[PATCHES BUG 13831] winbind: Use domain name from lsa query for sid_to_name
Christof Schmitt
cs at samba.org
Fri Apr 5 21:24:15 UTC 2019
The pipeline also passed. Any reviewers?
Christof
On Thu, Mar 14, 2019 at 10:40:19AM -0700, Christof Schmitt via samba-technical wrote:
> New pipeline run: https://gitlab.com/samba-team/devel/samba/pipelines/51900262
>
> Christof
> From 030f2de3fe755a682c67e4957436aa86744a144e Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Mon, 11 Mar 2019 16:26:48 -0700
> Subject: [PATCH 1/7] nsswitch: Add testcase for checking output of wbinfo
> --sid-to-name
>
> The username should always be returned in the DOMAISHORTNAME/USERNAME
> format.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
>
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
> nsswitch/tests/test_wbinfo_name_lookup.sh | 15 +++++++++++++++
> selftest/knownfail | 1 +
> 2 files changed, 16 insertions(+)
>
> diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh
> index c1d39c1a602..ee8ae11f4b1 100755
> --- a/nsswitch/tests/test_wbinfo_name_lookup.sh
> +++ b/nsswitch/tests/test_wbinfo_name_lookup.sh
> @@ -31,6 +31,21 @@ testit "name-to-sid.upn" \
> $wbinfo -n $DC_USERNAME@$REALM || \
> failed=$(expr $failed + 1)
>
> +testit "name-to-sid.realm-user" \
> + $wbinfo -n $REALM/$DC_USERNAME || \
> + failed=$(expr $failed + 1)
> +
> +# For the name-to-sid.realm-user query, ensure
> +# that this does not change subsequent sid-to-name
> +# queries.
> +sid=$($wbinfo -n $REALM/$DC_USERNAME | sed -e 's/ .*//')
> +out=$($wbinfo -s $sid | sed -e 's/ .//')
> +# winbindd returns usernames in lowercase
> +lcuser=$(echo $DC_USERNAME | tr A-Z a-z)
> +testit "Verify DOMAIN/USER output" \
> + test "$out" = "$DOMAIN/$lcuser" || \
> + failed=$(expr $failed + 1)
> +
> # Two separator characters should fail
> testit_expect_failure "name-to-sid.double-separator" \
> $wbinfo -n $DOMAIN//$DC_USERNAME || \
> diff --git a/selftest/knownfail b/selftest/knownfail
> index 750b5f51e3f..2674aeb560c 100644
> --- a/selftest/knownfail
> +++ b/selftest/knownfail
> @@ -363,3 +363,4 @@
> ^samba.tests.ntlmdisabled.python\(ktest\).python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\)
> ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
> ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
> +^samba3.wbinfo_name_lookup.Verify DOMAIN/USER output\(ad_member\)
> --
> 2.17.0
>
>
> From 2f66b8ba63e2979d6a008f248d9523d350fefb62 Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Mon, 11 Mar 2019 15:53:51 -0700
> Subject: [PATCH 2/7] winbind: Query domain from msrpc name_to_sid
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
>
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
> source3/winbindd/winbindd_msrpc.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
> index 203fbc6b56a..69a049556dd 100644
> --- a/source3/winbindd/winbindd_msrpc.c
> +++ b/source3/winbindd/winbindd_msrpc.c
> @@ -226,6 +226,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
> enum lsa_SidType *types = NULL;
> char *full_name = NULL;
> const char *names[1];
> + const char **domains;
> NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
> char *mapped_name = NULL;
>
> @@ -260,7 +261,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
> names[0] = full_name;
>
> result = winbindd_lookup_names(mem_ctx, domain, 1,
> - names, NULL,
> + names, &domains,
> &sids, &types);
> if (!NT_STATUS_IS_OK(result))
> return result;
> --
> 2.17.0
>
>
> From 91d81a17e235d64177d2233f490d40f1d4162932 Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Mon, 11 Mar 2019 15:54:21 -0700
> Subject: [PATCH 3/7] winbind: Query domain from winbind rpc name_to_sid
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
>
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
