From 0377ad7e4e690ea83f4d58a40189c18b04611ae7 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 10 Dec 2003 21:57:14 +0000 Subject: last show stoppers for 3.0.1rc2 (i really mean it this time) --- WHATSNEW.txt | 10 +++++++++- source/groupdb/mapping.c | 28 +++++++++++++++++++++++----- source/include/rpc_misc.h | 2 +- source/lib/iconv.c | 28 ++++++++++++++++++++++++++++ source/passdb/passdb.c | 22 ++++++++++++++++------ source/rpc_parse/parse_misc.c | 2 +- source/rpc_server/srv_lsa_nt.c | 2 +- source/rpc_server/srv_samr_nt.c | 7 ++++++- source/rpc_server/srv_util.c | 14 ++++---------- source/script/installswat.sh | 9 +++++++++ 10 files changed, 98 insertions(+), 26 deletions(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 24e6295d282..3acaa4c11b8 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -35,8 +35,16 @@ details: 7) Protect alloc_sub_basic() from crashing when the source string is NULL (partial work on bug 687). 8) Fix spinlocks on IRIX. -9) Corrected some bad paths with using --with-fhs to configure. +9) Corrected some bad destination paths when running "configure + --with-fhs". 10) Add packaging for Fedora Core 1. +11) Correct bug in SWAT install script for non=english languages. +12) Support character set ISO-8859-1 internally (bug 558). +13) Fixed more LDAP access errors when looking up group mappings + (bug 281). +14) Fix UNISTR2 length bug in LsaQueryInfo(3) that caused SID + resolution to fail on local files on on domain members + (bug 875). Changes since 3.0.1pre3 diff --git a/source/groupdb/mapping.c b/source/groupdb/mapping.c index b1c260581ee..08ac6a25a53 100644 --- a/source/groupdb/mapping.c +++ b/source/groupdb/mapping.c @@ -504,7 +504,8 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) { struct group *grp; - + BOOL ret; + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); return(False); @@ -513,7 +514,12 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) DEBUG(10, ("get_domain_group_from_sid\n")); /* if the group is NOT in the database, it CAN NOT be a domain group */ - if(!pdb_getgrsid(map, sid)) + + become_root(); + ret = pdb_getgrsid(map, sid); + unbecome_root(); + + if ( !ret ) return False; DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n")); @@ -547,14 +553,19 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) { + BOOL ret; + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); return(False); } /* The group is in the mapping table */ + become_root(); + ret = pdb_getgrsid(map, sid); + unbecome_root(); - if( !pdb_getgrsid(map, sid) ) + if ( !ret ) return False; if ( (map->sid_name_use != SID_NAME_ALIAS) @@ -564,7 +575,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) return False; } -#if 0 /* JERRY */ +#if 1 /* JERRY */ /* local groups only exist in the group mapping DB so this is not necessary */ @@ -572,6 +583,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) /* the group isn't in the mapping table. * make one based on the unix information */ uint32 alias_rid; + struct group *grp; sid_peek_rid(&sid, &alias_rid); map->gid=pdb_group_rid_to_gid(alias_rid); @@ -599,13 +611,19 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map) { struct group *grp; + BOOL ret; + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); return(False); } - if(!pdb_getgrsid(map, sid)) + become_root(); + ret = pdb_getgrsid(map, sid); + unbecome_root(); + + if ( !ret ) return False; if (map->sid_name_use!=SID_NAME_WKN_GRP) { diff --git a/source/include/rpc_misc.h b/source/include/rpc_misc.h index aaaad55c20c..29ae2121857 100644 --- a/source/include/rpc_misc.h +++ b/source/include/rpc_misc.h @@ -403,5 +403,5 @@ typedef struct buffer4_info } BUFFER4; -enum unistr2_term_codes { UNI_FLAGS_NONE = 0, UNI_STR_TERMINATE = 1, UNI_MAXLEN_TERMINATE = 2 }; +enum unistr2_term_codes { UNI_FLAGS_NONE = 0, UNI_STR_TERMINATE = 1, UNI_MAXLEN_TERMINATE = 2, UNI_BROKEN_NON_NULL = 3 }; #endif /* _RPC_MISC_H */ diff --git a/source/lib/iconv.c b/source/lib/iconv.c index 9f6db79ee24..b0c13a5ee68 100644 --- a/source/lib/iconv.c +++ b/source/lib/iconv.c @@ -53,6 +53,7 @@ static size_t ascii_pull(void *,char **, size_t *, char **, size_t *); static size_t ascii_push(void *,char **, size_t *, char **, size_t *); +static size_t latin1_push(void *,char **, size_t *, char **, size_t *); static size_t utf8_pull(void *,char **, size_t *, char **, size_t *); static size_t utf8_push(void *,char **, size_t *, char **, size_t *); static size_t ucs2hex_pull(void *,char **, size_t *, char **, size_t *); @@ -64,6 +65,7 @@ static struct charset_functions