The branch, v4-1-test has been updated via 49e39b0 s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup. via 516f518 lib: replace: Add strsep function (missing on Solaris). from e889ea3 s3-auth: Fix a possible null pointer dereference
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log ----------------------------------------------------------------- commit 49e39b05ca637cce4621ac60ed3bb536c0ac544a Author: Justin Maggard <jmagg...@netgear.com> Date: Tue Jul 21 15:17:30 2015 -0700 s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup. Somewhere along the line, a config line like "valid users = @foo" broke when "foo" also exists as a user. user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP flag; but lookup_name() was not respecting that flag, and went ahead and looked for users anyway. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320 Signed-off-by: Justin Maggard <jmagg...@netgear.com> Reviewed-by: Jeremy Allison <j...@samba.org> Reviewed-by: Marc Muehlfeld <mmuehlf...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104 (cherry picked from commit dc99d451bf23668d73878847219682fced547622) Autobuild-User(v4-1-test): Stefan Metzmacher <me...@samba.org> Autobuild-Date(v4-1-test): Mon Aug 3 20:03:05 CEST 2015 on sn-devel-104 commit 516f518aa736d1f53c2e35c421f16f5090d51796 Author: Jeremy Allison <j...@samba.org> Date: Wed Jul 15 10:43:56 2015 -0700 lib: replace: Add strsep function (missing on Solaris). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11359 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ira Cooper <i...@wakeful.net> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Wed Jul 29 02:24:55 CEST 2015 on sn-devel-104 (cherry picked from commit f07b746ad3f3ee2fcbb65a0d452ed80f07c9e8f9) ----------------------------------------------------------------------- Summary of changes: lib/replace/replace.c | 20 ++++++++++++++++++++ lib/replace/replace.h | 5 +++++ lib/replace/wscript | 4 ++-- source3/passdb/lookup_sid.c | 4 ++-- source3/passdb/lookup_sid.h | 2 +- 5 files changed, 30 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/replace.c b/lib/replace/replace.c index 37edb31..488da0a 100644 --- a/lib/replace/replace.c +++ b/lib/replace/replace.c @@ -467,6 +467,26 @@ char *rep_strcasestr(const char *haystack, const char *needle) } #endif +#ifndef HAVE_STRSEP +char *rep_strsep(char **pps, const char *delim) +{ + char *ret = *pps; + char *p = *pps; + + if (p == NULL) { + return NULL; + } + p += strcspn(p, delim); + if (*p == '\0') { + *pps = NULL; + } else { + *p = '\0'; + *pps = p + 1; + } + return ret; +} +#endif + #ifndef HAVE_STRTOK_R /* based on GLIBC version, copyright Free Software Foundation */ char *rep_strtok_r(char *s, const char *delim, char **save_ptr) diff --git a/lib/replace/replace.h b/lib/replace/replace.h index cd0c25e..57163a9 100644 --- a/lib/replace/replace.h +++ b/lib/replace/replace.h @@ -345,6 +345,11 @@ void rep_setlinebuf(FILE *); char *rep_strcasestr(const char *haystack, const char *needle); #endif +#ifndef HAVE_STRSEP +#define strsep rep_strsep +char *rep_strsep(char **pps, const char *delim); +#endif + #ifndef HAVE_STRTOK_R #define strtok_r rep_strtok_r char *rep_strtok_r(char *s, const char *delim, char **save_ptr); diff --git a/lib/replace/wscript b/lib/replace/wscript index f0040b1..27a8138 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -271,7 +271,7 @@ struct foo bar = { .y = 'X', .x = 1 }; conf.CHECK_FUNCS('lstat getpgrp utime utimes setuid seteuid setreuid setresuid setgid setegid') conf.CHECK_FUNCS('setregid setresgid chroot strerror vsyslog setlinebuf mktime') conf.CHECK_FUNCS('ftruncate chsize rename waitpid wait4') - conf.CHECK_FUNCS('initgroups pread pwrite strndup strcasestr') + conf.CHECK_FUNCS('initgroups pread pwrite strndup strcasestr strsep') conf.CHECK_FUNCS('strtok_r mkdtemp dup2 dprintf vdprintf isatty chown lchown') conf.CHECK_FUNCS('link readlink symlink realpath snprintf vsnprintf') conf.CHECK_FUNCS('asprintf vasprintf setenv unsetenv strnlen strtoull __strtoull') @@ -605,7 +605,7 @@ REPLACEMENT_FUNCTIONS = { 'memmove', 'strdup', 'setlinebuf', 'vsyslog', 'strnlen', 'strndup', 'waitpid', 'seteuid', 'setegid', 'chroot', 'mkstemp', 'mkdtemp', 'pread', 'pwrite', 'strcasestr', - 'strtok_r', 'strtoll', 'strtoull', 'setenv', 'unsetenv', + 'strsep', 'strtok_r', 'strtoll', 'strtoull', 'setenv', 'unsetenv', 'utime', 'utimes', 'dup2', 'chown', 'link', 'readlink', 'symlink', 'lchown', 'realpath', 'memmem', 'vdprintf', 'dprintf', 'get_current_dir_name', diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index f10ebb7..950757b 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -120,7 +120,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, goto ok; } - if (((flags & LOOKUP_NAME_NO_NSS) == 0) + if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0) && strequal(domain, unix_users_domain_name())) { if (lookup_unix_user_name(name, &sid)) { type = SID_NAME_USER; @@ -293,7 +293,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, /* 11. Ok, windows would end here. Samba has two more options: Unmapped users and unmapped groups */ - if (((flags & LOOKUP_NAME_NO_NSS) == 0) + if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0) && lookup_unix_user_name(name, &sid)) { domain = talloc_strdup(tmp_ctx, unix_users_domain_name()); type = SID_NAME_USER; diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h index 872f4ef..8b5edf6 100644 --- a/source3/passdb/lookup_sid.h +++ b/source3/passdb/lookup_sid.h @@ -31,7 +31,7 @@ struct unixid; #define LOOKUP_NAME_NONE 0x00000000 #define LOOKUP_NAME_ISOLATED 0x00000001 /* Look up unqualified names */ #define LOOKUP_NAME_REMOTE 0x00000002 /* Ask others */ -#define LOOKUP_NAME_GROUP 0x00000004 /* (unused) This is a NASTY hack for +#define LOOKUP_NAME_GROUP 0x00000004 /* This is a NASTY hack for valid users = @foo where foo also exists in as user. */ #define LOOKUP_NAME_NO_NSS 0x00000008 /* no NSS calls to avoid -- Samba Shared Repository