The branch, master has been updated via 0e789ba1802 idmap_nss: Do not return SID from unixids_to_sids on type mismatch via 79dd4b133c3 idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch via db2afa57e4a winbind: Only use unixid2sid mapping when module reports ID_MAPPED from 65510204d41 smbd: Ensure errno is preserved across fsp destructor
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 0e789ba1802ca22e5a01abd6e93ef66cd45566a7 Author: Christof Schmitt <c...@samba.org> Date: Fri Mar 5 16:07:54 2021 -0700 idmap_nss: Do not return SID from unixids_to_sids on type mismatch The call to winbind_lookup_name already wrote the result in the id_map array. The later check for the type detected a mismatch, but that did not remove the SID from the result struct. Change this by first assigning the SID to a temporary variable and only write it to the id_map array after the type checks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Autobuild-User(master): Volker Lendecke <v...@samba.org> Autobuild-Date(master): Thu Mar 11 08:38:41 UTC 2021 on sn-devel-184 commit 79dd4b133c37451c98fe7f7c45da881e89e91ffc Author: Christof Schmitt <c...@samba.org> Date: Fri Mar 5 16:01:13 2021 -0700 idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch The call to winbind_lookup_name already wrote the result in the id_map array. The later check for the type detected a mismatch, but that did not remove the SID from the result struct. Change this by first assigning the SID to a temporary variable and only write it to the id_map array after the type checks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663 Signed-off-by: Christof Schmitt <c...@samba.org> commit db2afa57e4aa926b478db1be4d693edbdf4d2a23 Author: Christof Schmitt <c...@samba.org> Date: Fri Mar 5 15:48:29 2021 -0700 winbind: Only use unixid2sid mapping when module reports ID_MAPPED Only consider a mapping to be valid when the idmap module reports ID_MAPPED. Otherwise return the null SID. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/winbindd/idmap_nss.c | 6 +++++- source3/winbindd/idmap_rfc2307.c | 4 +++- source3/winbindd/winbindd_dual_srv.c | 8 ++++++-- 3 files changed, 14 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/idmap_nss.c b/source3/winbindd/idmap_nss.c index 9e1efefeb24..da50e2b4aa7 100644 --- a/source3/winbindd/idmap_nss.c +++ b/source3/winbindd/idmap_nss.c @@ -25,6 +25,7 @@ #include "nsswitch/winbind_client.h" #include "idmap.h" #include "lib/winbind_util.h" +#include "libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_IDMAP @@ -55,6 +56,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma struct passwd *pw; struct group *gr; const char *name; + struct dom_sid sid; enum lsa_SidType type; bool ret; @@ -86,7 +88,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma the following call will not recurse so this is safe */ (void)winbind_on(); /* Lookup name from PDC using lsa_lookup_names() */ - ret = winbind_lookup_name(dom->name, name, ids[i]->sid, &type); + ret = winbind_lookup_name(dom->name, name, &sid, &type); (void)winbind_off(); if (!ret) { @@ -99,6 +101,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma switch (type) { case SID_NAME_USER: if (ids[i]->xid.type == ID_TYPE_UID) { + sid_copy(ids[i]->sid, &sid); ids[i]->status = ID_MAPPED; } break; @@ -107,6 +110,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma case SID_NAME_ALIAS: case SID_NAME_WKN_GRP: if (ids[i]->xid.type == ID_TYPE_GID) { + sid_copy(ids[i]->sid, &sid); ids[i]->status = ID_MAPPED; } break; diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c index 05259bf8344..4870ca30485 100644 --- a/source3/winbindd/idmap_rfc2307.c +++ b/source3/winbindd/idmap_rfc2307.c @@ -229,6 +229,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx, for (i = 0; i < count; i++) { char *name; + struct dom_sid sid; enum lsa_SidType lsa_type; struct id_map *map; uint32_t id; @@ -277,7 +278,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx, the following call will not recurse so this is safe */ (void)winbind_on(); /* Lookup name from PDC using lsa_lookup_names() */ - b = winbind_lookup_name(dom_name, name, map->sid, &lsa_type); + b = winbind_lookup_name(dom_name, name, &sid, &lsa_type); (void)winbind_off(); if (!b) { @@ -301,6 +302,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx, } map->status = ID_MAPPED; + sid_copy(map->sid, &sid); } } diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index ffd7bb957b2..32d11e1fa57 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -283,8 +283,12 @@ NTSTATUS _wbint_UnixIDs2Sids(struct pipes_struct *p, } for (i=0; i<r->in.num_ids; i++) { - r->out.xids[i] = maps[i]->xid; - sid_copy(&r->out.sids[i], maps[i]->sid); + if (maps[i]->status == ID_MAPPED) { + r->out.xids[i] = maps[i]->xid; + sid_copy(&r->out.sids[i], maps[i]->sid); + } else { + r->out.sids[i] = (struct dom_sid) { 0 }; + } } TALLOC_FREE(maps); -- Samba Shared Repository