Attachment 15085 Details for Bug 13831 – patches for 4.9

[patch] patches for 4.9

patches-4.9 (text/plain), 15.17 KB, created by Christof Schmitt on 2019-04-18 20:29:33 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Christof Schmitt

Created: 2019-04-18 20:29:33 UTC

Size: 15.17 KB

patch

obsolete

>From 4df378cccc019a7c1717c5fdd80e7079abf89e41 Mon Sep 17 00:00:00 2001
>From: Christof Schmitt <cs@samba.org>
>Date: Mon, 11 Mar 2019 16:26:48 -0700
>Subject: [PATCH 1/6] nsswitch: Add testcase for checking output of wbinfo
> --sid-to-name
>
>The username should always be returned in the DOMAISHORTNAME/USERNAME
>format.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
>
>Signed-off-by: Christof Schmitt <cs@samba.org>
>Reviewed-by: Volker Lendecke <vl@samba.org>
>(cherry picked from commit d006c769a9cad275339b18b08e13d48acb29d7fc)
>---
> nsswitch/tests/test_wbinfo_name_lookup.sh | 15 +++++++++++++++
> selftest/knownfail                        |  1 +
> 2 files changed, 16 insertions(+)
>
>diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh
>index c1d39c1a602..ee8ae11f4b1 100755
>--- a/nsswitch/tests/test_wbinfo_name_lookup.sh
>+++ b/nsswitch/tests/test_wbinfo_name_lookup.sh
>@@ -31,6 +31,21 @@ testit "name-to-sid.upn" \
>        $wbinfo -n $DC_USERNAME@$REALM || \
> 	failed=$(expr $failed + 1)
> 
>+testit "name-to-sid.realm-user" \
>+       $wbinfo -n $REALM/$DC_USERNAME || \
>+	failed=$(expr $failed + 1)
>+
>+# For the name-to-sid.realm-user query, ensure
>+# that this does not change subsequent sid-to-name
>+# queries.
>+sid=$($wbinfo -n $REALM/$DC_USERNAME | sed -e 's/ .*//')
>+out=$($wbinfo -s $sid | sed -e 's/ .//')
>+# winbindd returns usernames in lowercase
>+lcuser=$(echo $DC_USERNAME | tr A-Z a-z)
>+testit "Verify DOMAIN/USER output" \
>+       test "$out" = "$DOMAIN/$lcuser" || \
>+	failed=$(expr $failed + 1)
>+
> # Two separator characters should fail
> testit_expect_failure "name-to-sid.double-separator" \
> 		      $wbinfo -n $DOMAIN//$DC_USERNAME || \
>diff --git a/selftest/knownfail b/selftest/knownfail
>index baf3d57a31a..9c2077f2c98 100644
>--- a/selftest/knownfail
>+++ b/selftest/knownfail
>@@ -349,3 +349,4 @@
> # Disabling NTLM means you can't use samr to change the password
> ^samba.tests.ntlmdisabled.python$ktest$.ntlmdisabled.NtlmDisabledTests.test_samr_change_password$ktest$
> ^samba.tests.ntlmdisabled.python$ad_dc_no_ntlm$.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection$ad_dc_no_ntlm$
>+^samba3.wbinfo_name_lookup.Verify DOMAIN/USER output$ad_member$
>-- 
>2.17.0
>
>
>From 2700783a631da19202b1fa58d0a363b8d6af66f2 Mon Sep 17 00:00:00 2001
>From: Christof Schmitt <cs@samba.org>
>Date: Mon, 11 Mar 2019 15:53:51 -0700
>Subject: [PATCH 2/6] winbind: Query domain from msrpc name_to_sid
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
>
>Signed-off-by: Christof Schmitt <cs@samba.org>
>Reviewed-by: Volker Lendecke <vl@samba.org>
>(cherry picked from commit 60b0e91237179b8782c4bd83b9579f51d5af2928)
>---
> source3/winbindd/winbindd_msrpc.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
>index eb400f0ebf3..4299a567907 100644
>--- a/source3/winbindd/winbindd_msrpc.c
>+++ b/source3/winbindd/winbindd_msrpc.c
>@@ -226,6 +226,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
> 	enum lsa_SidType *types = NULL;
> 	char *full_name = NULL;
> 	const char *names[1];
>+	const char **domains;
> 	NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
> 	char *mapped_name = NULL;
> 
>@@ -260,7 +261,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
> 	names[0] = full_name;
> 
> 	result = winbindd_lookup_names(mem_ctx, domain, 1,
>-				       names, NULL,
>+				       names, &domains,
> 				       &sids, &types);
> 	if (!NT_STATUS_IS_OK(result))
> 		return result;
>-- 
>2.17.0
>
>
>From 261cf5712b3dd80148c75f42419c958359ac50f3 Mon Sep 17 00:00:00 2001
>From: Christof Schmitt <cs@samba.org>
>Date: Mon, 11 Mar 2019 15:54:21 -0700
