The branch, v4-9-test has been updated via 03a91bf0a15 winbind: Use domain name from lsa query for sid_to_name cache entry via b3876c300b3 winbind: Return queried domain name from name_to_sid via b5c442b76c4 winbind: Query domain from winbind sam_name_to_sid via ef63526b322 winbind: Query domain from winbind rpc name_to_sid via cc3ca17a7b9 winbind: Query domain from msrpc name_to_sid via d012a7e875b nsswitch: Add testcase for checking output of wbinfo --sid-to-name from a9f7f1f7433 VERSION: Bump version up to 4.9.9.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log ----------------------------------------------------------------- commit 03a91bf0a15b853ab31091185656b90d086c5687 Author: Christof Schmitt <c...@samba.org> Date: Mon Mar 11 16:14:02 2019 -0700 winbind: Use domain name from lsa query for sid_to_name cache entry When winbindd is asked to map a name like realm.com\name to a SID ,that is sucessfully resolved through the lsa lookup name call. The same call also returns the short domain name (netbios name of the domain). Use that short domain name for the sid_to_name cache entry, so that subsequent sid_to_name queries return the expected netbiosname\name result and not realm.com\name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit aec9bda25f10ca2710d91fb680cca7904e92f9de) Autobuild-User(v4-9-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-9-test): Wed May 15 14:18:45 UTC 2019 on sn-devel-144 commit b3876c300b3d0090933c65272cd374dc40a607e6 Author: Christof Schmitt <c...@samba.org> Date: Mon Mar 11 16:11:01 2019 -0700 winbind: Return queried domain name from name_to_sid BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 640e0ef4fd338ddf03b813a8d45cce67c7ec7a01) commit b5c442b76c413ce3c596bdc07805e04345489fcd Author: Christof Schmitt <c...@samba.org> Date: Thu Mar 14 10:30:45 2019 -0700 winbind: Query domain from winbind sam_name_to_sid BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 32e3f0663be39cf4a81639c818fc88e959791673) commit ef63526b322af68b67ba9a70c7641730ee5c2def Author: Christof Schmitt <c...@samba.org> Date: Mon Mar 11 15:54:21 2019 -0700 winbind: Query domain from winbind rpc name_to_sid BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 562551c0886bdef1f97059e16d375c2e97452b45) commit cc3ca17a7b913df73321aa62f76e5d231d804a45 Author: Christof Schmitt <c...@samba.org> Date: Mon Mar 11 15:53:51 2019 -0700 winbind: Query domain from msrpc name_to_sid BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 60b0e91237179b8782c4bd83b9579f51d5af2928) commit d012a7e875bea0de16cac69adb99507ba9151d17 Author: Christof Schmitt <c...@samba.org> Date: Mon Mar 11 16:26:48 2019 -0700 nsswitch: Add testcase for checking output of wbinfo --sid-to-name The username should always be returned in the DOMAISHORTNAME/USERNAME format. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit d006c769a9cad275339b18b08e13d48acb29d7fc) ----------------------------------------------------------------------- Summary of changes: nsswitch/tests/test_wbinfo_name_lookup.sh | 15 +++++++++++++++ source3/winbindd/winbindd.h | 1 + source3/winbindd/winbindd_ads.c | 3 ++- source3/winbindd/winbindd_cache.c | 5 +++-- source3/winbindd/winbindd_msrpc.c | 15 ++++++++++++++- source3/winbindd/winbindd_reconnect.c | 5 +++-- source3/winbindd/winbindd_reconnect_ads.c | 5 +++-- source3/winbindd/winbindd_rpc.c | 15 ++++++++++++++- source3/winbindd/winbindd_rpc.h | 1 + source3/winbindd/winbindd_samr.c | 11 +++++++++++ 10 files changed, 67 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh index c1d39c1a602..ee8ae11f4b1 100755 --- a/nsswitch/tests/test_wbinfo_name_lookup.sh +++ b/nsswitch/tests/test_wbinfo_name_lookup.sh @@ -31,6 +31,21 @@ testit "name-to-sid.upn" \ $wbinfo -n $DC_USERNAME@$REALM || \ failed=$(expr $failed + 1) +testit "name-to-sid.realm-user" \ + $wbinfo -n $REALM/$DC_USERNAME || \ + failed=$(expr $failed + 1) + +# For the name-to-sid.realm-user query, ensure +# that this does not change subsequent sid-to-name +# queries. +sid=$($wbinfo -n $REALM/$DC_USERNAME | sed -e 's/ .*//') +out=$($wbinfo -s $sid | sed -e 's/ .//') +# winbindd returns usernames in lowercase +lcuser=$(echo $DC_USERNAME | tr A-Z a-z) +testit "Verify DOMAIN/USER output" \ + test "$out" = "$DOMAIN/$lcuser" || \ + failed=$(expr $failed + 1) + # Two separator characters should fail testit_expect_failure "name-to-sid.double-separator" \ $wbinfo -n $DOMAIN//$DC_USERNAME || \ diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h index 57371765484..292deacca85 100644 --- a/source3/winbindd/winbindd.h +++ b/source3/winbindd/winbindd.h @@ -224,6 +224,7 @@ struct winbindd_methods { const char *domain_name, const char *name, uint32_t flags, + const char **pdom_name, struct dom_sid *sid, enum lsa_SidType *type); diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 76d6a304366..eafb19eee39 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -558,11 +558,12 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, const char *domain_name, const char *name, uint32_t flags, + const char **pdom_name, struct dom_sid *sid, enum lsa_SidType *type) { return msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name, - flags, sid, type); + flags, pdom_name, sid, type); } /* convert a domain SID to a user or group name - use rpc methods */ diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index b0644d38761..1af3d929e49 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -1792,6 +1792,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain, { NTSTATUS status; bool old_status; + const