Attachment 7661 Details for Bug 9002 – Patch for v3-6-test

[patch] Patch for v3-6-test

tmp36.diff (text/plain), 5.62 KB, created by Stefan Metzmacher on 2012-06-19 17:09:25 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stefan Metzmacher

Created: 2012-06-19 17:09:25 UTC

Size: 5.62 KB

patch

obsolete

>From 9c6226e60a32ab707da7d32690d12b63023ed6c2 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Fri, 2 Mar 2012 05:08:17 +0100
>Subject: [PATCH 1/4] s3:winbindd: discard the expired gid cache if we're online (bug #9002)
>
>This matches the uid case...
>
>metze
>---
> source3/winbindd/winbindd_sids_to_xids.c |    2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
>diff --git a/source3/winbindd/winbindd_sids_to_xids.c b/source3/winbindd/winbindd_sids_to_xids.c
>index 9c38b5a..b3699d0 100644
>--- a/source3/winbindd/winbindd_sids_to_xids.c
>+++ b/source3/winbindd/winbindd_sids_to_xids.c
>@@ -135,7 +135,7 @@ static bool winbindd_sids_to_xids_in_cache(struct dom_sid *sid,
> 	 * sids. So we check groups before users.
> 	 */
> 	if (idmap_cache_find_sid2gid(sid, &gid, &expired)) {
>-		if (expired && is_domain_offline(find_our_domain())) {
>+		if (expired && is_domain_online(find_our_domain())) {
> 			return false;
> 		}
> 		map->sid = sid;
>-- 
>1.7.4.1
>
>
>From 20d2576d6e39cc75f2b1ced90616b43730e5bd40 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Thu, 24 May 2012 09:08:21 +0200
>Subject: [PATCH 2/4] s3:winbindd: do not expose negative cache idmap entries as valid mappings (bug #9002)
>
>metze
>---
> source3/winbindd/winbindd_sids_to_xids.c |   22 +++++++++++-----------
> 1 files changed, 11 insertions(+), 11 deletions(-)
>
>diff --git a/source3/winbindd/winbindd_sids_to_xids.c b/source3/winbindd/winbindd_sids_to_xids.c
>index b3699d0..5b0f0ac 100644
>--- a/source3/winbindd/winbindd_sids_to_xids.c
>+++ b/source3/winbindd/winbindd_sids_to_xids.c
>@@ -255,11 +255,13 @@ NTSTATUS winbindd_sids_to_xids_recv(struct tevent_req *req,
> 	num_non_cached = 0;
> 
> 	for (i=0; i<state->num_sids; i++) {
>-		char type;
>+		char type = 'x';
> 		uint64_t unix_id = (uint64_t)-1;
> 		bool found = true;
>+		struct dom_sid *sid;
> 
> 		if (state->cached[i].sid != NULL) {
>+			sid = state->cached[i].sid;
> 			unix_id = state->cached[i].xid.id;
> 			if (state->cached[i].xid.type == ID_TYPE_UID) {
> 				type = 'U';
>@@ -267,28 +269,26 @@ NTSTATUS winbindd_sids_to_xids_recv(struct tevent_req *req,
> 				type = 'G';
> 			}
> 		} else {
>+			sid = &state->non_cached[num_non_cached];
> 			unix_id = state->ids.ids[num_non_cached].unix_id;
>-			if (unix_id == -1) {
>-				found = false;
>-			}
> 			switch(state->ids.ids[num_non_cached].type) {
> 			case WBC_ID_TYPE_UID:
> 				type = 'U';
>-				idmap_cache_set_sid2uid(
>-					&state->non_cached[num_non_cached],
>-					unix_id);
>+				idmap_cache_set_sid2uid(sid, unix_id);
> 				break;
> 			case WBC_ID_TYPE_GID:
> 				type = 'G';
>-				idmap_cache_set_sid2gid(
>-					&state->non_cached[num_non_cached],
>-					unix_id);
>+				idmap_cache_set_sid2gid(sid, unix_id);
> 				break;
> 			default:
>-				found = false;
>+				unix_id = (uint64_t)-1;
