The branch, master has been updated
via 3ae8053f6bc s3:winbind: Delegate normalize_name_map to the idmap
child
via c332c911c9e winbind.idl: Add wbint_NormalizeNameUnmap
via 9e7d8a96814 winbind.idl: Add wbint_NormalizeNameMap
from 57a57a189bd lib/torture: assert that a test doesn't create new
talloc children of context->ev
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3ae8053f6bce3ac8e701fa6d1ea90595ea50a9d0
Author: Samuel Cabrero <[email protected]>
Date: Fri Apr 25 16:44:16 2025 +0200
s3:winbind: Delegate normalize_name_map to the idmap child
Delegate mapping to the idmap child to avoid blocking.
Signed-off-by: Samuel Cabrero <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
Autobuild-User(master): Samuel Cabrero <[email protected]>
Autobuild-Date(master): Thu May 22 13:41:43 UTC 2025 on atb-devel-224
commit c332c911c9e65ffd8b7f112bf2339f91a7bd2184
Author: Samuel Cabrero <[email protected]>
Date: Fri Apr 25 18:34:42 2025 +0200
winbind.idl: Add wbint_NormalizeNameUnmap
normalize_name_unmap(), depending on the idmap config, can query LDAP
to unmap the username from its alias, e.g., map posix uid to samaccountname.
To avoid blocking this call should be done in the idmap child.
Signed-off-by: Samuel Cabrero <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 9e7d8a96814fd65dba5422e5969eba9725e66e8f
Author: Samuel Cabrero <[email protected]>
Date: Fri Apr 25 16:13:10 2025 +0200
winbind.idl: Add wbint_NormalizeNameMap
normalize_name_map(), depending on the idmap config, can query LDAP to map
the
username to its alias, e.g., map samaccountname to posix uid.
To avoid blocking this call should be done in the idmap child.
Signed-off-by: Samuel Cabrero <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/winbind.idl | 11 ++++
source3/winbindd/wb_getpwsid.c | 104 ++++++++++++++++++++++-------------
source3/winbindd/winbindd_dual_srv.c | 27 +++++++++
3 files changed, 105 insertions(+), 37 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl
index 29671dbd498..fcd66225475 100644
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -271,6 +271,17 @@ interface winbind
[out,ref] DomainInfoFlags *flags
);
+ NTSTATUS wbint_NormalizeNameMap(
+ [in,string,charset(UTF8)] char *domain_name,
+ [in,string,charset(UTF8)] char *name,
+ [out,string,charset(UTF8)] char **mapped_name
+ );
+
+ NTSTATUS wbint_NormalizeNameUnmap(
+ [in,string,charset(UTF8)] char *name,
+ [out,string,charset(UTF8)] char **unmapped_name
+ );
+
/* Public methods available via IRPC */
typedef [switch_type(uint16)] union netr_LogonLevel netr_LogonLevel;
diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c
index 7d04c39ad84..8000ad8bd4c 100644
--- a/source3/winbindd/wb_getpwsid.c
+++ b/source3/winbindd/wb_getpwsid.c
@@ -29,6 +29,7 @@ struct wb_getpwsid_state {
struct dom_sid sid;
struct wbint_userinfo *userinfo;
struct winbindd_pw *pw;
+ const char *mapped_name;
};
static void wb_getpwsid_queryuser_done(struct tevent_req *subreq);
@@ -65,18 +66,14 @@ struct tevent_req *wb_getpwsid_send(TALLOC_CTX *mem_ctx,
return req;
}
+static void wb_getpwsid_normalize_done(struct tevent_req *subreq);
static void wb_getpwsid_queryuser_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
struct wb_getpwsid_state *state = tevent_req_data(
req, struct wb_getpwsid_state);
- struct winbindd_pw *pw = state->pw;
- struct wbint_userinfo *info;
- fstring acct_name;
- const char *output_username = NULL;
- char *mapped_name = NULL;
- char *tmp;
+ const char *acct_name_lower = NULL;
NTSTATUS status;
status = wb_queryuser_recv(subreq, state, &state->userinfo);
@@ -84,59 +81,92 @@ static void wb_getpwsid_queryuser_done(struct tevent_req
*subreq)
if (tevent_req_nterror(req, status)) {
return;
}
- info = state->userinfo;
- pw->pw_uid = info->uid;
- pw->pw_gid = info->primary_gid;
-
- fstrcpy(acct_name, info->acct_name);
- if (!strlower_m(acct_name)) {
- tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ acct_name_lower = strlower_talloc(state, state->userinfo->acct_name);
+ if (tevent_req_nomem(acct_name_lower, req)) {
return;
}
+ state->userinfo->acct_name = talloc_move(state->userinfo,
&acct_name_lower);
+
+ subreq = dcerpc_wbint_NormalizeNameMap_send(
+ state,
+ state->ev,
+ idmap_child_handle(),
+ state->userinfo->domain_name,
+ state->userinfo->acct_name,
+ &state->mapped_name);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, wb_getpwsid_normalize_done, req);
+}
- /*
- * TODO:
- * This function should be called in 'idmap winbind child'. It shouldn't
- * be a blocking call, but for this we need to add a new function for
- * winbind.idl. This is a fix which can be backported for now.
