The Samba-Bugzilla – Attachment 15085 Details for
Bug 13831
Inconsistent output from wbinfo --sid-to-name depending on cache state
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patches for 4.9
patches-4.9 (text/plain), 15.17 KB, created by
Christof Schmitt
on 2019-04-18 20:29:33 UTC
(
hide
)
Description:
patches for 4.9
Filename:
MIME Type:
Creator:
Christof Schmitt
Created:
2019-04-18 20:29:33 UTC
Size:
15.17 KB
patch
obsolete
>From 4df378cccc019a7c1717c5fdd80e7079abf89e41 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Mon, 11 Mar 2019 16:26:48 -0700 >Subject: [PATCH 1/6] nsswitch: Add testcase for checking output of wbinfo > --sid-to-name > >The username should always be returned in the DOMAISHORTNAME/USERNAME >format. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit d006c769a9cad275339b18b08e13d48acb29d7fc) >--- > nsswitch/tests/test_wbinfo_name_lookup.sh | 15 +++++++++++++++ > selftest/knownfail | 1 + > 2 files changed, 16 insertions(+) > >diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh >index c1d39c1a602..ee8ae11f4b1 100755 >--- a/nsswitch/tests/test_wbinfo_name_lookup.sh >+++ b/nsswitch/tests/test_wbinfo_name_lookup.sh >@@ -31,6 +31,21 @@ testit "name-to-sid.upn" \ > $wbinfo -n $DC_USERNAME@$REALM || \ > failed=$(expr $failed + 1) > >+testit "name-to-sid.realm-user" \ >+ $wbinfo -n $REALM/$DC_USERNAME || \ >+ failed=$(expr $failed + 1) >+ >+# For the name-to-sid.realm-user query, ensure >+# that this does not change subsequent sid-to-name >+# queries. >+sid=$($wbinfo -n $REALM/$DC_USERNAME | sed -e 's/ .*//') >+out=$($wbinfo -s $sid | sed -e 's/ .//') >+# winbindd returns usernames in lowercase >+lcuser=$(echo $DC_USERNAME | tr A-Z a-z) >+testit "Verify DOMAIN/USER output" \ >+ test "$out" = "$DOMAIN/$lcuser" || \ >+ failed=$(expr $failed + 1) >+ > # Two separator characters should fail > testit_expect_failure "name-to-sid.double-separator" \ > $wbinfo -n $DOMAIN//$DC_USERNAME || \ >diff --git a/selftest/knownfail b/selftest/knownfail >index baf3d57a31a..9c2077f2c98 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -349,3 +349,4 @@ > # Disabling NTLM means you can't use samr to change the password > ^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\) > ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\) >+^samba3.wbinfo_name_lookup.Verify DOMAIN/USER output\(ad_member\) >-- >2.17.0 > > >From 2700783a631da19202b1fa58d0a363b8d6af66f2 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Mon, 11 Mar 2019 15:53:51 -0700 >Subject: [PATCH 2/6] winbind: Query domain from msrpc name_to_sid > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 60b0e91237179b8782c4bd83b9579f51d5af2928) >--- > source3/winbindd/winbindd_msrpc.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c >index eb400f0ebf3..4299a567907 100644 >--- a/source3/winbindd/winbindd_msrpc.c >+++ b/source3/winbindd/winbindd_msrpc.c >@@ -226,6 +226,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, > enum lsa_SidType *types = NULL; > char *full_name = NULL; > const char *names[1]; >+ const char **domains; > NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL; > char *mapped_name = NULL; > >@@ -260,7 +261,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, > names[0] = full_name; > > result = winbindd_lookup_names(mem_ctx, domain, 1, >- names, NULL, >+ names, &domains, > &sids, &types); > if (!NT_STATUS_IS_OK(result)) > return result; >-- >2.17.0 > > >From 261cf5712b3dd80148c75f42419c958359ac50f3 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Mon, 11 Mar 2019 15:54:21 -0700 >Subject: [PATCH 3/6] winbind: Query domain from winbind rpc name_to_sid > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 562551c0886bdef1f97059e16d375c2e97452b45) >--- > source3/winbindd/winbindd_rpc.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c >index f50fb8fa5db..eb892bafb97 100644 >--- a/source3/winbindd/winbindd_rpc.c >+++ b/source3/winbindd/winbindd_rpc.c >@@ -246,6 +246,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, > struct dom_sid *sids = NULL; > char *full_name = NULL; > const char *names[1]; >+ const char **domains; > char *mapped_name = NULL; > NTSTATUS status; > >@@ -282,7 +283,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, > lsa_policy, > 1, /* num_names */ > names, >- NULL, /* domains */ >+ &domains, > 1, /* level */ > &sids, > &types); >-- >2.17.0 > > >From 1af5c3abde917843679d13ac5069f37877048fac Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Thu, 