> source3/winbindd/winbindd_rpc.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
> index 6f7cb07f4e3..81f9f98a4bd 100644
> --- a/source3/winbindd/winbindd_rpc.c
> +++ b/source3/winbindd/winbindd_rpc.c
> @@ -254,6 +254,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
> struct dom_sid *sids = NULL;
> char *full_name = NULL;
> const char *names[1];
> + const char **domains;
> char *mapped_name = NULL;
> NTSTATUS status;
>
> @@ -290,7 +291,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
> lsa_policy,
> 1, /* num_names */
> names,
> - NULL, /* domains */
> + &domains,
> 1, /* level */
> &sids,
> &types);
> --
> 2.17.0
>
>
> From c319b9b813514253a7e48a6e77009b8882d30fd8 Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Thu, 14 Mar 2019 10:30:45 -0700
> Subject: [PATCH 4/7] winbind: Query domain from winbind sam_name_to_sid
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
>
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
> source3/winbindd/winbindd_samr.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
> index 3727e8fa39f..35e7febceff 100644
> --- a/source3/winbindd/winbindd_samr.c
> +++ b/source3/winbindd/winbindd_samr.c
> @@ -587,6 +587,7 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
> struct rpc_pipe_client *lsa_pipe;
> struct policy_handle lsa_policy = { 0 };
> struct dom_sid sid;
> + const char *dom_name;
> enum lsa_SidType type;
> TALLOC_CTX *tmp_ctx;
> NTSTATUS status;
> @@ -615,6 +616,7 @@ again:
> domain_name,
> name,
> flags,
> + &dom_name,
> &sid,
> &type);
>
> --
> 2.17.0
>
>
> From 63657ce92a2523aa4052d966b97b6b5c6b3f50d8 Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Mon, 11 Mar 2019 16:11:01 -0700
> Subject: [PATCH 5/7] winbind: Return queried domain name from name_to_sid
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
>
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
> source3/winbindd/winbindd.h | 1 +
> source3/winbindd/winbindd_ads.c | 3 ++-
> source3/winbindd/winbindd_cache.c | 2 +-
> source3/winbindd/winbindd_msrpc.c | 12 ++++++++++++
> source3/winbindd/winbindd_reconnect.c | 5 +++--
> source3/winbindd/winbindd_reconnect_ads.c | 5 +++--
> source3/winbindd/winbindd_rpc.c | 12 ++++++++++++
> source3/winbindd/winbindd_rpc.h | 1 +
> source3/winbindd/winbindd_samr.c | 9 +++++++++
> 9 files changed, 44 insertions(+), 6 deletions(-)
>
> diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
> index 7490d62a705..a72d6aa7830 100644
> --- a/source3/winbindd/winbindd.h
> +++ b/source3/winbindd/winbindd.h
> @@ -225,6 +225,7 @@ struct winbindd_methods {
> const char *domain_name,
> const char *name,
> uint32_t flags,
> + const char **pdom_name,
> struct dom_sid *sid,
> enum lsa_SidType *type);
>
> diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
> index 4b5966dc237..5f20cfb7f76 100644
> --- a/source3/winbindd/winbindd_ads.c
> +++ b/source3/winbindd/winbindd_ads.c
> @@ -558,11 +558,12 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
> const char *domain_name,
> const char *name,
> uint32_t flags,
> + const char **pdom_name,
> struct dom_sid *sid,
> enum lsa_SidType *type)
> {
> return msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name,
> - flags, sid, type);
> + flags, pdom_name, sid, type);
> }
>
> /* convert a domain SID to a user or group name - use rpc methods */
> diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
> index c686089d517..92a5e1d333b 100644
> --- a/source3/winbindd/winbindd_cache.c
> +++ b/source3/winbindd/winbindd_cache.c
> @@ -1820,7 +1820,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
>
> winbindd_domain_init_backend(domain);
> status = domain->backend->name_to_sid(domain, mem_ctx, domain_name,
> - name, flags, sid, type);