char *dom_name; old_status = domain->online; @@ -1818,7 +1819,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain, winbindd_domain_init_backend(domain); status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, - name, flags, sid, type); + name, flags, &dom_name, sid, type); if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) || NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) { @@ -1853,7 +1854,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain, } (void)strlower_m(discard_const_p(char, name)); wcache_save_sid_to_name(domain, status, sid, - domain_name, name, save_type); + dom_name, name, save_type); } } diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index eb400f0ebf3..17148806b24 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -218,6 +218,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, const char *domain_name, const char *name, uint32_t flags, + const char **pdom_name, struct dom_sid *sid, enum lsa_SidType *type) { @@ -226,6 +227,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, enum lsa_SidType *types = NULL; char *full_name = NULL; const char *names[1]; + const char **domains; NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL; char *mapped_name = NULL; @@ -260,13 +262,24 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, names[0] = full_name; result = winbindd_lookup_names(mem_ctx, domain, 1, - names, NULL, + names, &domains, &sids, &types); if (!NT_STATUS_IS_OK(result)) return result; /* Return rid and type if lookup successful */ + if (pdom_name != NULL) { + const char *dom_name; + + dom_name = talloc_strdup(mem_ctx, domains[0]); + if (dom_name == NULL) { + return NT_STATUS_NO_MEMORY; + } + + *pdom_name = dom_name; + } + sid_copy(sid, &sids[0]); *type = types[0]; diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c index 1d0e8e6d472..56741d4670e 100644 --- a/source3/winbindd/winbindd_reconnect.c +++ b/source3/winbindd/winbindd_reconnect.c @@ -131,18 +131,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, const char *domain_name, const char *name, uint32_t flags, + const char **pdom_name, struct dom_sid *sid, enum lsa_SidType *type) { NTSTATUS result; result = msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name, - flags, sid, type); + flags, pdom_name, sid, type); if (reconnect_need_retry(result, domain)) result = msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name, flags, - sid, type); + pdom_name, sid, type); return result; } diff --git a/source3/winbindd/winbindd_reconnect_ads.c b/source3/winbindd/winbindd_reconnect_ads.c index 0a0a14f6dd0..f77430572d0 100644 --- a/source3/winbindd/winbindd_reconnect_ads.c +++ b/source3/winbindd/winbindd_reconnect_ads.c @@ -137,18 +137,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, const char *domain_name, const char *name, uint32_t flags, + const char **pdom_name, struct dom_sid *sid, enum lsa_SidType *type) { NTSTATUS result; result = ads_methods.name_to_sid(domain, mem_ctx, domain_name, name, - flags, sid, type); + flags, pdom_name, sid, type); if (reconnect_need_retry(result, domain)) { result = ads_methods.name_to_sid(domain, mem_ctx, domain_name, name, flags, - sid, type); + pdom_name, sid, type); } return result; diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index f50fb8fa5db..2bd1c7155e0 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -239,6 +239,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, const char *domain_name, const char *name, uint32_t flags, + const char **pdom_name, struct dom_sid *sid, enum lsa_SidType *type) { @@ -246,6 +247,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, struct dom_sid *sids = NULL; char *full_name = NULL; const char *names[1]; + const char **domains; char *mapped_name = NULL; NTSTATUS status; @@ -282,7 +284,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, lsa_policy, 1, /* num_names */ names, - NULL, /* domains */ + &domains, 1, /* level */ &sids, &types); @@ -292,6 +294,17 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, return status; } + if (pdom_name != NULL) { + const char *dom_name; + + dom_name = talloc_strdup(mem_ctx, domains[0]); + if (dom_name == NULL) { + return NT_STATUS_NO_MEMORY; + } + + *pdom_name = dom_name; + } + sid_copy(sid, &sids[0]); *type = types[0]; diff --git a/source3/winbindd/winbindd_rpc.h b/source3/winbindd/winbindd_rpc.h index 162f1ef3329..a5cfe77f289 100644 --- a/source3/winbindd/winbindd_rpc.h +++ b/source3/winbindd/winbindd_rpc.h @@ -53,6 +53,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, const char *domain_name, const char *name, uint32_t flags, + const char **pdom_name, struct dom_sid *psid, enum lsa_SidType *ptype); diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c index 31720d54997..55af168dabf 100644 --- a/source3/winbindd/winbindd_samr.c +++ b/source3/winbindd/winbindd_samr.c @@ -581,12 +581,14 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain, const char *domain_name, const char *name, uint32_t flags, + const char **pdom_name, struct dom_sid *psid, enum lsa_SidType *ptype) { struct rpc_pipe_client *lsa_pipe; struct policy_handle lsa_policy = { 0 }; struct dom_sid sid; + const char *dom_name; enum lsa_SidType type; TALLOC_CTX *tmp_ctx; NTSTATUS status; @@ -615,6 +617,7 @@ again: domain_name, name, flags, + &dom_name, &sid, &type); @@ -627,6 +630,14 @@ again: goto done; } + if (pdom_name != NULL) { + *pdom_name = talloc_strdup(mem_ctx, dom_name); + if (*pdom_name == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + } + if (psid) { sid_copy(psid, &sid); } -- Samba Shared Repository