Fix for core dump in security = share code with new share security db.

Jeremy.
(This used to be commit 20b13bafdff2fd7be9219ed164e7fe91b597298d)

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 453714c0441831c930de9b667c3d25566c56ea74..e606724363d5ca55ddb331afb1ea2149c5d6747c 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1879,6 +1879,12 @@ BOOL pm_process( char *FileName,
 
 BOOL pdb_generate_sam_sid(void);
 
+/*The following definitions come from  passdb/pampass.c  */
+
+BOOL PAM_session(BOOL instance, const connection_struct *conn, char *tty);
+BOOL pam_passcheck(char * user, char * password);
+BOOL pam_passcheck( char * user, char * password );
+
 /*The following definitions come from  passdb/pass_check.c  */
 
 void dfs_unlogin(void);
@@ -3768,7 +3774,7 @@ BOOL api_srvsvc_rpc(pipes_struct *p);
 
 BOOL share_info_db_init(void);
 void map_generic_share_sd_bits(SEC_DESC *psd);
-BOOL share_access_check(int snum, uint16 vuid, uint32 desired_access);
+BOOL share_access_check(connection_struct *conn, int snum, uint16 vuid, uint32 desired_access);
 uint32 _srv_net_srv_get_info(pipes_struct *p, SRV_Q_NET_SRV_GET_INFO *q_u, SRV_R_NET_SRV_GET_INFO *r_u);
 uint32 _srv_net_file_enum(pipes_struct *p, SRV_Q_NET_FILE_ENUM *q_u, SRV_R_NET_FILE_ENUM *r_u);
 uint32 _srv_net_conn_enum(pipes_struct *p, SRV_Q_NET_CONN_ENUM *q_u, SRV_R_NET_CONN_ENUM *r_u);

diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index bce5c332250d873f74eb049e4d31fda60e9d8c27..0c165bf9fa1c233ed1be3708fc92551bf4abc765 100644 (file)
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -293,7 +293,7 @@ void map_generic_share_sd_bits(SEC_DESC *psd)
  Can this user access with share with the required permissions ?
 ********************************************************************/
 
-BOOL share_access_check(int snum, uint16 vuid, uint32 desired_access)
+BOOL share_access_check(connection_struct *conn, int snum, uint16 vuid, uint32 desired_access)
 {
        uint32 granted, status;
        TALLOC_CTX *mem_ctx = NULL;
@@ -313,17 +313,25 @@ BOOL share_access_check(int snum, uint16 vuid, uint32 desired_access)
        if (!psd)
                goto out;
 
+       ZERO_STRUCT(tmp_user);
        if (vuser) {
-               ZERO_STRUCT(tmp_user);
                tmp_user.vuid = vuid;
                tmp_user.uid = vuser->uid;
                tmp_user.gid = vuser->gid;
                tmp_user.ngroups = vuser->n_groups;
                tmp_user.groups = vuser->groups;
                tmp_user.nt_user_token = vuser->nt_user_token;
-               puser = &tmp_user;
+       } else {
+               tmp_user.vuid = vuid;
+               tmp_user.uid = conn->uid;
+               tmp_user.gid = conn->gid;
+               tmp_user.ngroups = conn->ngroups;
+               tmp_user.groups = conn->groups;
+               tmp_user.nt_user_token = conn->nt_user_token;
        }
 
+       puser = &tmp_user;
+
        ret = se_access_check(psd, puser, desired_access, &granted, &status);
 
   out:

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 11ae11054a09a8a9604e3e05c22a53961be8e657..507d07cc42a47c2837dadbd851526566ce44dae5 100644 (file)
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -343,28 +343,6 @@ connection_struct *make_connection(char *service,char *user,char *password, int
 
        conn->read_only = lp_readonly(snum);
 
-       /*
-        * New code to check if there's a share security descripter
-        * added from NT server manager. This is an additional check
-        * before the smb.conf checks are done. JRA.
-        */
-
-       {
-               BOOL can_write = share_access_check(snum, vuid, FILE_WRITE_DATA);
-
-               if (!can_write) {
-                       if (!share_access_check(snum, vuid, FILE_READ_DATA)) {
-                               /* No access, read or write. */
-                               *ecode = ERRaccess;
-                               DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n",
-                                       service ));
-                               conn_free(conn);
-                               return NULL;
-                       } else {
-                               conn->read_only = True;
-                       }
-               }
-       }
 
        {
                pstring list;
@@ -527,6 +505,28 @@ connection_struct *make_connection(char *service,char *user,char *password, int
                                              conn->ngroups, conn->groups,
                                              guest);
 
+       /*
+        * New code to check if there's a share security descripter
+        * added from NT server manager. This is done after the
+        * smb.conf checks are done as we need a uid and token. JRA.
+        */
+
+       {
+               BOOL can_write = share_access_check(conn, snum, vuid, FILE_WRITE_DATA);
+
+               if (!can_write) {
+                       if (!share_access_check(conn, snum, vuid, FILE_READ_DATA)) {
+                               /* No access, read or write. */
+                               *ecode = ERRaccess;
+                               DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n",
+                                       service ));
+                               conn_free(conn);
+                               return NULL;
+                       } else {
+                               conn->read_only = True;
+                       }
+               }
+       }
        /* Initialise VFS function pointers */
 
        if (*lp_vfsobj(SNUM(conn))) {