From 48229f34423239d5f38faecb454b5d8cb2973b96 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 20 Feb 2021 15:50:12 +0100 Subject: [PATCH 1/2] passdb: Simplify sids_to_unixids() Best reviewed with "git show -b", there's a "continue" statement that changes subsequent indentation. Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED Bug: https://bugzilla.samba.org/show_bug.cgi?id=14571 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison --- source3/passdb/lookup_sid.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 64a181e..a9dc12f 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -27,6 +27,7 @@ #include "idmap_cache.h" #include "../libcli/security/security.h" #include "lib/winbind_util.h" +#include "lib/util/bitmap.h" /***************************************************************** Dissect a user-provided name into domain, name, sid and type. @@ -1400,6 +1401,7 @@ bool sids_to_unix_ids(const struct dom_sid *sids, uint32_t num_sids, { struct wbcDomainSid *wbc_sids = NULL; struct wbcUnixId *wbc_ids = NULL; + struct bitmap *found = NULL; uint32_t i, num_not_cached; wbcErr err; bool ret = false; @@ -1408,6 +1410,10 @@ bool sids_to_unix_ids(const struct dom_sid *sids, uint32_t num_sids, if (wbc_sids == NULL) { return false; } + found = bitmap_talloc(wbc_sids, num_sids); + if (found == NULL) { + goto fail; + } num_not_cached = 0; @@ -1417,34 +1423,40 @@ bool sids_to_unix_ids(const struct dom_sid *sids, uint32_t num_sids, if (fetch_uid_from_cache(&ids[i].id.uid, &sids[i])) { ids[i].type = WBC_ID_TYPE_UID; + bitmap_set(found, i); continue; } if (fetch_gid_from_cache(&ids[i].id.gid, &sids[i])) { ids[i].type = WBC_ID_TYPE_GID; + bitmap_set(found, i); continue; } if (sid_peek_check_rid(&global_sid_Unix_Users, &sids[i], &rid)) { ids[i].type = WBC_ID_TYPE_UID; ids[i].id.uid = rid; + bitmap_set(found, i); continue; } if (sid_peek_check_rid(&global_sid_Unix_Groups, &sids[i], &rid)) { ids[i].type = WBC_ID_TYPE_GID; ids[i].id.gid = rid; + bitmap_set(found, i); continue; } if (idmap_cache_find_sid2uid(&sids[i], &ids[i].id.uid, &expired) && !expired && ids[i].id.uid != (uid_t)-1) { ids[i].type = WBC_ID_TYPE_UID; + bitmap_set(found, i); continue; } if (idmap_cache_find_sid2gid(&sids[i], &ids[i].id.gid, &expired) && !expired && ids[i].id.gid != (gid_t)-1) { ids[i].type = WBC_ID_TYPE_GID; + bitmap_set(found, i); continue; } ids[i].type = WBC_ID_TYPE_NOT_SPECIFIED; @@ -1471,14 +1483,15 @@ bool sids_to_unix_ids(const struct dom_sid *sids, uint32_t num_sids, num_not_cached = 0; for (i=0; i Date: Mon, 22 Feb 2021 18:05:02 -0800 Subject: [PATCH 2/2] passdb: Ensure we initialize both members of wbc_ids[] struct before lookup. The id.gid element will be read if wbcSidsToUnixIds() returns ID_TYPE_NOT_SPECIFIED for an array element, but wbcSidsToUnixIds() doesn't initialize it. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14571 Signed-off-by: Jeremy Allison --- source3/passdb/lookup_sid.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index a9dc12f..306160b 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1473,6 +1473,7 @@ bool sids_to_unix_ids(const struct dom_sid *sids, uint32_t num_sids, } for (i=0; i