The Samba-Bugzilla – Attachment 16523 Details for
Bug 14663
idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patches for 4.14
bug-14663-for-4.14 (text/plain), 6.00 KB, created by
Christof Schmitt
on 2021-03-11 16:06:47 UTC
(
hide
)
Description:
patches for 4.14
Filename:
MIME Type:
Creator:
Christof Schmitt
Created:
2021-03-11 16:06:47 UTC
Size:
6.00 KB
patch
obsolete
>From ee805f097c2c448e70e74597d683145cdc65f621 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Fri, 5 Mar 2021 15:48:29 -0700 >Subject: [PATCH 1/3] winbind: Only use unixid2sid mapping when module reports > ID_MAPPED > >Only consider a mapping to be valid when the idmap module reports >ID_MAPPED. Otherwise return the null SID. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit db2afa57e4aa926b478db1be4d693edbdf4d2a23) >--- > source3/winbindd/winbindd_dual_srv.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > >diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c >index ffd7bb957b2..8a0301bf2d6 100644 >--- a/source3/winbindd/winbindd_dual_srv.c >+++ b/source3/winbindd/winbindd_dual_srv.c >@@ -283,8 +283,10 @@ NTSTATUS _wbint_UnixIDs2Sids(struct pipes_struct *p, > } > > for (i=0; i<r->in.num_ids; i++) { >- r->out.xids[i] = maps[i]->xid; >- sid_copy(&r->out.sids[i], maps[i]->sid); >+ if (maps[i]->status == ID_MAPPED) { >+ r->out.xids[i] = maps[i]->xid; >+ sid_copy(&r->out.sids[i], maps[i]->sid); >+ } > } > > TALLOC_FREE(maps); >-- >2.27.0 > > >From 5c8f68c3872e90173077a547cebee17c7478d416 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Fri, 5 Mar 2021 16:01:13 -0700 >Subject: [PATCH 2/3] idmap_rfc2307: Do not return SID from unixids_to_sids on > type mismatch > >The call to winbind_lookup_name already wrote the result in the id_map >array. The later check for the type detected a mismatch, but that did >not remove the SID from the result struct. > >Change this by first assigning the SID to a temporary variable and only >write it to the id_map array after the type checks. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663 > >Signed-off-by: Christof Schmitt <cs@samba.org> >(cherry picked from commit 79dd4b133c37451c98fe7f7c45da881e89e91ffc) >--- > source3/winbindd/idmap_rfc2307.c | 4 +++- > source3/winbindd/winbindd_dual_srv.c | 2 ++ > 2 files changed, 5 insertions(+), 1 deletion(-) > >diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c >index 05259bf8344..4870ca30485 100644 >--- a/source3/winbindd/idmap_rfc2307.c >+++ b/source3/winbindd/idmap_rfc2307.c >@@ -229,6 +229,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx, > > for (i = 0; i < count; i++) { > char *name; >+ struct dom_sid sid; > enum lsa_SidType lsa_type; > struct id_map *map; > uint32_t id; >@@ -277,7 +278,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx, > the following call will not recurse so this is safe */ > (void)winbind_on(); > /* Lookup name from PDC using lsa_lookup_names() */ >- b = winbind_lookup_name(dom_name, name, map->sid, &lsa_type); >+ b = winbind_lookup_name(dom_name, name, &sid, &lsa_type); > (void)winbind_off(); > > if (!b) { >@@ -301,6 +302,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx, > } > > map->status = ID_MAPPED; >+ sid_copy(map->sid, &sid); > } > } > >diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c >index 8a0301bf2d6..32d11e1fa57 100644 >--- a/source3/winbindd/winbindd_dual_srv.c >+++ b/source3/winbindd/winbindd_dual_srv.c >@@ -286,6 +286,8 @@ NTSTATUS _wbint_UnixIDs2Sids(struct pipes_struct *p, > if (maps[i]->status == ID_MAPPED) { > r->out.xids[i] = maps[i]->xid; > sid_copy(&r->out.sids[i], maps[i]->sid); >+ } else { >+ r->out.sids[i] = (struct dom_sid) { 0 }; > } > } > >-- >2.27.0 > > >From de106866853f3896cf8b7d9222244d73bfe84a10 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Fri, 5 Mar 2021 16:07:54 -0700 >Subject: [PATCH 3/3] idmap_nss: Do not return SID from unixids_to_sids on type > mismatch > >The call to winbind_lookup_name already wrote the result in the id_map >array. The later check for the type detected a mismatch, but that did >not remove the SID from the result struct. > >Change this by first assigning the SID to a temporary variable and only >write it to the id_map array after the type checks. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> > >Autobuild-User(master): Volker Lendecke <vl@samba.org> >Autobuild-Date(master): Thu Mar 11 08:38:41 UTC 2021 on sn-devel-184 > >(cherry picked from commit 0e789ba1802ca22e5a01abd6e93ef66cd45566a7) >--- > source3/winbindd/idmap_nss.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > >diff --git a/source3/winbindd/idmap_nss.c b/source3/winbindd/idmap_nss.c >index 9e1efefeb24..da50e2b4aa7 100644 >--- a/source3/winbindd/idmap_nss.c >+++ b/source3/winbindd/idmap_nss.c >@@ -25,6 +25,7 @@ > #include "nsswitch/winbind_client.h" > #include "idmap.h" > #include "lib/winbind_util.h" >+#include "libcli/security/dom_sid.h" > > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_IDMAP >@@ -55,6 +56,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma > struct passwd *pw; > struct group *gr; > const char *name; >+ struct dom_sid sid; > enum lsa_SidType type; > bool ret; > >@@ -86,7 +88,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma > the following call will not recurse so this is safe */ > (void)winbind_on(); > /* Lookup name from PDC using lsa_lookup_names() */ >- ret = winbind_lookup_name(dom->name, name, ids[i]->sid, &type); >+ ret = winbind_lookup_name(dom->name, name, &sid, &type); > (void)winbind_off(); > > if (!ret) { >@@ -99,6 +101,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma > switch (type) { > case SID_NAME_USER: > if (ids[i]->xid.type == ID_TYPE_UID) { >+ sid_copy(ids[i]->sid, &sid); > ids[i]->status = ID_MAPPED; > } > break; >@@ -107,6 +110,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma > case SID_NAME_ALIAS: > case SID_NAME_WKN_GRP: > if (ids[i]->xid.type == ID_TYPE_GID) { >+ sid_copy(ids[i]->sid, &sid); > ids[i]->status = ID_MAPPED; > } > break; >-- >2.27.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
vl
:
review+
Actions:
View
Attachments on
bug 14663
: 16523 |
16524