ports/171368: [PATCH]: fix username mapping in samba

[Andre Albsmeier]

>Number:         171368
>Category:       ports
>Synopsis:       [PATCH]: fix username mapping in samba
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 06 06:10:07 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Andre Albsmeier
>Release:        FreeBSD 7.4-STABLE i386
>Organization:
>Environment:

Systems running samba 3.6 and doing username mapping as
described below.

>Description:

A bug exists in samba which causes username mapping to fail if
the mapping code is called:

- two times consecutively with the same search key
- and a hit was found in the username map file
- and this hit doesn't abort the search early by using the !-syntax
- and the hitting entry is not the last one in the map file

(For details see https://bugzilla.samba.org/show_bug.cgi?id=9139)

>How-To-Repeat:

Set up samba 3.6 with a username map file and let it map
users as described above.

>Fix:

Although the bug has just been submitted to the samba team
we might add this as a local fix until it has found its way
into the official sources

--- x/source3/auth/user_util.c.ORI	2012-07-30 19:13:16.000000000 +0200
+++ x/source3/auth/user_util.c	2012-09-05 12:07:18.000000000 +0200
@@ -429,8 +430,13 @@
 	 * that we don't scan the file again for the same user.
 	 */
 
+  /* Do this only if mapping failed. Otherwise we will fuck up the
+   * already cached successful mapping (which means that it failed).
+   */
+  if( ! mapped_user ) {
 	set_last_from_to(user_in, user_in);
 	store_map_in_gencache(ctx, user_in, user_in);
+  }
 
 	return mapped_user;
 }
>Release-Note:
>Audit-Trail:
>Unformatted: