[Pkg-samba-maint] r3709 - in branches/samba/squeeze/debian: . patches

bubulle at alioth.debian.org bubulle at alioth.debian.org
Mon Mar 14 21:07:08 UTC 2011 

tags 613624 pending
thanks

Author: bubulle
Date: 2011-03-14 21:07:05 +0000 (Mon, 14 Mar 2011)
New Revision: 3709

Added:
   branches/samba/squeeze/debian/patches/bug_613624_upstream_7777_0001-First-part-of-fix-for-bug-7777-When-requesting-looku.patch
   branches/samba/squeeze/debian/patches/bug_613624_upstream_7777_0002-Second-part-of-fix-for-bug-7777-When-requesting-look.patch
Modified:
   branches/samba/squeeze/debian/changelog
   branches/samba/squeeze/debian/patches/series
Log:
Upstream bug 7777: winbind leaks gids with idmap ldap backend
Closes: #613624

Modified: branches/samba/squeeze/debian/changelog
===================================================================
--- branches/samba/squeeze/debian/changelog	2011-03-14 21:06:04 UTC (rev 3708)
+++ branches/samba/squeeze/debian/changelog	2011-03-14 21:07:05 UTC (rev 3709)
@@ -5,6 +5,8 @@
       Closes: #617429
     - Upstream bug 6727: printer device settings not saved for normal
       domain users. Closes: #611177	  
+    - Upstream bug 7777: winbind leaks gids with idmap ldap backend
+      Closes: #613624
 
  -- Christian Perrier <bubulle at debian.org>  Sun, 13 Mar 2011 08:07:42 +0100
 

Added: branches/samba/squeeze/debian/patches/bug_613624_upstream_7777_0001-First-part-of-fix-for-bug-7777-When-requesting-looku.patch
===================================================================
--- branches/samba/squeeze/debian/patches/bug_613624_upstream_7777_0001-First-part-of-fix-for-bug-7777-When-requesting-looku.patch	                        (rev 0)
+++ branches/samba/squeeze/debian/patches/bug_613624_upstream_7777_0001-First-part-of-fix-for-bug-7777-When-requesting-looku.patch	2011-03-14 21:07:05 UTC (rev 3709)
@@ -0,0 +1,39 @@
+From 667ce0018a64c9fb0b44b55aae8b3cd4a2bd3bbf Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra at samba.org>
+Date: Fri, 5 Nov 2010 12:11:53 -0700
+Subject: [PATCH 1/2] First part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd allocates new uids/gids in error.
+
+Ensure idmap_init_passdb_domain() correctly initialized the default
+domain first.
+
+Jeremy.
+(cherry picked from commit 32a5aa62cb54e90947bd027e72871ffc07c3dbcf)
+(cherry picked from commit 5cbd0958eaf25952055c08e3fdc065b815634a3e)
+---
+ source3/winbindd/idmap.c |   10 ++++++++++
+ 1 files changed, 10 insertions(+), 0 deletions(-)
+
+diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
+index 4aa229c..7aa2853 100644
+--- a/source3/winbindd/idmap.c
++++ b/source3/winbindd/idmap.c
+@@ -428,6 +428,16 @@ fail:
+ 
+ static struct idmap_domain *idmap_init_passdb_domain(TALLOC_CTX *mem_ctx)
+ {
++	/*
++	 * Always init the default domain, we can't go without one
++	 */
++	if (default_idmap_domain == NULL) {
++		default_idmap_domain = idmap_init_default_domain(NULL);
++	}
++	if (default_idmap_domain == NULL) {
++		return NULL;
++	}
++
+ 	if (passdb_idmap_domain != NULL) {
+ 		return passdb_idmap_domain;
+ 	}
+-- 
+1.7.4.1
+

