wbclient: fix wbcLookupName with UPN

Isaac Boukris iboukris at gmail.com
Sun Feb 25 23:50:43 UTC 2018


On Thu, Feb 22, 2018 at 11:57 PM, Isaac Boukris <iboukris at gmail.com> wrote:
> Hi Stefan,
>
> On Thu, Feb 22, 2018 at 3:12 PM, Stefan Metzmacher <metze at samba.org> wrote:
>> Hi Isaac,
>>
>>> The attached patch fixes the case where the UPN differs from
>>> user at domain (both components can be different).
>>> It works fine even when empty domain is specified.
>>
>> I think you're patch will only work on a domain member server,
>> as there the find_lookup_domain_from_name() within wb_lookupname_send()
>> will always return our primary domain.
>
> Correct.
>
>> But on a DC an empty domain string doesn't allow to find the domain.
>
> I wonder, can't we just assume our own domain on a DC as well?
>
> I am now testing samba DC, and if I add the below then it works fine
> (didn't try make-test yet though).
>
> diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
> index 6292cce..e842bf7 100644
> --- a/source3/winbindd/winbindd_util.c
> +++ b/source3/winbindd/winbindd_util.c
> @@ -1506,7 +1506,7 @@ struct winbindd_domain
> *find_lookup_domain_from_name(const char *domain_name)
>
>                 domain = find_domain_from_name_noinit(domain_name);
>                 if (domain == NULL) {
> -                       return NULL;
> +                       return find_our_domain();


The above seem to pass make-test (on github #130), but I can't tell if
it makes sense.

Perhaps we can leave the domain assumption for now, but still send the
whole UPN.
I've tested the below and it helps for wbinfo-n to work on a DC with
UPN where LHS is different:

diff --git a/source3/winbindd/winbindd_lookupname.c
b/source3/winbindd/winbindd_lookupname.c
index 1be29fd85c8..6ca936a8da4 100644
--- a/source3/winbindd/winbindd_lookupname.c
+++ b/source3/winbindd/winbindd_lookupname.c
@@ -58,7 +58,6 @@ struct tevent_req
*winbindd_lookupname_send(TALLOC_CTX *mem_ctx,
  } else if ((p = strchr(request->data.name.name, '@')) != NULL) {
  /* upn */
  domname = p + 1;
- *p = 0;
  name = request->data.name.name;
  } else {
  domname = request->data.name.dom_name;


While writing this, I think the below change would help too to prefer
provided domain if any over upn suffix.

diff --git a/source3/winbindd/winbindd_lookupname.c
b/source3/winbindd/winbindd_lookupname.c
index 6ca936a..b75dc2b 100644
--- a/source3/winbindd/winbindd_lookupname.c
+++ b/source3/winbindd/winbindd_lookupname.c
@@ -57,7 +57,8 @@ struct tevent_req
*winbindd_lookupname_send(TALLOC_CTX *mem_ctx,
                name = p+1;
        } else if ((p = strchr(request->data.name.name, '@')) != NULL) {
                /* upn */
-               domname = p + 1;
+               domname = request->data.name.dom_name[0] == '\0' ? p + 1 :
+                               request->data.name.dom_name;
                name = request->data.name.name;
        } else {

If any of these make sense, I think it would improve on the current behavior.

Thanks!



More information about the samba-technical mailing list