[PATCH] Fix for bug #13369

Andreas Schneider asn at samba.org
Fri Apr 13 13:13:39 UTC 2018 

Hi,

If the Windbind caches are cold and we look up the user using the UPN will 
result in user name with REALM+user instead of the DOMAIN+user. At least this 
happens in 4.7. In 4.8 this isn't the case but we store:

EARTH.MILKYWAY.SITE\bob1 in the cache. The patch makes sure if we got a realm, 
to lookup the name and use the consistent domain name storing it in the cache 
(EARTH\bob1).

Output showing the bug in v4-7:

$ getent passwd bob1 at EARTH.MILKYWAY.SITE                                                                                                                    
EARTH.MILKYWAY.SITE\bob1:*:100001107:100000513::/home/EARTH.MILKYWAY.SITE/
bob1:/bin/bash


Please review.


Thanks,


	Andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org
-------------- next part --------------
>From 2717b35e482c4eeef429330708c733c734f7f649 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Fri, 13 Apr 2018 14:15:23 +0200
Subject: [PATCH] winbind: Lookup the domain name if we got a REALM

https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 source3/winbindd/winbindd_cache.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 9f9e8781c21..7dd26b75c12 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -1792,6 +1792,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
 {
 	NTSTATUS status;
 	bool old_status;
+	bool lookup_domain = false;
 
 	old_status = domain->online;
 
@@ -1833,6 +1834,26 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
 			return cache_status;
 		}
 	}
+
+	if (domain_name == NULL || domain_name[0] == '\0') {
+		lookup_domain = true;
+	} else {
+		/* If domain_name is a REALM */
+		const char *p = strchr(domain_name, '.');
+		if (p != NULL) {
+			lookup_domain = true;
+		}
+	}
+
+	if (lookup_domain) {
+		struct winbindd_domain *mydomain =
+			find_domain_from_sid_noinit(sid);
+
+		if (mydomain != NULL) {
+			domain_name = mydomain->name;
+		}
+	}
+
 	/* and save it */
 
 	if (domain->online &&
-- 
2.16.3

More information about the samba-technical mailing list