[PATCHES BUG 13831] winbind: Use domain name from lsa query for sid_to_name

Christof Schmitt cs at samba.org
Tue Mar 12 21:33:07 UTC 2019


Updated patches with a NULL check for the talloc_strdup calls added.

Pipeline: https://gitlab.com/samba-team/devel/samba/pipelines/51524916

Christof
-------------- next part --------------
From 030f2de3fe755a682c67e4957436aa86744a144e Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Mon, 11 Mar 2019 16:26:48 -0700
Subject: [PATCH 1/6] nsswitch: Add testcase for checking output of wbinfo
 --sid-to-name

The username should always be returned in the DOMAISHORTNAME/USERNAME
format.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
---
 nsswitch/tests/test_wbinfo_name_lookup.sh | 15 +++++++++++++++
 selftest/knownfail                        |  1 +
 2 files changed, 16 insertions(+)

diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh
index c1d39c1a602..ee8ae11f4b1 100755
--- a/nsswitch/tests/test_wbinfo_name_lookup.sh
+++ b/nsswitch/tests/test_wbinfo_name_lookup.sh
@@ -31,6 +31,21 @@ testit "name-to-sid.upn" \
        $wbinfo -n $DC_USERNAME@$REALM || \
 	failed=$(expr $failed + 1)
 
+testit "name-to-sid.realm-user" \
+       $wbinfo -n $REALM/$DC_USERNAME || \
+	failed=$(expr $failed + 1)
+
+# For the name-to-sid.realm-user query, ensure
+# that this does not change subsequent sid-to-name
+# queries.
+sid=$($wbinfo -n $REALM/$DC_USERNAME | sed -e 's/ .*//')
+out=$($wbinfo -s $sid | sed -e 's/ .//')
+# winbindd returns usernames in lowercase
+lcuser=$(echo $DC_USERNAME | tr A-Z a-z)
+testit "Verify DOMAIN/USER output" \
+       test "$out" = "$DOMAIN/$lcuser" || \
+	failed=$(expr $failed + 1)
+
 # Two separator characters should fail
 testit_expect_failure "name-to-sid.double-separator" \
 		      $wbinfo -n $DOMAIN//$DC_USERNAME || \
diff --git a/selftest/knownfail b/selftest/knownfail
index 750b5f51e3f..2674aeb560c 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -363,3 +363,4 @@
 ^samba.tests.ntlmdisabled.python\(ktest\).python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\)
 ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
 ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
+^samba3.wbinfo_name_lookup.Verify DOMAIN/USER output\(ad_member\)
-- 
2.17.0


From 2f66b8ba63e2979d6a008f248d9523d350fefb62 Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Mon, 11 Mar 2019 15:53:51 -0700
Subject: [PATCH 2/6] winbind: Query domain from msrpc name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
---
 source3/winbindd/winbindd_msrpc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
index 203fbc6b56a..69a049556dd 100644
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -226,6 +226,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
 	enum lsa_SidType *types = NULL;
 	char *full_name = NULL;
 	const char *names[1];
+	const char **domains;
 	NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
 	char *mapped_name = NULL;
 
@@ -260,7 +261,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
 	names[0] = full_name;
 
 	result = winbindd_lookup_names(mem_ctx, domain, 1,
-				       names, NULL,
+				       names, &domains,
 				       &sids, &types);
 	if (!NT_STATUS_IS_OK(result))
 		return result;
-- 
2.17.0


From 91d81a17e235d64177d2233f490d40f1d4162932 Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Mon, 11 Mar 2019 15:54:21 -0700
Subject: [PATCH 3/6] winbind: Query domain from winbind rpc name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
---
 source3/winbindd/winbindd_rpc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 6f7cb07f4e3..81f9f98a4bd 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -254,6 +254,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
 	struct dom_sid *sids = NULL;
 	char *full_name = NULL;
 	const char *names[1];
+	const char **domains;
 	char *mapped_name = NULL;
 	NTSTATUS status;
 
@@ -290,7 +291,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
 					 lsa_policy,
 					 1, /* num_names */
 					 names,
-					 NULL, /* domains */
+					 &domains,
 					 1, /* level */
 					 &sids,
 					 &types);
-- 
2.17.0


