Author: kseeger Date: 2009-02-02 13:43:21 +0000 (Mon, 02 Feb 2009) New Revision: 1268
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1268 Log: Add patch to fix listings of unmapped users with 'getent passwd' to the list of recommended patches Karolin Added: trunk/patches/patches-3.3.0/samba3-3.3.0-fix-getent-passwd.patch Modified: trunk/patches/index.html trunk/patches/patches-3.3.0/series Changeset: Modified: trunk/patches/index.html =================================================================== --- trunk/patches/index.html 2009-01-30 14:13:06 UTC (rev 1267) +++ trunk/patches/index.html 2009-02-02 13:43:21 UTC (rev 1268) @@ -49,6 +49,10 @@ <td><a href="/samba/patches/patches-3.3.0/0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch">BUG 6073</a></td> <td>Fixes the domain join on domain members using "<i>security = ads</i>".</td> </tr> + <tr> + <td><a href="/samba/patches/patches-3.3.0/samba3-3.3.0-fix-getent-passwd.patch">fix getent passwd</a></td> + <td>Fixes the listing of unmapped users with '<i>getent passwd</i>'.</td> + </tr> </tbody> </table> Added: trunk/patches/patches-3.3.0/samba3-3.3.0-fix-getent-passwd.patch =================================================================== --- trunk/patches/patches-3.3.0/samba3-3.3.0-fix-getent-passwd.patch 2009-01-30 14:13:06 UTC (rev 1267) +++ trunk/patches/patches-3.3.0/samba3-3.3.0-fix-getent-passwd.patch 2009-02-02 13:43:21 UTC (rev 1268) @@ -0,0 +1,252 @@ +From f2acdca4ded8646752d154d55a0ade405f159e17 Mon Sep 17 00:00:00 2001 +From: Michael Adam <ob...@samba.org> +Date: Mon, 2 Feb 2009 00:35:43 +0100 +Subject: [PATCH] s3:winbind_user: move initialization of domain up in winbindd_fill_pwent() + +and streamline logic some + +Michael +--- + source/winbindd/winbindd_user.c | 20 +++++++++----------- + 1 files changed, 9 insertions(+), 11 deletions(-) + +diff --git a/source/winbindd/winbindd_user.c b/source/winbindd/winbindd_user.c +index 5356e16..2e32643 100644 +--- a/source/winbindd/winbindd_user.c ++++ b/source/winbindd/winbindd_user.c +@@ -80,6 +80,13 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name + if (!pw || !dom_name || !user_name) + return False; + ++ domain = find_domain_from_name_noinit(dom_name); ++ if (domain == NULL) { ++ DEBUG(5,("winbindd_fill_pwent: Failed to find domain for %s. " ++ "Disabling name alias support\n", dom_name)); ++ nt_status = NT_STATUS_NO_SUCH_DOMAIN; ++ } ++ + /* Resolve the uid number */ + + if (!NT_STATUS_IS_OK(idmap_sid_to_uid(dom_name, user_sid, +@@ -98,19 +105,10 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name + return False; + } + +- strlower_m(user_name); +- + /* Username */ + +- domain = find_domain_from_name_noinit(dom_name); +- if (domain) { +- nt_status = normalize_name_map(ctx, domain, user_name, +- &mapped_name); +- } else { +- DEBUG(5,("winbindd_fill_pwent: Failed to find domain for %s. " +- "Disabling name alias support\n", dom_name)); +- nt_status = NT_STATUS_NO_SUCH_DOMAIN; +- } ++ strlower_m(user_name); ++ nt_status = normalize_name_map(ctx, domain, user_name, &mapped_name); + + /* Basic removal of whitespace */ + if (NT_STATUS_IS_OK(nt_status)) { +-- +1.6.0.2 + + +From 877808450bb108ed306ef77db97a3acc7297e579 Mon Sep 17 00:00:00 2001 +From: Michael Adam <ob...@samba.org> +Date: Mon, 2 Feb 2009 00:36:59 +0100 +Subject: [PATCH] s3:winbind_user: fix "getent passwd" to allocate new uids. + +"getent passwd" used to fill the idmap cache with negative +cache entries for unmapped user sids. + +Don't pass domain name unconditionally to idmap_sid_to_[ug]id(). +idmap_sid_to_[ug]id() only creates new mappings (allocating +idmap backends tdb, tdb2, ldap...) when the domain name passed +in is "". + +Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id() +functions here, in the main winbindd. The correct fix would be +to send a sid_to_[ug]id request to winbindd itself, but this needs +more work to prepare the async mechanisms, and we nee a quick +fix for getent passwd now. + +Michael +--- + source/winbindd/winbindd_user.c | 9 +++++++-- + 1 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/source/winbindd/winbindd_user.c b/source/winbindd/winbindd_user.c +index 2e32643..b01e184 100644 +--- a/source/winbindd/winbindd_user.c ++++ b/source/winbindd/winbindd_user.c +@@ -76,6 +76,7 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name + char *mapped_name = NULL; + struct winbindd_domain *domain = NULL; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; ++ char *dom_name_idmap = ""; + + if (!pw || !dom_name || !user_name) + return False; +@@ -87,9 +88,13 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name + nt_status = NT_STATUS_NO_SUCH_DOMAIN; + } + ++ if (domain->have_idmap_config) { ++ dom_name_idmap = dom_name; ++ } ++ + /* Resolve the uid number */ + +- if (!NT_STATUS_IS_OK(idmap_sid_to_uid(dom_name, user_sid, ++ if (!NT_STATUS_IS_OK(idmap_sid_to_uid(dom_name_idmap, user_sid, + &pw->pw_uid))) { + DEBUG(1, ("error getting user id for sid %s\n", + sid_string_dbg(user_sid))); +@@ -98,7 +103,7 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name + + /* Resolve the gid number */ + +- if (!NT_STATUS_IS_OK(idmap_sid_to_gid(dom_name, group_sid, ++ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(dom_name_idmap, group_sid, + &pw->pw_gid))) { + DEBUG(1, ("error getting group id for sid %s\n", + sid_string_dbg(group_sid))); +-- +1.6.0.2 + + +From 8c64302915bde8a5400b575389b12e0eaf2cf140 Mon Sep 17 00:00:00 2001 +From: Michael Adam <ob...@samba.org> +Date: Mon, 2 Feb 2009 00:46:57 +0100 +Subject: [PATCH] s3:winbind_group: fix "getent group" to allocate new gids. + +"getent group" used to fill the idmap cache with negative +cache entries for unmapped group sids. + +Don't pass domain name unconditionally to idmap_sid_to_gid(). +idmap_sid_to_gid() only creates new mappings (allocating +idmap backends tdb, tdb2, ldap...) when the domain name passed +in is "". + +Note that it is _wrong_ to directly call the idmap_sid_to_gid() +functions here, in the main winbindd. The correct fix would be +to send a sid_to_gid request to winbindd itself, but this needs +more work to prepare the async mechanisms, and we nee a quick +fix for getent passwd now. + +Michael +--- + source/winbindd/winbindd_group.c | 10 ++++++++-- + 1 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/source/winbindd/winbindd_group.c b/source/winbindd/winbindd_group.c +index bc532bb..48e6577 100644 +--- a/source/winbindd/winbindd_group.c ++++ b/source/winbindd/winbindd_group.c +@@ -1306,6 +1306,7 @@ void winbindd_getgrent(struct winbindd_cli_state *state) + char *gr_mem; + DOM_SID group_sid; + struct winbindd_domain *domain; ++ char *domain_name_idmap; + + /* Do we need to fetch another chunk of groups? */ + +@@ -1353,8 +1354,13 @@ void winbindd_getgrent(struct winbindd_cli_state *state) + sid_copy(&group_sid, &domain->sid); + sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid); + +- if (!NT_STATUS_IS_OK(idmap_sid_to_gid(domain->name, &group_sid, +- &group_gid))) { ++ domain_name_idmap = domain->have_idmap_config ++ ? domain->name ++ : ""; ++ ++ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(domain_name_idmap, ++ &group_sid, &group_gid))) ++ { + union unid_t id; + enum lsa_SidType type; + +-- +1.6.0.2 + +From 1aa6c76dd003b0c625c6910bb78798a7d98c5a8c Mon Sep 17 00:00:00 2001 +From: Tim Prouty <tpro...