bug in winbindd_ads.c : lookup_groupmem,
domain name would be prepended to username twice
Michael Adam
ma at sernet.de
Fri Nov 2 10:33:19 GMT 2007
Hi Bo Yang,
I think it is not correct to completel prevent lookup_names
from prepending the domain names to the user names. This has
to work for users from trusted domains, too.
btw, fill_grent_mem calls lookup_groupmem itself to expand
group memberships...
Could you please post your smb.conf (global section)
and a level 10 winbindd log of such a request?
Thanks, Michael
Bo Yang wrote:
> hi, all
> lookup_groupmem in winbindd_ads.c prepended domain name to username, and fill_grent_mem can prepend domain name to username,
> which will results in domain name being prepended twice.
>
> To reproduce the issue:
> Assume, user U1 in group G1(not the primary group), D is the domain name
> 1. stop winbindd
> 2. remove winbindd_cache.tdb
> 3. restart winbindd
> 4. write junk code(as reproduce_336854.c shows) to first invoke getpwnam(D\U1), and then call getgrnam(D\G1)
> the getgrnam returned member D\d\U1 as its member's name...
>
> patch in attachment for 3.0.26 and 3.2.0
>
> thanks
>
>
> Index: source/nsswitch/winbindd_ads.c
> ===================================================================
> --- source/nsswitch/winbindd_ads.c (revision 25784)
> +++ source/nsswitch/winbindd_ads.c (working copy)
> @@ -1022,10 +1022,17 @@
> DEBUG(10,("ads: lookup_groupmem: got sid %s from cache\n",
> sid_string_static(&sid)));
> sid_copy(&(*sid_mem)[*num_names], &sid);
> + /* we should not prepend domain name before
> + * the username, because fill_grent_mem will
> + * do it.........
> + **/
> + /*
> (*names)[*num_names] = talloc_asprintf(*names, "%s%c%s",
> domain_name,
> *lp_winbind_separator(),
> name );
> + */
> + (*names)[*num_names] = talloc_asprintf(*names, "%s", name);
>
> (*name_types)[*num_names] = name_type;
> (*num_names)++;
> Index: source/winbindd/winbindd_ads.c
> ===================================================================
> --- source/winbindd/winbindd_ads.c (revision 25784)
> +++ source/winbindd/winbindd_ads.c (working copy)
> @@ -1021,10 +1021,17 @@
> DEBUG(10,("ads: lookup_groupmem: got sid %s from cache\n",
> sid_string_static(&sid)));
> sid_copy(&(*sid_mem)[*num_names], &sid);
> + /* we should not prepend domain name before
> + * the username, because fill_grent_mem
> + * will do it
> + *****/
> + /*
> (*names)[*num_names] = talloc_asprintf(*names, "%s%c%s",
> domain_name,
> *lp_winbind_separator(),
> name );
> + */
> + (*names)[*num_names] = talloc_asprintf(*names, "%s", name);
>
> (*name_types)[*num_names] = name_type;
> (*num_names)++;
--
i.A. Michael Adam
--
Michael Adam <ma at sernet.de>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE
More information about the samba-technical
mailing list