[PATCH] winbindd: lookup-domain for well-known SIDs on a DC

Ralph Böhme slow at samba.org
Sun Apr 2 15:10:02 UTC 2017 

On Sat, Apr 01, 2017 at 11:26:09PM +0000, Jeremy Allison wrote:
> On Sat, Apr 01, 2017 at 11:40:23PM +0200, Ralph Böhme wrote:
> > 
> > review_cancel_send()
> > 
> > Please take a look at the patch I just sent in reply to Rowland's mail. It
> > contains a shellscript level fix for one of the tests.
> 
> Oh sorry, I already pushed your first patch. Sorry Rowland,
> didn't catch the error in review.
> 
> Ralph, do you want to rebase on top of what's in master
> already and just send a fix for the test ?

attached.

I'm adding an additional patch under the same bug number, spotted this while
continuing to fight with the sids2xids code.

Cheerio!
-slow
-------------- next part --------------
From bfc46bd42a1e6a89fc3b32dfc38a6a643d4af929 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Sun, 2 Apr 2017 13:42:45 +0200
Subject: [PATCH 1/2] =?UTF-8?q?winbindd:=20expl=C3=ADcit=20check=20for=20w?=
 =?UTF-8?q?ell-known=20SIDs=20in=20wb=5Flookupsids=5Fbulk()?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Those are implicitly already catched by the

  if (sid->num_auths != 5)

check, but I'd like to make the desired behaviour more obvious.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727

Signed-off-by: Ralph Boehme <slow at samba.org>
---
 source3/winbindd/wb_lookupsids.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c
index 3f48ad7..858616b 100644
--- a/source3/winbindd/wb_lookupsids.c
+++ b/source3/winbindd/wb_lookupsids.c
@@ -296,7 +296,10 @@ static bool wb_lookupsids_bulk(const struct dom_sid *sid)
 	    sid_check_is_in_unix_users(sid) ||
 	    sid_check_is_unix_users(sid) ||
 	    sid_check_is_in_builtin(sid) ||
-	    sid_check_is_builtin(sid)) {
+	    sid_check_is_builtin(sid) ||
+	    sid_check_is_wellknown_domain(sid, NULL) ||
+	    sid_check_is_in_wellknown_domain(sid))
+	{
 		/*
 		 * These are locally done piece by piece anyway, no
 		 * need for bulk optimizations.
-- 
2.9.3


From a1ae32374a69d6f763dbeb4d156207aaf3482c26 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Fri, 31 Mar 2017 16:06:18 +0200
Subject: [PATCH 2/2] selftest: fix for wbinfo -s tests for wellknown SIDs

Rework while loop to not use a pipe as that uses a subshell for the loop
which means assigning to the variable failed is not visible in the
main script.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727

Signed-off-by: Ralph Boehme <slow at samba.org>
---
 nsswitch/tests/test_wbinfo.sh | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/nsswitch/tests/test_wbinfo.sh b/nsswitch/tests/test_wbinfo.sh
index d298ddb..49296b6 100755
--- a/nsswitch/tests/test_wbinfo.sh
+++ b/nsswitch/tests/test_wbinfo.sh
@@ -88,9 +88,7 @@ else
 	echo "success: wbinfo -s check for sane mapping"
 fi
 
-WELL_KNOWN_SIDS="S-1-1-0\n /EVERYONE 5\n S-1-3-1\n /CREATOR GROUP 5\n S-1-5-1\n NT AUTHORITY/DIALUP 5"
-
-printf "$WELL_KNOWN_SIDS" | while read SID ; do
+while read SID ; do
     read NAME
 
     testit "wbinfo -s $SID against $TARGET" $wbinfo -s $SID || failed=`expr $failed + 1`
@@ -106,7 +104,14 @@ printf "$WELL_KNOWN_SIDS" | while read SID ; do
     else
         echo "success: wbinfo -s $SID against $TARGET"
     fi
-done
+done <<EOF
+S-1-1-0
+/EVERYONE 5
+S-1-3-1
+/CREATOR GROUP 5
+S-1-5-1
+NT AUTHORITY/DIALUP 5
+EOF
 
 testit "wbinfo -n on the returned name against $TARGET" $wbinfo -n $admin_name || failed=`expr $failed + 1`
 test_sid=`$wbinfo -n $tested_name | cut -d " " -f1`
-- 
2.9.3

More information about the samba-technical mailing list