The Samba-Bugzilla – Attachment 12374 Details for
Bug 12155
Some idmap backends don't perform range checks for the result of sids_to_xids
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.4
idmap-v4-4.patch (text/plain), 12.50 KB, created by
Andreas Schneider
on 2016-08-17 05:35:23 UTC
(
hide
)
Description:
patch for 4.4
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2016-08-17 05:35:23 UTC
Size:
12.50 KB
patch
obsolete
>From 678dbe173a2e42164f680821b228f3ec8c823ab9 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 29 Dec 2015 21:33:20 +0000 >Subject: [PATCH 1/4] winbind: Simplify _wbint_Sids2UnixIDs > >Same number of lines, but from my point of view quite a bit simpler now >that we only have to handle one domain. > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >(cherry picked from commit 4d5680e9ae531c6dc4d0a6687abe6293b5d4f4f2) >--- > source3/winbindd/winbindd_dual_srv.c | 153 ++++++++++++++++++----------------- > 1 file changed, 77 insertions(+), 76 deletions(-) > >diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c >index cdd9bbd..2f4b0e2 100644 >--- a/source3/winbindd/winbindd_dual_srv.c >+++ b/source3/winbindd/winbindd_dual_srv.c >@@ -121,102 +121,103 @@ NTSTATUS _wbint_LookupName(struct pipes_struct *p, struct wbint_LookupName *r) > NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p, > struct wbint_Sids2UnixIDs *r) > { >- uint32_t i, j; >- struct id_map *ids = NULL; >- struct id_map **id_ptrs = NULL; >+ uint32_t i; >+ >+ struct lsa_DomainInfo *d; >+ struct wbint_TransID *ids; >+ uint32_t num_ids; >+ >+ struct id_map *id_maps = NULL; >+ struct id_map **id_map_ptrs = NULL; > struct dom_sid *sids = NULL; >- uint32_t *id_idx = NULL; >+ struct idmap_domain *dom; > NTSTATUS status = NT_STATUS_NO_MEMORY; > >- for (i=0; i<r->in.domains->count; i++) { >- struct lsa_DomainInfo *d = &r->in.domains->domains[i]; >- struct idmap_domain *dom; >- uint32_t num_ids; >+ if (r->in.domains->count != 1) { >+ return NT_STATUS_INVALID_PARAMETER; >+ } > >- dom = idmap_find_domain_with_sid(d->name.string, d->sid); >- if (dom == NULL) { >- DEBUG(10, ("idmap domain %s:%s not found\n", >- d->name.string, sid_string_dbg(d->sid))); >- continue; >- } >+ d = &r->in.domains->domains[0]; >+ ids = r->in.ids->ids; >+ num_ids = r->in.ids->num_ids; > >- num_ids = 0; >+ dom = idmap_find_domain_with_sid(d->name.string, d->sid); >+ if (dom == NULL) { >+ DEBUG(10, ("idmap domain %s:%s not found\n", >+ d->name.string, sid_string_dbg(d->sid))); > >- for (j=0; j<r->in.ids->num_ids; j++) { >- if (r->in.ids->ids[j].domain_index == i) { >- num_ids += 1; >- } >- } >+ for (i=0; i<num_ids; i++) { > >- ids = talloc_realloc(talloc_tos(), ids, >- struct id_map, num_ids); >- if (ids == NULL) { >- goto nomem; >- } >- id_ptrs = talloc_realloc(talloc_tos(), id_ptrs, >- struct id_map *, num_ids+1); >- if (id_ptrs == NULL) { >- goto nomem; >- } >- id_idx = talloc_realloc(talloc_tos(), id_idx, >- uint32_t, num_ids); >- if (id_idx == NULL) { >- goto nomem; >- } >- sids = talloc_realloc(talloc_tos(), sids, >- struct dom_sid, num_ids); >- if (sids == NULL) { >- goto nomem; >+ ids[i].xid = (struct unixid) { >+ .id = UINT32_MAX, >+ .type = ID_TYPE_NOT_SPECIFIED >+ }; > } > >- num_ids = 0; >+ return