From 6b38bc6ce0f6035e84b846c7b458175768d472a9 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 20 Feb 2021 15:50:12 +0100 Subject: [PATCH 1/2] passdb: Simplify sids_to_unixids() Best reviewed with "git show -b", there's a "continue" statement that changes subsequent indentation. Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED Bug: https://bugzilla.samba.org/show_bug.cgi?id=14571 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison --- source3/passdb/lookup_sid.c | 49 +++++++++++++++++++++++-------------- 1 file changed, 31 insertions(+), 18 deletions(-) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 1bb15ccb8b4..e55a8af2559 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -29,6 +29,7 @@ #include "../libcli/security/security.h" #include "lib/winbind_util.h" #include "../librpc/gen_ndr/idmap.h" +#include "lib/util/bitmap.h" static bool lookup_unix_user_name(const char *name, struct dom_sid *sid) { @@ -1247,6 +1248,7 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, { struct wbcDomainSid *wbc_sids = NULL; struct wbcUnixId *wbc_ids = NULL; + struct bitmap *found = NULL; uint32_t i, num_not_cached; wbcErr err; bool ret = false; @@ -1255,6 +1257,10 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, if (wbc_sids == NULL) { return false; } + found = bitmap_talloc(wbc_sids, num_sids); + if (found == NULL) { + goto fail; + } num_not_cached = 0; @@ -1266,17 +1272,20 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, &sids[i], &rid)) { ids[i].type = ID_TYPE_UID; ids[i].id = rid; + bitmap_set(found, i); continue; } if (sid_peek_check_rid(&global_sid_Unix_Groups, &sids[i], &rid)) { ids[i].type = ID_TYPE_GID; ids[i].id = rid; + bitmap_set(found, i); continue; } if (idmap_cache_find_sid2unixid(&sids[i], &ids[i], &expired) && !expired) { + bitmap_set(found, i); continue; } ids[i].type = ID_TYPE_NOT_SPECIFIED; @@ -1303,36 +1312,40 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, num_not_cached = 0; for (i=0; i id is a union anyway */ - ids[i].type = (enum id_type)wbc_ids[num_not_cached].type; - ids[i].id = wbc_ids[num_not_cached].id.gid; - break; - } - num_not_cached += 1; + if (bitmap_query(found, i)) { + continue; + } + + switch (wbc_ids[num_not_cached].type) { + case WBC_ID_TYPE_UID: + ids[i].type = ID_TYPE_UID; + ids[i].id = wbc_ids[num_not_cached].id.uid; + break; + case WBC_ID_TYPE_GID: + ids[i].type = ID_TYPE_GID; + ids[i].id = wbc_ids[num_not_cached].id.gid; + break; + default: + /* The types match, and wbcUnixId -> id is a union anyway */ + ids[i].type = (enum id_type)wbc_ids[num_not_cached].type; + ids[i].id = wbc_ids[num_not_cached].id.gid; + break; } + num_not_cached += 1; } for (i=0; i Date: Mon, 22 Feb 2021 18:05:02 -0800 Subject: [PATCH 2/2] passdb: Ensure we initialize both members of wbc_ids[] struct before lookup. The id.gid element will be read if wbcSidsToUnixIds() returns ID_TYPE_NOT_SPECIFIED for an array element, but wbcSidsToUnixIds() doesn't initialize it. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14571 Signed-off-by: Jeremy Allison --- source3/passdb/lookup_sid.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index e55a8af2559..1f15bb82c40 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1302,6 +1302,7 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, } for (i=0; i