From 4438a33e0e3621e9b178620ba0e543069bf85012 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 19 Aug 2015 16:11:47 +0200
Subject: [PATCH 1/3] s3-auth: Fix 'map to guest = Bad Uid' support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 34965d4d98d172e848e2b96fad8a9e0b99288ba7)
---
source3/auth/auth_util.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 1c2cf80..dcf173d 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1397,6 +1397,14 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
&username_was_mapped);
if (!NT_STATUS_IS_OK(nt_status)) {
+ /* Handle 'map to guest = Bad Uid */
+ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) &&
+ (lp_security() == SEC_ADS || lp_security() == SEC_DOMAIN) &&
+ lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) {
+ DEBUG(2, ("Try to map %s to guest account",
+ nt_username));
+ return make_server_info_guest(mem_ctx, server_info);
+ }
return nt_status;
}
--
2.5.0
From e0cfca754ed1c540f3b8a5adcea3bd85aac74930 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 19 Aug 2015 16:24:08 +0200
Subject: [PATCH 2/3] s3-auth: Pass nt_username to check_account()
We set nt_username above but do not use it in this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit e8c76932e4ac192a00afa3b9731f5921c4b37da6)
---
source3/auth/auth_util.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index dcf173d..688072e 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1392,9 +1392,12 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
/* this call will try to create the user if necessary */
- nt_status = check_account(mem_ctx, nt_domain, sent_nt_username,
- &found_username, &pwd,
- &username_was_mapped);
+ nt_status = check_account(mem_ctx,
+ nt_domain,
+ nt_username,
+ &found_username,
+ &pwd,
+ &username_was_mapped);
if (!NT_STATUS_IS_OK(nt_status)) {
/* Handle 'map to guest = Bad Uid */
--
2.5.0
From 2b31b935a824d340876af24568c84bab6d4462cc Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 19 Aug 2015 16:19:30 +0200
Subject: [PATCH 3/3] s3-auth: Fix a memory leak in make_server_info_info3()
We call make_server_info(NULL) and it is possible that we do not free
it, because server_info is not allocated on the memory context we pass
to the function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 6363c0232c2238e1a782e9c22ef762e3ff9b7563)
---
source3/auth/auth_util.c | 35 +++++++++++++++++++++++------------
1 file changed, 23 insertions(+), 12 deletions(-)
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 688072e..2b355e4 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1349,6 +1349,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
bool username_was_mapped;
struct passwd *pwd;
struct auth_serversupplied_info *result;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
/*
Here is where we should check the list of
@@ -1357,15 +1358,17 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
*/
if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) {
- return NT_STATUS_INVALID_PARAMETER;
+ nt_status = NT_STATUS_INVALID_PARAMETER;
+ goto out;
}
if (!sid_compose(&group_sid, info3->base.domain_sid,
info3->base.primary_gid)) {
- return NT_STATUS_INVALID_PARAMETER;
+ nt_status = NT_STATUS_INVALID_PARAMETER;
+ goto out;
}
- nt_username = talloc_strdup(mem_ctx, info3->base.account_name.string);
+ nt_username = talloc_strdup(tmp_ctx, info3->base.account_name.string);
if (!nt_username) {
/* If the server didn't give us one, just use the one we sent
* them */
@@ -1392,7 +1395,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
/* this call will try to create the user if necessary */
- nt_status = check_account(mem_ctx,
+ nt_status = check_account(tmp_ctx,
nt_domain,
nt_username,
&found_username,
@@ -1406,15 +1409,19 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) {
DEBUG(2, ("Try to map %s to guest account",
nt_username));
- return make_server_info_guest(mem_ctx, server_info);
+ nt_status = make_server_info_guest(tmp_ctx, &result);
+ if (NT_STATUS_IS_OK(nt_status)) {
+ *server_info = talloc_move(mem_ctx, &result);
+ }
}
- return nt_status;
+ goto out;
}
- result = make_server_info(NULL);
+ result = make_server_info(tmp_ctx);
if (result == NULL) {
DEBUG(4, ("make_server_info failed!\n"));
- return NT_STATUS_NO_MEMORY;
+ nt_status = NT_STATUS_NO_MEMORY;
+ goto out;
}
result->unix_name = talloc_strdup(result, found_username);
@@ -1422,8 +1429,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
/* copy in the info3 */
result->info3 = copy_netr_SamInfo3(result, info3);
if (result->info3 == NULL) {
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
+ nt_status = NT_STATUS_NO_MEMORY;
+ goto out;
}
/* Fill in the unix info we found on the way */
@@ -1453,9 +1460,13 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
result->guest = (info3->base.user_flags & NETLOGON_GUEST);
- *server_info = result;
+ *server_info = talloc_move(mem_ctx, &result);
- return NT_STATUS_OK;
+ nt_status = NT_STATUS_OK;
+out:
+ talloc_free(tmp_ctx);
+
+ return nt_status;
}
/*****************************************************************************
--
2.5.0