Bug 12851 - 'winbind normalize names' doesn't work for users
Summary: 'winbind normalize names' doesn't work for users
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.6.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andreas Schneider
QA Contact: Samba QA Contact
: 5690 (view as bug list)
Depends on:
Blocks: 13437
  Show dependency treegraph
Reported: 2017-06-20 08:44 UTC by Andreas Schneider
Modified: 2020-12-11 13:28 UTC (History)
6 users (show)

See Also:

patch for 4.6 (2.51 KB, patch)
2017-06-21 08:30 UTC, Andreas Schneider
no flags Details
additional patch for 4.7 and 4.8 (1.93 KB, patch)
2018-06-21 05:15 UTC, Andreas Schneider
gd: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2017-06-20 08:44:55 UTC
If the option ''winbind normalize names' is set, we do not normalize usernames in wb_getpwsid().

$ getent passwd EARTH+alice_one
EARTH+alice one:*:100001106:100000513:Alice One:/home/EARTH/alice one:/bin/bash

Patch will follow.
Comment 1 Andreas Schneider 2017-06-21 08:30:55 UTC
Created attachment 13299 [details]
patch for 4.6
Comment 2 Ralph Böhme 2017-12-01 16:21:02 UTC
This adds a call to find_domain_from_name_noinit() which may cause auth failures with users from domains that are not in the list of trusted domains.

Commit 1ce165a7335 in master changes this to only call find_domain_from_name_noinit() if "winbind normalize names" is enabled (default to off), so somewhat relieves the situation.
Comment 3 Mathieu Parent 2018-06-18 21:12:52 UTC
This seems to be fixed (as of 8a2bbba5cd0862ac196739c1e52385f7be1e3836). Can someone close it?
Comment 4 Stefan Metzmacher 2018-06-19 05:46:21 UTC
(In reply to Mathieu Parent from comment #3)

Yes and that patch is included in 4.7
Comment 5 Andreas Schneider 2018-06-21 05:15:34 UTC
Created attachment 14247 [details]
additional patch for 4.7 and 4.8
Comment 6 Guenther Deschner 2018-06-21 10:00:50 UTC
Comment on attachment 14247 [details]
additional patch for 4.7 and 4.8

Comment 7 Karolin Seeger 2018-06-25 08:04:28 UTC
Can I pick the additional patch? It has not been re-assigned yet...
Comment 8 Andreas Schneider 2018-06-25 10:36:52 UTC
Yes, please do!
Comment 9 Karolin Seeger 2018-06-25 10:48:13 UTC
(In reply to Andreas Schneider from comment #8)
Additional patch does not apply on current v4-7-test:

user@host:/data/git/samba/v4-7-test$ git am ../v4-8-test/0001-s3-winbind-Fix-regression-introduced-with-bso-12851.patch
Wende an: s3:winbind: Fix regression introduced with bso #12851
error: Anwendung des Patches fehlgeschlagen: source3/winbindd/wb_getpwsid.c:101
error: source3/winbindd/wb_getpwsid.c: Patch konnte nicht angewendet werden
Anwendung des Patches fehlgeschlagen bei 0001 s3:winbind: Fix regression introduced with bso #12851
Comment 10 Karolin Seeger 2018-06-25 19:47:37 UTC
Pushed additional patch to autobuild-v4-8-test.
Comment 11 Karolin Seeger 2018-10-19 08:36:56 UTC
(In reply to Karolin Seeger from comment #10)
Pushed additional patch to autobuild-v4-7-test.
Comment 12 Stefan Metzmacher 2019-07-31 11:17:37 UTC
Fixed as c1c764925e24788905ab91aa455b415765d6f71f for 4.9.0
Comment 13 Michael Adam 2020-05-11 23:03:33 UTC
*** Bug 5690 has been marked as a duplicate of this bug. ***