From 7e9a20a41dda08b69659d9180a5ac9a64ae2ce05 Mon Sep 17 00:00:00 2001 From: Guenther Deschner Date: Apr 28 2009 13:18:24 +0000 Subject: Fix "force user" resolves: #497708 Guenther --- diff --git a/samba-3.2.11-force_user.patch b/samba-3.2.11-force_user.patch new file mode 100644 index 0000000..d5d3293 --- /dev/null +++ b/samba-3.2.11-force_user.patch @@ -0,0 +1,64 @@ +diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c +index 24b05a5..175a234 100644 +--- a/source/auth/auth_util.c ++++ b/source/auth/auth_util.c +@@ -867,6 +867,33 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, + *found_username = talloc_strdup(mem_ctx, + pdb_get_username(sam_acct)); + ++ /* ++ * If the SID from lookup_name() was the guest sid, passdb knows ++ * about the mapping of guest sid to lp_guestaccount() ++ * username and will return the unix_pw info for a guest ++ * user. Use it if it's there, else lookup the *uid details ++ * using getpwnam_alloc(). See bug #6291 for details. JRA. ++ */ ++ ++ /* We must always assign the *uid. */ ++ if (sam_acct->unix_pw == NULL) { ++ struct passwd *pwd = getpwnam_alloc(sam_acct, *found_username ); ++ if (!pwd) { ++ DEBUG(10, ("getpwnam_alloc failed for %s\n", ++ *found_username)); ++ result = NT_STATUS_NO_SUCH_USER; ++ goto done; ++ } ++ result = samu_set_unix(sam_acct, pwd ); ++ if (!NT_STATUS_IS_OK(result)) { ++ DEBUG(10, ("samu_set_unix failed for %s\n", ++ *found_username)); ++ result = NT_STATUS_NO_SUCH_USER; ++ goto done; ++ } ++ } ++ *uid = sam_acct->unix_pw->pw_uid; ++ + } else if (sid_check_is_in_unix_users(&user_sid)) { + + /* This is a unix user not in passdb. We need to ask nss +@@ -883,8 +910,9 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, + unix_user: + + if (!sid_to_uid(&user_sid, uid)) { +- DEBUG(1, ("sid_to_uid for %s (%s) failed\n", ++ DEBUG(1, ("unix_user case, sid_to_uid for %s (%s) failed\n", + username, sid_string_dbg(&user_sid))); ++ result = NT_STATUS_NO_SUCH_USER; + goto done; + } + +@@ -937,6 +965,14 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, + + uint32 dummy; + ++ /* We must always assign the *uid. */ ++ if (!sid_to_uid(&user_sid, uid)) { ++ DEBUG(1, ("winbindd case, sid_to_uid for %s (%s) failed\n", ++ username, sid_string_dbg(&user_sid))); ++ result = NT_STATUS_NO_SUCH_USER; ++ goto done; ++ } ++ + num_group_sids = 1; + group_sids = TALLOC_ARRAY(tmp_ctx, DOM_SID, num_group_sids); + if (group_sids == NULL) { diff --git a/samba.spec b/samba.spec index 03b948d..361e8b0 100644 --- a/samba.spec +++ b/samba.spec @@ -1,4 +1,4 @@ -%define main_release 28 +%define main_release 29 %define samba_version 3.2.11 %define tdb_version 1.1.1 %define talloc_version 1.2.0 @@ -46,6 +46,7 @@ Patch107: samba-3.2.0pre1-grouppwd.patch Patch110: samba-3.0.21pre1-smbspool.patch Patch111: samba-3.0.13-smbclient.patch Patch200: samba-3.0.25rc1-inotifiy.patch +Patch201: samba-3.2.11-force_user.patch Requires(pre): samba-common = %{epoch}:%{version}-%{release} Requires: pam >= 0:0.64 @@ -252,6 +253,7 @@ cp %{SOURCE11} packaging/Fedora/ #%patch110 -p1 -b .smbspool # FIXME: does not apply #%patch111 -p1 -b .smbclient # FIXME: does not apply #%patch200 -p0 -b .inotify # FIXME: does not compile +%patch201 -p1 -b .force_user mv source/VERSION source/VERSION.orig sed -e 's/SAMBA_VERSION_VENDOR_SUFFIX=$/&\"%{samba_release}\"/' < source/VERSION.orig > source/VERSION @@ -824,6 +826,10 @@ exit 0 %{_datadir}/pixmaps/samba/logo-small.png %changelog +* Tue Apr 28 2009 Guenther Deschner - 3.2.11-0.29 +- Fix "force user" +- resolves: #497708 + * Sun Apr 19 2009 Guenther Deschner - 3.2.11-0.28 - Update to 3.2.11