From: "Gerald (Jerry) Carter"
Christian Perrier wrote:
Our bug. I fixed it last night for next week's 3.0.25a release
(http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.0).
You can either retest against the SAMBA_3_0_25 svn tree or I
can send you a patch.
Jerry, apparently this bug hits Debian's version in etch as it
appeared after the security fix for CVE-2007-2444. See
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424629
As you certainly know, upgrading the version in etch
to 3.0.25a is out of question, so we need to patch the
3.0.24 version to fix this.
So, if you have the patch handy, we'd be deeply interested.
Ah yeah. I didn't think about that. Attached.
Is there a bug report for this issue in Samba's BTS? I can't
find one.
Note sure. We went back and forth with David Rankin on it
getting the necessary information.
Jerry,
The patch is working fine. I have had it running on the production
machine at work since 12:00 am and there have been no *howls* from the rest
of the minions........ and I haven't run into any trouble.
--
David C. Rankin, J.D., P.E.
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankinlawfirm.com
--
--------------------------------------------------------------------------------
=== modified file 'source/smbd/uid.c'
--- source/smbd/uid.c 2007-05-12 16:45:55 +0000
+++ source/smbd/uid.c 2007-05-18 17:33:11 +0000
@@ -151,7 +151,9 @@
char group_c;
BOOL must_free_token = False;
NT_USER_TOKEN *token = NULL;
-
+ int num_groups = 0;
+ gid_t *group_list = NULL;
+
if (!conn) {
DEBUG(2,("change_to_user: Connection not open\n"));
return(False);
@@ -190,14 +192,14 @@
if (conn->force_user) /* security = share sets this too */ {
uid = conn->uid;
gid = conn->gid;
- current_user.ut.groups = conn->groups;
- current_user.ut.ngroups = conn->ngroups;
+ group_list = conn->groups;
+ num_groups = conn->ngroups;
token = conn->nt_user_token;
} else if (vuser) {
uid = conn->admin_user ? 0 : vuser->uid;
gid = vuser->gid;
- current_user.ut.ngroups = vuser->n_groups;
- current_user.ut.groups = vuser->groups;
+ num_groups = vuser->n_groups;
+ group_list = vuser->groups;
token = vuser->nt_user_token;
} else {
DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
@@ -230,8 +232,8 @@
*/
int i;
- for (i = 0; i < current_user.ut.ngroups; i++) {
- if (current_user.ut.groups[i] == conn->gid) {
+ for (i = 0; i < num_groups; i++) {
+ if (group_list[i] == conn->gid) {
gid = conn->gid;
gid_to_sid(&token->user_sids[1], gid);
break;
@@ -243,6 +245,12 @@
}
}
+ /* Now set current_user since we will immediately also call
+ set_sec_ctx() */
+
+ current_user.ut.ngroups = num_groups;
+ current_user.ut.groups = group_list;
+
set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
token);
--------------------------------------------------------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
