[PATCH] Fix wbinfo --sids-to-unix_ids with some unmapped sids
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Dec 21 14:54:04 UTC 2018
Hi!
We have to reply all we have if some SIDs fail to map.
Review appreciated!
Thanks, Volker
--
Besuchen Sie die verinice.XP 2019 in Berlin!
Anwenderkonferenz für Informationssicherheit
26.-28. Februar 2019 - im Hotel Radisson Blu
Info & Anmeldung hier: http://veriniceXP.org
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 55bee045284a0e99349e9e6d74559aa913cba516 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 18 Dec 2018 15:53:21 +0100
Subject: [PATCH 1/3] idmap_tdb: If one SID fails to map, try the rest
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/idmap_tdb_common.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/source3/winbindd/idmap_tdb_common.c b/source3/winbindd/idmap_tdb_common.c
index e130be08245..34269e3fe56 100644
--- a/source3/winbindd/idmap_tdb_common.c
+++ b/source3/winbindd/idmap_tdb_common.c
@@ -577,8 +577,11 @@ static NTSTATUS idmap_tdb_common_sids_to_unixids_action(struct db_context *db,
ret =
idmap_tdb_common_new_mapping(state->dom,
state->ids[i]);
+ DBG_DEBUG("idmap_tdb_common_new_mapping returned %s\n",
+ nt_errstr(ret));
if (!NT_STATUS_IS_OK(ret)) {
- goto done;
+ ret = STATUS_SOME_UNMAPPED;
+ continue;
}
num_mapped += 1;
}
--
2.11.0
From 5a7d900b202f371d1195ab6829142e0989d54289 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 18 Dec 2018 15:53:48 +0100
Subject: [PATCH 2/3] idmap: In --sids-to-unix-ids, pass back what we have
SOME_UNMAPPED does not mean that nothing worthwhile is in here. We
need to pass what we have.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_dual_srv.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index 62224bf313e..ab14f5d51a0 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -204,6 +204,15 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p,
status = dom->methods->sids_to_unixids(dom, id_map_ptrs);
+ if (NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
+ /*
+ * This is okay. We need to transfer the mapped ones
+ * up to our caller. The individual mappings carry the
+ * information whether they are mapped or not.
+ */
+ status = NT_STATUS_OK;
+ }
+
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("sids_to_unixids returned %s\n",
nt_errstr(status)));
--
2.11.0
From 5cb621137544863b69179c961e1f3412cda88fbc Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 21 Dec 2018 11:49:33 +0100
Subject: [PATCH 3/3] selftest: Test sids-to-xids with one failing sid
Signed-off-by: Volker Lendecke <vl at samba.org>
---
nsswitch/tests/test_wbinfo_sids_to_xids.sh | 13 +++++++++++++
source3/selftest/tests.py | 6 ++++++
2 files changed, 19 insertions(+)
create mode 100755 nsswitch/tests/test_wbinfo_sids_to_xids.sh
diff --git a/nsswitch/tests/test_wbinfo_sids_to_xids.sh b/nsswitch/tests/test_wbinfo_sids_to_xids.sh
new file mode 100755
index 00000000000..2e3aeaa477a
--- /dev/null
+++ b/nsswitch/tests/test_wbinfo_sids_to_xids.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+incdir=`dirname $0`/../../testprogs/blackbox
+. $incdir/subunit.sh
+
+# S-1-5-1000 fails, but S-1-5-11 succeeds. Check that S-1-5-11 is
+# mapped successfully with a GID in the 1000x range
+
+testit_grep "wbinfo" "gid 1000" \
+ $VALGRIND $BINDIR/wbinfo --sids-to-unix-ids=s-1-5-1000,s-1-5-11 ||
+ failed=`expr $failed + 1`
+
+testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index a3bb1c4feac..d531856e9b7 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -262,6 +262,12 @@ plantestsuite("samba3.wbinfo_user_info", env,
"nsswitch/tests/test_wbinfo_user_info.sh"),
'$TRUST_DOMAIN', '$TRUST_REALM', '$DOMAIN', 'alice', 'alice', 'jane', 'jane.doe', env])
+plantestsuite(
+ "samba3.wbinfo_sids_to_xids",
+ "nt4_member",
+ [os.path.join(srcdir(),
+ "nsswitch/tests/test_wbinfo_sids_to_xids.sh")])
+
env = "ad_member"
t = "WBCLIENT-MULTI-PING"
plantestsuite("samba3.smbtorture_s3.%s" % t, env, [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//foo/bar', '""', '""', smbtorture3, ""])
--
2.11.0
More information about the samba-technical
mailing list