Added: branches/samba/squeeze/debian/patches/bug_613624_upstream_7777_0002-Second-part-of-fix-for-bug-7777-When-requesting-look.patch
===================================================================
--- branches/samba/squeeze/debian/patches/bug_613624_upstream_7777_0002-Second-part-of-fix-for-bug-7777-When-requesting-look.patch	                        (rev 0)
+++ branches/samba/squeeze/debian/patches/bug_613624_upstream_7777_0002-Second-part-of-fix-for-bug-7777-When-requesting-look.patch	2011-03-14 21:07:05 UTC (rev 3709)
@@ -0,0 +1,76 @@
+From 52f375dea6c88a54571b101e40e9df8d0825550d Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra at samba.org>
+Date: Fri, 5 Nov 2010 12:13:38 -0700
+Subject: [PATCH 2/2] Second part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd allocates new uids/gids in error.
+
+Ensure we return after calling passdb for SID lookups for which we are
+authoritative.
+
+Jeremy.
+(cherry picked from commit b5c8b1bbb53caa0ceabb4a5180ff7deb1e58b538)
+(cherry picked from commit 8af876432a83292db672c5f7a1fb7e0ec9c1cf65)
+---
+ source3/winbindd/idmap_util.c |   31 +++++++++++++++++++++++++------
+ 1 files changed, 25 insertions(+), 6 deletions(-)
+
+diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c
+index 37b7ecb..ba5e637 100644
+--- a/source3/winbindd/idmap_util.c
++++ b/source3/winbindd/idmap_util.c
+@@ -25,6 +25,23 @@
+ #define DBGC_CLASS DBGC_IDMAP
+ 
+ /*****************************************************************
++ Returns true if the request was for a specific domain, or
++ for a sid we are authoritative for - BUILTIN, or our own domain.
++*****************************************************************/
++
++static bool is_specific_domain_request(const char *dom_name, DOM_SID *sid)
++{
++	if (dom_name && dom_name[0] != '\0') {
++		return true;
++	}
++	if (sid_check_is_in_builtin(sid) ||
++			sid_check_is_in_our_domain(sid)) {
++		return true;
++	}
++	return false;
++}
++
++/*****************************************************************
+  Returns the SID mapped to the given UID.
+  If mapping is not possible returns an error.
+ *****************************************************************/  
+@@ -194,10 +211,11 @@ backend:
+ 		goto done;
+ 	}
+ 
+-	if (dom_name[0] != '\0') {
++	if (is_specific_domain_request(dom_name, sid)) {
+ 		/*
+-		 * We had the task to go to a specific domain which
+-		 * could not answer our request. Fail.
++		 * We had the task to go to a specific domain or
++		 * a domain for which we are authoritative for and
++		 * it could not answer our request. Fail.
+ 		 */
+ 		if (winbindd_use_idmap_cache()) {
+ 			idmap_cache_set_sid2uid(sid, -1);
+@@ -275,10 +293,11 @@ backend:
+ 		goto done;
+ 	}
+ 
+-	if (domname[0] != '\0') {
++	if (is_specific_domain_request(domname, sid)) {
+ 		/*
+-		 * We had the task to go to a specific domain which
+-		 * could not answer our request. Fail.
++		 * We had the task to go to a specific domain or
++		 * a domain for which we are authoritative for and
++		 * it could not answer our request. Fail.
+ 		 */
+ 		if (winbindd_use_idmap_cache()) {
+ 			idmap_cache_set_sid2uid(sid, -1);
+-- 
+1.7.4.1
+

Modified: branches/samba/squeeze/debian/patches/series
===================================================================
--- branches/samba/squeeze/debian/patches/series	2011-03-14 21:06:04 UTC (rev 3708)
+++ branches/samba/squeeze/debian/patches/series	2011-03-14 21:07:05 UTC (rev 3709)
@@ -24,3 +24,5 @@
 bug_611177-617429_upstream_7567_0008-spoolss.idl-align-spoolss_PrinterEnumValues-data-bas.patch
 bug_611177-617429_upstream_7567_0009-spoolss.idl-align-spoolss_DriverFileInfo-relative-po.patch
 bug_611177-617429_upstream_7567_0010-librpc-ndr-handle-NOALIGN-flag-for-relative-pointers.patch
+bug_613624_upstream_7777_0001-First-part-of-fix-for-bug-7777-When-requesting-looku.patch
+bug_613624_upstream_7777_0002-Second-part-of-fix-for-bug-7777-When-requesting-look.patch

More information about the Pkg-samba-maint mailing list