>Subject: [PATCH 3/6] winbind: Query domain from winbind rpc name_to_sid
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
>
>Signed-off-by: Christof Schmitt <cs@samba.org>
>Reviewed-by: Volker Lendecke <vl@samba.org>
>(cherry picked from commit 562551c0886bdef1f97059e16d375c2e97452b45)
>---
> source3/winbindd/winbindd_rpc.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
>index f50fb8fa5db..eb892bafb97 100644
>--- a/source3/winbindd/winbindd_rpc.c
>+++ b/source3/winbindd/winbindd_rpc.c
>@@ -246,6 +246,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
> 	struct dom_sid *sids = NULL;
> 	char *full_name = NULL;
> 	const char *names[1];
>+	const char **domains;
> 	char *mapped_name = NULL;
> 	NTSTATUS status;
> 
>@@ -282,7 +283,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
> 					 lsa_policy,
> 					 1, /* num_names */
> 					 names,
>-					 NULL, /* domains */
>+					 &domains,
> 					 1, /* level */
> 					 &sids,
> 					 &types);
>-- 
>2.17.0
>
>
>From 1af5c3abde917843679d13ac5069f37877048fac Mon Sep 17 00:00:00 2001
>From: Christof Schmitt <cs@samba.org>
>Date: Thu, 14 Mar 2019 10:30:45 -0700
>Subject: [PATCH 4/6] winbind: Query domain from winbind sam_name_to_sid
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
>
>Signed-off-by: Christof Schmitt <cs@samba.org>
>Reviewed-by: Volker Lendecke <vl@samba.org>
>(cherry picked from commit 32e3f0663be39cf4a81639c818fc88e959791673)
>---
> source3/winbindd/winbindd_samr.c | 2 ++
> 1 file changed, 2 insertions(+)
>
>diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
>index 31720d54997..b0c023b2dd6 100644
>--- a/source3/winbindd/winbindd_samr.c
>+++ b/source3/winbindd/winbindd_samr.c
>@@ -587,6 +587,7 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
> 	struct rpc_pipe_client *lsa_pipe;
> 	struct policy_handle lsa_policy = { 0 };
> 	struct dom_sid sid;
>+	const char *dom_name;
> 	enum lsa_SidType type;
> 	TALLOC_CTX *tmp_ctx;
> 	NTSTATUS status;
>@@ -615,6 +616,7 @@ again:
> 				 domain_name,
> 				 name,
> 				 flags,
>+				 &dom_name,
> 				 &sid,
> 				 &type);
> 
>-- 
>2.17.0
>
>
>From 0c480c1e45959757b4dc42572a3a57b854e896bb Mon Sep 17 00:00:00 2001
>From: Christof Schmitt <cs@samba.org>
>Date: Mon, 11 Mar 2019 16:11:01 -0700
>Subject: [PATCH 5/6] winbind: Return queried domain name from name_to_sid
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
>
>Signed-off-by: Christof Schmitt <cs@samba.org>
>Reviewed-by: Volker Lendecke <vl@samba.org>
>(cherry picked from commit 640e0ef4fd338ddf03b813a8d45cce67c7ec7a01)
>---
> source3/winbindd/winbindd.h               |  1 +
> source3/winbindd/winbindd_ads.c           |  3 ++-
> source3/winbindd/winbindd_cache.c         |  2 +-
> source3/winbindd/winbindd_msrpc.c         | 12 ++++++++++++
> source3/winbindd/winbindd_reconnect.c     |  5 +++--
> source3/winbindd/winbindd_reconnect_ads.c |  5 +++--
> source3/winbindd/winbindd_rpc.c           | 12 ++++++++++++
> source3/winbindd/winbindd_rpc.h           |  1 +
> source3/winbindd/winbindd_samr.c          |  9 +++++++++
> 9 files changed, 44 insertions(+), 6 deletions(-)
>
>diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
>index 57371765484..292deacca85 100644
>--- a/source3/winbindd/winbindd.h
>+++ b/source3/winbindd/winbindd.h
>@@ -224,6 +224,7 @@ struct winbindd_methods {
> 				const char *domain_name,
> 				const char *name,
> 				uint32_t flags,
>+				const char **pdom_name,
> 				struct dom_sid *sid,
> 				enum lsa_SidType *type);
> 
>diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
>index 76d6a304366..eafb19eee39 100644
>--- a/source3/winbindd/winbindd_ads.c
>+++ b/source3/winbindd/winbindd_ads.c
>@@ -558,11 +558,12 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
> 			    const char *domain_name,
> 			    const char *name,
> 			    uint32_t flags,
>+			    const char **pdom_name,
> 			    struct dom_sid *sid,
> 			    enum lsa_SidType *type)
> {
