Print this page
NEX-2842 SMB client authentication fails in adt_set_user() with IDMU enabled
@@ -19,10 +19,11 @@
* CDDL HEADER END
*/
/*
* Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
* Copyright 2017 OmniOS Community Edition (OmniOSce) Association.
*/
#include <bsm/adt.h>
#include <bsm/adt_event.h>
@@ -189,31 +190,40 @@
if (auditstate & AUC_DISABLED) {
/* c2audit excluded */
mask->am_success = 0;
mask->am_failure = 0;
- } else if (uid <= MAXUID) {
+ return (0);
+ }
+
+ if (uid <= MAXUID) {
if ((buff_sz = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) {
adt_write_syslog("couldn't determine maximum size of "
"password buffer", errno);
return (-1);
}
if ((pwd_buff = calloc(1, (size_t)++buff_sz)) == NULL) {
return (-1);
}
- if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) == NULL) {
- errno = EINVAL; /* user doesn't exist */
- free(pwd_buff);
- return (-1);
- }
+ /*
+ * Ephemeral id's and id's that exist in a name service we
+ * don't have configured (LDAP, NIS) can't be looked up,
+ * but either way it's not an error.
+ */
+ if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) != NULL) {
if (au_user_mask(pwd.pw_name, mask)) {
free(pwd_buff);
errno = EFAULT; /* undetermined failure */
return (-1);
}
free(pwd_buff);
- } else if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) {
+ return (0);
+ }
+ free(pwd_buff);
+ }
+
+ if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) {
return (-1);
}
return (0);
}