The branch, master has been updated via 0e376db Second part of fix for bug #7933 - samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module. via 7936fb0 Fix bug #8807 - dcerpc_lsa_lookup_sids_noalloc() crashes when groups has more than 1000 groups from 8458043 s4-python: Add missing python source file encoding.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 0e376db8b8b3770b189fbd9b3874406bcafcfd32 Author: Jeremy Allison <j...@samba.org> Date: Tue Mar 13 12:16:26 2012 -0700 Second part of fix for bug #7933 - samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module. Error found by Andrew Bartlett <abart...@samba.org> and Ricky Nance <ricky.na...@weaubleau.k12.mo.us>. Don't use a pointer when you really mean a bool flag. Autobuild-User: Jeremy Allison <j...@samba.org> Autobuild-Date: Tue Mar 13 21:56:15 CET 2012 on sn-devel-104 commit 7936fb0ab8c3413768e83975c9d8544d653ee13c Author: Christian Ambach <a...@samba.org> Date: Tue Mar 13 10:07:11 2012 -0700 Fix bug #8807 - dcerpc_lsa_lookup_sids_noalloc() crashes when groups has more than 1000 groups Use correct talloc heirarchy. Signed-off-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/rpc_client/cli_lsarpc.c | 10 +++++++--- source3/smbd/posix_acls.c | 10 ++++++---- 2 files changed, 13 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 59ca3b0..c6e402d 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -166,6 +166,8 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct dcerpc_binding_handle *h, TALLOC_CTX *mem_ctx, + TALLOC_CTX *domains_ctx, + TALLOC_CTX *names_ctx, struct policy_handle *pol, int num_sids, const struct dom_sid *sids, @@ -287,7 +289,7 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct dcerpc_binding_handle *h, name = lsa_names.names[i].name.string; if (name) { - (names)[i] = talloc_strdup(names, name); + (names)[i] = talloc_strdup(names_ctx, name); if ((names)[i] == NULL) { DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n")); *presult = NT_STATUS_UNSUCCESSFUL; @@ -296,7 +298,7 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct dcerpc_binding_handle *h, } else { (names)[i] = NULL; } - domains[i] = talloc_strdup(domains, + domains[i] = talloc_strdup(domains_ctx, dom_name ? dom_name : ""); (types)[i] = lsa_names.names[i].sid_type; if ((domains)[i] == NULL) { @@ -394,6 +396,8 @@ static NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, status = dcerpc_lsa_lookup_sids_noalloc(h, mem_ctx, + (TALLOC_CTX *)domains, + (TALLOC_CTX *)names, pol, hunk_num_sids, hunk_sids, @@ -433,7 +437,7 @@ static NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, } sids_left -= hunk_num_sids; - sids_processed += hunk_num_sids; /* only used in DEBUG */ + sids_processed += hunk_num_sids; hunk_sids += hunk_num_sids; hunk_domains += hunk_num_sids; hunk_names += hunk_num_sids; diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 029eeae..f54bfa1 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1502,20 +1502,22 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace then if the ownership or group ownership of this file or directory gets changed, the user or group can lose their access. */ + bool got_duplicate_user = false; + bool got_duplicate_group = false; for (pace = *pp_ace; pace; pace = pace->next) { if (pace->type == SMB_ACL_USER && pace->unix_ug.uid == pace_user->unix_ug.uid) { /* Already got one. */ - pace_user = NULL; + got_duplicate_user = true; } else if (pace->type == SMB_ACL_USER && pace->unix_ug.uid == pace_user->unix_ug.uid) { /* Already got one. */ - pace_group = NULL; + got_duplicate_group = true; } } - if (pace_user) { + if (!got_duplicate_user) { /* Add a duplicate SMB_ACL_USER entry. */ if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) { DEBUG(0,("ensure_canon_entry_valid: talloc fail.\n")); @@ -1533,7 +1535,7 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace DLIST_ADD(*pp_ace, pace); } - if (pace_group) { + if (!got_duplicate_group) { /* Add a duplicate SMB_ACL_GROUP entry. */ if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) { DEBUG(0,("ensure_canon_entry_valid: talloc fail.\n")); -- Samba Shared Repository