From 3bb299ff0a6ca0c82f4ecfef6b81f71891ee0979 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Dec 2012 14:48:43 +0100 Subject: [PATCH 1/3] s3:auth: fix header comment for user_sid_in_group_sid() This function was created in 1c3c5e2156d9096f60bd53a96b88c2f1001d898a and the header comment contained copy'n'paste errors from the original function user_in_group_sid() that took the user name. Signed-off-by: Michael Adam (cherry picked from commit 0770a4c01bef26ec51321cd5b97aea4eab9e00a8) --- source3/auth/token_util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index aad34cb..af10b24 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -845,9 +845,9 @@ done: } /*************************************************************************** - Build upon create_token_from_username: + Build upon create_token_from_usersid: - Expensive helper function to figure out whether a user given its name is + Expensive helper function to figure out whether a user given its sid is member of a particular group. ***************************************************************************/ -- 1.7.9.5 From fde1a7f47a65409643f1b86546fe1263df14f650 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Dec 2012 21:56:42 +0100 Subject: [PATCH 2/3] s3:auth: fix function header comment for user_sid_in_group_sid() This is embarrassing: the commit 0770a4c01bef26ec51321cd5b97aea4eab9e00a8 which intended to fix an earlier copy'n'paste error, contained another typo, fixed with this commit... Signed-off-by: Michael Adam Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Tue Dec 11 00:04:45 CET 2012 on sn-devel-104 (cherry picked from commit 1d949cb0e51a086006612271d6f08305b68aa09c) --- source3/auth/token_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index af10b24..ddfc213 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -845,7 +845,7 @@ done: } /*************************************************************************** - Build upon create_token_from_usersid: + Build upon create_token_from_sid: Expensive helper function to figure out whether a user given its sid is member of a particular group. -- 1.7.9.5 From e52cdeecd27b3409cbee057781b3d5326126d37f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Dec 2012 15:06:27 +0100 Subject: [PATCH 3/3] s3:auth: fix create_token_from_sid() to not fail in the winbindd case Commit 1c3c5e2156d9096f60bd53a96b88c2f1001d898a which factored the sid-based variant out of create_token_from_username() broke the case of a user handled by winbindd in that the "found_username" was set to NULL which caused the function to fail with NT_STATUS_NO_MEMORY further down. This patch fixes the function so that the case of found_username == NULL is cleanly separated from the NO_MEMORY case and the caller can provide the username in this case, if required. This fixes bug #9457. Signed-off-by: Michael Adam Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Mon Dec 10 18:18:54 CET 2012 on sn-devel-104 (cherry picked from commit c5b150b33fc54ed97dbd0736cc6f4c15977d6e70) --- source3/auth/token_util.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index ddfc213..841bc52 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -610,6 +610,11 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx, *found_username = talloc_strdup(mem_ctx, pdb_get_username(sam_acct)); + if (found_username == NULL) { + result = NT_STATUS_NO_MEMORY; + goto done; + } + /* * If the SID from lookup_name() was the guest sid, passdb knows * about the mapping of guest sid to lp_guestaccount() @@ -700,6 +705,10 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx, /* Ensure we're returning the found_username on the right context. */ *found_username = talloc_strdup(mem_ctx, pass->pw_name); + if (found_username == NULL) { + result = NT_STATUS_NO_MEMORY; + goto done; + } } else { /* This user is from winbind, force the primary gid to the @@ -737,7 +746,6 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx, gids = gid; - /* Ensure we're returning the found_username on the right context. */ *found_username = NULL; } @@ -770,7 +778,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx, *token = create_local_nt_token(mem_ctx, user_sid, is_guest, num_group_sids, group_sids); - if ((*token == NULL) || (*found_username == NULL)) { + if (*token == NULL) { result = NT_STATUS_NO_MEMORY; goto done; } -- 1.7.9.5