The Samba-Bugzilla – Attachment 15086 Details for
Bug 13831
Inconsistent output from wbinfo --sid-to-name depending on cache state
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patches for 4.10
patches-4.10 (text/plain), 15.32 KB, created by
Christof Schmitt
on 2019-04-18 20:29:50 UTC
(
hide
)
Description:
patches for 4.10
Filename:
MIME Type:
Creator:
Christof Schmitt
Created:
2019-04-18 20:29:50 UTC
Size:
15.32 KB
patch
obsolete
>From 5f838d8df10bd76bcc45cd6560020a79ec59feb7 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Mon, 11 Mar 2019 16:26:48 -0700 >Subject: [PATCH 1/6] nsswitch: Add testcase for checking output of wbinfo > --sid-to-name > >The username should always be returned in the DOMAISHORTNAME/USERNAME >format. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit d006c769a9cad275339b18b08e13d48acb29d7fc) >--- > nsswitch/tests/test_wbinfo_name_lookup.sh | 15 +++++++++++++++ > selftest/knownfail | 1 + > 2 files changed, 16 insertions(+) > >diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh >index c1d39c1a602..ee8ae11f4b1 100755 >--- a/nsswitch/tests/test_wbinfo_name_lookup.sh >+++ b/nsswitch/tests/test_wbinfo_name_lookup.sh >@@ -31,6 +31,21 @@ testit "name-to-sid.upn" \ > $wbinfo -n $DC_USERNAME@$REALM || \ > failed=$(expr $failed + 1) > >+testit "name-to-sid.realm-user" \ >+ $wbinfo -n $REALM/$DC_USERNAME || \ >+ failed=$(expr $failed + 1) >+ >+# For the name-to-sid.realm-user query, ensure >+# that this does not change subsequent sid-to-name >+# queries. >+sid=$($wbinfo -n $REALM/$DC_USERNAME | sed -e 's/ .*//') >+out=$($wbinfo -s $sid | sed -e 's/ .//') >+# winbindd returns usernames in lowercase >+lcuser=$(echo $DC_USERNAME | tr A-Z a-z) >+testit "Verify DOMAIN/USER output" \ >+ test "$out" = "$DOMAIN/$lcuser" || \ >+ failed=$(expr $failed + 1) >+ > # Two separator characters should fail > testit_expect_failure "name-to-sid.double-separator" \ > $wbinfo -n $DOMAIN//$DC_USERNAME || \ >diff --git a/selftest/knownfail b/selftest/knownfail >index 7176e097eb2..eebe3864b74 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -360,3 +360,4 @@ > ^samba.tests.ntlmdisabled.python\(ktest\).python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\) > ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\) > ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\) >+^samba3.wbinfo_name_lookup.Verify DOMAIN/USER output\(ad_member\) >-- >2.17.0 > > >From 240cafc2ebcb26617b3e1b1e8baf9d1b82f8fce0 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Mon, 11 Mar 2019 15:53:51 -0700 >Subject: [PATCH 2/6] winbind: Query domain from msrpc name_to_sid > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 60b0e91237179b8782c4bd83b9579f51d5af2928) >--- > source3/winbindd/winbindd_msrpc.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c >index 203fbc6b56a..69a049556dd 100644 >--- a/source3/winbindd/winbindd_msrpc.c >+++ b/source3/winbindd/winbindd_msrpc.c >@@ -226,6 +226,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, > enum lsa_SidType *types = NULL; > char *full_name = NULL; > const char *names[1]; >+ const char **domains; > NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL; > char *mapped_name = NULL; > >@@ -260,7 +261,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, > names[0] = full_name; > > result = winbindd_lookup_names(mem_ctx, domain, 1, >- names, NULL, >+ names, &domains, > &sids, &types); > if (!NT_STATUS_IS_OK(result)) > return result; >-- >2.17.0 > > >From ef2fe9d7649ce63f60f1985a5178a55a16db3ab0 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Mon, 11 Mar 2019 15:54:21 -0700 >Subject: [PATCH 3/6] winbind: Query domain from winbind rpc name_to_sid > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 562551c0886bdef1f97059e16d375c2e97452b45) >--- > source3/winbindd/winbindd_rpc.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c >index 6f7cb07f4e3..81f9f98a4bd 100644 >--- a/source3/winbindd/winbindd_rpc.c >+++ b/source3/winbindd/winbindd_rpc.c >@@ -254,6 +254,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, > struct dom_sid *sids = NULL; > char *full_name = NULL; > const char *names[1]; >+ const char **domains; > char *mapped_name = NULL; > NTSTATUS status; > >@@ -290,7 +291,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, > lsa_policy, > 1, /* num_names */ > names, >- NULL, /* domains */ >+ &domains, > 1, /* level */ > &sids, > &types); >-- >2.17.0 > > >From f481a1fe07a8045080ed5b658efa9b364859632f Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Thu, 