From 1e66126022245668f7873374c4bac3ead5cf8bda Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Mon, 11 Mar 2019 16:11:01 -0700
Subject: [PATCH 4/6] winbind: Return queried domain name from name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
---
 source3/winbindd/winbindd.h               |  1 +
 source3/winbindd/winbindd_ads.c           |  3 ++-
 source3/winbindd/winbindd_cache.c         |  2 +-
 source3/winbindd/winbindd_msrpc.c         | 12 ++++++++++++
 source3/winbindd/winbindd_reconnect.c     |  5 +++--
 source3/winbindd/winbindd_reconnect_ads.c |  5 +++--
 source3/winbindd/winbindd_rpc.c           | 12 ++++++++++++
 source3/winbindd/winbindd_rpc.h           |  1 +
 source3/winbindd/winbindd_samr.c          |  2 ++
 9 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index 7490d62a705..a72d6aa7830 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -225,6 +225,7 @@ struct winbindd_methods {
 				const char *domain_name,
 				const char *name,
 				uint32_t flags,
+				const char **pdom_name,
 				struct dom_sid *sid,
 				enum lsa_SidType *type);
 
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 4b5966dc237..5f20cfb7f76 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -558,11 +558,12 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
 			    const char *domain_name,
 			    const char *name,
 			    uint32_t flags,
+			    const char **pdom_name,
 			    struct dom_sid *sid,
 			    enum lsa_SidType *type)
 {
 	return msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name,
-					 flags, sid, type);
+					 flags, pdom_name, sid, type);
 }
 
 /* convert a domain SID to a user or group name - use rpc methods */
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index c686089d517..92a5e1d333b 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -1820,7 +1820,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
 
 	winbindd_domain_init_backend(domain);
 	status = domain->backend->name_to_sid(domain, mem_ctx, domain_name,
-					      name, flags, sid, type);
+					      name, flags, NULL, sid, type);
 
 	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
 		NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
index 69a049556dd..342f22cfde3 100644
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -218,6 +218,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
 				  const char *domain_name,
 				  const char *name,
 				  uint32_t flags,
+				  const char **pdom_name,
 				  struct dom_sid *sid,
 				  enum lsa_SidType *type)
 {
@@ -268,6 +269,17 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
 
 	/* Return rid and type if lookup successful */
 
+	if (pdom_name != NULL) {
+		const char *dom_name;
+
+		dom_name = talloc_strdup(mem_ctx, domains[0]);
+		if (dom_name == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		*pdom_name = dom_name;
+	}
+
 	sid_copy(sid, &sids[0]);
 	*type = types[0];
 
diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c
index 1d0e8e6d472..56741d4670e 100644
--- a/source3/winbindd/winbindd_reconnect.c
+++ b/source3/winbindd/winbindd_reconnect.c
@@ -131,18 +131,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
 			    const char *domain_name,
 			    const char *name,
 			    uint32_t flags,
+			    const char **pdom_name,
 			    struct dom_sid *sid,
 			    enum lsa_SidType *type)
 {
 	NTSTATUS result;
 
 	result = msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name,
-					   flags, sid, type);
+					   flags, pdom_name, sid, type);
 
 	if (reconnect_need_retry(result, domain))
 		result = msrpc_methods.name_to_sid(domain, mem_ctx,
 						   domain_name, name, flags,
-						   sid, type);
+						   pdom_name, sid, type);
 
 	return result;
 }
diff --git a/source3/winbindd/winbindd_reconnect_ads.c b/source3/winbindd/winbindd_reconnect_ads.c
index 0a0a14f6dd0..f77430572d0 100644
--- a/source3/winbindd/winbindd_reconnect_ads.c
+++ b/source3/winbindd/winbindd_reconnect_ads.c
@@ -137,18 +137,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
 			    const char *domain_name,
 			    const char *name,
 			    uint32_t flags,
+			    const char **pdom_name,
 			    struct dom_sid *sid,
 			    enum lsa_SidType *type)
 {
 	NTSTATUS result;
 
 	result = ads_methods.name_to_sid(domain, mem_ctx, domain_name, name,
-					 flags, sid, type);
+					 flags, pdom_name, sid, type);
 
 	if (reconnect_need_retry(result, domain)) {
 		result = ads_methods.name_to_sid(domain, mem_ctx,
 						 domain_name, name, flags,
-						 sid, type);
+						 pdom_name, sid, type);
 	}
 
 	return result;
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 81f9f98a4bd..ffbaabcfe49 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -247,6 +247,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
 			 const char *domain_name,
 			 const char *name,
 			 uint32_t flags,
+			 const char **pdom_name,
 			 struct dom_sid *sid,
 			 enum lsa_SidType *type)
 {
@@ -301,6 +302,17 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
 		return status;
 	}
 
