From 7251d8ac688b3238dccd1aacbf3d6f708b22a776 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 19 Aug 2015 16:11:47 +0200 Subject: [PATCH 1/3] s3-auth: Fix 'map to guest = Bad Uid' support BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner (cherry picked from commit 34965d4d98d172e848e2b96fad8a9e0b99288ba7) --- source3/auth/auth_util.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index afa78ec..374e364 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1430,6 +1430,14 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, &username_was_mapped); if (!NT_STATUS_IS_OK(nt_status)) { + /* Handle 'map to guest = Bad Uid */ + if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) && + (lp_security() == SEC_ADS || lp_security() == SEC_DOMAIN) && + lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) { + DEBUG(2, ("Try to map %s to guest account", + nt_username)); + return make_server_info_guest(mem_ctx, server_info); + } return nt_status; } -- 2.5.0 From 3f253b16a0e739f90e9e4deda9bd79b9d7fd2707 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 19 Aug 2015 16:24:08 +0200 Subject: [PATCH 2/3] s3-auth: Pass nt_username to check_account() We set nt_username above but do not use it in this function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner (cherry picked from commit e8c76932e4ac192a00afa3b9731f5921c4b37da6) --- source3/auth/auth_util.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 374e364..cfe8d97 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1425,9 +1425,12 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* this call will try to create the user if necessary */ - nt_status = check_account(mem_ctx, nt_domain, sent_nt_username, - &found_username, &pwd, - &username_was_mapped); + nt_status = check_account(mem_ctx, + nt_domain, + nt_username, + &found_username, + &pwd, + &username_was_mapped); if (!NT_STATUS_IS_OK(nt_status)) { /* Handle 'map to guest = Bad Uid */ -- 2.5.0 From 13763a4b9d1cee03c261cfc95c86d841b5061189 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 19 Aug 2015 16:19:30 +0200 Subject: [PATCH 3/3] s3-auth: Fix a memory leak in make_server_info_info3() We call make_server_info(NULL) and it is possible that we do not free it, because server_info is not allocated on the memory context we pass to the function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner (cherry picked from commit 6363c0232c2238e1a782e9c22ef762e3ff9b7563) --- source3/auth/auth_util.c | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index cfe8d97..773f55c 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1382,6 +1382,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, bool username_was_mapped; struct passwd *pwd; struct auth_serversupplied_info *result; + TALLOC_CTX *tmp_ctx = talloc_stackframe(); /* Here is where we should check the list of @@ -1390,15 +1391,17 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, */ if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) { - return NT_STATUS_INVALID_PARAMETER; + nt_status = NT_STATUS_INVALID_PARAMETER; + goto out; } if (!sid_compose(&group_sid, info3->base.domain_sid, info3->base.primary_gid)) { - return NT_STATUS_INVALID_PARAMETER; + nt_status = NT_STATUS_INVALID_PARAMETER; + goto out; } - nt_username = talloc_strdup(mem_ctx, info3->base.account_name.string); + nt_username = talloc_strdup(tmp_ctx, info3->base.account_name.string); if (!nt_username) { /* If the server didn't give us one, just use the one we sent * them */ @@ -1425,7 +1428,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* this call will try to create the user if necessary */ - nt_status = check_account(mem_ctx, + nt_status = check_account(tmp_ctx, nt_domain, nt_username, &found_username, @@ -1439,15 +1442,19 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) { DEBUG(2, ("Try to map %s to guest account", nt_username)); - return make_server_info_guest(mem_ctx, server_info); + nt_status = make_server_info_guest(tmp_ctx, &result); + if (NT_STATUS_IS_OK(nt_status)) { + *server_info = talloc_move(mem_ctx, &result); + } } - return nt_status; + goto out; } - result = make_server_info(NULL); + result = make_server_info(tmp_ctx); if (result == NULL) { DEBUG(4, ("make_server_info failed!\n")); - return NT_STATUS_NO_MEMORY; + nt_status = NT_STATUS_NO_MEMORY; + goto out; } result->unix_name = talloc_strdup(result, found_username); @@ -1455,8 +1462,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* copy in the info3 */ result->info3 = copy_netr_SamInfo3(result, info3); if (result->info3 == NULL) { - TALLOC_FREE(result); - return NT_STATUS_NO_MEMORY; + nt_status = NT_STATUS_NO_MEMORY; + goto out; } /* Fill in the unix info we found on the way */ @@ -1486,9 +1493,13 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, result->guest = (info3->base.user_flags & NETLOGON_GUEST); - *server_info = result; + *server_info = talloc_move(mem_ctx, &result); - return NT_STATUS_OK; + nt_status = NT_STATUS_OK; +out: + talloc_free(tmp_ctx); + + return nt_status; } /***************************************************************************** -- 2.5.0