The Samba-Bugzilla – Attachment 13834 Details for
Bug 13173
Dependency on trusted-domain list in winbindd in critical auth codepath
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.7 cherry-picked from master
bug13173-v47.patch (text/plain), 6.13 KB, created by
Ralph Böhme
on 2017-12-01 16:48:26 UTC
(
hide
)
Description:
Patch for 4.7 cherry-picked from master
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2017-12-01 16:48:26 UTC
Size:
6.13 KB
patch
obsolete
>From 0d61e53d6c4f29b1705f6b641d45987252f11ade Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Mon, 27 Nov 2017 12:42:44 +0100 >Subject: [PATCH] winbindd: let normalize_name_map() call > find_domain_from_name_noinit() > >Let normalize_name_map fetch the domain itself with >find_domain_from_name_noinit(). > >This removes two calls to find_domain_from_name_noinit() in the default >configuration of "winbind normalize names = no". The domain is only need >in normalize_name_map if "winbind normalize names" is enabled. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=13173 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 1ce165a73350e802500c32435dbefe3639340435) >--- > source3/winbindd/wb_getpwsid.c | 8 +------- > source3/winbindd/winbindd_group.c | 11 +---------- > source3/winbindd/winbindd_msrpc.c | 4 ++-- > source3/winbindd/winbindd_proto.h | 2 +- > source3/winbindd/winbindd_rpc.c | 4 ++-- > source3/winbindd/winbindd_util.c | 9 ++++++++- > 6 files changed, 15 insertions(+), 23 deletions(-) > >diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c >index e9ffc33a323..0e5835598eb 100644 >--- a/source3/winbindd/wb_getpwsid.c >+++ b/source3/winbindd/wb_getpwsid.c >@@ -63,7 +63,6 @@ static void wb_getpwsid_queryuser_done(struct tevent_req *subreq) > req, struct wb_getpwsid_state); > struct winbindd_pw *pw = state->pw; > struct wbint_userinfo *info; >- struct winbindd_domain *domain = NULL; > fstring acct_name, output_username; > char *mapped_name = NULL; > char *tmp; >@@ -85,11 +84,6 @@ static void wb_getpwsid_queryuser_done(struct tevent_req *subreq) > return; > } > >- domain = find_domain_from_name_noinit(info->domain_name); >- if (tevent_req_nomem(domain, req)) { >- return; >- } >- > /* > * TODO: > * This function should be called in 'idmap winbind child'. It shouldn't >@@ -97,7 +91,7 @@ static void wb_getpwsid_queryuser_done(struct tevent_req *subreq) > * winbind.idl. This is a fix which can be backported for now. > */ > status = normalize_name_map(state, >- domain, >+ info->domain_name, > acct_name, > &mapped_name); > if (NT_STATUS_IS_OK(status)) { >diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c >index ae461bf3748..ec95bf404a2 100644 >--- a/source3/winbindd/winbindd_group.c >+++ b/source3/winbindd/winbindd_group.c >@@ -35,18 +35,9 @@ bool fill_grent(TALLOC_CTX *mem_ctx, struct winbindd_gr *gr, > { > fstring full_group_name; > char *mapped_name = NULL; >- struct winbindd_domain *domain; > NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; > >- domain = find_domain_from_name_noinit(dom_name); >- if (domain == NULL) { >- DEBUG(0, ("Failed to find domain '%s'. " >- "Check connection to trusted domains!\n", >- dom_name)); >- return false; >- } >- >- nt_status = normalize_name_map(mem_ctx, domain, gr_name, >+ nt_status = normalize_name_map(mem_ctx, dom_name, gr_name, > &mapped_name); > > /* Basic whitespace replacement */ >diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c >index c56537662ba..9bf4354f4e3 100644 >--- a/source3/winbindd/winbindd_msrpc.c >+++ b/source3/winbindd/winbindd_msrpc.c >@@ -313,7 +313,7 @@ static NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, > > DEBUG(5,("Mapped sid to [%s]\\[%s]\n", domains[0], *name)); > >- name_map_status = normalize_name_map(mem_ctx, domain, *name, >+ name_map_status = normalize_name_map(mem_ctx, domain->name, *name, > &mapped_name); > if (NT_STATUS_IS_OK(name_map_status) || > NT_STATUS_EQUAL(name_map_status, NT_STATUS_FILE_RENAMED)) >@@ -377,7 +377,7 @@ static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, > > if ((*types)[i] != SID_NAME_UNKNOWN) { > name_map_status = normalize_name_map(mem_ctx, >- domain, >+ domain->name, > ret_names[i], > &mapped_name); > if (NT_STATUS_IS_OK(name_map_status) || >diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h >index 26101145a51..e45d9b5ccdf 100644 >--- a/source3/winbindd/winbindd_proto.h >+++ b/source3/winbindd/winbindd_proto.h >@@ -495,7 +495,7 @@ NTSTATUS lookup_usergroups_cached(TALLOC_CTX *mem_ctx, > uint32_t *p_num_groups, struct dom_sid **user_sids); > > NTSTATUS normalize_name_map(TALLOC_CTX *mem_ctx, >- struct winbindd_domain *domain, >+ const char *domain_name, > const char *name, > char **normalized); > NTSTATUS normalize_name_unmap(TALLOC_CTX *mem_ctx, >diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c >index 2c76e1abd6c..f50fb8fa5db 100644 >--- a/source3/winbindd/winbindd_rpc.c >+++ b/source3/winbindd/winbindd_rpc.c >@@ -332,7 +332,7 @@ NTSTATUS rpc_sid_to_name(TALLOC_CTX *mem_ctx, > *ptype = (enum lsa_SidType) types[0]; > > map_status = normalize_name_map(mem_ctx, >- domain, >+ domain->name, > names[0], > &mapped_name); > if (NT_STATUS_IS_OK(map_status) || >@@ -410,7 +410,7 @@ NTSTATUS rpc_rids_to_names(TALLOC_CTX *mem_ctx, > > if (types[i] != SID_NAME_UNKNOWN) { > map_status = normalize_name_map(mem_ctx, >- domain, >+ domain->name, > names[i], > &mapped_name); > if (NT_STATUS_IS_OK(map_status) || >diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c >index 2615192881c..370b70cce04 100644 >--- a/source3/winbindd/winbindd_util.c >+++ b/source3/winbindd/winbindd_util.c >@@ -1339,10 +1339,11 @@ NTSTATUS lookup_usergroups_cached(TALLOC_CTX *mem_ctx, > ********************************************************************/ > > NTSTATUS normalize_name_map(TALLOC_CTX *mem_ctx, >- struct winbindd_domain *domain, >+ const char *domain_name, > const char *name, > char **normalized) > { >+ struct winbindd_domain *domain = NULL; > NTSTATUS nt_status; > > if (!name || !normalized) { >@@ -1353,6 +1354,12 @@ NTSTATUS normalize_name_map(TALLOC_CTX *mem_ctx, > return NT_STATUS_PROCEDURE_NOT_FOUND; > } > >+ domain = find_domain_from_name_noinit(domain_name); >+ if (domain == NULL) { >+ DBG_ERR("Failed to find domain '%s'\n", domain_name); >+ return NT_STATUS_NO_SUCH_DOMAIN; >+ } >+ > /* Alias support and whitespace replacement are mutually > exclusive */ > >-- >2.13.6 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=13834">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 13173
: 13834