bug in winbindd_ads.c : lookup_groupmem, domain name would be
prepended to username twice
boyang
boyang at novell.com
Wed Nov 28 10:24:55 GMT 2007
Hi, all:
Any decisions on this.
It is totally reproducible.
If the user SID is in cache, and assume user in group(not the
primary group). We invoke getgrnam("groupname"),
Domain name will be prepended to user name twice, which results
in D\d\U.
Thanks.
Gerald (Jerry) Carter wrote:
> Bo Yang wrote:
> > hi, all
> > lookup_groupmem in winbindd_ads.c prepended domain name to
> > username, and fill_grent_mem can prepend domain name to username,
> > which will results in domain name being prepended twice.
>
> > To reproduce the issue:
> > Assume, user U1 in group G1(not the primary group), D is the
> > domain name
> > 1. stop winbindd
> > 2. remove winbindd_cache.tdb
> > 3. restart winbindd
> > 4. write junk code(as reproduce_336854.c shows) to first invoke
> > getpwnam(D\U1), and then call getgrnam(D\G1) the getgrnam returned
> > member D\d\U1 as its member's name...
>
> > patch in attachment for 3.0.26 and 3.2.0
>
> I'm not sure I agree. I need to review how this interacts with
> "winbind expand groups". I'll review and get back to you.
>
>
>
> cheers, jerry
More information about the samba-technical
mailing list