14 Mar 2019 10:30:45 -0700 >Subject: [PATCH 4/6] winbind: Query domain from winbind sam_name_to_sid > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 32e3f0663be39cf4a81639c818fc88e959791673) >--- > source3/winbindd/winbindd_samr.c | 2 ++ > 1 file changed, 2 insertions(+) > >diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c >index 31720d54997..b0c023b2dd6 100644 >--- a/source3/winbindd/winbindd_samr.c >+++ b/source3/winbindd/winbindd_samr.c >@@ -587,6 +587,7 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain, > struct rpc_pipe_client *lsa_pipe; > struct policy_handle lsa_policy = { 0 }; > struct dom_sid sid; >+ const char *dom_name; > enum lsa_SidType type; > TALLOC_CTX *tmp_ctx; > NTSTATUS status; >@@ -615,6 +616,7 @@ again: > domain_name, > name, > flags, >+ &dom_name, > &sid, > &type); > >-- >2.17.0 > > >From 0c480c1e45959757b4dc42572a3a57b854e896bb Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Mon, 11 Mar 2019 16:11:01 -0700 >Subject: [PATCH 5/6] winbind: Return queried domain name from name_to_sid > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 640e0ef4fd338ddf03b813a8d45cce67c7ec7a01) >--- > source3/winbindd/winbindd.h | 1 + > source3/winbindd/winbindd_ads.c | 3 ++- > source3/winbindd/winbindd_cache.c | 2 +- > source3/winbindd/winbindd_msrpc.c | 12 ++++++++++++ > source3/winbindd/winbindd_reconnect.c | 5 +++-- > source3/winbindd/winbindd_reconnect_ads.c | 5 +++-- > source3/winbindd/winbindd_rpc.c | 12 ++++++++++++ > source3/winbindd/winbindd_rpc.h | 1 + > source3/winbindd/winbindd_samr.c | 9 +++++++++ > 9 files changed, 44 insertions(+), 6 deletions(-) > >diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h >index 57371765484..292deacca85 100644 >--- a/source3/winbindd/winbindd.h >+++ b/source3/winbindd/winbindd.h >@@ -224,6 +224,7 @@ struct winbindd_methods { > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *sid, > enum lsa_SidType *type); > >diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c >index 76d6a304366..eafb19eee39 100644 >--- a/source3/winbindd/winbindd_ads.c >+++ b/source3/winbindd/winbindd_ads.c >@@ -558,11 +558,12 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *sid, > enum lsa_SidType *type) > { > return msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name, >- flags, sid, type); >+ flags, pdom_name, sid, type); > } > > /* convert a domain SID to a user or group name - use rpc methods */ >diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c >index b0644d38761..fb999841af2 100644 >--- a/source3/winbindd/winbindd_cache.c >+++ b/source3/winbindd/winbindd_cache.c >@@ -1818,7 +1818,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain, > > winbindd_domain_init_backend(domain); > status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, >- name, flags, sid, type); >+ name, flags, NULL, sid, type); > > if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) || > NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) { >diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c >index 4299a567907..17148806b24 100644 >--- a/source3/winbindd/winbindd_msrpc.c >+++ b/source3/winbindd/winbindd_msrpc.c >@@ -218,6 +218,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *sid, > enum lsa_SidType *type) > { >@@ -268,6 +269,17 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, > > /* Return rid and type if lookup successful */ > >+ if (pdom_name != NULL) { >+ const char *dom_name; >+ >+ dom_name = talloc_strdup(mem_ctx, domains[0]); >+ if (dom_name == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ *pdom_name = dom_name; >+ } >+ > sid_copy(sid, &sids[0]); > *type = types[0]; > >diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c >index 1d0e8e6d472..56741d4670e 100644 >--- a/source3/winbindd/winbindd_reconnect.c >+++ b/source3/winbindd/winbindd_reconnect.c >@@ -131,18 +131,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *sid, > enum lsa_SidType *type) > { > NTSTATUS result; > > result = msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name, >- flags, sid, type); >+ flags, pdom_name, sid, type); > > if (reconnect_need_retry(result, domain)) > result = msrpc_methods.name_to_sid(domain, mem_ctx, > domain_name, name, flags, >- sid, type); >+ pdom_name, sid, type); > > return result; > } >diff --git a/source3/winbindd/winbindd_reconnect_ads.c b/source3/winbindd/winbindd_reconnect_ads.c >index 0a0a14f6dd0..f77430572d0 100644 >--- a/source3/winbindd/winbindd_reconnect_ads.c >+++ b/source3/winbindd/winbindd_reconnect_ads.c >@@ -137,18 +137,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *sid, > enum lsa_SidType *type) > { > NTSTATUS result; > > result = ads_methods.name_to_sid(domain, mem_ctx, domain_name, name, >- flags, sid, type); >+ flags, pdom_name, sid, type); > > if (reconnect_need_retry(result, domain)) { > result = ads_methods.name_to_sid(domain, mem_ctx, > domain_name, name, flags, >- sid, type); >+ pdom_name, sid, type); > } > > return result; >diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c >index eb892bafb97..2bd1c7155e0 100644 >--- a/source3/winbindd/winbindd_rpc.c >+++ b/source3/winbindd/winbindd_rpc.c >@@ -239,6 +239,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *sid, > enum lsa_SidType *type) > { >@@ -293,6 +294,17 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, > return status; > } > >+ if (pdom_name != NULL) { >+ const char *dom_name; >+ >+ dom_name = talloc_strdup(mem_ctx, domains[0]); >+ if (dom_name == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ *pdom_name = dom_name; >+ } >+ > sid_copy(sid, &sids[0]); > *type = types[0]; > >diff --git a/source3/winbindd/winbindd_rpc.h b/source3/winbindd/winbindd_rpc.h >index 162f1ef3329..a5cfe77f289 100644 >--- a/source3/winbindd/winbindd_rpc.h >+++ b/source3/winbindd/winbindd_rpc.h >@@ -53,6 +53,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *psid, > enum lsa_SidType *ptype); > >diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c >index b0c023b2dd6..55af168dabf 100644 >--- a/source3/winbindd/winbindd_samr.c >+++ b/source3/winbindd/winbindd_samr.c >@@ -581,6 +581,7 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain, > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *psid, > enum lsa_SidType *ptype) > { >@@ -629,6 +630,14 @@ again: > goto done; > } > >+ if (pdom_name != NULL) { >+ *pdom_name = talloc_strdup(mem_ctx, dom_name); >+ if (*pdom_name == NULL) { >+ status = NT_STATUS_NO_MEMORY; >+ goto done; >+ } >+ } >+ > if (psid) { > sid_copy(psid, &sid); > } >-- >2.17.0 > > >From 314039d9cb4fc283b0ac0b927e355759abd9037e Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Mon, 11 Mar 2019 16:14:02 -0700 >Subject: [PATCH 6/6] winbind: Use domain name from lsa query for sid_to_name > cache entry > >When winbindd is asked to map a name like realm.com\name to a SID ,that >is sucessfully resolved through the lsa lookup name call. The same call >also returns the short domain name (netbios name of the domain). Use >that short domain name for the sid_to_name cache entry, so that >subsequent sid_to_name queries return the expected netbiosname\name >result and not realm.com\name. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit aec9bda25f10ca2710d91fb680cca7904e92f9de) >--- > selftest/knownfail | 1 - > source3/winbindd/winbindd_cache.c | 5 +++-- > 2 files changed, 3 insertions(+), 3 deletions(-) > >diff --git a/selftest/knownfail b/selftest/knownfail >index 9c2077f2c98..baf3d57a31a 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -349,4 +349,3 @@ > # Disabling NTLM means you can't use samr to change the password > ^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\) > ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\) >-^samba3.wbinfo_name_lookup.Verify DOMAIN/USER output\(ad_member\) >diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c >index fb999841af2..1af3d929e49 100644 >--- a/source3/winbindd/winbindd_cache.c >+++ b/source3/winbindd/winbindd_cache.c >@@ -1792,6 +1792,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain, > { > NTSTATUS status; > bool old_status; >+ const char *dom_name; > > old_status = domain->online; > >@@ -1818,7 +1819,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain, > > winbindd_domain_init_backend(domain); > status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, >- name, flags, NULL, sid, type); >+ name, flags, &dom_name, sid, type); > > if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) || > NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) { >@@ -1853,7 +1854,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain, > } > (void)strlower_m(discard_const_p(char, name)); > wcache_save_sid_to_name(domain, status, sid, >- domain_name, name, save_type); >+ dom_name, name, save_type); > } > } > >-- >2.17.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
vl
:
review+
Actions:
View
Attachments on
bug 13831
: 15085 |
15086