diff options
| -rw-r--r-- | source/passdb/nispass.c | 23 | ||||
| -rw-r--r-- | source/passdb/passdb.c | 132 |
2 files changed, 103 insertions, 52 deletions
diff --git a/source/passdb/nispass.c b/source/passdb/nispass.c index 0204a7b308d..3e6e27af5f2 100644 --- a/source/passdb/nispass.c +++ b/source/passdb/nispass.c @@ -19,9 +19,26 @@ * Mass Ave, Cambridge, MA 02139, USA. */ +#include "includes.h" + #ifdef WITH_NISPLUS -#include "includes.h" +/* + * The following lines are needed due to buggy include files + * in Solaris 2.6 which define GROUP in both /usr/include/acl.h and + * also in /usr/include/rpcsvc/nis.h. The definitions conflict. JRA. + * Also GROUP_OBJ is defined as 0x4 in /usr/include/acl.h and as + * an enum in /usr/include/rpcsvc/nis.h. + */ + +#if defined(GROUP) +#undef GROUP +#endif + +#if defined(GROUP_OBJ) +#undef GROUP_OBJ +#endif + #include <rpcsvc/nis.h> extern int DEBUGLEVEL; @@ -154,7 +171,7 @@ static void get_single_attribute(nis_object *new_obj, int col, len = entry_len; } - safe_strcpy(val, len, ENTRY_VAL(new_obj, col)); + safe_strcpy(val, ENTRY_VAL(new_obj, col), len-1); } /*************************************************************** @@ -376,7 +393,7 @@ static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd) slprintf(smb_grpid, sizeof(smb_grpid), "%u", newpwd->smb_grpid); slprintf(group_rid, sizeof(group_rid), "0x%x", newpwd->group_rid); - safe_strcpy(acb, pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), sizeof(acb)); + safe_strcpy(acb, pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), sizeof(acb)-1); set_single_attribute(&new_obj, NPF_NAME , newpwd->smb_name , strlen(newpwd->smb_name) , 0); set_single_attribute(&new_obj, NPF_UID , uid , strlen(uid) , 0); diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index 621ec213b26..0d343464369 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -825,7 +825,7 @@ BOOL pdb_generate_sam_sid(void) pstring sid_file; fstring sid_string; SMB_STRUCT_STAT st; - uchar raw_sid_data[12]; + BOOL overwrite_bad_sid = False; pstrcpy(sid_file, lp_smb_passwd_file()); p = strrchr(sid_file, '/'); @@ -870,28 +870,57 @@ BOOL pdb_generate_sam_sid(void) close(fd); return False; } - close(fd); - return True; - } - - /* - * The file contains no data - we need to generate our - * own sid. - */ - - { /* + * Check for a previous bug where we were writing + * a machine SID with an incorrect id_auth[5] of *decimal* + * 21 which should have been hex 21. If so then fix it now... + */ + if(global_sam_sid.num_auths > 0 && global_sam_sid.sub_auths[0] == 21) { + /* + * Fix and re-write... + */ + overwrite_bad_sid = True; + global_sam_sid.sub_auths[0] = 0x21; + DEBUG(5,("pdb_generate_sam_sid: Old (incorrect) sid id_auth of decimal 21 \ +detected - re-writing to be hex 0x21 instead.\n" )); + sid_to_string(sid_string, &global_sam_sid); + if(sys_lseek(fd, (SMB_OFF_T)0, SEEK_SET) != 0) { + DEBUG(0,("unable to seek file file %s. Error was %s\n", + sid_file, strerror(errno) )); + close(fd); + return False; + } + } else { + close(fd); + return True; + } + } else { + /* + * The file contains no data - we need to generate our + * own sid. * Generate the new sid data & turn it into a string. */ int i; - generate_random_buffer( raw_sid_data, 12, True); - + uchar raw_sid_data[12]; + DOM_SID mysid; + + memset((char *)&mysid, '\0', sizeof(DOM_SID)); + mysid.sid_rev_num = 1; + mysid.id_auth[5] = 5; + mysid.num_auths = 0; + mysid.sub_auths[mysid.num_auths++] = 0x21; + +#if 0 + /* NB. This replaces this older code : */ fstrcpy( sid_string, "S-1-5-21"); - for( i = 0; i < 3; i++) { - fstring tmp_string; - slprintf( tmp_string, sizeof(tmp_string) - 1, "-%u", IVAL(raw_sid_data, i*4)); - fstrcat( sid_string, tmp_string); - } + /* which was incorrect - the 21 shoud have been 33 !. JRA. */ +#endif + + generate_random_buffer( raw_sid_data, 12, True); + for( i = 0; i < 3; i++) + mysid.sub_auths[mysid.num_auths++] = IVAL(raw_sid_data, i*4); + + sid_to_string(sid_string, &mysid); } fstrcat(sid_string, "\n"); @@ -915,44 +944,47 @@ BOOL pdb_generate_sam_sid(void) close(fd); return False; } - - /* - * At this point we have a blocking lock on the SID - * file - check if in the meantime someone else wrote - * SID data into the file. If so - they were here first, - * use their data. - */ - - if(sys_fstat( fd, &st) < 0) { - DEBUG(0,("unable to stat file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - if(st.st_size > 0) { + + if(!overwrite_bad_sid) { /* - * Unlock as soon as possible to reduce - * contention on the exclusive lock. - */ - do_file_lock( fd, 60, F_UNLCK); - - /* - * We have a valid SID - read it. + * At this point we have a blocking lock on the SID + * file - check if in the meantime someone else wrote + * SID data into the file. If so - they were here first, + * use their data. */ - - if(!read_sid_from_file( fd, sid_file)) { - DEBUG(0,("unable to read file %s. Error was %s\n", + + if(sys_fstat( fd, &st) < 0) { + DEBUG(0,("unable to stat file %s. Error was %s\n", sid_file, strerror(errno) )); close(fd); return False; - } - close(fd); - return True; - } + } + + if(st.st_size > 0) { + /* + * Unlock as soon as possible to reduce + * contention on the exclusive lock. + */ + do_file_lock( fd, 60, F_UNLCK); + + /* + * We have a valid SID - read it. + */ + + if(!read_sid_from_file( fd, sid_file)) { + DEBUG(0,("unable to read file %s. Error was %s\n", + sid_file, strerror(errno) )); + close(fd); + return False; + } + close(fd); + return True; + } + } /* - * The file is still empty and we have an exlusive lock on it. + * The file is still empty and we have an exlusive lock on it, + * or we're fixing an earlier mistake. * Write out out SID data into the file. */ @@ -964,6 +996,7 @@ BOOL pdb_generate_sam_sid(void) if(chmod(sid_file, 0644) < 0) { DEBUG(0,("unable to set correct permissions on file %s. \ Error was %s\n", sid_file, strerror(errno) )); + do_file_lock( fd, 60, F_UNLCK); close(fd); return False; } @@ -971,6 +1004,7 @@ Error was %s\n", sid_file, strerror(errno) )); if(write( fd, sid_string, strlen(sid_string)) != strlen(sid_string)) { DEBUG(0,("unable to write file %s. Error was %s\n", sid_file, strerror(errno) )); + do_file_lock( fd, 60, F_UNLCK); close(fd); return False; } |