svn commit: samba-web r1268 - in trunk/patches: . patches-3.3.0

kseeger at samba.org kseeger at samba.org
Mon Feb 2 13:43:22 GMT 2009 

Author: kseeger
Date: 2009-02-02 13:43:21 +0000 (Mon, 02 Feb 2009)
New Revision: 1268

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1268

Log:
Add patch to fix listings of unmapped users with 'getent passwd' to the list of recommended patches
Karolin
Added:
   trunk/patches/patches-3.3.0/samba3-3.3.0-fix-getent-passwd.patch
Modified:
   trunk/patches/index.html
   trunk/patches/patches-3.3.0/series


Changeset:
Modified: trunk/patches/index.html
===================================================================
--- trunk/patches/index.html	2009-01-30 14:13:06 UTC (rev 1267)
+++ trunk/patches/index.html	2009-02-02 13:43:21 UTC (rev 1268)
@@ -49,6 +49,10 @@
     <td><a href="/samba/patches/patches-3.3.0/0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch">BUG 6073</a></td>
     <td>Fixes the domain join on domain members using "<i>security = ads</i>".</td>
   </tr>
+  <tr>
+    <td><a href="/samba/patches/patches-3.3.0/samba3-3.3.0-fix-getent-passwd.patch">fix getent passwd</a></td>
+    <td>Fixes the listing of unmapped users with '<i>getent passwd</i>'.</td>
+  </tr>
   </tbody>
 </table>
 

