[PATCH] Fix bug 8905
Michael Adam
obnox at samba.org
Tue Mar 10 17:14:34 MDT 2015
Hi,
attached find a patch that fixes bug 8905:
don't let nss group enumeration stop at
groups without gid.
The patch has been tested manually, and
intended to write a selftest, but did not
manage yet. It is in this respect similar
to the corresponding fix for user enum:
10b285ccc29b106f164a6c18116e237634867717
The patch introduces some code duplication
but a follow-up patchset refactors the
duplication out of wb_next_grent and wb_next_pwent.
Cheers - Michael
-------------- next part --------------
From ac240a210367e68fa38f20ee50508c575ff0977e Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Mon, 19 Jan 2015 13:51:55 +0100
Subject: [PATCH] s3:winbind:grent: don't stop group enumeration when a group
has no gid
simply continue with the next group
Note: this patch introduces some code duplication to make it
easier to create minimal backport patch. Subsequent patches
will provide some refactoring to reduce the duplication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8905
Signed-off-by: Michael Adam <obnox at samba.org>
---
source3/winbindd/wb_next_grent.c | 51 +++++++++++++++++++++++++++++++++++++++-
1 file changed, 50 insertions(+), 1 deletion(-)
diff --git a/source3/winbindd/wb_next_grent.c b/source3/winbindd/wb_next_grent.c
index aea134b..58e161d 100644
--- a/source3/winbindd/wb_next_grent.c
+++ b/source3/winbindd/wb_next_grent.c
@@ -168,9 +168,58 @@ static void wb_next_grent_getgrsid_done(struct tevent_req *subreq)
status = wb_getgrsid_recv(subreq, talloc_tos(), &domname, &name,
&state->gr->gr_gid, &state->members);
TALLOC_FREE(subreq);
- if (tevent_req_nterror(req, status)) {
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+ state->gstate->next_group += 1;
+
+ if (state->gstate->next_group >= state->gstate->num_groups) {
+ TALLOC_FREE(state->gstate->groups);
+
+ if (state->gstate->domain == NULL) {
+ state->gstate->domain = domain_list();
+ } else {
+ state->gstate->domain = state->gstate->domain->next;
+ }
+
+ if ((state->gstate->domain != NULL) &&
+ sid_check_is_our_sam(&state->gstate->domain->sid))
+ {
+ state->gstate->domain = state->gstate->domain->next;
+ }
+
+ if (state->gstate->domain == NULL) {
+ tevent_req_nterror(req,
+ NT_STATUS_NO_MORE_ENTRIES);
+ return;
+ }
+
+ subreq = dcerpc_wbint_QueryGroupList_send(
+ state, state->ev,
+ dom_child_handle(state->gstate->domain),
+ &state->next_groups);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+
+ tevent_req_set_callback(subreq,
+ wb_next_grent_fetch_done, req);
+ return;
+ }
+
+ subreq = wb_getgrsid_send(
+ state, state->ev,
+ &state->gstate->groups[state->gstate->next_group].sid,
+ state->max_nesting);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, wb_next_grent_getgrsid_done,
+ req);
+ return;
+ } else if (tevent_req_nterror(req, status)) {
return;
}
+
if (!fill_grent(talloc_tos(), state->gr, domname, name,
state->gr->gr_gid)) {
DEBUG(5, ("fill_grent failed\n"));
--
2.1.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150311/be3e456a/attachment.pgp>
More information about the samba-technical
mailing list