[PATCH] winbindd: lookup-domain for well-known SIDs on a DC
Rowland Penny
rpenny at samba.org
Sat Apr 1 17:34:58 UTC 2017
On Sat, 1 Apr 2017 19:05:11 +0200
Ralph Böhme <slow at samba.org> wrote:
> On Sat, Apr 01, 2017 at 04:39:52PM +0100, Rowland Penny wrote:
> > On Fri, 31 Mar 2017 22:43:34 +0200
> > Ralph Böhme via samba-technical <samba-technical at lists.samba.org>
> > wrote:
> >
> > > Hi!
> > >
> > > Attached is a fix for bug:
> > > <https://bugzilla.samba.org/show_bug.cgi?id=12727>
> > >
> > > ---8<---
> > > On a DC well-known SIDs like S-1-1-0 (everyone) *must* be handled
> > > by the local domain, otherwise something simple like this fails
> > > with WBC_ERR_DOMAIN_NOT_FOUND:
> > >
> > > $ make testenv SELFTEST_TESTENV=nt4_dc SCREEN=1
> > >
> > > localnt4dc2$ ./bin/wbinfo --sid-to-name S-1-1-0
> > > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> > > Could not lookup sid S-1-1-0
> > >
> > > On a member server asking our DC works and is what we're currently
> > > doing, but changing it to ask passdb avoids the overhead.
> > > ---8<---
> > >
> > > Ran across this when working on another bug in the sids2xids code.
> > >
> > > Please review & push if ok. Thanks!
> > >
> > > Cheerio!
> > > -slow
> >
> > OK, I have had a good look at the Bash script part of the PATCH and
> > I have few questions ;-)
> >
> > Shouldn't 'CREATOR GROUP 5' be 'CREATOR_GROUP 5' ?
>
> $ ./bin/wbinfo -s S-1-3-1
> \Creator Group 5
Hmm, on a Samba 4.6.1 domain member:
root at devstation:~# wbinfo -s S-1-3-1
\CREATOR_GROUP 5
>
> > The group names in 'WELL_KNOWN_SIDS' start with forward slashes, is
> > there something in the code somewhere that turns then into the
> > required backslashes ?
>
> $ git grep "winbind separator" selftest/
>
> :)
Thanks, I will look into that
>
> > or are the 'RESOLVED_NAME' tests supposed to always fail ?
>
> Heavens, no! :)
Thought not :-)
>
> > Do you realise that whatever $failed gets set to inside the while
> > loop will be lost when the loop exits ?
>
> Are you sure?
>
> $ failed=0 ; while [ true ] ; do failed=1 ; break ; done ; echo
> $failed 1
> $
>
Fairly sure:
#!/bin/sh
failed=0
WELL_KNOWN_SIDS="S-1-1-0\n /EVERYONE 5\n S-1-3-1\n /CREATOR GROUP 5\n S-1-5-1\n NT AUTHORITY/DIALUP 5"
echo -e "$WELL_KNOWN_SIDS" | while read SID ; do
read NAME
failed=1
done
echo "FAILED: $failed"
exit 0
root at devstation:# bash ./testfrag3.sh
FAILED: 0
Rowland
More information about the samba-technical
mailing list