[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Thu Mar 11 08:39:01 UTC 2021
The branch, master has been updated
via 0e789ba1802 idmap_nss: Do not return SID from unixids_to_sids on type mismatch
via 79dd4b133c3 idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch
via db2afa57e4a winbind: Only use unixid2sid mapping when module reports ID_MAPPED
from 65510204d41 smbd: Ensure errno is preserved across fsp destructor
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0e789ba1802ca22e5a01abd6e93ef66cd45566a7
Author: Christof Schmitt <cs at samba.org>
Date: Fri Mar 5 16:07:54 2021 -0700
idmap_nss: Do not return SID from unixids_to_sids on type mismatch
The call to winbind_lookup_name already wrote the result in the id_map
array. The later check for the type detected a mismatch, but that did
not remove the SID from the result struct.
Change this by first assigning the SID to a temporary variable and only
write it to the id_map array after the type checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Mar 11 08:38:41 UTC 2021 on sn-devel-184
commit 79dd4b133c37451c98fe7f7c45da881e89e91ffc
Author: Christof Schmitt <cs at samba.org>
Date: Fri Mar 5 16:01:13 2021 -0700
idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch
The call to winbind_lookup_name already wrote the result in the id_map
array. The later check for the type detected a mismatch, but that did
not remove the SID from the result struct.
Change this by first assigning the SID to a temporary variable and only
write it to the id_map array after the type checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
Signed-off-by: Christof Schmitt <cs at samba.org>
commit db2afa57e4aa926b478db1be4d693edbdf4d2a23
Author: Christof Schmitt <cs at samba.org>
Date: Fri Mar 5 15:48:29 2021 -0700
winbind: Only use unixid2sid mapping when module reports ID_MAPPED
Only consider a mapping to be valid when the idmap module reports
ID_MAPPED. Otherwise return the null SID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/idmap_nss.c | 6 +++++-
source3/winbindd/idmap_rfc2307.c | 4 +++-
source3/winbindd/winbindd_dual_srv.c | 8 ++++++--
3 files changed, 14 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/idmap_nss.c b/source3/winbindd/idmap_nss.c
index 9e1efefeb24..da50e2b4aa7 100644
--- a/source3/winbindd/idmap_nss.c
+++ b/source3/winbindd/idmap_nss.c
@@ -25,6 +25,7 @@
#include "nsswitch/winbind_client.h"
#include "idmap.h"
#include "lib/winbind_util.h"
+#include "libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_IDMAP
@@ -55,6 +56,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma
struct passwd *pw;
struct group *gr;
const char *name;
+ struct dom_sid sid;
enum lsa_SidType type;
bool ret;
@@ -86,7 +88,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma
the following call will not recurse so this is safe */
(void)winbind_on();
/* Lookup name from PDC using lsa_lookup_names() */
- ret = winbind_lookup_name(dom->name, name, ids[i]->sid, &type);
+ ret = winbind_lookup_name(dom->name, name, &sid, &type);
(void)winbind_off();
if (!ret) {
@@ -99,6 +101,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma
switch (type) {
case SID_NAME_USER:
if (ids[i]->xid.type == ID_TYPE_UID) {
+ sid_copy(ids[i]->sid, &sid);
ids[i]->status = ID_MAPPED;
}
break;
@@ -107,6 +110,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma
case SID_NAME_ALIAS:
case SID_NAME_WKN_GRP:
if (ids[i]->xid.type == ID_TYPE_GID) {
+ sid_copy(ids[i]->sid, &sid);
ids[i]->status = ID_MAPPED;
}
break;
diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
index 05259bf8344..4870ca30485 100644
--- a/source3/winbindd/idmap_rfc2307.c
+++ b/source3/winbindd/idmap_rfc2307.c
@@ -229,6 +229,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx,
for (i = 0; i < count; i++) {
char *name;
+ struct dom_sid sid;
enum lsa_SidType lsa_type;
struct id_map *map;
uint32_t id;
@@ -277,7 +278,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx,
the following call will not recurse so this is safe */
(void)winbind_on();
/* Lookup name from PDC using lsa_lookup_names() */
- b = winbind_lookup_name(dom_name, name, map->sid, &lsa_type);
+ b = winbind_lookup_name(dom_name, name, &sid, &lsa_type);
(void)winbind_off();
if (!b) {
@@ -301,6 +302,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx,
}
map->status = ID_MAPPED;
+ sid_copy(map->sid, &sid);
}
}
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index ffd7bb957b2..32d11e1fa57 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -283,8 +283,12 @@ NTSTATUS _wbint_UnixIDs2Sids(struct pipes_struct *p,
}
for (i=0; i<r->in.num_ids; i++) {
- r->out.xids[i] = maps[i]->xid;
- sid_copy(&r->out.sids[i], maps[i]->sid);
+ if (maps[i]->status == ID_MAPPED) {
+ r->out.xids[i] = maps[i]->xid;
+ sid_copy(&r->out.sids[i], maps[i]->sid);
+ } else {
+ r->out.sids[i] = (struct dom_sid) { 0 };
+ }
}
TALLOC_FREE(maps);
--
Samba Shared Repository
More information about the samba-cvs
mailing list