From c2a16341fa5109dac9c0752e1e1331f40a685dea Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 20 Feb 2021 15:50:12 +0100 Subject: [PATCH 1/2] passdb: Simplify sids_to_unixids() Best reviewed with "git show -b", there's a "continue" statement that changes subsequent indentation. Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED Bug: https://bugzilla.samba.org/show_bug.cgi?id=14571 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison --- source3/passdb/lookup_sid.c | 49 +++++++++++++++++++++++-------------- 1 file changed, 31 insertions(+), 18 deletions(-) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 1ffd657..f41fd2a 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -28,6 +28,7 @@ #include "../libcli/security/security.h" #include "lib/winbind_util.h" #include "../librpc/gen_ndr/idmap.h" +#include "lib/util/bitmap.h" /***************************************************************** Dissect a user-provided name into domain, name, sid and type. @@ -1307,6 +1308,7 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, { struct wbcDomainSid *wbc_sids = NULL; struct wbcUnixId *wbc_ids = NULL; + struct bitmap *found = NULL; uint32_t i, num_not_cached; wbcErr err; bool ret = false; @@ -1315,6 +1317,10 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, if (wbc_sids == NULL) { return false; } + found = bitmap_talloc(wbc_sids, num_sids); + if (found == NULL) { + goto fail; + } num_not_cached = 0; @@ -1326,17 +1332,20 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, &sids[i], &rid)) { ids[i].type = ID_TYPE_UID; ids[i].id = rid; + bitmap_set(found, i); continue; } if (sid_peek_check_rid(&global_sid_Unix_Groups, &sids[i], &rid)) { ids[i].type = ID_TYPE_GID; ids[i].id = rid; + bitmap_set(found, i); continue; } if (idmap_cache_find_sid2unixid(&sids[i], &ids[i], &expired) && !expired) { + bitmap_set(found, i); continue; } ids[i].type = ID_TYPE_NOT_SPECIFIED; @@ -1363,36 +1372,40 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, num_not_cached = 0; for (i=0; i id is a union anyway */ - ids[i].type = (enum id_type)wbc_ids[num_not_cached].type; - ids[i].id = wbc_ids[num_not_cached].id.gid; - break; - } - num_not_cached += 1; + if (bitmap_query(found, i)) { + continue; + } + + switch (wbc_ids[num_not_cached].type) { + case WBC_ID_TYPE_UID: + ids[i].type = ID_TYPE_UID; + ids[i].id = wbc_ids[num_not_cached].id.uid; + break; + case WBC_ID_TYPE_GID: + ids[i].type = ID_TYPE_GID; + ids[i].id = wbc_ids[num_not_cached].id.gid; + break; + default: + /* The types match, and wbcUnixId -> id is a union anyway */ + ids[i].type = (enum id_type)wbc_ids[num_not_cached].type; + ids[i].id = wbc_ids[num_not_cached].id.gid; + break; } + num_not_cached += 1; } for (i=0; i Date: Mon, 22 Feb 2021 18:05:02 -0800 Subject: [PATCH 2/2] passdb: Ensure we initialize both members of wbc_ids[] struct before lookup. The id.gid element will be read if wbcSidsToUnixIds() returns ID_TYPE_NOT_SPECIFIED for an array element, but wbcSidsToUnixIds() doesn't initialize it. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14571 Signed-off-by: Jeremy Allison --- source3/passdb/lookup_sid.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index f41fd2a..a41a534 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1362,6 +1362,7 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, } for (i=0; i