NT_STATUS_OK; >+ } > >- /* >- * Convert the input data into a list of >- * id_map structs suitable for handing in >- * to the idmap sids_to_unixids method. >- */ >- for (j=0; j<r->in.ids->num_ids; j++) { >- struct wbint_TransID *id = &r->in.ids->ids[j]; >+ id_maps = talloc_array(talloc_tos(), struct id_map, num_ids); >+ if (id_maps == NULL) { >+ goto nomem; >+ } >+ id_map_ptrs = talloc_array(talloc_tos(), struct id_map *, num_ids+1); >+ if (id_map_ptrs == NULL) { >+ goto nomem; >+ } >+ sids = talloc_array(talloc_tos(), struct dom_sid, num_ids); >+ if (sids == NULL) { >+ goto nomem; >+ } > >- if (id->domain_index != i) { >- continue; >- } >- id_idx[num_ids] = j; >- id_ptrs[num_ids] = &ids[num_ids]; >- >- ids[num_ids].sid = &sids[num_ids]; >- sid_compose(ids[num_ids].sid, d->sid, id->rid); >- ids[num_ids].xid.type = id->type; >- ids[num_ids].status = ID_UNKNOWN; >- num_ids += 1; >- } >- id_ptrs[num_ids] = NULL; >+ /* >+ * Convert the input data into a list of id_map structs >+ * suitable for handing in to the idmap sids_to_unixids >+ * method. >+ */ >+ >+ for (i=0; i<num_ids; i++) { >+ >+ sid_compose(&sids[i], d->sid, ids[i].rid); >+ >+ id_maps[i] = (struct id_map) { >+ .sid = &sids[i], >+ .xid.type = ids[i].type, >+ .status = ID_UNKNOWN >+ }; >+ >+ id_map_ptrs[i] = &id_maps[i]; >+ } >+ id_map_ptrs[num_ids] = NULL; >+ >+ status = dom->methods->sids_to_unixids(dom, id_map_ptrs); > >- status = dom->methods->sids_to_unixids(dom, id_ptrs); >+ if (!NT_STATUS_IS_OK(status)) { > DEBUG(10, ("sids_to_unixids returned %s\n", > nt_errstr(status))); >+ goto done; >+ } > >- /* >- * Extract the results for handing them back to the caller. >- */ >- for (j=0; j<num_ids; j++) { >- struct wbint_TransID *id = &r->in.ids->ids[id_idx[j]]; >+ /* >+ * Extract the results for handing them back to the caller. >+ */ > >- if (ids[j].status != ID_MAPPED) { >- id->xid.id = UINT32_MAX; >- id->xid.type = ID_TYPE_NOT_SPECIFIED; >- continue; >- } >+ for (i=0; i<num_ids; i++) { > >- id->xid = ids[j].xid; >+ if (id_maps[i].status == ID_MAPPED) { >+ ids[i].xid = id_maps[i].xid; >+ } else { >+ ids[i].xid.id = UINT32_MAX; >+ ids[i].xid.type = ID_TYPE_NOT_SPECIFIED; > } > } >- status = NT_STATUS_OK; >+ >+ goto done; > nomem: >- TALLOC_FREE(ids); >- TALLOC_FREE(id_ptrs); >- TALLOC_FREE(id_idx); >+ status = NT_STATUS_NO_MEMORY; >+done: >+ TALLOC_FREE(id_maps); >+ TALLOC_FREE(id_map_ptrs); > TALLOC_FREE(sids); > return status; > } >-- >2.9.2 > > >From 0a424d6c4485f2b23cc89454dfcaf73c62c52fe6 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Fri, 4 Mar 2016 14:23:51 +0100 >Subject: [PATCH 2/4] winbind: Introduce id_map_ptrs_init > >This simplifies _wbint_Sids2UnixIDs a bit and will be re-used in _wbint_UnixIDs2Sids > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 50aef48e18e7e0a265c348d2486f687ddad839a0) >--- > source3/winbindd/idmap_proto.h | 2 ++ > source3/winbindd/idmap_util.c | 31 +++++++++++++++++++++++++++++++ > source3/winbindd/winbindd_dual_srv.c | 33 ++++++++------------------------- > 3 files changed, 41 insertions(+), 25 deletions(-) > >diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h >index a12e5b4..0e124cd 100644 >--- a/source3/winbindd/idmap_proto.h >+++ b/source3/winbindd/idmap_proto.h >@@ -59,6 +59,8 @@ struct id_map *idmap_find_map_by_sid(struct id_map **maps, struct dom_sid *sid); > char *idmap_fetch_secret(const char *backend, const char *domain, > const char *identity); > >+struct id_map **id_map_ptrs_init(TALLOC_CTX *mem_ctx, size_t num_ids); >+ > /* max number of ids requested per LDAP batch query */ > #define IDMAP_LDAP_MAX_IDS 30 > >diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c >index f90565f..7591530 100644 >--- a/source3/winbindd/idmap_util.c >+++ b/source3/winbindd/idmap_util.c >@@ -238,3 +238,34 @@ char *idmap_fetch_secret(const char *backend, const char *domain, > > return ret; > } >+ >+struct id_map **id_map_ptrs_init(TALLOC_CTX *mem_ctx, size_t num_ids) >+{ >+ struct id_map **ptrs; >+ struct id_map *maps; >+ struct dom_sid *sids; >+ size_t i; >+ >+ ptrs = talloc_array(mem_ctx, struct id_map *, num_ids+1); >+ if (ptrs == NULL) { >+ return NULL; >+ } >+ maps = talloc_array(ptrs, struct id_map, num_ids); >+ if (maps == NULL) { >+ TALLOC_FREE(ptrs); >+ return NULL; >+ } >+ sids = talloc_zero_array(ptrs, struct dom_sid, num_ids); >+ if (sids == NULL) { >+ TALLOC_FREE(ptrs); >+ return NULL; >+ } >+ >+ for (i=0; i<num_ids; i++) { >+ maps[i] = (struct id_map) { .sid = &sids[i] }; >+ ptrs[i] = &maps[i]; >+ } >+ ptrs[num_ids] = NULL; >+ >+ return ptrs; >+} >diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c >index 2f4b0e2..3afdb55 100644 >--- a/source3/winbindd/winbindd_dual_srv.c >+++ b/source3/winbindd/winbindd_dual_srv.c >@@ -127,9 +127,7 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p, > struct wbint_TransID *ids; > uint32_t num_ids; > >- struct id_map *id_maps = NULL; > struct id_map **id_map_ptrs = NULL; >- struct dom_sid *sids = NULL; > struct idmap_domain *dom; > NTSTATUS status = NT_STATUS_NO_MEMORY; > >@@ -157,18 +155,10 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p, > return NT_STATUS_OK; > } > >- id_maps = talloc_array(talloc_tos(), struct id_map, num_ids); >- if (id_maps == NULL) { >- goto nomem; >- } >- id_map_ptrs = talloc_array(talloc_tos(), struct id_map *, num_ids+1); >+ id_map_ptrs = id_map_ptrs_init(talloc_tos(), num_ids); > if (id_map_ptrs == NULL) { > goto nomem; > } >- sids = talloc_array(talloc_tos(), struct dom_sid, num_ids); >- if (sids == NULL) { >- goto nomem; >- } > > /* > * Convert the input data into a list of id_map structs >@@ -177,18 +167,12 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p, > */ > > for (i=0; i<num_ids; i++) { >+ struct id_map *m = id_map_ptrs[i]; > >- sid_compose(&sids[i], d->sid, ids[i].rid); >- >- id_maps[i] = (struct id_map) { >- .sid = &sids[i], >- .xid.type = ids[i].type, >- .status = ID_UNKNOWN >- }; >- >- id_map_ptrs[i] = &id_maps[i]; >+ sid_compose(m->sid, d->sid, ids[i].rid); >+ m->status = ID_UNKNOWN; >+ m->xid = (struct unixid) { .type = ids[i].type }; > } >- id_map_ptrs[num_ids] = NULL; > > status = dom->methods->sids_to_unixids(dom, id_map_ptrs); > >@@ -203,9 +187,10 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p, > */ > > for (i=0; i<num_ids; i++) { >+ struct id_map *m = id_map_ptrs[i]; > >- if (id_maps[i].status == ID_MAPPED) { >- ids[i].xid = id_maps[i].xid; >+ if (m->status == ID_MAPPED) { >+ ids[i].xid = m->xid; > } else { > ids[i].xid.id = UINT32_MAX; > ids[i].xid.type = ID_TYPE_NOT_SPECIFIED; >@@ -216,9 +201,7 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p, > nomem: > status = NT_STATUS_NO_MEMORY; > done: >- TALLOC_FREE(id_maps); > TALLOC_FREE(id_map_ptrs); >- TALLOC_FREE(sids); > return status; > } > >-- >2.9.2 > > >From 79005004c636470e05b5f5bf9ebc83d89cc5f6d2 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Mon, 15 Aug 2016 23:07:33 +0200 >Subject: [PATCH 3/4] idmap: don't generally forbid id==0 from > idmap_unix_id_is_in_range() > >If the range allows it, then id==0 should not be forbidden. >This seems to have been taken in from idmap_ldap when the >function was originally created. > >See 634cd2e0451d4388c3e3f78239495cf595368b15 . >The other backends don't seem to have had that >extra check for id == 0. > >The reasoning for this change is that the range check should >apply to all cases. If the range includes the 0, then it >should be possible to get it as result. In particular, >this way, the function becomes applicable also to the >passdb backend case, e.g. in a samba4-ad-dc setup where >the Admin gets uid == 0. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155 > >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit c21976d4b1c604699299f2c0f768c1add93b349d) >--- > source3/winbindd/idmap_util.c | 5 ----- > 1 file changed, 5 deletions(-) > >diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c >index 7591530..40a5f21 100644 >--- a/source3/winbindd/idmap_util.c >+++ b/source3/winbindd/idmap_util.c >@@ -160,11 +160,6 @@ backend: > */ > bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom) > { >- if (id == 0) { >- /* 0 is not an allowed unix id for id mapping */ >- return false; >- } >- > if ((dom->low_id && (id < dom->low_id)) || > (dom->high_id && (id > dom->high_id))) > { >-- >2.9.2 > > >From 7a92cc3e0699989d0d5bb746030e8611f5d48fa7 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Tue, 9 Aug 2016 18:25:12 +0200 >Subject: [PATCH 4/4] idmap: centrally check that unix IDs returned by the > idmap backends are in range > >Note: in the long run, it might be good to move this kind of >exit check (before handing the result back to the client) >to the parent winbindd code. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155 > >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> > >Autobuild-User(master): Michael Adam <obnox@samba.org> >Autobuild-Date(master): Wed Aug 17 01:21:39 CEST 2016 on sn-devel-144 > >(cherry picked from commit b2bf61307cffd8ff7b6fb9852c107ab763653119) >--- > source3/winbindd/winbindd_dual_srv.c | 4 ++++ > 1 file changed, 4 insertions(+) > >diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c >index 3afdb55..92f80b6 100644 >--- a/source3/winbindd/winbindd_dual_srv.c >+++ b/source3/winbindd/winbindd_dual_srv.c >@@ -189,6 +189,10 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p, > for (i=0; i<num_ids; i++) { > struct id_map *m = id_map_ptrs[i]; > >+ if (!idmap_unix_id_is_in_range(m->xid.id, dom)) { >+ m->status = ID_UNMAPPED; >+ } >+ > if (m->status == ID_MAPPED) { > ids[i].xid = m->xid; > } else { >-- >2.9.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
obnox
:
review-
Actions:
View
Attachments on
bug 12155
:
12373
|
12374
|
12387
|
12388
|
12420