14 Mar 2019 10:30:45 -0700 >Subject: [PATCH 4/6] winbind: Query domain from winbind sam_name_to_sid > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 32e3f0663be39cf4a81639c818fc88e959791673) >--- > source3/winbindd/winbindd_samr.c | 2 ++ > 1 file changed, 2 insertions(+) > >diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c >index 3727e8fa39f..35e7febceff 100644 >--- a/source3/winbindd/winbindd_samr.c >+++ b/source3/winbindd/winbindd_samr.c >@@ -587,6 +587,7 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain, > struct rpc_pipe_client *lsa_pipe; > struct policy_handle lsa_policy = { 0 }; > struct dom_sid sid; >+ const char *dom_name; > enum lsa_SidType type; > TALLOC_CTX *tmp_ctx; > NTSTATUS status; >@@ -615,6 +616,7 @@ again: > domain_name, > name, > flags, >+ &dom_name, > &sid, > &type); > >-- >2.17.0 > > >From 360c49729cf7ff13b4f0111357d3990835ee273e Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Mon, 11 Mar 2019 16:11:01 -0700 >Subject: [PATCH 5/6] winbind: Return queried domain name from name_to_sid > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 640e0ef4fd338ddf03b813a8d45cce67c7ec7a01) >--- > source3/winbindd/winbindd.h | 1 + > source3/winbindd/winbindd_ads.c | 3 ++- > source3/winbindd/winbindd_cache.c | 2 +- > source3/winbindd/winbindd_msrpc.c | 12 ++++++++++++ > source3/winbindd/winbindd_reconnect.c | 5 +++-- > source3/winbindd/winbindd_reconnect_ads.c | 5 +++-- > source3/winbindd/winbindd_rpc.c | 12 ++++++++++++ > source3/winbindd/winbindd_rpc.h | 1 + > source3/winbindd/winbindd_samr.c | 9 +++++++++ > 9 files changed, 44 insertions(+), 6 deletions(-) > >diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h >index 7490d62a705..a72d6aa7830 100644 >--- a/source3/winbindd/winbindd.h >+++ b/source3/winbindd/winbindd.h >@@ -225,6 +225,7 @@ struct winbindd_methods { > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *sid, > enum lsa_SidType *type); > >diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c >index 4076f8227cb..204afdffb1f 100644 >--- a/source3/winbindd/winbindd_ads.c >+++ b/source3/winbindd/winbindd_ads.c >@@ -558,11 +558,12 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *sid, > enum lsa_SidType *type) > { > return msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name, >- flags, sid, type); >+ flags, pdom_name, sid, type); > } > > /* convert a domain SID to a user or group name - use rpc methods */ >diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c >index c686089d517..92a5e1d333b 100644 >--- a/source3/winbindd/winbindd_cache.c >+++ b/source3/winbindd/winbindd_cache.c >@@ -1820,7 +1820,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain, > > winbindd_domain_init_backend(domain); > status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, >- name, flags, sid, type); >+ name, flags, NULL, sid, type); > > if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) || > NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) { >diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c >index 69a049556dd..342f22cfde3 100644 >--- a/source3/winbindd/winbindd_msrpc.c >+++ b/source3/winbindd/winbindd_msrpc.c >@@ -218,6 +218,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *sid, > enum lsa_SidType *type) > { >@@ -268,6 +269,17 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, > > /* Return rid and type if lookup successful */ > >+ if (pdom_name != NULL) { >+ const char *dom_name; >+ >+ dom_name = talloc_strdup(mem_ctx, domains[0]); >+ if (dom_name == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ *pdom_name = dom_name; >+ } >+ > sid_copy(sid, &sids[0]); > *type = types[0]; > >diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c >index 1d0e8e6d472..56741d4670e 100644 >--- a/source3/winbindd/winbindd_reconnect.c >+++ b/source3/winbindd/winbindd_reconnect.c >@@ -131,18 +131,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *sid, > enum lsa_SidType *type) > { > NTSTATUS result; > > result = msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name, >- flags, sid, type); >+ flags, pdom_name, sid, type); > > if (reconnect_need_retry(result, domain)) > result = msrpc_methods.name_to_sid(domain, mem_ctx, > domain_name, name, flags, >- sid, type); >+ pdom_name, sid, type); > > return result; > } >diff --git a/source3/winbindd/winbindd_reconnect_ads.c b/source3/winbindd/winbindd_reconnect_ads.c >index 0a0a14f6dd0..f77430572d0 100644 >--- a/source3/winbindd/winbindd_reconnect_ads.c >+++ b/source3/winbindd/winbindd_reconnect_ads.c >@@ -137,18 +137,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *sid, > enum lsa_SidType *type) > { > NTSTATUS result; > > result = ads_methods.name_to_sid(domain, mem_ctx, domain_name, name, >- flags, sid, type); >+ flags, pdom_name, sid, type); > > if (reconnect_need_retry(result, domain)) { > result = ads_methods.name_to_sid(domain, mem_ctx, > domain_name, name, flags, >- sid, type); >+ pdom_name, sid, type); > } > > return result; >diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c >index 81f9f98a4bd..ffbaabcfe49 100644 >--- a/source3/winbindd/winbindd_rpc.c >+++ b/source3/winbindd/winbindd_rpc.c >@@ -247,6 +247,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *sid, > enum lsa_SidType *type) > { >@@ -301,6 +302,17 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, > return status; > } > >+ if (pdom_name != NULL) { >+ const char *dom_name; >+ >+ dom_name = talloc_strdup(mem_ctx, domains[0]); >+ if (dom_name == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ *pdom_name = dom_name; >+ } >+ > sid_copy(sid, &sids[0]); > *type = types[0]; > >diff --git a/source3/winbindd/winbindd_rpc.h b/source3/winbindd/winbindd_rpc.h >index 162f1ef3329..a5cfe77f289 100644 >--- a/source3/winbindd/winbindd_rpc.h >+++ b/source3/winbindd/winbindd_rpc.h >@@ -53,6 +53,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *psid, > enum lsa_SidType *ptype); > >diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c >index 35e7febceff..396e2c97709 100644 >--- a/source3/winbindd/winbindd_samr.c >+++ b/source3/winbindd/winbindd_samr.c >@@ -581,6 +581,7 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain, > const char *domain_name, > const char *name, > uint32_t flags, >+ const char **pdom_name, > struct dom_sid *psid, > enum lsa_SidType *ptype) > { >@@ -629,6 +630,14 @@ again: > goto done; > } > >+ if (pdom_name != NULL) { >+ *pdom_name = talloc_strdup(mem_ctx, dom_name); >+ if (*pdom_name == NULL) { >+ status = NT_STATUS_NO_MEMORY; >+ goto done; >+ } >+ } >+ > if (psid) { > sid_copy(psid, &sid); > } >-- >2.17.0 > > >From 889e2b959af8f010dc3c39589baab9b78142cf4b Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Mon, 11 Mar 2019 16:14:02 -0700 >Subject: [PATCH 6/6] winbind: Use domain name from lsa query for sid_to_name > cache entry > >When winbindd is asked to map a name like realm.com\name to a SID ,that >is sucessfully resolved through the lsa lookup name call. The same call >also returns the short domain name (netbios name of the domain). Use >that short domain name for the sid_to_name cache entry, so that >subsequent sid_to_name queries return the expected netbiosname\name >result and not realm.com\name. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit aec9bda25f10ca2710d91fb680cca7904e92f9de) >--- > selftest/knownfail | 1 - > source3/winbindd/winbindd_cache.c | 5 +++-- > 2 files changed, 3 insertions(+), 3 deletions(-) > >diff --git a/selftest/knownfail b/selftest/knownfail >index eebe3864b74..7176e097eb2 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -360,4 +360,3 @@ > ^samba.tests.ntlmdisabled.python\(ktest\).python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\) > ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\) > ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\) >-^samba3.wbinfo_name_lookup.Verify DOMAIN/USER output\(ad_member\) >diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c >index 92a5e1d333b..abdfd11dc53 100644 >--- a/source3/winbindd/winbindd_cache.c >+++ b/source3/winbindd/winbindd_cache.c >@@ -1794,6 +1794,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain, > { > NTSTATUS status; > bool old_status; >+ const char *dom_name; > > old_status = domain->online; > >@@ -1820,7 +1821,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain, > > winbindd_domain_init_backend(domain); > status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, >- name, flags, NULL, sid, type); >+ name, flags, &dom_name, sid, type); > > if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) || > NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) { >@@ -1855,7 +1856,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain, > } > (void)strlower_m(discard_const_p(char, name)); > wcache_save_sid_to_name(domain, status, sid, >- domain_name, name, save_type); >+ dom_name, name, save_type); > } > } > >-- >2.17.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
vl
:
review+
Actions:
View
Attachments on
bug 13831
:
15085
| 15086