> 	return msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name,
>-					 flags, sid, type);
>+					 flags, pdom_name, sid, type);
> }
> 
> /* convert a domain SID to a user or group name - use rpc methods */
>diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
>index b0644d38761..fb999841af2 100644
>--- a/source3/winbindd/winbindd_cache.c
>+++ b/source3/winbindd/winbindd_cache.c
>@@ -1818,7 +1818,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
> 
> 	winbindd_domain_init_backend(domain);
> 	status = domain->backend->name_to_sid(domain, mem_ctx, domain_name,
>-					      name, flags, sid, type);
>+					      name, flags, NULL, sid, type);
> 
> 	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
> 		NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
>diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
>index 4299a567907..17148806b24 100644
>--- a/source3/winbindd/winbindd_msrpc.c
>+++ b/source3/winbindd/winbindd_msrpc.c
>@@ -218,6 +218,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
> 				  const char *domain_name,
> 				  const char *name,
> 				  uint32_t flags,
>+				  const char **pdom_name,
> 				  struct dom_sid *sid,
> 				  enum lsa_SidType *type)
> {
>@@ -268,6 +269,17 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
> 
> 	/* Return rid and type if lookup successful */
> 
>+	if (pdom_name != NULL) {
>+		const char *dom_name;
>+
>+		dom_name = talloc_strdup(mem_ctx, domains[0]);
>+		if (dom_name == NULL) {
>+			return NT_STATUS_NO_MEMORY;
>+		}
>+
>+		*pdom_name = dom_name;
>+	}
>+
> 	sid_copy(sid, &sids[0]);
> 	*type = types[0];
> 
>diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c
>index 1d0e8e6d472..56741d4670e 100644
>--- a/source3/winbindd/winbindd_reconnect.c
>+++ b/source3/winbindd/winbindd_reconnect.c
>@@ -131,18 +131,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
> 			    const char *domain_name,
> 			    const char *name,
> 			    uint32_t flags,
>+			    const char **pdom_name,
> 			    struct dom_sid *sid,
> 			    enum lsa_SidType *type)
> {
> 	NTSTATUS result;
> 
> 	result = msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name,
>-					   flags, sid, type);
>+					   flags, pdom_name, sid, type);
> 
> 	if (reconnect_need_retry(result, domain))
> 		result = msrpc_methods.name_to_sid(domain, mem_ctx,
> 						   domain_name, name, flags,
>-						   sid, type);
>+						   pdom_name, sid, type);
> 
> 	return result;
> }
>diff --git a/source3/winbindd/winbindd_reconnect_ads.c b/source3/winbindd/winbindd_reconnect_ads.c
>index 0a0a14f6dd0..f77430572d0 100644
>--- a/source3/winbindd/winbindd_reconnect_ads.c
>+++ b/source3/winbindd/winbindd_reconnect_ads.c
>@@ -137,18 +137,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
> 			    const char *domain_name,
> 			    const char *name,
> 			    uint32_t flags,
>+			    const char **pdom_name,
> 			    struct dom_sid *sid,
> 			    enum lsa_SidType *type)
> {
> 	NTSTATUS result;
> 
> 	result = ads_methods.name_to_sid(domain, mem_ctx, domain_name, name,
>-					 flags, sid, type);
>+					 flags, pdom_name, sid, type);
> 
> 	if (reconnect_need_retry(result, domain)) {
> 		result = ads_methods.name_to_sid(domain, mem_ctx,
> 						 domain_name, name, flags,
>-						 sid, type);
>+						 pdom_name, sid, type);
> 	}
> 
> 	return result;
>diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
>index eb892bafb97..2bd1c7155e0 100644
>--- a/source3/winbindd/winbindd_rpc.c
>+++ b/source3/winbindd/winbindd_rpc.c
>@@ -239,6 +239,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
> 			 const char *domain_name,
> 			 const char *name,
> 			 uint32_t flags,
>+			 const char **pdom_name,
> 			 struct dom_sid *sid,
> 			 enum lsa_SidType *type)
> {
>@@ -293,6 +294,17 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
> 		return status;
> 	}
> 
>+	if (pdom_name != NULL) {
>+		const char *dom_name;
>+
>+		dom_name = talloc_strdup(mem_ctx, domains[0]);
>+		if (dom_name == NULL) {
>+			return NT_STATUS_NO_MEMORY;
>+		}
>+
>+		*pdom_name = dom_name;
>+	}
>+
> 	sid_copy(sid, &sids[0]);
> 	*type = types[0];
> 
>diff --git a/source3/winbindd/winbindd_rpc.h b/source3/winbindd/winbindd_rpc.h
>index 162f1ef3329..a5cfe77f289 100644
>--- a/source3/winbindd/winbindd_rpc.h
>+++ b/source3/winbindd/winbindd_rpc.h
>@@ -53,6 +53,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
> 			 const char *domain_name,
> 			 const char *name,
> 			 uint32_t flags,
>+			 const char **pdom_name,
> 			 struct dom_sid *psid,
> 			 enum lsa_SidType *ptype);
> 
>diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
>index b0c023b2dd6..55af168dabf 100644
>--- a/source3/winbindd/winbindd_samr.c
>+++ b/source3/winbindd/winbindd_samr.c
>@@ -581,6 +581,7 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
> 				   const char *domain_name,
> 				   const char *name,
> 				   uint32_t flags,
>+				   const char **pdom_name,
> 				   struct dom_sid *psid,
> 				   enum lsa_SidType *ptype)
> {
>@@ -629,6 +630,14 @@ again:
> 		goto done;
> 	}
> 
>+	if (pdom_name != NULL) {
>+		*pdom_name = talloc_strdup(mem_ctx, dom_name);
>+		if (*pdom_name == NULL) {
>+			status = NT_STATUS_NO_MEMORY;
>+			goto done;
>+		}
>+	}
>+
> 	if (psid) {
> 		sid_copy(psid, &sid);
> 	}
>-- 
>2.17.0
>
>
>From 314039d9cb4fc283b0ac0b927e355759abd9037e Mon Sep 17 00:00:00 2001
>From: Christof Schmitt <cs@samba.org>
>Date: Mon, 11 Mar 2019 16:14:02 -0700
>Subject: [PATCH 6/6] winbind: Use domain name from lsa query for sid_to_name
> cache entry
>
>When winbindd is asked to map a name like realm.com\name to a SID ,that
>is sucessfully resolved through the lsa lookup name call. The same call
>also returns the short domain name (netbios name of the domain). Use
>that short domain name for the sid_to_name cache entry, so that
>subsequent sid_to_name queries return the expected netbiosname\name
>result and not realm.com\name.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
>
>Signed-off-by: Christof Schmitt <cs@samba.org>
>Reviewed-by: Volker Lendecke <vl@samba.org>
>(cherry picked from commit aec9bda25f10ca2710d91fb680cca7904e92f9de)
>---
> selftest/knownfail                | 1 -
> source3/winbindd/winbindd_cache.c | 5 +++--
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
>diff --git a/selftest/knownfail b/selftest/knownfail
>index 9c2077f2c98..baf3d57a31a 100644
>--- a/selftest/knownfail
>+++ b/selftest/knownfail
>@@ -349,4 +349,3 @@
> # Disabling NTLM means you can't use samr to change the password
> ^samba.tests.ntlmdisabled.python$ktest$.ntlmdisabled.NtlmDisabledTests.test_samr_change_password$ktest$
> ^samba.tests.ntlmdisabled.python$ad_dc_no_ntlm$.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection$ad_dc_no_ntlm$
>-^samba3.wbinfo_name_lookup.Verify DOMAIN/USER output$ad_member$
>diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
>index fb999841af2..1af3d929e49 100644
>--- a/source3/winbindd/winbindd_cache.c
>+++ b/source3/winbindd/winbindd_cache.c
>@@ -1792,6 +1792,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
> {
> 	NTSTATUS status;
> 	bool old_status;
>+	const char *dom_name;
> 
> 	old_status = domain->online;
> 
>@@ -1818,7 +1819,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
> 
> 	winbindd_domain_init_backend(domain);
> 	status = domain->backend->name_to_sid(domain, mem_ctx, domain_name,
>-					      name, flags, NULL, sid, type);
>+					      name, flags, &dom_name, sid, type);
> 
> 	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
> 		NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
>@@ -1853,7 +1854,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
> 			}
> 			(void)strlower_m(discard_const_p(char, name));
> 			wcache_save_sid_to_name(domain, status, sid,
>-						domain_name, name, save_type);
>+						dom_name, name, save_type);
> 		}
> 	}
> 
>-- 
>2.17.0
>

Flags:

vl: review+

Actions: View

Attachments on bug 13831: 15085 | 15086