From owner-freebsd-ports-bugs@FreeBSD.ORG  Tue Jan 20 18:40:15 2004
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1C8D616A4CE
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue, 20 Jan 2004 18:40:15 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9284B43D53
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue, 20 Jan 2004 18:40:07 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	i0L2e7FR007895	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Tue, 20 Jan 2004 18:40:07 -0800 (PST)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i0L2e73v007894;
	Tue, 20 Jan 2004 18:40:07 -0800 (PST)
	(envelope-from gnats)
Resent-Date: Tue, 20 Jan 2004 18:40:07 -0800 (PST)
Resent-Message-Id: <200401210240.i0L2e73v007894@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	NAKAJI Hiroyuki <nakaji@jp.freebsd.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 541D916A4CE; Tue, 20 Jan 2004 18:37:44 -0800 (PST)
Received: from boggy.acest.tutrp.tut.ac.jp (boggy.acest.tutrp.tut.ac.jp
	[133.15.67.40])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 39E3543D1D; Tue, 20 Jan 2004 18:37:42 -0800 (PST)
	(envelope-from nakaji@boggy.acest.tutrp.tut.ac.jp)
Received: from boggy.acest.tutrp.tut.ac.jp (localhost [127.0.0.1])
	i0L2bYSQ092426;	Wed, 21 Jan 2004 11:37:34 +0900 (JST)
	(envelope-from nakaji@boggy.acest.tutrp.tut.ac.jp)
Received: (from nakaji@localhost)i0L2bXjk092425;
	Wed, 21 Jan 2004 11:37:33 +0900 (JST)	(envelope-from nakaji)
Message-Id: <200401210237.i0L2bXjk092425@boggy.acest.tutrp.tut.ac.jp>
Date: Wed, 21 Jan 2004 11:37:33 +0900 (JST)
From: NAKAJI Hiroyuki <nakaji@jp.freebsd.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
cc: dwcjr@FreeBSD.org
Subject: ports/61662: [japanese/samba] broken support for password changing
	via CTRL-ALT-DEL on Windows client
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: NAKAJI Hiroyuki <nakaji@jp.freebsd.org>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jan 2004 02:40:15 -0000


>Number:         61662
>Category:       ports
>Synopsis:       [japanese/samba] broken support for password changing via CTRL-ALT-DEL on Windows client
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 20 18:40:07 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     NAKAJI Hiroyuki
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
>Environment:
System: FreeBSD boggy.acest.tutrp.tut.ac.jp 5.2-CURRENT FreeBSD 5.2-CURRENT #19: Tue Jan 20 15:27:30 JST 2004 root@boggy.acest.tutrp.tut.ac.jp:/usr/obj/usr/src/sys/NAKAJI i386


>Description:
	As reported in ports/60361 and ports/52859, japanese/samba
also has a problem that "users cannot change password from their
windows".
	This is because of the failure of setresgid() called from
lib/util_sec.c:restore_re_gid().
	The setresgid(2) says, "Unprivileged processes are restricted
in that each of the new IDs must match one of the current IDs." It
seems that this "Unprivileged process" is such a process whose
"effective uid or gid" is not zero.
	I checked every return value of setresgid() in
lib/util_sec.c:restore_re_gid(), and found that before smbd gets PANIC,
setresgid() fails with EPERM because it is called with the both
non-zero effective uid and gid before restore_re_gid() is called.
	When getresgid() fails and results into smbd panic, the
effective uid and gid are not 0 but the uid and gid of a user who
wants to change his or her password (or nobody).
	The patch posted in ports/60361 is not good because it does
not solve the problem and just does not see the 'security check
failed' problem. It may cause some other security problems.
	The Samba Users Group Japan (SUGJ) helped me very
much. Thanks.

	Note: Discussion on this topic in Japanese is available, see
http://www.samba.gr.jp/ml/article/samba-jp/msg15772.html and
http://www.samba.gr.jp/ml/article/sugj-tech/msg06065.html

>How-To-Repeat:
	Setup your samba as PDC or password server, and then try to
change your password from your Windows client.

>Fix:

	A diff from ports-current. New patch file is added.

diff -urN -x CVS /usr/ports/japanese/samba/Makefile ./Makefile
--- /usr/ports/japanese/samba/Makefile	Tue Jan 20 14:24:21 2004
+++ ./Makefile	Wed Jan 21 10:55:30 2004
@@ -7,7 +7,7 @@
 
 PORTNAME=	samba
 PORTVERSION=	${SAMBA_VERSION}.j${SAMBA_JA_VERSION}
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	japanese net
 MASTER_SITES=	ftp://ftp.samba.gr.jp/pub/samba-jp/%SUBDIR%/ \
 		ftp://ftp.iij.ad.jp/pub/SAMBA/samba-jp/%SUBDIR%/ \
diff -urN -x CVS /usr/ports/japanese/samba/files/patch-lib:util_sec.c ./files/patch-lib:util_sec.c
--- /usr/ports/japanese/samba/files/patch-lib:util_sec.c	Thu Jan  1 09:00:00 1970
+++ ./files/patch-lib:util_sec.c	Wed Jan 21 10:34:24 2004
@@ -0,0 +1,26 @@
+Index: lib/util_sec.c
+===================================================================
+RCS file: /project/cvs/samba22-ja/source/lib/util_sec.c,v
+retrieving revision 1.4
+diff -u -r1.4 util_sec.c
+--- lib/util_sec.c	21 Nov 2002 12:53:49 -0000	1.4
++++ lib/util_sec.c	21 Jan 2004 01:31:37 -0000
+@@ -283,6 +283,10 @@
+ 
+ void restore_re_gid(void)
+ {
++	uid_t uid = geteuid();
++
++	set_effective_uid(0);
++
+ #if USE_SETRESUID
+ 	setresgid(saved_rgid, saved_egid, -1);
+ #elif USE_SETREUID
+@@ -298,6 +302,7 @@
+ 	set_effective_gid(saved_egid);
+ #endif
+ 
++	set_effective_uid(uid);
+ 	assert_gid(saved_rgid, saved_egid);
+ }
+ 



>Release-Note:
>Audit-Trail:
>Unformatted: