[SCM] Samba Shared Repository - branch v4-0-test updated
Karolin Seeger
kseeger at samba.org
Wed Feb 6 04:12:05 MST 2013
The branch, v4-0-test has been updated
via bcea10b s3:auth: wbcAuthenticateEx gives unix times (bug #9625)
via 76f6988 s3:winbindd: change getpwsid() to return a passwd struct for a group sid id-mapped with ID_TYPE_BOTH
via 2dd7d38 s3:winbindd: check the correct variable for talloc success in rpc_query_user()
via f9c7a6b s3:winbindd:getgrnam: also produce a group struct for a user with ID_TYPE_BOTH
via 15d7e24 s3:winbindd: create group structs for gids that are coming from a user sid id-mapped with ID_TYPE_BOTH
via 7abad14 s3:winbindd: factor add_wbint_Principal_to_dict() out of wb_group_members_done()
via a4c6bc8 s3:winbindd: fix a cut'n'paste comment typo in wb_fill_pwent
via 5467da7 s3:winbindd: rename winbindd_getgrnam_lookupsid_done to winbindd_getgrnam_lookupname_done
from 38b30ea VERSION: Bump version number up to 4.0.4
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit bcea10b9d2ac04342ce18f65f802ef439d936eba
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 31 13:39:42 2013 +0100
s3:auth: wbcAuthenticateEx gives unix times (bug #9625)
We also need to convert last_logon, last_logoff and acct_expiry
from unix time to nt time.
Otherwise a windows member server will reject clients
using CAP_DYNAMIC_REAUTH or smb2) with STATUS_NETWORK_SESSION_EXPIRED,
if the logoff and kickoff time is expired.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Feb 1 18:42:42 CET 2013 on sn-devel-104
(cherry picked from commit 009cf6e9ceaef91805a8a7573090d051f8f74a92)
Fix bug #9625 - reauth-capable client fails to access shares on windows member
in trusted domain.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Wed Feb 6 12:11:09 CET 2013 on sn-devel-104
commit 76f6988b76be0df1082bf9eae8c1773602419e07
Author: Michael Adam <obnox at samba.org>
Date: Tue Jan 22 18:08:25 2013 +0100
s3:winbindd: change getpwsid() to return a passwd struct for a group sid id-mapped with ID_TYPE_BOTH
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Jan 29 23:46:19 CET 2013 on sn-devel-104
(cherry picked from commit 394622ef8c916cf361f8596dba4664dc8d6bfc9e)
The last 7 patches address bug #9617 - libnss-winbindd does not provide passwd
struct for groups mapped with ID_TYPE_BOTH and vice versa.
commit 2dd7d3830c765f922d9ec3ecbc3ee2f2f97bb84e
Author: Michael Adam <obnox at samba.org>
Date: Tue Jan 22 17:39:44 2013 +0100
s3:winbindd: check the correct variable for talloc success in rpc_query_user()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b7095e9818bba8c43065cc1b1f29551203dc098b)
commit f9c7a6bd87c87ed6a27485b6103f7cb5271bf6ae
Author: Michael Adam <obnox at samba.org>
Date: Fri Dec 7 00:55:18 2012 +0100
s3:winbindd:getgrnam: also produce a group struct for a user with ID_TYPE_BOTH
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 40e3df7c37a15b28f170699ff9b8102416a9107f)
commit 15d7e24946e14bea6f40ad1704d236cf5e3ab69a
Author: Michael Adam <obnox at samba.org>
Date: Thu Dec 6 22:02:32 2012 +0100
s3:winbindd: create group structs for gids that are coming from a user sid id-mapped with ID_TYPE_BOTH
This "fake" group contains exctly one member, namely the user that the sid is
actually belonging to.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit d2360fe56c860fa20051f6373eb2fcc3e4def6b6)
commit 7abad146bbd9600a08f32d7b0a2acac866ce3e5b
Author: Michael Adam <obnox at samba.org>
Date: Thu Dec 6 18:06:49 2012 +0100
s3:winbindd: factor add_wbint_Principal_to_dict() out of wb_group_members_done()
for later reuse
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 729e2c36301620ccc61b1d97205fb3f482efbe15)
commit a4c6bc819df5e9a7c07114a67fdcb1d053b4d7aa
Author: Michael Adam <obnox at samba.org>
Date: Fri Dec 7 16:13:19 2012 +0100
s3:winbindd: fix a cut'n'paste comment typo in wb_fill_pwent
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 3680cc4a11ef5476457b580f8422d0ab82451173)
commit 5467da72235e96163a4d4dab7cdf5a15c576cfdf
Author: Michael Adam <obnox at samba.org>
Date: Fri Dec 7 01:12:11 2012 +0100
s3:winbindd: rename winbindd_getgrnam_lookupsid_done to winbindd_getgrnam_lookupname_done
That's what it is.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit c0f47d43ecf8b603dc7a05822933c5a9a1d23c7c)
-----------------------------------------------------------------------
Summary of changes:
source3/auth/server_info.c | 6 ++--
source3/winbindd/wb_fill_pwent.c | 2 +-
source3/winbindd/wb_getgrsid.c | 49 ++++++++++++++++++++++++++++
source3/winbindd/wb_getpwsid.c | 52 ++++++++++++++++++++++++-----
source3/winbindd/wb_group_members.c | 59 ++++++++++++++++++++++++----------
source3/winbindd/winbindd_getgrnam.c | 21 +++++++++---
source3/winbindd/winbindd_proto.h | 5 +++
source3/winbindd/winbindd_rpc.c | 2 +-
8 files changed, 160 insertions(+), 36 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index 3f4f708..d2b7d6e 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -568,9 +568,9 @@ struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
if (!info3) return NULL;
- info3->base.logon_time = info->logon_time;
- info3->base.logoff_time = info->logoff_time;
- info3->base.kickoff_time = info->kickoff_time;
+ unix_to_nt_time(&info3->base.logon_time, info->logon_time);
+ unix_to_nt_time(&info3->base.logoff_time, info->logoff_time);
+ unix_to_nt_time(&info3->base.kickoff_time, info->kickoff_time);
unix_to_nt_time(&info3->base.last_password_change, info->pass_last_set_time);
unix_to_nt_time(&info3->base.allow_password_change,
info->pass_can_change_time);
diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c
index a6a9013..688afc6 100644
--- a/source3/winbindd/wb_fill_pwent.c
+++ b/source3/winbindd/wb_fill_pwent.c
@@ -120,7 +120,7 @@ static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq)
* We are filtering further down in sids2xids, but that filtering
* depends on the actual type of the sid handed in (as determined
* by lookupsids). Here we need to filter for the type of object
- * actually requested, in this case uid.
+ * actually requested, in this case gid.
*/
if (!(xid.type == ID_TYPE_GID || xid.type == ID_TYPE_BOTH)) {
tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);
diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c
index 2097539..fa376da 100644
--- a/source3/winbindd/wb_getgrsid.c
+++ b/source3/winbindd/wb_getgrsid.c
@@ -91,6 +91,11 @@ static void wb_getgrsid_lookupsid_done(struct tevent_req *subreq)
case SID_NAME_DOM_GRP:
case SID_NAME_ALIAS:
case SID_NAME_WKN_GRP:
+ /*
+ * also treat user-type SIDS (they might map to ID_TYPE_BOTH)
+ */
+ case SID_NAME_USER:
+ case SID_NAME_COMPUTER:
break;
default:
tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
@@ -132,6 +137,50 @@ static void wb_getgrsid_sid2gid_done(struct tevent_req *subreq)
state->gid = (gid_t)xid.id;
+ if (state->type == SID_NAME_USER || state->type == SID_NAME_COMPUTER) {
+ /*
+ * special treatment for a user sid that is
+ * mapped to ID_TYPE_BOTH:
+ * create a group with the sid/xid as only member
+ */
+ char *name;
+
+ if (xid.type != ID_TYPE_BOTH) {
+ tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
+ return;
+ }
+
+ state->members = talloc_dict_init(state);
+ if (tevent_req_nomem(state->members, req)) {
+ return;
+ }
+
+ name = fill_domain_username_talloc(talloc_tos(),
+ state->domname,
+ state->name,
+ true /* can_assume */);
+ if (tevent_req_nomem(name, req)) {
+ return;
+ }
+
+ status = add_wbint_Principal_to_dict(talloc_tos(),
+ &state->sid,
+ &name,
+ state->type,
+ state->members);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ tevent_req_done(req);
+ return;
+ }
+
+ /*
+ * the "regular" case of a group type sid.
