correct way. The added code are:
--- uid.c Wed Dec 3 10:12:45 2003
+++ uid.c.orig Mon Dec 1 17:54:58 2003
@@ -100,25 +100,11 @@
BOOL must_free_token = False;
NT_USER_TOKEN *token = NULL;
if (!conn) {
DEBUG(2,("change_to_user: Connection not open\n"));
return(False);
}
- DEBUG(0,("LUJ: change_to_user: (vuid=%d, user=%s, conn->uid=%d, vuser-
>uid=%d) \n"
, vuid, conn->user,conn->uid, vuser->uid));
-
-/* workaround to overcome the problem of admin users (euid=0) <-> nobody */
- if ((conn->uid != vuser->uid) && (conn->uid)){
- if (user_in_list(uidtoname(vuser->uid),lp_admin_users(conn->service),
vuser->g
roups, vuser->n_groups)) {
- conn->admin_user = True;
- conn->force_user = True; /* Admin users are effectivly 'forced'
*/
- conn->uid = 0;
- fstrcpy(conn->user, uidtoname(vuser->uid));
-
- DEBUG(0,("%s logged in as admin user (root privileges)\n",conn-
>user));
- }
- }
-------------------------- LOG ------------------------------
[2003/12/02 17:36:41, 3] smbd/process.c:switch_message(685)
switch message SMBntcreateX (pid 7259)
[2003/12/02 17:36:41, 0] smbd/uid.c:change_to_user(109)
LUJ: change_to_user: (vuid=101, user=nobody, connuid=99, vuseruid=2000)
[2003/12/02 17:36:41, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217)
get_share_security: using default secdesc for IPC$
[2003/12/02 17:36:41, 10] lib/util_seaccess.c:se_map_generic(175)
se_map_generic(): mapped mask 0x10000000 to 0x001f01ff
[2003/12/02 17:36:41, 10] lib/util_seaccess.c:se_access_check(232)
se_access_check: requested access 0x00000001, for NT token with 6 entries
and first
sid S-1-5-21-4259693773-1046680134-4079498953-1009.
[2003/12/02 17:36:41, 3] lib/util_seaccess.c:se_access_check(251)
[2003/12/02 17:36:41, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-4259693773-1046680134-4079498953-1009
se_access_check: also S-1-5-21-4259693773-1046680134-4079498953-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-4259693773-1046680134-4079498953-512
se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask =
101f01ff, current
desired = 1
[2003/12/02 17:36:41, 5] lib/util_seaccess.c:se_access_check(309)
se_access_check: access (1) granted.
[2003/12/02 17:36:41, 2] smbd/uid.c:change_to_user(141)
LUJ: change_to_user: not force_user (uid=2000).
[2003/12/02 17:36:41, 3] smbd/sec_ctx.c:set_sec_ctx(287)
setting sec ctx (2000, 1001) - sec_ctx_stack_ndx = 0
[2003/12/02 17:36:41, 5] auth/auth_util.c:debug_nt_user_token(490)
NT user token of user S-1-5-21-4259693773-1046680134-4079498953-1009
contains 6 SIDs
SID[ 0]: S-1-5-21-4259693773-1046680134-4079498953-1009
SID[ 1]: S-1-5-21-4259693773-1046680134-4079498953-513
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-5-21-4259693773-1046680134-4079498953-512
[2003/12/02 17:36:41, 5] auth/auth_util.c:debug_unix_user_token(505)
UNIX token of user 2000
Primary group is 1001 and contains 3 supplementary groups
Group[ 0]: 1001
Group[ 1]: 1001
Group[ 2]: 1000
[2003/12/02 17:36:41, 0] lib/util_sec.c:set_effective_uid(185)
LUJ: set_effective_uid: uid=2000
[2003/12/02 17:36:41, 0] lib/util_sec.c:set_effective_uid(188)
cheers,
Jianliang Lu
TieSse s.p.a. Ivrea (To) - Italy
j.lu at tiesse.com luj at libero.it
http://www.tiesse.com
More information about the samba-technical
mailing list