A domain user can't change password samba2.2.8a and FreeBSD
Yasuma Takeda
yasuma at miraclelinux.com
Wed Jan 28 07:03:43 GMT 2004
Hi,
I heard the following problem on samba 2.2.8a.
[Problem]
- When a domain user changes his password on Windows, smbd crashes and
the operation fails.
- Environment
- Samba 2.2.8a(PDC) + FreeBSD(4.9, 5.2)
- Windows2000 SP4
Note: This problem doesn't appear on Linux.
[Reason]
This is caused from the implementation of restore_re_gid() in lib/util_sec.
If the euid of smbd is not 0, the setresgid() fails in restore_re_gid().
The reason this problem appear only FreeBSD is the difference in the
specification of setgid().
- FreeBSD (POSIX Appendix B.4.2.2)
The setgid() can change if rgid/egid/sgid are included the specified gid.
- Linux (POSIX)
The setgid() can change if rgid/sgid are included the specified gid.
I append 2 patches to fix this problem for SAMBA_2_2.
PATCH A: This changes the euid temporarily.
PATCH B: This removes setgid(). Is this necessary in the get_current_groups()?
Perhaps, only set_effective_gid() is needed.
* These patches were suggestted from Shirai-san in sugj-tech ML(Japanese).
I don't decide which patch is better.
PATCH B may occur side effects to a system which Tridge is writing the
comment in get_current_groups().
I checked that the password could change on Samba3.0.2rc1 and FreeBSD.
But, because of the same implementation, Samba3.0 may have the same problem.
Thanks,
--
TAKEDA yasuma (yasuma at miraclelinux.com)
http://www.miraclelinux.com
-------------- next part --------------
diff -uNr samba22.org/source/lib/util_sec.c samba22/source/lib/util_sec.c
--- samba22.org/source/lib/util_sec.c 2002-07-16 10:09:40.000000000 +0900
+++ samba22/source/lib/util_sec.c 2004-01-28 15:09:51.000000000 +0900
@@ -283,6 +283,10 @@
void restore_re_gid(void)
{
+ uid_t uid = geteuid();
+
+ set_effective_uid(0);
+
#if USE_SETRESUID
setresgid(saved_rgid, saved_egid, -1);
#elif USE_SETREUID
@@ -298,6 +302,7 @@
set_effective_gid(saved_egid);
#endif
+ set_effective_uid(uid);
assert_gid(saved_rgid, saved_egid);
}
diff -uNr samba22.org/source/smbd/sec_ctx.c samba22/source/smbd/sec_ctx.c
--- samba22.org/source/smbd/sec_ctx.c 2002-07-16 10:09:44.000000000 +0900
+++ samba22/source/smbd/sec_ctx.c 2004-01-28 15:11:00.000000000 +0900
@@ -136,6 +136,7 @@
int get_current_groups(gid_t gid, int *p_ngroups, gid_t **p_groups)
{
int i;
+ uid_t uid;
gid_t grp;
int ngroups;
gid_t *groups = NULL;
@@ -146,9 +147,12 @@
/* this looks a little strange, but is needed to cope with
systems that put the current egid in the group list
returned from getgroups() (tridge) */
+ uid = geteuid();
+ set_effective_uid(0);
save_re_gid();
set_effective_gid(gid);
setgid(gid);
+ set_effective_uid(uid);
ngroups = sys_getgroups(0,&grp);
if (ngroups <= 0) {
-------------- next part --------------
diff -uNr samba22.org/source/smbd/sec_ctx.c samba22/source/smbd/sec_ctx.c
--- samba22.org/source/smbd/sec_ctx.c 2002-07-16 10:09:44.000000000 +0900
+++ samba22/source/smbd/sec_ctx.c 2004-01-28 14:49:55.000000000 +0900
@@ -148,7 +148,6 @@
returned from getgroups() (tridge) */
save_re_gid();
set_effective_gid(gid);
- setgid(gid);
ngroups = sys_getgroups(0,&grp);
if (ngroups <= 0) {
More information about the samba-technical
mailing list