builtin_functions[] = { {"UTF8", utf8_pull, utf8_push}, {"ASCII", ascii_pull, ascii_push}, {"646", ascii_pull, ascii_push}, + {"ISO-8859-1", ascii_pull, latin1_push}, {"UCS2-HEX", ucs2hex_pull, ucs2hex_push}, {NULL, NULL, NULL} }; @@ -354,6 +356,32 @@ static size_t ascii_push(void *cd, char **inbuf, size_t *inbytesleft, return ir_count; } +static size_t latin1_push(void *cd, char **inbuf, size_t *inbytesleft, + char **outbuf, size_t *outbytesleft) +{ + int ir_count=0; + + while (*inbytesleft >= 2 && *outbytesleft >= 1) { + (*outbuf)[0] = (*inbuf)[0]; + if ((*inbuf)[1]) ir_count++; + (*inbytesleft) -= 2; + (*outbytesleft) -= 1; + (*inbuf) += 2; + (*outbuf) += 1; + } + + if (*inbytesleft == 1) { + errno = EINVAL; + return -1; + } + + if (*inbytesleft > 1) { + errno = E2BIG; + return -1; + } + + return ir_count; +} static size_t ucs2hex_pull(void *cd, char **inbuf, size_t *inbytesleft, char **outbuf, size_t *outbytesleft) diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index 6246cdaee13..cfa39685e39 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -707,6 +707,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use uint32 rid; SAM_ACCOUNT *sam_account = NULL; GROUP_MAP map; + BOOL ret; if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){ DEBUG(0,("local_lookup_sid: sid_peek_check_rid return False! SID: %s\n", @@ -736,9 +737,10 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use /* see if the passdb can help us with the name of the user */ + /* BEING ROOT BLLOCK */ become_root(); if (pdb_getsampwsid(sam_account, sid)) { - unbecome_root(); + unbecome_root(); /* -----> EXIT BECOME_ROOT() */ fstrcpy(name, pdb_get_username(sam_account)); *psid_name_use = SID_NAME_USER; @@ -746,10 +748,13 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use return True; } - unbecome_root(); pdb_free_sam(&sam_account); - - if (pdb_getgrsid(&map, *sid)) { + + ret = pdb_getgrsid(&map, *sid); + unbecome_root(); + /* END BECOME_ROOT BLOCK */ + + if ( ret ) { if (map.gid!=(gid_t)-1) { DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid)); } else { @@ -1233,6 +1238,7 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_ { uint32 rid; GROUP_MAP group; + BOOL ret; *name_type = SID_NAME_UNKNOWN; @@ -1241,8 +1247,12 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_ /* we don't need to disable winbindd since the gid is stored in the GROUP_MAP object */ - - if ( !pdb_getgrsid(&group, *psid) ) { + + become_root(); + pdb_getgrsid(&group, *psid); + unbecome_root(); + + if ( !ret ) { /* fallback to rid mapping if enabled */ diff --git a/source/rpc_parse/parse_misc.c b/source/rpc_parse/parse_misc.c index afdf0fc4c9b..976ba206810 100644 --- a/source/rpc_parse/parse_misc.c +++ b/source/rpc_parse/parse_misc.c @@ -914,7 +914,7 @@ void init_unistr2(UNISTR2 *str, const char *buf, enum unistr2_term_codes flags) str->uni_max_len = num_chars; str->offset = 0; str->uni_str_len = num_chars; - if (num_chars && (flags == UNI_MAXLEN_TERMINATE)) + if ( num_chars && ((flags == UNI_MAXLEN_TERMINATE) || (flags == UNI_BROKEN_NON_NULL)) ) str->uni_max_len++; } diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c index e545d8c2673..2b2cb919245 100644 --- a/source/rpc_server/srv_lsa_nt.c +++ b/source/rpc_server/srv_lsa_nt.c @@ -66,7 +66,7 @@ static void init_dom_query(DOM_QUERY *d_q, const char *dom_name, DOM_SID *dom_si /* this string is supposed to be non-null terminated. */ /* But the maxlen in this UNISTR2 must include the terminating null. */ - init_unistr2(&d_q->uni_domain_name, dom_name, UNI_MAXLEN_TERMINATE); + init_unistr2(&d_q->uni_domain_name, dom_name, UNI_BROKEN_NON_NULL); /* * I'm not sure why this really odd combination of length diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index 7f57a9fc9d4..c84e288a4be 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -1246,6 +1246,7 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM DOM_SID sid; GROUP_MAP map; uint32 acc_granted; + BOOL ret; r_u->status = NT_STATUS_OK; @@ -1262,7 +1263,11 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM !sid_check_is_in_builtin(&sid)) return NT_STATUS_OBJECT_TYPE_MISMATCH; - if (!pdb_getgrsid(&map, sid)) + become_root(); + ret = pdb_getgrsid(&map, sid); + unbecome_root(); + + if ( !ret ) return NT_STATUS_NO_SUCH_ALIAS; switch (q_u->switch_level) { diff --git a/source/rpc_server/srv_util.c b/source/rpc_server/srv_util.c index c2395e6faec..504e6a83c00 100644 --- a/source/rpc_server/srv_util.c +++ b/source/rpc_server/srv_util.c @@ -147,8 +147,6 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui return NT_STATUS_UNSUCCESSFUL; } - become_root(); - for (i=0;i