From 25465d0bc77dd712b3d94e488f2cf0583fd7ac04 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 26 Apr 2022 07:10:56 +0200 Subject: [PATCH 1/5] s3:passdb: Remove trailing spaces in lookup_sid.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit 756cd0eed30322ae6dbd5402ec11441387475884) --- source3/passdb/lookup_sid.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index a551bcfd24a..3a28cdc68a6 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. uid/user handling Copyright (C) Andrew Tridgell 1992-1998 @@ -72,7 +72,7 @@ static bool lookup_unix_group_name(const char *name, struct dom_sid *sid) If an explicit domain name was given in the form domain\user, it has to try that. If no explicit domain name was given, we have to do guesswork. -*****************************************************************/ +*****************************************************************/ bool lookup_name(TALLOC_CTX *mem_ctx, const char *full_name, int flags, @@ -300,7 +300,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, goto ok; } - /* 6. Builtin aliases */ + /* 6. Builtin aliases */ if ((flags & LOOKUP_NAME_BUILTIN) && lookup_builtin_name(name, &rid)) @@ -882,7 +882,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, } /* First build up the data structures: - * + * * dom_infos is a list of domains referenced in the list of * SIDs. Later we will walk the list of domains and look up the RIDs * in bulk. @@ -1070,7 +1070,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, /***************************************************************** *THE CANONICAL* convert SID to name function. -*****************************************************************/ +*****************************************************************/ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, const char **ret_domain, const char **ret_name, @@ -1104,7 +1104,7 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, goto done; } - if ((ret_name != NULL) && + if ((ret_name != NULL) && !(*ret_name = talloc_strdup(mem_ctx, name->name))) { goto done; } @@ -1130,7 +1130,7 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, /***************************************************************** *THE LEGACY* convert SID to id function. -*****************************************************************/ +*****************************************************************/ static bool legacy_sid_to_unixid(const struct dom_sid *psid, struct unixid *id) { @@ -1465,7 +1465,7 @@ fail: /***************************************************************** *THE CANONICAL* convert SID to uid function. -*****************************************************************/ +*****************************************************************/ bool sid_to_uid(const struct dom_sid *psid, uid_t *puid) { @@ -1527,7 +1527,7 @@ bool sid_to_uid(const struct dom_sid *psid, uid_t *puid) /***************************************************************** *THE CANONICAL* convert SID to gid function. Group mapping is used for gids that maps to Wellknown SIDs -*****************************************************************/ +*****************************************************************/ bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid) { -- 2.36.0 From e884efce61290ad6f4125ab4e3adb08bcc1a800d Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 26 Apr 2022 07:12:02 +0200 Subject: [PATCH 2/5] s3:passdb: Add support to handle UPNs in lookup_name() This address an issue if sssd is running and handling nsswitch. If we look up a user with getpwnam("DOMAIN\user") it will return user@REALM in the passwd structure. We need to be able to deal with that. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit 2a03fb91c1120718ada9d4b8421044cb7eae7b83) --- source3/passdb/lookup_sid.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 3a28cdc68a6..c14d7a7b123 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -100,8 +100,18 @@ bool lookup_name(TALLOC_CTX *mem_ctx, PTR_DIFF(p, full_name)); name = talloc_strdup(tmp_ctx, p+1); } else { - domain = talloc_strdup(tmp_ctx, ""); - name = talloc_strdup(tmp_ctx, full_name); + char *q = strchr_m(full_name, '@'); + + /* Set the domain for UPNs */ + if (q != NULL) { + name = talloc_strndup(tmp_ctx, + full_name, + PTR_DIFF(q, full_name)); + domain = talloc_strdup(tmp_ctx, q + 1); + } else { + domain = talloc_strdup(tmp_ctx, ""); + name = talloc_strdup(tmp_ctx, full_name); + } } if ((domain == NULL) || (name == NULL)) { -- 2.36.0 From cc548efd5fa1783e8412e7ac695c8d6be3323d67 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 26 Apr 2022 12:26:25 +0200 Subject: [PATCH 3/5] s3:passdb: Use already defined pointer in lookup_name_smbconf() Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit ed8e466854d6d8d6120388716a7b604df7a4db27) --- source3/passdb/lookup_sid.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index c14d7a7b123..dbea5578f92 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -464,7 +464,7 @@ bool lookup_name_smbconf(TALLOC_CTX *mem_ctx, const char **ret_domain, const char **ret_name, struct dom_sid *ret_sid, enum lsa_SidType *ret_type) { - char *qualified_name; + char *qualified_name = NULL; const char *p; if ((p = strchr_m(full_name, *lp_winbind_separator())) != NULL) { @@ -472,16 +472,14 @@ bool lookup_name_smbconf(TALLOC_CTX *mem_ctx, /* The name is already qualified with a domain. */ if (*lp_winbind_separator() != '\\') { - char *tmp; - /* lookup_name() needs '\\' as a separator */ - tmp = talloc_strdup(mem_ctx, full_name); - if (!tmp) { + qualified_name = talloc_strdup(mem_ctx, full_name); + if (qualified_name == NULL) { return false; } - tmp[p - full_name] = '\\'; - full_name = tmp; + qualified_name[p - full_name] = '\\'; + full_name = qualified_name; } return lookup_name(mem_ctx, full_name, flags, -- 2.36.0 From 3ee3336f4a3fbb80ccabe6c1494a68286af55437 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 26 Apr 2022 07:24:10 +0200 Subject: [PATCH 4/5] s3:passdb: Refactor lookup_name_smbconf() This will be changed to support UPNs too in the next patch. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit 2690310743920dfe20ac235c1e3617e0f421eddc) --- source3/passdb/lookup_sid.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index dbea5578f92..de9dd123239 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -465,13 +465,14 @@ bool lookup_name_smbconf(TALLOC_CTX *mem_ctx, struct dom_sid *ret_sid, enum lsa_SidType *ret_type) { char *qualified_name = NULL; - const char *p; + const char *p = strchr_m(full_name, *lp_winbind_separator()); + bool is_qualified = p != NULL; - if ((p = strchr_m(full_name, *lp_winbind_separator())) != NULL) { + if (is_qualified) { /* The name is already qualified with a domain. */ - if (*lp_winbind_separator() != '\\') { + if (p != NULL && *lp_winbind_separator() != '\\') { /* lookup_name() needs '\\' as a separator */ qualified_name = talloc_strdup(mem_ctx, full_name); -- 2.36.0 From 1baa5b170c36854eaa0a5f2c9aba29d50194f750 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 26 Apr 2022 07:39:12 +0200 Subject: [PATCH 5/5] s3:passdb: Also allow to handle UPNs in lookup_name_smbconf() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit 28fc44f2852046d03cada161ed1001d04d9e1554) --- source3/passdb/lookup_sid.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index de9dd123239..426ea3f81bd 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -466,8 +466,9 @@ bool lookup_name_smbconf(TALLOC_CTX *mem_ctx, { char *qualified_name = NULL; const char *p = strchr_m(full_name, *lp_winbind_separator()); - bool is_qualified = p != NULL; + bool is_qualified = p != NULL || strchr_m(full_name, '@') != NULL; + /* For DOMAIN\user or user@REALM directly call lookup_name(). */ if (is_qualified) { /* The name is already qualified with a domain. */ -- 2.36.0