+ */
+
subreq = wb_group_members_send(state, state->ev, &state->sid,
state->type, state->max_nesting);
if (tevent_req_nomem(subreq, req)) {
diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c
index ef54ee5..df8b0f2 100644
--- a/source3/winbindd/wb_getpwsid.c
+++ b/source3/winbindd/wb_getpwsid.c
@@ -67,12 +67,10 @@ static void wb_getpwsid_queryuser_done(struct tevent_req *subreq)
status = wb_queryuser_recv(subreq, state, &state->userinfo);
TALLOC_FREE(subreq);
- if (tevent_req_nterror(req, status)) {
- return;
- }
-
- if ((state->userinfo->acct_name != NULL)
- && (state->userinfo->acct_name[0] != '\0')) {
+ if (NT_STATUS_IS_OK(status)
+ && (state->userinfo->acct_name != NULL)
+ && (state->userinfo->acct_name[0] != '\0'))
+ {
/*
* QueryUser got us a name, let's got directly to the
* fill_pwent step
@@ -87,10 +85,25 @@ static void wb_getpwsid_queryuser_done(struct tevent_req *subreq)
}
/*
- * QueryUser didn't get us a name, do it via LSA.
+ * Either query_user did not succeed, or it
+ * succeeded but did not return an acct_name.
+ * (TODO: Can this happen at all???)
+ * ==> Try lsa_lookupsids.
*/
- subreq = wb_lookupsid_send(state, state->ev,
- &state->userinfo->user_sid);
+ if (state->userinfo == NULL) {
+ state->userinfo = talloc_zero(state, struct wbint_userinfo);
+ if (tevent_req_nomem(state->userinfo, req)) {
+ return;
+ }
+
+ /* a successful query_user call would have filled these */
+ sid_copy(&state->userinfo->user_sid, &state->sid);
+ state->userinfo->homedir = NULL;
+ state->userinfo->shell = NULL;
+ state->userinfo->primary_gid = (gid_t)-1;
+ }
+
+ subreq = wb_lookupsid_send(state, state->ev, &state->sid);
if (tevent_req_nomem(subreq, req)) {
return;
}
@@ -113,6 +126,27 @@ static void wb_getpwsid_lookupsid_done(struct tevent_req *subreq)
if (tevent_req_nterror(req, status)) {
return;
}
+
+ switch (type) {
+ case SID_NAME_USER:
+ case SID_NAME_COMPUTER:
+ /*
+ * user case: we only need the account name from lookup_sids
+ */
+ break;
+ case SID_NAME_DOM_GRP:
+ case SID_NAME_ALIAS:
+ case SID_NAME_WKN_GRP:
+ /*
+ * also treat group-type SIDs (they might map to ID_TYPE_BOTH)
+ */
+ sid_copy(&state->userinfo->group_sid, &state->sid);
+ break;
+ default:
+ tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
+ return;
+ }
+
subreq = wb_fill_pwent_send(state, state->ev, state->userinfo,
state->pw);
if (tevent_req_nomem(subreq, req)) {
diff --git a/source3/winbindd/wb_group_members.c b/source3/winbindd/wb_group_members.c
index e4b4c0a..ecd07cf 100644
--- a/source3/winbindd/wb_group_members.c
+++ b/source3/winbindd/wb_group_members.c
@@ -349,6 +349,42 @@ static NTSTATUS wb_group_members_next_subreq(
return NT_STATUS_OK;
}
+
+/**
+ * compose a wbint_Principal and add it to talloc_dict
+ *
+ * NOTE: this has a side effect: *name needs to be talloc'd
+ * and it is talloc_move'd to mem_ctx.
+ */
+NTSTATUS add_wbint_Principal_to_dict(TALLOC_CTX *mem_ctx,
+ struct dom_sid *sid,
+ const char **name,
+ enum lsa_SidType type,
+ struct talloc_dict *dict)
+{
+ struct wbint_Principal *m;
+ DATA_BLOB key;
+ bool ok;
+
+ m = talloc(mem_ctx, struct wbint_Principal);
+ if (m == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ sid_copy(&m->sid, sid);
+ m->name = talloc_move(m, name);
+ m->type = type;
+
+ key = data_blob_const(&m->sid, sizeof(m->sid));
+
+ ok = talloc_dict_set(dict, key, &m);
+ if (!ok) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ return NT_STATUS_OK;
+}
+
static void wb_group_members_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
@@ -397,26 +433,15 @@ static void wb_group_members_done(struct tevent_req *subreq)
/*
* Add a copy of members[i] to state->users
*/
- struct wbint_Principal *m;
- struct dom_sid *sid;
- DATA_BLOB key;
-
- m = talloc(talloc_tos(), struct wbint_Principal);
- if (tevent_req_nomem(m, req)) {
+ status = add_wbint_Principal_to_dict(talloc_tos(),
+ &members[i].sid,
+ &members[i].name,
+ members[i].type,
+ state->users);
+ if (tevent_req_nterror(req, status)) {
return;
}
- sid_copy(&m->sid, &members[i].sid);
- m->name = talloc_move(m, &members[i].name);
- m->type = members[i].type;
-
- sid = &members[i].sid;
- key = data_blob_const(
- sid, ndr_size_dom_sid(sid, 0));
- if (!talloc_dict_set(state->users, key, &m)) {
- tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
- return;
- }
break;
}
case SID_NAME_DOM_GRP:
diff --git a/source3/winbindd/winbindd_getgrnam.c b/source3/winbindd/winbindd_getgrnam.c
index 9460ff4..bc970cb 100644
--- a/source3/winbindd/winbindd_getgrnam.c
+++ b/source3/winbindd/winbindd_getgrnam.c
@@ -30,7 +30,7 @@ struct winbindd_getgrnam_state {
struct talloc_dict *members;
};
-static void winbindd_getgrnam_lookupsid_done(struct tevent_req *subreq);
+static void winbindd_getgrnam_lookupname_done(struct tevent_req *subreq);
static void winbindd_getgrnam_done(struct tevent_req *subreq);
struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
@@ -81,12 +81,12 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
- tevent_req_set_callback(subreq, winbindd_getgrnam_lookupsid_done,
+ tevent_req_set_callback(subreq, winbindd_getgrnam_lookupname_done,
req);
return req;
}
-static void winbindd_getgrnam_lookupsid_done(struct tevent_req *subreq)
+static void winbindd_getgrnam_lookupname_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
@@ -101,8 +101,19 @@ static void winbindd_getgrnam_lookupsid_done(struct tevent_req *subreq)
return;
}
- if ( (type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) ) {
- DEBUG(5,("getgrnam_recv: not a group!\n"));
+ switch (type) {
+ case SID_NAME_DOM_GRP:
+ case SID_NAME_ALIAS:
+ case SID_NAME_WKN_GRP:
+ /*
+ * Also give user types a chance:
+ * These might be user sids mapped to the ID_TYPE_BOTH,
+ * and in that case we should construct a group struct.
+ */
+ case SID_NAME_USER:
+ case SID_NAME_COMPUTER:
+ break;
+ default:
tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
return;
}
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 0265227..41aa9ac 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -643,6 +643,11 @@ struct tevent_req *wb_group_members_send(TALLOC_CTX *mem_ctx,
int max_depth);
NTSTATUS wb_group_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
struct talloc_dict **members);
+NTSTATUS add_wbint_Principal_to_dict(TALLOC_CTX *mem_ctx,
+ struct dom_sid *sid,
+ const char **name,
+ enum lsa_SidType type,
+ struct talloc_dict *dict);
struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index a96dbb1..44deeb0 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -526,7 +526,7 @@ NTSTATUS rpc_query_user(TALLOC_CTX *mem_ctx,
user_info->full_name = talloc_strdup(user_info,
info->info21.full_name.string);
if ((info->info21.full_name.string != NULL) &&
- (user_info->acct_name == NULL))
+ (user_info->full_name == NULL))
{
return NT_STATUS_NO_MEMORY;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list