Added: trunk/patches/patches-3.3.0/samba3-3.3.0-fix-getent-passwd.patch
===================================================================
--- trunk/patches/patches-3.3.0/samba3-3.3.0-fix-getent-passwd.patch	2009-01-30 14:13:06 UTC (rev 1267)
+++ trunk/patches/patches-3.3.0/samba3-3.3.0-fix-getent-passwd.patch	2009-02-02 13:43:21 UTC (rev 1268)
@@ -0,0 +1,252 @@
+From f2acdca4ded8646752d154d55a0ade405f159e17 Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox at samba.org>
+Date: Mon, 2 Feb 2009 00:35:43 +0100
+Subject: [PATCH] s3:winbind_user: move initialization of domain up in winbindd_fill_pwent()
+
+and streamline logic some
+
+Michael
+---
+ source/winbindd/winbindd_user.c |   20 +++++++++-----------
+ 1 files changed, 9 insertions(+), 11 deletions(-)
+
+diff --git a/source/winbindd/winbindd_user.c b/source/winbindd/winbindd_user.c
+index 5356e16..2e32643 100644
+--- a/source/winbindd/winbindd_user.c
++++ b/source/winbindd/winbindd_user.c
+@@ -80,6 +80,13 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name
+ 	if (!pw || !dom_name || !user_name)
+ 		return False;
+ 
++	domain = find_domain_from_name_noinit(dom_name);
++	if (domain == NULL) {
++		DEBUG(5,("winbindd_fill_pwent: Failed to find domain for %s.  "
++			 "Disabling name alias support\n", dom_name));
++		nt_status = NT_STATUS_NO_SUCH_DOMAIN;
++	}
++
+ 	/* Resolve the uid number */
+ 
+ 	if (!NT_STATUS_IS_OK(idmap_sid_to_uid(dom_name, user_sid,
+@@ -98,19 +105,10 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name
+ 		return False;
+ 	}
+ 
+-	strlower_m(user_name);
+-
+ 	/* Username */
+ 
+-	domain = find_domain_from_name_noinit(dom_name);
+-	if (domain) {
+-		nt_status = normalize_name_map(ctx, domain, user_name,
+-					       &mapped_name);
+-	} else {
+-		DEBUG(5,("winbindd_fill_pwent: Failed to find domain for %s.  "
+-			 "Disabling name alias support\n", dom_name));
+-		nt_status = NT_STATUS_NO_SUCH_DOMAIN;
+-	}
++	strlower_m(user_name);
++	nt_status = normalize_name_map(ctx, domain, user_name, &mapped_name);
+ 
+ 	/* Basic removal of whitespace */
+ 	if (NT_STATUS_IS_OK(nt_status)) {
+-- 
+1.6.0.2
+
+
+From 877808450bb108ed306ef77db97a3acc7297e579 Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox at samba.org>
+Date: Mon, 2 Feb 2009 00:36:59 +0100
+Subject: [PATCH] s3:winbind_user: fix "getent passwd" to allocate new uids.
+
+"getent passwd" used to fill the idmap cache with negative
+cache entries for unmapped user sids.
+
+Don't pass domain name unconditionally to idmap_sid_to_[ug]id().
+idmap_sid_to_[ug]id() only creates new mappings (allocating
+idmap backends tdb, tdb2, ldap...) when the domain name passed
+in is "".
+
+Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id()
+functions here, in the main winbindd. The correct fix would be
+to send a sid_to_[ug]id request to winbindd itself, but this needs
+more work to prepare the async mechanisms, and we nee a quick
+fix for getent passwd now.
+
+Michael
+---
+ source/winbindd/winbindd_user.c |    9 +++++++--
+ 1 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/source/winbindd/winbindd_user.c b/source/winbindd/winbindd_user.c
+index 2e32643..b01e184 100644
+--- a/source/winbindd/winbindd_user.c
++++ b/source/winbindd/winbindd_user.c
+@@ -76,6 +76,7 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name
+ 	char *mapped_name = NULL;
+ 	struct winbindd_domain *domain = NULL;
+ 	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
++	char *dom_name_idmap = "";
+ 
+ 	if (!pw || !dom_name || !user_name)
+ 		return False;
+@@ -87,9 +88,13 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name
+ 		nt_status = NT_STATUS_NO_SUCH_DOMAIN;
+ 	}
+ 
++	if (domain->have_idmap_config) {
++		dom_name_idmap = dom_name;
++	}
++
+ 	/* Resolve the uid number */
+ 
+-	if (!NT_STATUS_IS_OK(idmap_sid_to_uid(dom_name, user_sid,
++	if (!NT_STATUS_IS_OK(idmap_sid_to_uid(dom_name_idmap, user_sid,
+ 					      &pw->pw_uid))) {
+ 		DEBUG(1, ("error getting user id for sid %s\n",
+ 			  sid_string_dbg(user_sid)));
+@@ -98,7 +103,7 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name
+ 
+ 	/* Resolve the gid number */
+ 
+-	if (!NT_STATUS_IS_OK(idmap_sid_to_gid(dom_name, group_sid,
++	if (!NT_STATUS_IS_OK(idmap_sid_to_gid(dom_name_idmap, group_sid,
+ 					      &pw->pw_gid))) {
+ 		DEBUG(1, ("error getting group id for sid %s\n",
+ 			  sid_string_dbg(group_sid)));
+-- 
+1.6.0.2
+
+
+From 8c64302915bde8a5400b575389b12e0eaf2cf140 Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox at samba.org>
+Date: Mon, 2 Feb 2009 00:46:57 +0100
+Subject: [PATCH] s3:winbind_group: fix "getent group" to allocate new gids.
+
+"getent group" used to fill the idmap cache with negative
+cache entries for unmapped group sids.
+
+Don't pass domain name unconditionally to idmap_sid_to_gid().
+idmap_sid_to_gid() only creates new mappings (allocating
+idmap backends tdb, tdb2, ldap...) when the domain name passed
+in is "".
+
+Note that it is _wrong_ to directly call the idmap_sid_to_gid()
+functions here, in the main winbindd. The correct fix would be
+to send a sid_to_gid request to winbindd itself, but this needs
+more work to prepare the async mechanisms, and we nee a quick
+fix for getent passwd now.
+
+Michael
+---
+ source/winbindd/winbindd_group.c |   10 ++++++++--
+ 1 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/source/winbindd/winbindd_group.c b/source/winbindd/winbindd_group.c
+index bc532bb..48e6577 100644
+--- a/source/winbindd/winbindd_group.c
++++ b/source/winbindd/winbindd_group.c
+@@ -1306,6 +1306,7 @@ void winbindd_getgrent(struct winbindd_cli_state *state)
+ 		char *gr_mem;
+ 		DOM_SID group_sid;
+ 		struct winbindd_domain *domain;
++		char *domain_name_idmap;
+ 
+ 		/* Do we need to fetch another chunk of groups? */
+ 
+@@ -1353,8 +1354,13 @@ void winbindd_getgrent(struct winbindd_cli_state *state)
+ 		sid_copy(&group_sid, &domain->sid);
+ 		sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid);
+ 
+-		if (!NT_STATUS_IS_OK(idmap_sid_to_gid(domain->name, &group_sid,
+-						      &group_gid))) {
++		domain_name_idmap = domain->have_idmap_config
++				  ? domain->name
++				  : "";
++
++		if (!NT_STATUS_IS_OK(idmap_sid_to_gid(domain_name_idmap,
++						      &group_sid, &group_gid)))
++		{
+ 			union unid_t id;
+ 			enum lsa_SidType type;
+ 
+-- 
+1.6.0.2
+
+From 1aa6c76dd003b0c625c6910bb78798a7d98c5a8c Mon Sep 17 00:00:00 2001
+From: Tim Prouty <tprouty at samba.org>
+Date: Sun, 1 Feb 2009 23:59:53 -0800
+Subject: [PATCH] s3 build: Fix "assignment discards qualifiers from pointer target type" warnings
+
+---
+ source/winbindd/winbindd_group.c |    8 ++------
+ source/winbindd/winbindd_user.c  |   11 ++++-------
+ 2 files changed, 6 insertions(+), 13 deletions(-)
+
+diff --git a/source/winbindd/winbindd_group.c b/source/winbindd/winbindd_group.c
+index 48e6577..9d9b264 100644
+--- a/source/winbindd/winbindd_group.c
++++ b/source/winbindd/winbindd_group.c
+@@ -1306,7 +1306,6 @@ void winbindd_getgrent(struct winbindd_cli_state *state)
+ 		char *gr_mem;
+ 		DOM_SID group_sid;
+ 		struct winbindd_domain *domain;
+-		char *domain_name_idmap;
+ 
+ 		/* Do we need to fetch another chunk of groups? */
+ 
+@@ -1354,11 +1353,8 @@ void winbindd_getgrent(struct winbindd_cli_state *state)
+ 		sid_copy(&group_sid, &domain->sid);
+ 		sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid);
+ 
+-		domain_name_idmap = domain->have_idmap_config
+-				  ? domain->name
+-				  : "";
+-
+-		if (!NT_STATUS_IS_OK(idmap_sid_to_gid(domain_name_idmap,
++		if (!NT_STATUS_IS_OK(idmap_sid_to_gid(domain->have_idmap_config
++						      ? domain->name : "",
+ 						      &group_sid, &group_gid)))
+ 		{
+ 			union unid_t id;
+diff --git a/source/winbindd/winbindd_user.c b/source/winbindd/winbindd_user.c
+index b01e184..62fd4d7 100644
+--- a/source/winbindd/winbindd_user.c
++++ b/source/winbindd/winbindd_user.c
+@@ -76,7 +76,6 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name
+ 	char *mapped_name = NULL;
+ 	struct winbindd_domain *domain = NULL;
+ 	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+-	char *dom_name_idmap = "";
+ 
+ 	if (!pw || !dom_name || !user_name)
+ 		return False;
+@@ -88,13 +87,10 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name
+ 		nt_status = NT_STATUS_NO_SUCH_DOMAIN;
+ 	}
+ 
+-	if (domain->have_idmap_config) {
+-		dom_name_idmap = dom_name;
+-	}
+-
+ 	/* Resolve the uid number */
+ 
+-	if (!NT_STATUS_IS_OK(idmap_sid_to_uid(dom_name_idmap, user_sid,
++	if (!NT_STATUS_IS_OK(idmap_sid_to_uid(domain->have_idmap_config ?
++					      dom_name : "", user_sid,
+ 					      &pw->pw_uid))) {
+ 		DEBUG(1, ("error getting user id for sid %s\n",
+ 			  sid_string_dbg(user_sid)));
+@@ -103,7 +99,8 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name
+ 
+ 	/* Resolve the gid number */
+ 
+-	if (!NT_STATUS_IS_OK(idmap_sid_to_gid(dom_name_idmap, group_sid,
++	if (!NT_STATUS_IS_OK(idmap_sid_to_gid(domain->have_idmap_config ?
++					      dom_name : "", group_sid,
+ 					      &pw->pw_gid))) {
+ 		DEBUG(1, ("error getting group id for sid %s\n",
+ 			  sid_string_dbg(group_sid)));
+-- 
+1.6.0.2
+

Modified: trunk/patches/patches-3.3.0/series
===================================================================
--- trunk/patches/patches-3.3.0/series	2009-01-30 14:13:06 UTC (rev 1267)
+++ trunk/patches/patches-3.3.0/series	2009-02-02 13:43:21 UTC (rev 1268)
@@ -1 +1,2 @@
 0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch
+samba3-3.3.0-fix-getent-passwd.patch

More information about the samba-cvs mailing list