The Samba-Bugzilla – Attachment 6604 Details for
Bug 7841
WINBINDD_LOOKUPRIDS asks the wrong domain
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.6.0
0001-Try-and-fix-bug-7841-WINBINDD_LOOKUPRIDS-asks-the-wr.patch (text/plain), 3.55 KB, created by
Jeremy Allison
on 2011-06-21 23:01:08 UTC
(
hide
)
Description:
git-am fix for 3.6.0
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-06-21 23:01:08 UTC
Size:
3.55 KB
patch
obsolete
>From e0d38f97cd2aaef78558d58bba5dd21a101de799 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 21 Jun 2011 15:25:11 -0700 >Subject: [PATCH] Try and fix bug #7841 - WINBINDD_LOOKUPRIDS asks the wrong domain > >When looking up a domain for a RID query, we must always >contact the relevent DC that is authoritative for the >SID containing the RID. We can't just fallback to our >primary DC as it only gets the RID on the query. > >Thanks to Volodymyr_Khomenko@dell.com for finding this. >--- > source3/winbindd/winbindd_lookuprids.c | 2 +- > source3/winbindd/winbindd_proto.h | 1 + > source3/winbindd/winbindd_util.c | 27 ++++++++++++++++++++++++++- > 3 files changed, 28 insertions(+), 2 deletions(-) > >diff --git a/source3/winbindd/winbindd_lookuprids.c b/source3/winbindd/winbindd_lookuprids.c >index 738adba..dbe7e27 100644 >--- a/source3/winbindd/winbindd_lookuprids.c >+++ b/source3/winbindd/winbindd_lookuprids.c >@@ -62,7 +62,7 @@ struct tevent_req *winbindd_lookuprids_send(TALLOC_CTX *mem_ctx, > return tevent_req_post(req, ev); > } > >- domain = find_lookup_domain_from_sid(&sid); >+ domain = find_lookup_domain_from_rid(&sid); > if (domain == NULL) { > DEBUG(5, ("Domain for sid %s not found\n", > sid_string_dbg(&sid))); >diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h >index ab61223..ac062fe 100644 >--- a/source3/winbindd/winbindd_proto.h >+++ b/source3/winbindd/winbindd_proto.h >@@ -388,6 +388,7 @@ struct winbindd_domain *find_our_domain(void); > struct winbindd_domain *find_root_domain(void); > struct winbindd_domain *find_builtin_domain(void); > struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid); >+struct winbindd_domain *find_lookup_domain_from_rid(const struct dom_sid *sid); > struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name); > bool parse_domain_user(const char *domuser, fstring domain, fstring user); > bool parse_domain_user_talloc(TALLOC_CTX *mem_ctx, const char *domuser, >diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c >index 63cb2d2..2de8df0 100644 >--- a/source3/winbindd/winbindd_util.c >+++ b/source3/winbindd/winbindd_util.c >@@ -774,7 +774,7 @@ struct winbindd_domain *find_builtin_domain(void) > return domain; > } > >-/* Find the appropriate domain to lookup a name or SID */ >+/* Find the appropriate domain to lookup a name given a SID */ > > struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid) > { >@@ -806,6 +806,31 @@ struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid) > return find_our_domain(); > } > >+/* Find the appropriate domain to lookup a RID given a SID. */ >+ >+struct winbindd_domain *find_lookup_domain_from_rid(const struct dom_sid *sid) >+{ >+ /* RIDs in the S-1-22-{1,2} domain should be handled by our passdb */ >+ >+ if ( sid_check_is_in_unix_groups(sid) || >+ sid_check_is_unix_groups(sid) || >+ sid_check_is_in_unix_users(sid) || >+ sid_check_is_unix_users(sid) ) >+ { >+ return find_domain_from_sid(get_global_sam_sid()); >+ } >+ >+ /* When looking up a domain for a RID query, we must always >+ contact the relevent DC that is authoritative for the >+ SID containing the RID. We can't just fallback to our >+ primary DC as it only gets the RID on the query. */ >+ >+ DEBUG(10, ("calling find_our_domain_from_sid\n")); >+ return find_domain_from_sid(sid); >+} >+ >+/* Find the appropriate domain to lookup a SID given a name */ >+ > struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name) > { > if ( strequal(domain_name, unix_users_domain_name() ) || >-- >1.7.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6604">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 7841
:
6109
| 6604 |
6605
|
6631
|
6632
|
6633
|
6664