Bug 12851 - 'winbind normalize names' doesn't work for users
Summary: 'winbind normalize names' doesn't work for users
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.6.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andreas Schneider
QA Contact: Samba QA Contact
URL:
Keywords:
: 5690 (view as bug list)
Depends on:
Blocks: 13437
  Show dependency treegraph
 
Reported: 2017-06-20 08:44 UTC by Andreas Schneider
Modified: 2020-12-11 13:28 UTC (History)
6 users (show)

See Also:

Attachments
patch for 4.6 (2.51 KB, patch)
2017-06-21 08:30 UTC, Andreas Schneider 		no flags Details
additional patch for 4.7 and 4.8 (1.93 KB, patch)
2018-06-21 05:15 UTC, Andreas Schneider 		gd: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2017-06-20 08:44:55 UTC 
If the option ''winbind normalize names' is set, we do not normalize usernames in wb_getpwsid().

$ getent passwd EARTH+alice_one
EARTH+alice one:*:100001106:100000513:Alice One:/home/EARTH/alice one:/bin/bash

Patch will follow.
Comment 1 Andreas Schneider 2017-06-21 08:30:55 UTC 
Created attachment 13299 [details]
patch for 4.6
Comment 2 Ralph Böhme 2017-12-01 16:21:02 UTC 
This adds a call to find_domain_from_name_noinit() which may cause auth failures with users from domains that are not in the list of trusted domains.

Commit 1ce165a7335 in master changes this to only call find_domain_from_name_noinit() if "winbind normalize names" is enabled (default to off), so somewhat relieves the situation.
Comment 3 Mathieu Parent 2018-06-18 21:12:52 UTC 
This seems to be fixed (as of 8a2bbba5cd0862ac196739c1e52385f7be1e3836). Can someone close it?
Comment 4 Stefan Metzmacher 2018-06-19 05:46:21 UTC 
(In reply to Mathieu Parent from comment #3)

Yes and that patch is included in 4.7
Comment 5 Andreas Schneider 2018-06-21 05:15:34 UTC 
Created attachment 14247 [details]
additional patch for 4.7 and 4.8
Comment 6 Guenther Deschner 2018-06-21 10:00:50 UTC 
Comment on attachment 14247 [details]
additional patch for 4.7 and 4.8

LGTM
Comment 7 Karolin Seeger 2018-06-25 08:04:28 UTC 
Can I pick the additional patch? It has not been re-assigned yet...
Comment 8 Andreas Schneider 2018-06-25 10:36:52 UTC 
Yes, please do!
Comment 9 Karolin Seeger 2018-06-25 10:48:13 UTC 
(In reply to Andreas Schneider from comment #8)
Additional patch does not apply on current v4-7-test:

user@host:/data/git/samba/v4-7-test$ git am ../v4-8-test/0001-s3-winbind-Fix-regression-introduced-with-bso-12851.patch
Wende an: s3:winbind: Fix regression introduced with bso #12851
error: Anwendung des Patches fehlgeschlagen: source3/winbindd/wb_getpwsid.c:101
error: source3/winbindd/wb_getpwsid.c: Patch konnte nicht angewendet werden
Anwendung des Patches fehlgeschlagen bei 0001 s3:winbind: Fix regression introduced with bso #12851
Comment 10 Karolin Seeger 2018-06-25 19:47:37 UTC 
Pushed additional patch to autobuild-v4-8-test.
Comment 11 Karolin Seeger 2018-10-19 08:36:56 UTC 
(In reply to Karolin Seeger from comment #10)
Pushed additional patch to autobuild-v4-7-test.
Comment 12 Stefan Metzmacher 2019-07-31 11:17:37 UTC 
Fixed as c1c764925e24788905ab91aa455b415765d6f71f for 4.9.0
Comment 13 Michael Adam 2020-05-11 23:03:33 UTC 
*** Bug 5690 has been marked as a duplicate of this bug. ***