-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christian Perrier wrote: >> Our bug. I fixed it last night for next week's 3.0.25a release >> (http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.0). >> >> You can either retest against the SAMBA_3_0_25 svn tree or I >> can send you a patch. > > > Jerry, apparently this bug hits Debian's version in etch as it > appeared after the security fix for CVE-2007-2444. See > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424629 > > As you certainly know, upgrading the version in etch > to 3.0.25a is out of question, so we need to patch the > 3.0.24 version to fix this. > > So, if you have the patch handy, we'd be deeply interested.
Ah yeah. I didn't think about that. Attached. > Is there a bug report for this issue in Samba's BTS? I can't > find one. Note sure. We went back and forth with David Rankin on it getting the necessary information. cheers, jerry ===================================================================== Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTeSIIR7qMdg1EfYRAoygAJ9zPh6jIMt5ri9UzuNLtEgiiDekHQCgndPF DyDNcagDKoir8QjGfBZPY1o= =w3wZ -----END PGP SIGNATURE-----
=== modified file 'source/smbd/uid.c' --- source/smbd/uid.c 2007-05-12 16:45:55 +0000 +++ source/smbd/uid.c 2007-05-18 17:33:11 +0000 @@ -151,7 +151,9 @@ char group_c; BOOL must_free_token = False; NT_USER_TOKEN *token = NULL; - + int num_groups = 0; + gid_t *group_list = NULL; + if (!conn) { DEBUG(2,("change_to_user: Connection not open\n")); return(False); @@ -190,14 +192,14 @@ if (conn->force_user) /* security = share sets this too */ { uid = conn->uid; gid = conn->gid; - current_user.ut.groups = conn->groups; - current_user.ut.ngroups = conn->ngroups; + group_list = conn->groups; + num_groups = conn->ngroups; token = conn->nt_user_token; } else if (vuser) { uid = conn->admin_user ? 0 : vuser->uid; gid = vuser->gid; - current_user.ut.ngroups = vuser->n_groups; - current_user.ut.groups = vuser->groups; + num_groups = vuser->n_groups; + group_list = vuser->groups; token = vuser->nt_user_token; } else { DEBUG(2,("change_to_user: Invalid vuid used %d in accessing " @@ -230,8 +232,8 @@ */ int i; - for (i = 0; i < current_user.ut.ngroups; i++) { - if (current_user.ut.groups[i] == conn->gid) { + for (i = 0; i < num_groups; i++) { + if (group_list[i] == conn->gid) { gid = conn->gid; gid_to_sid(&token->user_sids[1], gid); break; @@ -243,6 +245,12 @@ } } + /* Now set current_user since we will immediately also call + set_sec_ctx() */ + + current_user.ut.ngroups = num_groups; + current_user.ut.groups = group_list; + set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups, token);