285 – smbd: never ask winbind for a idmapping on sid_to_uid() if the sid belongs to the local machines SID

Bug 285 - smbd: never ask winbind for a idmapping on sid_to_uid() if the sid belongs to the local machines SID

Summary: smbd: never ask winbind for a idmapping on sid_to_uid() if the sid belongs to...

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	User/Group Accounts (show other bugs)
Version:	3.0.0preX
Hardware:	All other

Importance:	P4 critical
Target Milestone:	none
Assignee:	Gerald (Jerry) Carter (dead mail address)
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2003-08-10 02:01 UTC by Stefan Metzmacher
Modified:	2005-02-07 08:41 UTC (History)
CC List:	0 users

See Also:

Attachments
try winbind_looup_sid() first (1.47 KB, patch) 2003-08-10 02:23 UTC, Stefan Metzmacher	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Metzmacher 2003-08-10 02:01:47 UTC

smbd never ask winbind for a idmapping on sid_to_uid() if the sid belongs to 
the local machines SID.
If someone wants using a central idmap database this is a bug!

sid_to_gid() works correct...


this is in sid_to_uid():
...
	/* if this is our SID then go straight to a local lookup */
	
	if ( sid_compare_domain(get_global_sam_sid(), psid) == 0 ) {
		DEBUG(10,("sid_to_uid: my domain (%s) - trying local.\n",
			sid_string_static(psid) ));
		
		if ( local_sid_to_uid(puid, psid, &name_type) )
			goto success;
			
		DEBUG(10,("sid_to_uid: local lookup failed\n"));
		
		return NT_STATUS_UNSUCCESSFUL;
	}
	
	/* If it is not our local domain, only hope is winbindd */

	if ( !winbind_lookup_sid(psid, dom_name, name, &name_type) ) {
		DEBUG(10,("sid_to_uid: winbind lookup for non-local sid %s 
failed\n",
			sid_string_static(psid) ));
			
		return NT_STATUS_UNSUCCESSFUL;
	}
...

this is in sid_to_gid():
...
	if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
		DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed - 
trying local.\n",
			sid_to_string(sid_str, psid) ));

		if ( local_sid_to_gid(pgid, psid, &name_type) )
			goto success;
			
		DEBUG(10,("sid_to_gid: no one knows this SID\n"));
		
		return NT_STATUS_UNSUCCESSFUL;
	}
...

Comment 1 Stefan Metzmacher 2003-08-10 02:23:00 UTC

Created attachment 66 [details]
try winbind_looup_sid() first

Comment 2 Stefan Metzmacher 2003-08-10 02:24:10 UTC

I don't know if this patch works 100% ok,

Jerry can you look closer to this and test it a bit

thanks

metze

Comment 3 Gerald (Jerry) Carter (dead mail address) 2003-08-10 10:33:57 UTC

This is by design.  sid_to_gid works only because of 
group mapping which might have foreign SIDs.  To share 
user's in our local domain you must share the passdb backend.

This can be revisited at a later release but this is how it will 
work in Samba 3.0

Comment 4 Stefan Metzmacher 2003-08-10 11:01:00 UTC

so winbind could NOT be the storage of all idmappings???
in 3.0.0...wasn't that on the feature list?

Comment 5 Gerald (Jerry) Carter (dead mail address) 2003-08-10 13:29:30 UTC

no.  What was on the feature list was to store constent 
mappings between winbindd installations which is possible.

Comment 6 Gerald (Jerry) Carter (dead mail address) 2005-02-07 08:41:26 UTC

originally reported against 3.0.0beta3.  CLeaning out 
non-production release versions.