>+				break;
> 			}
> 			num_non_cached += 1;
> 		}
>+		if (unix_id == -1) {
>+			found = false;
>+		}
> 
> 		if (found) {
> 			result = talloc_asprintf_append_buffer(
>-- 
>1.7.4.1
>
>
>From bff771210a0fe86e139e9d9a0c12d48cc1e28d14 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Tue, 19 Jun 2012 17:57:19 +0200
>Subject: [PATCH 3/4] s3:passdb: don't turn negative cache entries into valid idmappings (bug #9002)
>
>It's typical that some file operations set a NTACL, which tries
>sid2uid() before sid2gid(), this will create a negative cache entry.
>
>Negative SID2UID entries cause that a valid SID2GID mapping is ignored
>and the group is ignored in the UNIX Token.
>
>metze
>---
> source3/passdb/lookup_sid.c |    4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
>diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
>index 2afa86e..64a181e 100644
>--- a/source3/passdb/lookup_sid.c
>+++ b/source3/passdb/lookup_sid.c
>@@ -1437,13 +1437,13 @@ bool sids_to_unix_ids(const struct dom_sid *sids, uint32_t num_sids,
> 		}
> 		if (idmap_cache_find_sid2uid(&sids[i], &ids[i].id.uid,
> 					     &expired)
>-		    && !expired) {
>+		    && !expired && ids[i].id.uid != (uid_t)-1) {
> 			ids[i].type = WBC_ID_TYPE_UID;
> 			continue;
> 		}
> 		if (idmap_cache_find_sid2gid(&sids[i], &ids[i].id.gid,
> 					     &expired)
>-		    && !expired) {
>+		    && !expired && ids[i].id.gid != (gid_t)-1) {
> 			ids[i].type = WBC_ID_TYPE_GID;
> 			continue;
> 		}
>-- 
>1.7.4.1
>
>
>From 13baee251f77ca6f72d1c36b7f41f725c2663dc5 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Tue, 19 Jun 2012 17:57:19 +0200
>Subject: [PATCH 4/4] s3:winbindd: don't turn negative cache entries into valid idmappings (bug #9002)
>
>It's typical that some file operations set a NTACL, which tries
>sid2uid() before sid2gid(), this will create a negative cache entry.
>
>Negative SID2UID entries cause that a valid SID2GID mapping is ignored
>and the group is ignored in the UNIX Token.
>
>metze
>---
> source3/winbindd/winbindd_sids_to_xids.c |   12 ++++++++++--
> 1 files changed, 10 insertions(+), 2 deletions(-)
>
>diff --git a/source3/winbindd/winbindd_sids_to_xids.c b/source3/winbindd/winbindd_sids_to_xids.c
>index 5b0f0ac..55880b0 100644
>--- a/source3/winbindd/winbindd_sids_to_xids.c
>+++ b/source3/winbindd/winbindd_sids_to_xids.c
>@@ -140,7 +140,11 @@ static bool winbindd_sids_to_xids_in_cache(struct dom_sid *sid,
> 		}
> 		map->sid = sid;
> 		map->xid.id = gid;
>-		map->xid.type = ID_TYPE_GID;
>+		if (gid == -1) {
>+			map->xid.type = ID_TYPE_NOT_SPECIFIED;
>+		} else {
>+			map->xid.type = ID_TYPE_GID;
>+		}
> 		map->status = ID_MAPPED;
> 		return true;
> 	}
>@@ -150,7 +154,11 @@ static bool winbindd_sids_to_xids_in_cache(struct dom_sid *sid,
> 		}
> 		map->sid = sid;
> 		map->xid.id = uid;
>-		map->xid.type = ID_TYPE_UID;
>+		if (uid == -1) {
>+			map->xid.type = ID_TYPE_NOT_SPECIFIED;
>+		} else {
>+			map->xid.type = ID_TYPE_UID;
>+		}
> 		map->status = ID_MAPPED;
> 		return true;
> 	}
>-- 
>1.7.4.1
>

Flags:

obnox: review-

Actions: View

Attachments on bug 9002: 7661 | 7662 | 7663 | 7667