@samba.org> +Date: Sun, 1 Feb 2009 23:59:53 -0800 +Subject: [PATCH] s3 build: Fix "assignment discards qualifiers from pointer target type" warnings + +--- + source/winbindd/winbindd_group.c | 8 ++------ + source/winbindd/winbindd_user.c | 11 ++++------- + 2 files changed, 6 insertions(+), 13 deletions(-) + +diff --git a/source/winbindd/winbindd_group.c b/source/winbindd/winbindd_group.c +index 48e6577..9d9b264 100644 +--- a/source/winbindd/winbindd_group.c ++++ b/source/winbindd/winbindd_group.c +@@ -1306,7 +1306,6 @@ void winbindd_getgrent(struct winbindd_cli_state *state) + char *gr_mem; + DOM_SID group_sid; + struct winbindd_domain *domain; +- char *domain_name_idmap; + + /* Do we need to fetch another chunk of groups? */ + +@@ -1354,11 +1353,8 @@ void winbindd_getgrent(struct winbindd_cli_state *state) + sid_copy(&group_sid, &domain->sid); + sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid); + +- domain_name_idmap = domain->have_idmap_config +- ? domain->name +- : ""; +- +- if (!NT_STATUS_IS_OK(idmap_sid_to_gid(domain_name_idmap, ++ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(domain->have_idmap_config ++ ? domain->name : "", + &group_sid, &group_gid))) + { + union unid_t id; +diff --git a/source/winbindd/winbindd_user.c b/source/winbindd/winbindd_user.c +index b01e184..62fd4d7 100644 +--- a/source/winbindd/winbindd_user.c ++++ b/source/winbindd/winbindd_user.c +@@ -76,7 +76,6 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name + char *mapped_name = NULL; + struct winbindd_domain *domain = NULL; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; +- char *dom_name_idmap = ""; + + if (!pw || !dom_name || !user_name) + return False; +@@ -88,13 +87,10 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name + nt_status = NT_STATUS_NO_SUCH_DOMAIN; + } + +- if (domain->have_idmap_config) { +- dom_name_idmap = dom_name; +- } +- + /* Resolve the uid number */ + +- if (!NT_STATUS_IS_OK(idmap_sid_to_uid(dom_name_idmap, user_sid, ++ if (!NT_STATUS_IS_OK(idmap_sid_to_uid(domain->have_idmap_config ? ++ dom_name : "", user_sid, + &pw->pw_uid))) { + DEBUG(1, ("error getting user id for sid %s\n", + sid_string_dbg(user_sid))); +@@ -103,7 +99,8 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name + + /* Resolve the gid number */ + +- if (!NT_STATUS_IS_OK(idmap_sid_to_gid(dom_name_idmap, group_sid, ++ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(domain->have_idmap_config ? ++ dom_name : "", group_sid, + &pw->pw_gid))) { + DEBUG(1, ("error getting group id for sid %s\n", + sid_string_dbg(group_sid))); +-- +1.6.0.2 + Modified: trunk/patches/patches-3.3.0/series =================================================================== --- trunk/patches/patches-3.3.0/series 2009-01-30 14:13:06 UTC (rev 1267) +++ trunk/patches/patches-3.3.0/series 2009-02-02 13:43:21 UTC (rev 1268) @@ -1 +1,2 @@ 0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch +samba3-3.3.0-fix-getent-passwd.patch