1 |
unnilennium |
1.1 |
From 6dfc274ce5ae036a95ac2d7f6f9182c7f5a5b50f Mon Sep 17 00:00:00 2001 |
2 |
|
|
From: Andreas Schneider <asn@samba.org> |
3 |
|
|
Date: Mon, 19 Sep 2016 13:59:54 +0200 |
4 |
|
|
Subject: [PATCH] s3-lib: Fix %G substitution in AD member environment |
5 |
|
|
|
6 |
|
|
If we are a domain member we should look up the user with the domain |
7 |
|
|
name specified else it will only work if we have |
8 |
|
|
'winbind use default domain' set. |
9 |
|
|
|
10 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12276 |
11 |
|
|
|
12 |
|
|
Signed-off-by: Andreas Schneider <asn@samba.org> |
13 |
|
|
Reviewed-by: Ralph Boehme <slow@samba.org> |
14 |
|
|
(cherry picked from commit 619ca5f63c47ff8b021692aaa756dcb0d883b8dd) |
15 |
|
|
--- |
16 |
|
|
source3/lib/substitute.c | 24 ++++++++++++++++++------ |
17 |
|
|
1 file changed, 18 insertions(+), 6 deletions(-) |
18 |
|
|
|
19 |
|
|
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c |
20 |
|
|
index 4e2ce9b..1f98327 100644 |
21 |
|
|
--- a/source3/lib/substitute.c |
22 |
|
|
+++ b/source3/lib/substitute.c |
23 |
|
|
@@ -499,15 +499,18 @@ char *talloc_sub_basic(TALLOC_CTX *mem_ctx, |
24 |
|
|
break; |
25 |
|
|
case 'G' : { |
26 |
|
|
struct passwd *pass; |
27 |
|
|
+ bool is_domain_name = false; |
28 |
|
|
+ const char *sep = lp_winbind_separator(); |
29 |
|
|
|
30 |
|
|
if (domain_name != NULL && domain_name[0] != '\0' && |
31 |
|
|
- !strequal(domain_name, my_sam_name())) |
32 |
|
|
- { |
33 |
|
|
+ (lp_security() == SEC_ADS || |
34 |
|
|
+ lp_security() == SEC_DOMAIN)) { |
35 |
|
|
r = talloc_asprintf(tmp_ctx, |
36 |
|
|
"%s%c%s", |
37 |
|
|
domain_name, |
38 |
|
|
- *lp_winbind_separator(), |
39 |
|
|
+ *sep, |
40 |
|
|
smb_name); |
41 |
|
|
+ is_domain_name = true; |
42 |
|
|
} else { |
43 |
|
|
r = talloc_strdup(tmp_ctx, smb_name); |
44 |
|
|
} |
45 |
|
|
@@ -517,9 +520,18 @@ char *talloc_sub_basic(TALLOC_CTX *mem_ctx, |
46 |
|
|
|
47 |
|
|
pass = Get_Pwnam_alloc(tmp_ctx, r); |
48 |
|
|
if (pass != NULL) { |
49 |
|
|
- a_string = realloc_string_sub( |
50 |
|
|
- a_string, "%G", |
51 |
|
|
- gidtoname(pass->pw_gid)); |
52 |
|
|
+ char *group_name; |
53 |
|
|
+ |
54 |
|
|
+ group_name = gidtoname(pass->pw_gid); |
55 |
|
|
+ if (is_domain_name) { |
56 |
|
|
+ p = strchr_m(group_name, *sep); |
57 |
|
|
+ if (p != NULL) { |
58 |
|
|
+ group_name = p + 1; |
59 |
|
|
+ } |
60 |
|
|
+ } |
61 |
|
|
+ a_string = realloc_string_sub(a_string, |
62 |
|
|
+ "%G", |
63 |
|
|
+ group_name); |
64 |
|
|
} |
65 |
|
|
TALLOC_FREE(pass); |
66 |
|
|
break; |
67 |
|
|
-- |
68 |
|
|
2.10.1 |
69 |
|
|
|
70 |
|
|
From d851e487422808b6d3ba2738daa1c697e569bd27 Mon Sep 17 00:00:00 2001 |
71 |
|
|
From: Volker Lendecke <vl@samba.org> |
72 |
|
|
Date: Wed, 12 Oct 2016 12:35:12 +0200 |
73 |
|
|
Subject: [PATCH] lib: Fix CID 1373623 Dereference after null check |
74 |
|
|
MIME-Version: 1.0 |
75 |
|
|
Content-Type: text/plain; charset=UTF-8 |
76 |
|
|
Content-Transfer-Encoding: 8bit |
77 |
|
|
|
78 |
|
|
We should not overload "p", this is used in the outer loop |
79 |
|
|
|
80 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12276 |
81 |
|
|
Signed-off-by: Volker Lendecke <vl@samba.org> |
82 |
|
|
Reviewed-by: Ralph Böhme <slow@samba.org> |
83 |
|
|
Reviewed-by: Jeremy Allison <jra@samba.org> |
84 |
|
|
(cherry picked from commit 6ec81ca3c196f3c4659a4e1c473759b393708d12) |
85 |
|
|
--- |
86 |
|
|
source3/lib/substitute.c | 7 ++++--- |
87 |
|
|
1 file changed, 4 insertions(+), 3 deletions(-) |
88 |
|
|
|
89 |
|
|
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c |
90 |
|
|
index 1f98327..f56e2c4 100644 |
91 |
|
|
--- a/source3/lib/substitute.c |
92 |
|
|
+++ b/source3/lib/substitute.c |
93 |
|
|
@@ -524,9 +524,10 @@ char *talloc_sub_basic(TALLOC_CTX *mem_ctx, |
94 |
|
|
|
95 |
|
|
group_name = gidtoname(pass->pw_gid); |
96 |
|
|
if (is_domain_name) { |
97 |
|
|
- p = strchr_m(group_name, *sep); |
98 |
|
|
- if (p != NULL) { |
99 |
|
|
- group_name = p + 1; |
100 |
|
|
+ char *group_sep; |
101 |
|
|
+ group_sep = strchr_m(group_name, *sep); |
102 |
|
|
+ if (group_sep != NULL) { |
103 |
|
|
+ group_name = group_sep + 1; |
104 |
|
|
} |
105 |
|
|
} |
106 |
|
|
a_string = realloc_string_sub(a_string, |
107 |
|
|
-- |
108 |
|
|
2.10.1 |
109 |
|
|
|