The branch, master has been updated
       via  0e789ba1802 idmap_nss: Do not return SID from unixids_to_sids on 
type mismatch
       via  79dd4b133c3 idmap_rfc2307: Do not return SID from unixids_to_sids 
on type mismatch
       via  db2afa57e4a winbind: Only use unixid2sid mapping when module 
reports ID_MAPPED
      from  65510204d41 smbd: Ensure errno is preserved across fsp destructor

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 0e789ba1802ca22e5a01abd6e93ef66cd45566a7
Author: Christof Schmitt <c...@samba.org>
Date:   Fri Mar 5 16:07:54 2021 -0700

    idmap_nss: Do not return SID from unixids_to_sids on type mismatch
    
    The call to winbind_lookup_name already wrote the result in the id_map
    array. The later check for the type detected a mismatch, but that did
    not remove the SID from the result struct.
    
    Change this by first assigning the SID to a temporary variable and only
    write it to the id_map array after the type checks.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
    
    Signed-off-by: Christof Schmitt <c...@samba.org>
    Reviewed-by: Volker Lendecke <v...@samba.org>
    
    Autobuild-User(master): Volker Lendecke <v...@samba.org>
    Autobuild-Date(master): Thu Mar 11 08:38:41 UTC 2021 on sn-devel-184

commit 79dd4b133c37451c98fe7f7c45da881e89e91ffc
Author: Christof Schmitt <c...@samba.org>
Date:   Fri Mar 5 16:01:13 2021 -0700

    idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch
    
    The call to winbind_lookup_name already wrote the result in the id_map
    array. The later check for the type detected a mismatch, but that did
    not remove the SID from the result struct.
    
    Change this by first assigning the SID to a temporary variable and only
    write it to the id_map array after the type checks.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
    
    Signed-off-by: Christof Schmitt <c...@samba.org>

commit db2afa57e4aa926b478db1be4d693edbdf4d2a23
Author: Christof Schmitt <c...@samba.org>
Date:   Fri Mar 5 15:48:29 2021 -0700

    winbind: Only use unixid2sid mapping when module reports ID_MAPPED
    
    Only consider a mapping to be valid when the idmap module reports
    ID_MAPPED. Otherwise return the null SID.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
    
    Signed-off-by: Christof Schmitt <c...@samba.org>
    Reviewed-by: Volker Lendecke <v...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/winbindd/idmap_nss.c         | 6 +++++-
 source3/winbindd/idmap_rfc2307.c     | 4 +++-
 source3/winbindd/winbindd_dual_srv.c | 8 ++++++--
 3 files changed, 14 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/idmap_nss.c b/source3/winbindd/idmap_nss.c
index 9e1efefeb24..da50e2b4aa7 100644
--- a/source3/winbindd/idmap_nss.c
+++ b/source3/winbindd/idmap_nss.c
@@ -25,6 +25,7 @@
 #include "nsswitch/winbind_client.h"
 #include "idmap.h"
 #include "lib/winbind_util.h"
+#include "libcli/security/dom_sid.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_IDMAP
@@ -55,6 +56,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain 
*dom, struct id_ma
                struct passwd *pw;
                struct group *gr;
                const char *name;
+               struct dom_sid sid;
                enum lsa_SidType type;
                bool ret;
 
@@ -86,7 +88,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain 
*dom, struct id_ma
                   the following call will not recurse so this is safe */
                (void)winbind_on();
                /* Lookup name from PDC using lsa_lookup_names() */
-               ret = winbind_lookup_name(dom->name, name, ids[i]->sid, &type);
+               ret = winbind_lookup_name(dom->name, name, &sid, &type);
                (void)winbind_off();
 
                if (!ret) {
@@ -99,6 +101,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct 
idmap_domain *dom, struct id_ma
                switch (type) {
                case SID_NAME_USER:
                        if (ids[i]->xid.type == ID_TYPE_UID) {
+                               sid_copy(ids[i]->sid, &sid);
                                ids[i]->status = ID_MAPPED;
                        }
                        break;
@@ -107,6 +110,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct 
idmap_domain *dom, struct id_ma
                case SID_NAME_ALIAS:
                case SID_NAME_WKN_GRP:
                        if (ids[i]->xid.type == ID_TYPE_GID) {
+                               sid_copy(ids[i]->sid, &sid);
                                ids[i]->status = ID_MAPPED;
                        }
                        break;
diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
index 05259bf8344..4870ca30485 100644
--- a/source3/winbindd/idmap_rfc2307.c
+++ b/source3/winbindd/idmap_rfc2307.c
@@ -229,6 +229,7 @@ static void idmap_rfc2307_map_sid_results(struct 
idmap_rfc2307_context *ctx,
 
        for (i = 0; i < count; i++) {
                char *name;
+               struct dom_sid sid;
                enum lsa_SidType lsa_type;
                struct id_map *map;
                uint32_t id;
@@ -277,7 +278,7 @@ static void idmap_rfc2307_map_sid_results(struct 
idmap_rfc2307_context *ctx,
                   the following call will not recurse so this is safe */
                (void)winbind_on();
                /* Lookup name from PDC using lsa_lookup_names() */
-               b = winbind_lookup_name(dom_name, name, map->sid, &lsa_type);
+               b = winbind_lookup_name(dom_name, name, &sid, &lsa_type);
                (void)winbind_off();
 
                if (!b) {
@@ -301,6 +302,7 @@ static void idmap_rfc2307_map_sid_results(struct 
idmap_rfc2307_context *ctx,
                }
 
                map->status = ID_MAPPED;
+               sid_copy(map->sid, &sid);
        }
 }
 
diff --git a/source3/winbindd/winbindd_dual_srv.c 
b/source3/winbindd/winbindd_dual_srv.c
index ffd7bb957b2..32d11e1fa57 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -283,8 +283,12 @@ NTSTATUS _wbint_UnixIDs2Sids(struct pipes_struct *p,
        }
 
        for (i=0; i<r->in.num_ids; i++) {
-               r->out.xids[i] = maps[i]->xid;
-               sid_copy(&r->out.sids[i], maps[i]->sid);
+               if (maps[i]->status == ID_MAPPED) {
+                       r->out.xids[i] = maps[i]->xid;
+                       sid_copy(&r->out.sids[i], maps[i]->sid);
+               } else {
+                       r->out.sids[i] = (struct dom_sid) { 0 };
+               }
        }
 
        TALLOC_FREE(maps);


-- 
Samba Shared Repository

Reply via email to