Tree - rpms/samba - CentOS Git server

rpms / samba

Blame SOURCES/samba-4.4.7-fix_idmap_range_checks.patch

Blob History Raw

		6539dc	`From 70bab87ab37d30521a65056fd6f6a3f4f8bf6716 Mon Sep 17 00:00:00 2001`
		6539dc	`From: Michael Adam <obnox@samba.org>`
		6539dc	`Date: Mon, 15 Aug 2016 23:07:33 +0200`
		6539dc	`Subject: [PATCH 1/2] idmap: don't generally forbid id==0 from`
		6539dc	`idmap_unix_id_is_in_range()`
		6539dc
		6539dc	`If the range allows it, then id==0 should not be forbidden.`
		6539dc	`This seems to have been taken in from idmap_ldap when the`
		6539dc	`function was originally created.`
		6539dc
		6539dc	`See 634cd2e0451d4388c3e3f78239495cf595368b15 .`
		6539dc	`The other backends don't seem to have had that`
		6539dc	`extra check for id == 0.`
		6539dc
		6539dc	`The reasoning for this change is that the range check should`
		6539dc	`apply to all cases. If the range includes the 0, then it`
		6539dc	`should be possible to get it as result. In particular,`
		6539dc	`this way, the function becomes applicable also to the`
		6539dc	`passdb backend case, e.g. in a samba4-ad-dc setup where`
		6539dc	`the Admin gets uid == 0.`
		6539dc
		6539dc	`BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155`
		6539dc
		6539dc	`Signed-off-by: Michael Adam <obnox@samba.org>`
		6539dc	`Reviewed-by: Volker Lendecke <vl@samba.org>`
		6539dc	`Reviewed-by: Andreas Schneider <asn@samba.org>`
		6539dc	`(cherry picked from commit c21976d4b1c604699299f2c0f768c1add93b349d)`
		6539dc	`---`
		6539dc	`source3/winbindd/idmap_util.c \| 5 -----`
		6539dc	`1 file changed, 5 deletions(-)`
		6539dc
		6539dc	`diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c`
		6539dc	`index f90565f..b6f7b52 100644`
		6539dc	`--- a/source3/winbindd/idmap_util.c`
		6539dc	`+++ b/source3/winbindd/idmap_util.c`
		6539dc	`@@ -160,11 +160,6 @@ backend:`
		6539dc	`*/`
		6539dc	`bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom)`
		6539dc	`{`
		6539dc	`- if (id == 0) {`
		6539dc	`- /* 0 is not an allowed unix id for id mapping */`
		6539dc	`- return false;`
		6539dc	`- }`
		6539dc	`-`
		6539dc	`if ((dom->low_id && (id < dom->low_id)) \|\|`
		6539dc	`(dom->high_id && (id > dom->high_id)))`
		6539dc	`{`
		6539dc	`--`
		6539dc	`2.7.4`
		6539dc
		6539dc
		6539dc	`From 739167276bc26dfc62acdd96cc9cadb5f88dd02b Mon Sep 17 00:00:00 2001`
		6539dc	`From: Michael Adam <obnox@samba.org>`
		6539dc	`Date: Tue, 9 Aug 2016 18:25:12 +0200`
		6539dc	`Subject: [PATCH 2/2] idmap: centrally check that unix IDs returned by the`
		6539dc	`idmap backends are in range`
		6539dc
		6539dc	`Note: in the long run, it might be good to move this kind of`
		6539dc	`exit check (before handing the result back to the client)`
		6539dc	`to the parent winbindd code.`
		6539dc
		6539dc	`BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155`
		6539dc
		6539dc	`Signed-off-by: Michael Adam <obnox@samba.org>`
		6539dc
		6539dc	`(Backported from master commit b2bf61307cffd8ff7b6fb9852c107ab763653119.)`
		6539dc	`---`
		6539dc	`source3/winbindd/winbindd_dual_srv.c \| 4 ++++`
		6539dc	`1 file changed, 4 insertions(+)`
		6539dc
		6539dc	`diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c`
		6539dc	`index cdd9bbd..630d28a 100644`
		6539dc	`--- a/source3/winbindd/winbindd_dual_srv.c`
		6539dc	`+++ b/source3/winbindd/winbindd_dual_srv.c`
		6539dc	`@@ -203,6 +203,10 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p,`
		6539dc	`for (j=0; j`
		6539dc	`struct wbint_TransID *id = &r->in.ids->ids[id_idx[j]];`
		6539dc
		6539dc	`+ if (!idmap_unix_id_is_in_range(ids[j].xid.id, dom)) {`
		6539dc	`+ ids[j].status = ID_UNMAPPED;`
		6539dc	`+ }`
		6539dc	`+`
		6539dc	`if (ids[j].status != ID_MAPPED) {`
		6539dc	`id->xid.id = UINT32_MAX;`
		6539dc	`id->xid.type = ID_TYPE_NOT_SPECIFIED;`
		6539dc	`--`
		6539dc	`2.7.4`
		6539dc

rpms / samba

Source Code

Blame SOURCES/samba-4.4.7-fix_idmap_range_checks.patch