A domain user can't change password samba2.2.8a and FreeBSD

Yasuma Takeda yasuma at miraclelinux.com
Wed Jan 28 07:03:43 GMT 2004


Hi,

I heard the following problem on samba 2.2.8a.
                                                                                
[Problem]
- When a domain user changes his password on Windows, smbd crashes and
  the operation fails.
- Environment
  - Samba 2.2.8a(PDC) + FreeBSD(4.9, 5.2)
  - Windows2000 SP4

Note: This problem doesn't appear on Linux.

[Reason]
This is caused from the implementation of restore_re_gid() in lib/util_sec.
If the euid of smbd is not 0, the setresgid() fails in restore_re_gid().

The reason this problem appear only FreeBSD is the difference in the
specification of setgid().

- FreeBSD (POSIX Appendix B.4.2.2)
   The setgid() can change if rgid/egid/sgid are included the specified gid.

- Linux   (POSIX)
   The setgid() can change if rgid/sgid are included the specified gid.


I append 2 patches to fix this problem for SAMBA_2_2.
PATCH A: This changes the euid temporarily.
PATCH B: This removes setgid(). Is this necessary in the get_current_groups()?
         Perhaps, only set_effective_gid() is needed.

* These patches were suggestted from Shirai-san in sugj-tech ML(Japanese).
                                                                                
I don't decide which patch is better. 
PATCH B may occur side effects to a system which Tridge is writing the
comment in get_current_groups().


I checked that the password could change on Samba3.0.2rc1 and FreeBSD.
But, because of the same implementation, Samba3.0 may have the same problem.
                                                                                
Thanks,

-- 
TAKEDA yasuma (yasuma at miraclelinux.com)
http://www.miraclelinux.com
-------------- next part --------------
diff -uNr samba22.org/source/lib/util_sec.c samba22/source/lib/util_sec.c
--- samba22.org/source/lib/util_sec.c	2002-07-16 10:09:40.000000000 +0900
+++ samba22/source/lib/util_sec.c	2004-01-28 15:09:51.000000000 +0900
@@ -283,6 +283,10 @@
 
 void restore_re_gid(void)
 {
+	uid_t uid = geteuid();
+
+	set_effective_uid(0);
+
 #if USE_SETRESUID
 	setresgid(saved_rgid, saved_egid, -1);
 #elif USE_SETREUID
@@ -298,6 +302,7 @@
 	set_effective_gid(saved_egid);
 #endif
 
+	set_effective_uid(uid);
 	assert_gid(saved_rgid, saved_egid);
 }
 
diff -uNr samba22.org/source/smbd/sec_ctx.c samba22/source/smbd/sec_ctx.c
--- samba22.org/source/smbd/sec_ctx.c	2002-07-16 10:09:44.000000000 +0900
+++ samba22/source/smbd/sec_ctx.c	2004-01-28 15:11:00.000000000 +0900
@@ -136,6 +136,7 @@
 int get_current_groups(gid_t gid, int *p_ngroups, gid_t **p_groups)
 {
 	int i;
+	uid_t uid;
 	gid_t grp;
 	int ngroups;
 	gid_t *groups = NULL;
@@ -146,9 +147,12 @@
 	/* this looks a little strange, but is needed to cope with
 	   systems that put the current egid in the group list
 	   returned from getgroups() (tridge) */
+	uid = geteuid();
+	set_effective_uid(0);
 	save_re_gid();
 	set_effective_gid(gid);
 	setgid(gid);
+	set_effective_uid(uid);
 
 	ngroups = sys_getgroups(0,&grp);
 	if (ngroups <= 0) {
-------------- next part --------------
diff -uNr samba22.org/source/smbd/sec_ctx.c samba22/source/smbd/sec_ctx.c
--- samba22.org/source/smbd/sec_ctx.c	2002-07-16 10:09:44.000000000 +0900
+++ samba22/source/smbd/sec_ctx.c	2004-01-28 14:49:55.000000000 +0900
@@ -148,7 +148,6 @@
 	   returned from getgroups() (tridge) */
 	save_re_gid();
 	set_effective_gid(gid);
-	setgid(gid);
 
 	ngroups = sys_getgroups(0,&grp);
 	if (ngroups <= 0) {


More information about the samba-technical mailing list