The Samba-Bugzilla – Attachment 6605 Details for
Bug 7841
WINBINDD_LOOKUPRIDS asks the wrong domain
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.5.next
0001-Try-and-fix-bug-7841-WINBINDD_LOOKUPRIDS-asks-the-wr.patch (text/plain), 3.53 KB, created by
Jeremy Allison
on 2011-06-21 23:02:37 UTC
(
hide
)
Description:
git-am fix for 3.5.next
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-06-21 23:02:37 UTC
Size:
3.53 KB
patch
obsolete
>From 27ad4bf6f1b04897afc0e6e6448e1cfcd6320c4d Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 21 Jun 2011 15:59:40 -0700 >Subject: [PATCH] Try and fix bug #7841 - WINBINDD_LOOKUPRIDS asks the wrong domain > >When looking up a domain for a RID query, we must always >contact the relevent DC that is authoritative for the >SID containing the RID. We can't just fallback to our >primary DC as it only gets the RID on the query. > >Thanks to Volodymyr_Khomenko@dell.com for finding this. >--- > source3/winbindd/winbindd_lookuprids.c | 2 +- > source3/winbindd/winbindd_proto.h | 1 + > source3/winbindd/winbindd_util.c | 27 ++++++++++++++++++++++++++- > 3 files changed, 28 insertions(+), 2 deletions(-) > >diff --git a/source3/winbindd/winbindd_lookuprids.c b/source3/winbindd/winbindd_lookuprids.c >index e1ac26c..c93eb43 100644 >--- a/source3/winbindd/winbindd_lookuprids.c >+++ b/source3/winbindd/winbindd_lookuprids.c >@@ -61,7 +61,7 @@ struct tevent_req *winbindd_lookuprids_send(TALLOC_CTX *mem_ctx, > return tevent_req_post(req, ev); > } > >- domain = find_lookup_domain_from_sid(&sid); >+ domain = find_lookup_domain_from_rid(&sid); > if (domain == NULL) { > DEBUG(5, ("Domain for sid %s not found\n", > sid_string_dbg(&sid))); >diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h >index 62fbc8e..10ec13c 100644 >--- a/source3/winbindd/winbindd_proto.h >+++ b/source3/winbindd/winbindd_proto.h >@@ -430,6 +430,7 @@ struct winbindd_domain *find_our_domain(void); > struct winbindd_domain *find_root_domain(void); > struct winbindd_domain *find_builtin_domain(void); > struct winbindd_domain *find_lookup_domain_from_sid(const DOM_SID *sid); >+struct winbindd_domain *find_lookup_domain_from_rid(const struct dom_sid *sid); > struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name); > bool parse_domain_user(const char *domuser, fstring domain, fstring user); > bool parse_domain_user_talloc(TALLOC_CTX *mem_ctx, const char *domuser, >diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c >index 15a3575..8acb26b 100644 >--- a/source3/winbindd/winbindd_util.c >+++ b/source3/winbindd/winbindd_util.c >@@ -822,7 +822,7 @@ struct winbindd_domain *find_builtin_domain(void) > return domain; > } > >-/* Find the appropriate domain to lookup a name or SID */ >+/* Find the appropriate domain to lookup a name given a SID */ > > struct winbindd_domain *find_lookup_domain_from_sid(const DOM_SID *sid) > { >@@ -854,6 +854,31 @@ struct winbindd_domain *find_lookup_domain_from_sid(const DOM_SID *sid) > return find_our_domain(); > } > >+/* Find the appropriate domain to lookup a RID given a SID. */ >+ >+struct winbindd_domain *find_lookup_domain_from_rid(const struct dom_sid *sid) >+{ >+ /* RIDs in the S-1-22-{1,2} domain should be handled by our passdb */ >+ >+ if ( sid_check_is_in_unix_groups(sid) || >+ sid_check_is_unix_groups(sid) || >+ sid_check_is_in_unix_users(sid) || >+ sid_check_is_unix_users(sid) ) >+ { >+ return find_domain_from_sid(get_global_sam_sid()); >+ } >+ >+ /* When looking up a domain for a RID query, we must always >+ contact the relevent DC that is authoritative for the >+ SID containing the RID. We can't just fallback to our >+ primary DC as it only gets the RID on the query. */ >+ >+ DEBUG(10, ("calling find_our_domain_from_sid\n")); >+ return find_domain_from_sid(sid); >+} >+ >+/* Find the appropriate domain to lookup a SID given a name */ >+ > struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name) > { > if ( strequal(domain_name, unix_users_domain_name() ) || >-- >1.7.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 7841
:
6109
|
6604
| 6605 |
6631
|
6632
|
6633
|
6664