[PATCHES] Fix idmap_ad for clustered Samba (BUG 12295)
Christof Schmitt
cs at samba.org
Tue Sep 27 19:16:55 UTC 2016
From a0e13fad9b0ad7c1c59f7201eb507a056a521dc9 Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Mon, 26 Sep 2016 14:40:28 -0700
Subject: [PATCH 1/2] idmap_ad: Fix retrieving credentials from clustered
secrets.tdb
cli_credentials_set_machine_account only reads from a local tdb. Change
that call to cli_credentials_set_machine_account_db_ctx to fix this for
clustered Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12295
Signed-off-by: Christof Schmitt <cs at samba.org>
---
source3/winbindd/idmap_ad.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 242b788..c385cf0 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -22,6 +22,7 @@
#include "idmap.h"
#include "tldap_gensec_bind.h"
#include "tldap_util.h"
+#include "secrets.h"
#include "lib/param/param.h"
#include "utils/net.h"
#include "auth/gensec/gensec.h"
@@ -242,6 +243,7 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
const char *domname,
struct tldap_context **pld)
{
+ struct db_context *db_ctx;
struct netr_DsRGetDCNameInfo *dcinfo;
struct sockaddr_storage dcaddr;
struct cli_credentials *creds;
@@ -308,7 +310,14 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
cli_credentials_set_conf(creds, lp_ctx);
- status = cli_credentials_set_machine_account(creds, lp_ctx);
+ db_ctx = secrets_db_ctx();
+ if (db_ctx == NULL) {
+ DBG_DEBUG("Failed to open secrets.tdb.\n");
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ status = cli_credentials_set_machine_account_db_ctx(creds, lp_ctx,
+ db_ctx);
if (!NT_STATUS_IS_OK(status)) {
DBG_DEBUG("cli_credentials_set_machine_account "
"failed: %s\n", nt_errstr(status));
--
1.8.3.1
From 71dd086fe2e76e8c761176ca486988a0b28e002a Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Mon, 26 Sep 2016 14:27:28 -0700
Subject: [PATCH 2/2] winbind: Fix passing idmap failure from wb_sids2xids back
to callers
If the idmap call in wb_sids2xids fails, the callers expect xid.type to
be set to ID_TYPE_NOT_SPECIFIED, not the internal type field that is
initialized from the lookupsids call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12295
Signed-off-by: Christof Schmitt <cs at samba.org>
---
source3/winbindd/wb_sids2xids.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/winbindd/wb_sids2xids.c b/source3/winbindd/wb_sids2xids.c
index e16917f..25260be 100644
--- a/source3/winbindd/wb_sids2xids.c
+++ b/source3/winbindd/wb_sids2xids.c
@@ -305,7 +305,7 @@ static void wb_sids2xids_done(struct tevent_req *subreq)
* All we can do here is to report "not mapped"
*/
for (i=0; i<src->num_ids; i++) {
- src->ids[i].type = ID_TYPE_NOT_SPECIFIED;
+ src->ids[i].xid.type = ID_TYPE_NOT_SPECIFIED;
}
}
--
1.8.3.1
More information about the samba-technical
mailing list