> + name, flags, NULL, sid, type);
>
> if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
> NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
> diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
> index 69a049556dd..342f22cfde3 100644
> --- a/source3/winbindd/winbindd_msrpc.c
> +++ b/source3/winbindd/winbindd_msrpc.c
> @@ -218,6 +218,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
> const char *domain_name,
> const char *name,
> uint32_t flags,
> + const char **pdom_name,
> struct dom_sid *sid,
> enum lsa_SidType *type)
> {
> @@ -268,6 +269,17 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
>
> /* Return rid and type if lookup successful */
>
> + if (pdom_name != NULL) {
> + const char *dom_name;
> +
> + dom_name = talloc_strdup(mem_ctx, domains[0]);
> + if (dom_name == NULL) {
> + return NT_STATUS_NO_MEMORY;
> + }
> +
> + *pdom_name = dom_name;
> + }
> +
> sid_copy(sid, &sids[0]);
> *type = types[0];
>
> diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c
> index 1d0e8e6d472..56741d4670e 100644
> --- a/source3/winbindd/winbindd_reconnect.c
> +++ b/source3/winbindd/winbindd_reconnect.c
> @@ -131,18 +131,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
> const char *domain_name,
> const char *name,
> uint32_t flags,
> + const char **pdom_name,
> struct dom_sid *sid,
> enum lsa_SidType *type)
> {
> NTSTATUS result;
>
> result = msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name,
> - flags, sid, type);
> + flags, pdom_name, sid, type);
>
> if (reconnect_need_retry(result, domain))
> result = msrpc_methods.name_to_sid(domain, mem_ctx,
> domain_name, name, flags,
> - sid, type);
> + pdom_name, sid, type);
>
> return result;
> }
> diff --git a/source3/winbindd/winbindd_reconnect_ads.c b/source3/winbindd/winbindd_reconnect_ads.c
> index 0a0a14f6dd0..f77430572d0 100644
> --- a/source3/winbindd/winbindd_reconnect_ads.c
> +++ b/source3/winbindd/winbindd_reconnect_ads.c
> @@ -137,18 +137,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
> const char *domain_name,
> const char *name,
> uint32_t flags,
> + const char **pdom_name,
> struct dom_sid *sid,
> enum lsa_SidType *type)
> {
> NTSTATUS result;
>
> result = ads_methods.name_to_sid(domain, mem_ctx, domain_name, name,
> - flags, sid, type);
> + flags, pdom_name, sid, type);
>
> if (reconnect_need_retry(result, domain)) {
> result = ads_methods.name_to_sid(domain, mem_ctx,
> domain_name, name, flags,
> - sid, type);
> + pdom_name, sid, type);
> }
>
> return result;
> diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
> index 81f9f98a4bd..ffbaabcfe49 100644
> --- a/source3/winbindd/winbindd_rpc.c
> +++ b/source3/winbindd/winbindd_rpc.c
> @@ -247,6 +247,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
> const char *domain_name,
> const char *name,
> uint32_t flags,
> + const char **pdom_name,
> struct dom_sid *sid,
> enum lsa_SidType *type)
> {
> @@ -301,6 +302,17 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
> return status;
> }
>
> + if (pdom_name != NULL) {
> + const char *dom_name;
> +
> + dom_name = talloc_strdup(mem_ctx, domains[0]);
> + if (dom_name == NULL) {
> + return NT_STATUS_NO_MEMORY;
> + }
> +
> + *pdom_name = dom_name;
> + }
> +
> sid_copy(sid, &sids[0]);
> *type = types[0];
>
> diff --git a/source3/winbindd/winbindd_rpc.h b/source3/winbindd/winbindd_rpc.h
> index 162f1ef3329..a5cfe77f289 100644
> --- a/source3/winbindd/winbindd_rpc.h
> +++ b/source3/winbindd/winbindd_rpc.h
> @@ -53,6 +53,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
> const char *domain_name,
> const char *name,
> uint32_t flags,
> + const char **pdom_name,
> struct dom_sid *psid,
> enum lsa_SidType *ptype);
>
> diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
