r15601: Fix segfaults with 'security=share' and 'guest only = yes'

Volker
(This used to be commit ea7cced6bcb3cb7d817e4cb072774692e4afedb0)

2 files changed, 31 insertions, 10 deletions

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 876f04bdfe..60f360bde9 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -136,6 +136,7 @@ static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *p
 {
 	const char *guest_account = lp_guestaccount();
 	const char *domain = global_myname();
+	DOM_SID group_sid;
 	uint32 urid;
 
 	if ( !pwd ) {
@@ -147,6 +148,8 @@ static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *p
 	pdb_set_username(user, pwd->pw_name, PDB_SET);
 	pdb_set_fullname(user, pwd->pw_gecos, PDB_SET);
 	pdb_set_domain (user, get_global_sam_name(), PDB_DEFAULT);
+	gid_to_sid(&group_sid, pwd->pw_gid);
+	pdb_set_group_sid(user, &group_sid, PDB_SET);
 	
 	/* save the password structure for later use */
 	
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 7ca2380e0d..cb9bfcc27a 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -523,8 +523,12 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 		return NULL;
 	}
 
+	conn->nt_user_token = NULL;
+
 	if (lp_guest_only(snum)) {
 		const char *guestname = lp_guestaccount();
+		NTSTATUS status2;
+		char *found_username;
 		guest = True;
 		pass = getpwnam_alloc(NULL, guestname);
 		if (!pass) {
@@ -534,11 +538,18 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 			*status = NT_STATUS_NO_SUCH_USER;
 			return NULL;
 		}
-		fstrcpy(user,pass->pw_name);
+		status2 = create_token_from_username(NULL, pass->pw_name, True,
+						     &conn->uid, &conn->gid,
+						     &found_username,
+						     &conn->nt_user_token);
+		if (!NT_STATUS_IS_OK(status2)) {
+			conn_free(conn);
+			*status = status2;
+			return NULL;
+		}
+		fstrcpy(user, found_username);
+		string_set(&conn->user,user);
 		conn->force_user = True;
-		conn->uid = pass->pw_uid;
-		conn->gid = pass->pw_gid;
-		string_set(&conn->user,pass->pw_name);
 		TALLOC_FREE(pass);
 		DEBUG(3,("Guest only user %s\n",user));
 	} else if (vuser) {
@@ -570,6 +581,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 		fstrcpy(user,vuser->user.unix_name);
 		guest = vuser->guest; 
 	} else if (lp_security() == SEC_SHARE) {
+		NTSTATUS status2;
+		char *found_username;
 		/* add it as a possible user name if we 
 		   are in share mode security */
 		add_session_user(lp_servicename(snum));
@@ -582,12 +595,18 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 			return NULL;
 		}
 		pass = Get_Pwnam(user);
+		status2 = create_token_from_username(NULL, pass->pw_name, True,
+						     &conn->uid, &conn->gid,
+						     &found_username,
+						     &conn->nt_user_token);
+		if (!NT_STATUS_IS_OK(status2)) {
+			conn_free(conn);
+			*status = status2;
+			return NULL;
+		}
+		fstrcpy(user, found_username);
+		string_set(&conn->user,user);
 		conn->force_user = True;
-		conn->uid = pass->pw_uid;
-		conn->gid = pass->pw_gid;
-		string_set(&conn->user, pass->pw_name);
-		fstrcpy(user, pass->pw_name);
-
 	} else {
 		DEBUG(0, ("invalid VUID (vuser) but not in security=share\n"));
 		conn_free(conn);
@@ -626,7 +645,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 	conn->aio_write_behind_list = NULL;
 	string_set(&conn->dirpath,"");
 	string_set(&conn->user,user);
-	conn->nt_user_token = NULL;
 
 	conn->read_only = lp_readonly(conn->service);
 	conn->admin_user = False;