getpwnam/uid for group with ID_TYPE_BOTH

Christof Schmitt cs at samba.org
Mon Sep 23 23:45:57 UTC 2019 

On Mon, Sep 23, 2019 at 11:43:35PM +0200, Stefan Metzmacher wrote:
> Hi Christof,
> 
> > The behavior of winbindd changed in regards to whether a group with
> > ID_TYPE_BOTH returns a fake user structure. This surfaced during a test
> > of creating files from a SMB client and then checking the ownership
> > directly on the file system.
> > 
> > make testenv SELFTEST_TESTENV=ad_member_idmap_rid
> > is an environment that provides ID_TYPE_BOTH for testing.
> > 
> > 4-5-test returns fake passwd information for the group:
> > 
> > $ getent passwd "$DOMAIN/Domain Users"
> > ADDOMAIN/domain users:*:2000513:2000513::/home/ADDOMAIN/domain
> > users:/bin/false
> > $ echo $?
> > 0
> > 
> > $ getent passwd 2000513
> > ADDOMAIN/domain users:*:2000513:2000513::/home/ADDOMAIN/domain
> > users:/bin/false
> > $ echo $?
> > 0
> > 
> > $ ls -l testfile
> > -rw-rw-r--. 1 ADDOMAIN/domain users ADDOMAIN/domain admins 0 Sep 23
> > 12:24 testfile
> > 
> > 
> > 4-6-test no longer does this:
> > 
> > $ getent passwd "$DOMAIN/Domain Users"
> > $ echo $?
> > 2
> > 
> > $ getent passwd 2000513
> > $ echo $?
> > 2
> > 
> > $ ls -l testfile
> > -rw-r--r--. 1 2000513 ADDOMAIN/domain admins 0 Sep 23 12:30 testfile
> > 
> > It looks like the behavior was introduced for Samba 4.5 through commit
> > 394622ef8c916cf361f8596dba4664dc8d6bfc9e
> >     s3:winbindd: change getpwsid() to return a passwd struct for a group
> > sid id-mapped with ID_TYPE_BOTH
> > 
> > and then changed for Samba 4.6 through the patches around
> > bce19a6efe11980933531f0349c8f5212419366a
> >     winbind: Restructure wb_getpwsid
> > 
> > What is the intended behavior here? Returning a fake passwd for the
> > group makes the "ls -l" output nicer as no manual lookup of the uid to
> > the group is required. On the other hand, creating fake user information
> > might cause problems elsewhere.
> > 
> > What are other's opinions around this? I am planning to add a testcase
> > to ensure that this does not change again, but i would like to
> > understand first whether winbindd should behave as in Samba 4.5 or in
> > the newer releases.
> 
> The 4.5 behavior is what we want,
> see also https://gitlab.com/samba-team/samba/merge_requests/621
> 
> We should fix merge that, could you come up with a simple testcase
> to that we don't regress on this again?
> 
> Then we need a bug report for backports.

Thank you. I will take a look at the merge request and write a testcase.

Christof

More information about the samba-technical mailing list