> index 35e7febceff..396e2c97709 100644
> --- a/source3/winbindd/winbindd_samr.c
> +++ b/source3/winbindd/winbindd_samr.c
> @@ -581,6 +581,7 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
> const char *domain_name,
> const char *name,
> uint32_t flags,
> + const char **pdom_name,
> struct dom_sid *psid,
> enum lsa_SidType *ptype)
> {
> @@ -629,6 +630,14 @@ again:
> goto done;
> }
>
> + if (pdom_name != NULL) {
> + *pdom_name = talloc_strdup(mem_ctx, dom_name);
> + if (*pdom_name == NULL) {
> + status = NT_STATUS_NO_MEMORY;
> + goto done;
> + }
> + }
> +
> if (psid) {
> sid_copy(psid, &sid);
> }
> --
> 2.17.0
>
>
> From 79150d79f70c79e4b36a47a332e2e4c9ae31852c Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Mon, 11 Mar 2019 16:14:02 -0700
> Subject: [PATCH 6/7] winbind: Use domain name from lsa query for sid_to_name
> cache entry
>
> When winbindd is asked to map a name like realm.com\name to a SID ,that
> is sucessfully resolved through the lsa lookup name call. The same call
> also returns the short domain name (netbios name of the domain). Use
> that short domain name for the sid_to_name cache entry, so that
> subsequent sid_to_name queries return the expected netbiosname\name
> result and not realm.com\name.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
>
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
> selftest/knownfail | 1 -
> source3/winbindd/winbindd_cache.c | 5 +++--
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/selftest/knownfail b/selftest/knownfail
> index 2674aeb560c..750b5f51e3f 100644
> --- a/selftest/knownfail
> +++ b/selftest/knownfail
> @@ -363,4 +363,3 @@
> ^samba.tests.ntlmdisabled.python\(ktest\).python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\)
> ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
> ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
> -^samba3.wbinfo_name_lookup.Verify DOMAIN/USER output\(ad_member\)
> diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
> index 92a5e1d333b..abdfd11dc53 100644
> --- a/source3/winbindd/winbindd_cache.c
> +++ b/source3/winbindd/winbindd_cache.c
> @@ -1794,6 +1794,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
> {
> NTSTATUS status;
> bool old_status;
> + const char *dom_name;
>
> old_status = domain->online;
>
> @@ -1820,7 +1821,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
>
> winbindd_domain_init_backend(domain);
> status = domain->backend->name_to_sid(domain, mem_ctx, domain_name,
> - name, flags, NULL, sid, type);
> + name, flags, &dom_name, sid, type);
>
> if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
> NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
> @@ -1855,7 +1856,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
> }
> (void)strlower_m(discard_const_p(char, name));
> wcache_save_sid_to_name(domain, status, sid,
> - domain_name, name, save_type);
> + dom_name, name, save_type);
> }
> }
>
> --
> 2.17.0
>
>
> From 8d9c09d276fb4e9e1b292f1d420d42e1d1c99945 Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Mon, 11 Mar 2019 16:25:42 -0700
> Subject: [PATCH 7/7] nsswitch: Fix usage information of
> test_wbinfo_name_lookup.sh
>
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
> nsswitch/tests/test_wbinfo_name_lookup.sh | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh
> index ee8ae11f4b1..6cc52f8094c 100755
> --- a/nsswitch/tests/test_wbinfo_name_lookup.sh
> +++ b/nsswitch/tests/test_wbinfo_name_lookup.sh
> @@ -1,8 +1,8 @@
> #!/bin/sh
> # Blackbox test for wbinfo name lookup
> -if [ $# -lt 2 ]; then
> +if [ $# -lt 3 ]; then
> cat <<EOF
> -Usage: test_wbinfo.sh DOMAIN DC_USERNAME
> +Usage: test_wbinfo.sh DOMAIN REALM DC_USERNAME
> EOF
> exit 1;
> fi
> --
> 2.17.0
>
More information about the samba-technical
mailing list