[PATCH] A Solaris CC fix and some small winbind enhancements

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Feb 7 10:16:42 UTC 2019 

Hi!

Review appreciated!

Thanks, Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: 0551-370000-0, mailto:kontakt at sernet.de
Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
AG Göttingen: HR-B 2816 - http://www.sernet.de
-------------- next part --------------
From ff383ea01a934495085ec74455a0c4dd26aec934 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 24 Jan 2019 10:39:38 +0100
Subject: [PATCH 1/4] torture4: Solaris cc can't deal with empty initializers

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source4/torture/smb2/delete-on-close.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/source4/torture/smb2/delete-on-close.c b/source4/torture/smb2/delete-on-close.c
index 12cdb8540b8..3c495750f43 100644
--- a/source4/torture/smb2/delete-on-close.c
+++ b/source4/torture/smb2/delete-on-close.c
@@ -584,9 +584,9 @@ static bool test_doc_read_only(struct torture_context *tctx,
 			       struct smb2_tree *tree)
 {
 	struct smb2_handle dir_handle;
-	union smb_setfileinfo sfinfo = { };
-	struct smb2_create create = { };
-	struct smb2_close close = { };
+	union smb_setfileinfo sfinfo = {{0}};
+	struct smb2_create create = {0};
+	struct smb2_close close = {0};
 	NTSTATUS status, expected_status;
 	bool ret = true, delete_readonly;
 
@@ -603,7 +603,7 @@ static bool test_doc_read_only(struct torture_context *tctx,
 	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
 					"CREATE directory failed\n");
 
-	create = (struct smb2_create) { };
+	create = (struct smb2_create) {0};
 	create.in.desired_access = SEC_RIGHTS_DIR_ALL;
 	create.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
 		NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
@@ -628,7 +628,7 @@ static bool test_doc_read_only(struct torture_context *tctx,
 
 	torture_comment(tctx, "Creating file with READ_ONLY attribute.\n");
 
-	create = (struct smb2_create) { };
+	create = (struct smb2_create) {0};
 	create.in.desired_access = SEC_RIGHTS_DIR_ALL;
 	create.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
 	create.in.file_attributes = FILE_ATTRIBUTE_READONLY;
@@ -649,7 +649,7 @@ static bool test_doc_read_only(struct torture_context *tctx,
 	torture_comment(tctx, "Testing CREATE with DELETE_ON_CLOSE on "
 			"READ_ONLY attribute file.\n");
 
-	create = (struct smb2_create) { };
+	create = (struct smb2_create) {0};
 	create.in.desired_access = SEC_RIGHTS_FILE_READ | SEC_STD_DELETE;
 	create.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
 	create.in.file_attributes = 0;
@@ -667,7 +667,7 @@ static bool test_doc_read_only(struct torture_context *tctx,
 	torture_comment(tctx, "Testing setting DELETE_ON_CLOSE disposition on "
 			" file with READONLY attribute.\n");
 
-	create = (struct smb2_create) { };
+	create = (struct smb2_create) {0};
 	create.in.desired_access = SEC_RIGHTS_FILE_READ | SEC_STD_DELETE;;
 	create.in.create_options = 0;
 	create.in.file_attributes = 0;
-- 
2.11.0


From bb0ffd7087cd90ba116a2f2abca1fb4819590fa0 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 6 Feb 2019 13:10:08 +0100
Subject: [PATCH 2/4] winbind: Enhance xids2sids debugging

Print what was requested and returned

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/winbindd/winbindd_xids_to_sids.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/source3/winbindd/winbindd_xids_to_sids.c b/source3/winbindd/winbindd_xids_to_sids.c
index 29caccd0468..b0f4550f773 100644
--- a/source3/winbindd/winbindd_xids_to_sids.c
+++ b/source3/winbindd/winbindd_xids_to_sids.c
@@ -67,7 +67,9 @@ struct tevent_req *winbindd_xids_to_sids_send(TALLOC_CTX *mem_ctx,
 		return tevent_req_post(req, ev);
 	}
 
-	DEBUG(10, ("num_xids: %d\n", (int)state->num_xids));
+	DBG_DEBUG("num_xids: %"PRIu32"\n%s\n",
+		  state->num_xids,
+		  (char *)request->extra_data.data);
 
 	subreq = wb_xids2sids_send(state, ev, state->xids, state->num_xids);
 	if (tevent_req_nomem(subreq, req)) {
@@ -103,7 +105,7 @@ NTSTATUS winbindd_xids_to_sids_recv(struct tevent_req *req,
 	uint32_t i;
 
 	if (tevent_req_is_nterror(req, &status)) {
-		DEBUG(5, ("Could not convert sids: %s\n", nt_errstr(status)));
+		DBG_INFO("Could not convert xids: %s\n", nt_errstr(status));
 		return status;
 	}
 
@@ -128,6 +130,8 @@ NTSTATUS winbindd_xids_to_sids_recv(struct tevent_req *req,
 		}
 	}
 
+	DBG_DEBUG("sids:\n%s\n", result);
+
 	response->extra_data.data = result;
 	response->length += talloc_get_size(result);
 
-- 
2.11.0


From 0ba78ce9be55e5a928140a14489c43e11cbbf833 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 6 Feb 2019 17:02:53 +0100
Subject: [PATCH 3/4] smbd: Avoid sending S-1-22- to winbind

Sending S-1-22-x to a typeless sids2xids call will make winbind prime
the reverse xids2sids cache, which is very likely the wrong mapping. Add
a check that avoids bothering the winbind pipe when it's clear this
can't work anyway.

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/passdb/lookup_sid.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 6bda783fa03..bf3ded6683e 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1489,6 +1489,12 @@ bool sid_to_uid(const struct dom_sid *psid, uid_t *puid)
 		return true;
 	}
 
+	if (sid_check_is_in_unix_groups(psid)) {
+		DBG_DEBUG("SID %s is a group, failing\n",
+			  dom_sid_str_buf(psid, &buf));
+		return false;
+	}
+
 	/* Check the winbindd cache directly. */
 	ret = idmap_cache_find_sid2uid(psid, puid, &expired);
 
@@ -1545,6 +1551,12 @@ bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid)
 		return true;
 	}
 
+	if (sid_check_is_in_unix_users(psid)) {
+		DBG_DEBUG("SID %s is a user, failing\n",
+			  dom_sid_str_buf(psid, &buf));
+		return false;
+	}
+
 	/* Check the winbindd cache directly. */
 	ret = idmap_cache_find_sid2gid(psid, pgid, &expired);
 
-- 
2.11.0


From 2cd80b9c6c44ee8e87925d20caf3e8be3b62b472 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 6 Feb 2019 17:06:28 +0100
Subject: [PATCH 4/4] winbindd: Enhance xids2sids debugging

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/winbindd/wb_xids2sids.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
index fa4ba983720..310a645cdff 100644
--- a/source3/winbindd/wb_xids2sids.c
+++ b/source3/winbindd/wb_xids2sids.c
@@ -481,6 +481,11 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx,
 			}
 
 			if (ok && !expired) {
+				struct dom_sid_buf buf;
+				DBG_DEBUG("Found %cID in cache: %s\n",
+					  xids[i].type == ID_TYPE_UID?'U':'G',
+					  dom_sid_str_buf(&sid, &buf));
+
 				sid_copy(&state->sids[i], &sid);
 			}
 		}
-- 
2.11.0

More information about the samba-technical mailing list