- */
- status = normalize_name_map(state,
- info->domain_name,
- acct_name,
- &mapped_name);
- if (NT_STATUS_IS_OK(status) ||
- NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
- fstrcpy(acct_name, mapped_name);
+static void wb_getpwsid_normalize_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct wb_getpwsid_state *state = tevent_req_data(
+ req, struct wb_getpwsid_state);
+ struct winbindd_pw *pw = state->pw;
+ struct wbint_userinfo *info;
+ const char *output_username = NULL;
+ char *tmp;
+ NTSTATUS status;
+ NTSTATUS result;
+
+ status = dcerpc_wbint_NormalizeNameMap_recv(subreq, state, &result);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ DBG_ERR("wbint_NormalizeAndMapToAlias(%s, %s) call failed:
%s\n",
+ state->userinfo->domain_name,
+ state->userinfo->acct_name,
+ nt_errstr(status));
+ return;
+ } else if (NT_STATUS_IS_OK(result) ||
+ NT_STATUS_EQUAL(result, NT_STATUS_FILE_RENAMED))
+ {
+ state->userinfo->acct_name = talloc_steal(state->userinfo,
+ state->mapped_name);
}
+
+ info = state->userinfo;
+
output_username = fill_domain_username_talloc(state,
info->domain_name,
- acct_name,
+ info->acct_name,
true);
- if (output_username == NULL) {
- tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ if (tevent_req_nomem(output_username, req)) {
return;
}
+ pw->pw_uid = info->uid;
+ pw->pw_gid = info->primary_gid;
+
strlcpy(pw->pw_name, output_username, sizeof(pw->pw_name));
strlcpy(pw->pw_gecos, info->full_name ? info->full_name : "",
sizeof(pw->pw_gecos));
- tmp = talloc_sub_specified(
- state, info->homedir, acct_name,
- info->primary_group_name, info->domain_name,
- pw->pw_uid, pw->pw_gid);
+ tmp = talloc_sub_specified(state,
+ info->homedir,
+ info->acct_name,
+ info->primary_group_name,
+ info->domain_name,
+ pw->pw_uid,
+ pw->pw_gid);
if (tevent_req_nomem(tmp, req)) {
return;
}
strlcpy(pw->pw_dir, tmp, sizeof(pw->pw_dir));
TALLOC_FREE(tmp);
- tmp = talloc_sub_specified(
- state, info->shell, acct_name,
- info->primary_group_name, info->domain_name,
- pw->pw_uid, pw->pw_gid);
+ tmp = talloc_sub_specified(state,
+ info->shell,
+ info->acct_name,
+ info->primary_group_name,
+ info->domain_name,
+ pw->pw_uid,
+ pw->pw_gid);
if (tevent_req_nomem(tmp, req)) {
return;
}
diff --git a/source3/winbindd/winbindd_dual_srv.c
b/source3/winbindd/winbindd_dual_srv.c
index 780923a4b6b..b1809809b13 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -2152,4 +2152,31 @@ NTSTATUS _wbint_ListTrustedDomains(struct pipes_struct
*p,
return NT_STATUS_OK;
}
+NTSTATUS _wbint_NormalizeNameMap(struct pipes_struct *p,
+ struct wbint_NormalizeNameMap *r)
+{
+ char *mapped = NULL;
+ NTSTATUS status;
+
+ status = normalize_name_map(p->mem_ctx,
+ r->in.domain_name,
+ r->in.name,
+ &mapped);
+ *r->out.mapped_name = mapped;
+
+ return status;
+}
+
+NTSTATUS _wbint_NormalizeNameUnmap(struct pipes_struct *p,
+ struct wbint_NormalizeNameUnmap *r)
+{
+ char *unmapped = NULL;
+ NTSTATUS status;
+
+ status = normalize_name_unmap(p->mem_ctx, r->in.name, &unmapped);
+ *r->out.unmapped_name = unmapped;
+
+ return status;
+}
+
#include "librpc/gen_ndr/ndr_winbind_scompat.c"
--
Samba Shared Repository