+	if (pdom_name != NULL) {
+		const char *dom_name;
+
+		dom_name = talloc_strdup(mem_ctx, domains[0]);
+		if (dom_name == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		*pdom_name = dom_name;
+	}
+
 	sid_copy(sid, &sids[0]);
 	*type = types[0];
 
diff --git a/source3/winbindd/winbindd_rpc.h b/source3/winbindd/winbindd_rpc.h
index 162f1ef3329..a5cfe77f289 100644
--- a/source3/winbindd/winbindd_rpc.h
+++ b/source3/winbindd/winbindd_rpc.h
@@ -53,6 +53,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
 			 const char *domain_name,
 			 const char *name,
 			 uint32_t flags,
+			 const char **pdom_name,
 			 struct dom_sid *psid,
 			 enum lsa_SidType *ptype);
 
diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
index 3727e8fa39f..55626cc67ac 100644
--- a/source3/winbindd/winbindd_samr.c
+++ b/source3/winbindd/winbindd_samr.c
@@ -581,6 +581,7 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
 				   const char *domain_name,
 				   const char *name,
 				   uint32_t flags,
+				   const char **pdom_name,
 				   struct dom_sid *psid,
 				   enum lsa_SidType *ptype)
 {
@@ -615,6 +616,7 @@ again:
 				 domain_name,
 				 name,
 				 flags,
+				 pdom_name,
 				 &sid,
 				 &type);
 
-- 
2.17.0


From d54e15471a502fc81a6977e97c662c78910df60b Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Mon, 11 Mar 2019 16:14:02 -0700
Subject: [PATCH 5/6] winbind: Use domain name from lsa query for sid_to_name
 cache entry

When winbindd is asked to map a name like realm.com\name to a SID ,that
is sucessfully resolved through the lsa lookup name call. The same call
also returns the short domain name (netbios name of the domain). Use
that short domain name for the sid_to_name cache entry, so that
subsequent sid_to_name queries return the expected netbiosname\name
result and not realm.com\name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
---
 selftest/knownfail                | 1 -
 source3/winbindd/winbindd_cache.c | 5 +++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/selftest/knownfail b/selftest/knownfail
index 2674aeb560c..750b5f51e3f 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -363,4 +363,3 @@
 ^samba.tests.ntlmdisabled.python\(ktest\).python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\)
 ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
 ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
-^samba3.wbinfo_name_lookup.Verify DOMAIN/USER output\(ad_member\)
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 92a5e1d333b..abdfd11dc53 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -1794,6 +1794,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
 {
 	NTSTATUS status;
 	bool old_status;
+	const char *dom_name;
 
 	old_status = domain->online;
 
@@ -1820,7 +1821,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
 
 	winbindd_domain_init_backend(domain);
 	status = domain->backend->name_to_sid(domain, mem_ctx, domain_name,
-					      name, flags, NULL, sid, type);
+					      name, flags, &dom_name, sid, type);
 
 	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
 		NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
@@ -1855,7 +1856,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
 			}
 			(void)strlower_m(discard_const_p(char, name));
 			wcache_save_sid_to_name(domain, status, sid,
-						domain_name, name, save_type);
+						dom_name, name, save_type);
 		}
 	}
 
-- 
2.17.0


From 596dce12608c713e1e9f9c5d7ace3aa528a6cd5a Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Mon, 11 Mar 2019 16:25:42 -0700
Subject: [PATCH 6/6] nsswitch: Fix usage information of
 test_wbinfo_name_lookup.sh

Signed-off-by: Christof Schmitt <cs at samba.org>
---
 nsswitch/tests/test_wbinfo_name_lookup.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh
index ee8ae11f4b1..6cc52f8094c 100755
--- a/nsswitch/tests/test_wbinfo_name_lookup.sh
+++ b/nsswitch/tests/test_wbinfo_name_lookup.sh
@@ -1,8 +1,8 @@
 #!/bin/sh
 # Blackbox test for wbinfo name lookup
-if [ $# -lt 2 ]; then
+if [ $# -lt 3 ]; then
 cat <<EOF
-Usage: test_wbinfo.sh DOMAIN DC_USERNAME
+Usage: test_wbinfo.sh DOMAIN REALM DC_USERNAME
 EOF
 exit 1;
 fi
-- 
2.17.0



More information about the samba-technical mailing list