Another showstopper for 3.2.2.

simo idra at samba.org
Sun Aug 17 14:13:50 GMT 2008


On Sat, 2008-08-16 at 19:22 -0700, Jeremy Allison wrote:
> Ok, the fix is attached. The problem was when smbd
> was asking for a winbindd name to SID lookup of
> "Unix Group\name" where "name" was also a valid username,
> the winbindd passdb lookup of that name was losing the
> domain string info before calling lookup name (ie. lookup_name()
> was being called with just the string "name", not the
> full string "Unix Group\name").
> 
> The passdb backend of winbindd has to cope with
> not only names from it's own global SAM domain,
> but it does lookups for BUILTIN and "Unix User"
> and "Unix Group" also, so making it guess by
> losing the domain string is "A Bad Idea" (tm) :-).
> 
> Note that as winbind globally calls winbind_off()
> at startup, it's safe for winbind to call sys_getgrnam()
> to do the "Unix Group" lookup from inside lookup_name().
> 
> Jerry, Volker, Simo, Guenther and Michael (and
> anyone else who has ever had a hand in winbindd)
> - all PLEASE CHECK !!!!

The patch itself seem ok, but why playing with building a tring to make
lookup_name parse it again ? Why not just passing the domain as a new
parameter to lookup_name ?

I know it would require to change many callers, but most of them seem to
build a string for the domain and name components only to call
lookup_name.

If you want to keep this change contained let me know.
I can take the job of creating a second patch to change lookup_name
signature and split the fullname into a domain + name pair.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <simo at redhat.com>



More information about the samba-technical mailing list