The branch, master has been updated
via fc5aadb winbind: Lookup groupmem via primaryGroupID
via 61dbe45 tsocket: Use common code in tsocket_bsd_common_prepare_fd
via fcf0d3e libcli/named_pipe_auth: call smb_set_close_on_exec() in
tstream_npa_socketpair()
from 0721134 docs: Reference ldap ssl options in idmap_rfc2307 manpage
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fc5aadb57b8f26ed45c76a5c66e91e8a3583f673
Author: Volker Lendecke <[email protected]>
Date: Fri Jun 5 13:02:10 2015 +0200
winbind: Lookup groupmem via primaryGroupID
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: "Stefan (metze) Metzmacher" <[email protected]>
Autobuild-User(master): Volker Lendecke <[email protected]>
Autobuild-Date(master): Fri Jun 5 17:21:04 CEST 2015 on sn-devel-104
commit 61dbe450b662acc038c942532371240003985574
Author: Volker Lendecke <[email protected]>
Date: Fri Jun 5 11:02:45 2015 +0200
tsocket: Use common code in tsocket_bsd_common_prepare_fd
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: "Stefan (metze) Metzmacher" <[email protected]>
commit fcf0d3ebefa5be809a0dd082055888ed99a5c003
Author: Stefan Metzmacher <[email protected]>
Date: Fri Jun 5 09:40:19 2015 +0200
libcli/named_pipe_auth: call smb_set_close_on_exec() in
tstream_npa_socketpair()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11312
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
lib/tsocket/tsocket_bsd.c | 36 +++----------
lib/tsocket/wscript_build | 2 +-
libcli/named_pipe_auth/npa_tstream.c | 11 ++++
source3/winbindd/winbindd_ads.c | 98 ++++++++++++++++++++++++++++++++++++
4 files changed, 117 insertions(+), 30 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tsocket/tsocket_bsd.c b/lib/tsocket/tsocket_bsd.c
index 79235c6..5d8f80c 100644
--- a/lib/tsocket/tsocket_bsd.c
+++ b/lib/tsocket/tsocket_bsd.c
@@ -27,6 +27,7 @@
#include "tsocket.h"
#include "tsocket_internal.h"
#include "lib/util/iov_buf.h"
+#include "lib/util/blocking.h"
static int tsocket_bsd_error_from_errno(int ret,
int sys_errno,
@@ -84,7 +85,8 @@ static int tsocket_bsd_common_prepare_fd(int fd, bool high_fd)
int fds[3];
int num_fds = 0;
- int result, flags;
+ int result;
+ bool ok;
if (fd == -1) {
return -1;
@@ -109,40 +111,16 @@ static int tsocket_bsd_common_prepare_fd(int fd, bool
high_fd)
}
}
- /* fd should be nonblocking. */
-
-#ifdef O_NONBLOCK
-#define FLAG_TO_SET O_NONBLOCK
-#else
-#ifdef SYSV
-#define FLAG_TO_SET O_NDELAY
-#else /* BSD */
-#define FLAG_TO_SET FNDELAY
-#endif
-#endif
-
- if ((flags = fcntl(fd, F_GETFL)) == -1) {
+ result = set_blocking(fd, false);
+ if (result == -1) {
goto fail;
}
- flags |= FLAG_TO_SET;
- if (fcntl(fd, F_SETFL, flags) == -1) {
+ ok = smb_set_close_on_exec(fd);
+ if (!ok) {
goto fail;
}
-#undef FLAG_TO_SET
-
- /* fd should be closed on exec() */
-#ifdef FD_CLOEXEC
- result = flags = fcntl(fd, F_GETFD, 0);
- if (flags >= 0) {
- flags |= FD_CLOEXEC;
- result = fcntl(fd, F_SETFD, flags);
- }
- if (result < 0) {
- goto fail;
- }
-#endif
return fd;
fail:
diff --git a/lib/tsocket/wscript_build b/lib/tsocket/wscript_build
index 31ef14e..420daff 100644
--- a/lib/tsocket/wscript_build
+++ b/lib/tsocket/wscript_build
@@ -3,7 +3,7 @@
bld.SAMBA_SUBSYSTEM('LIBTSOCKET',
source='tsocket.c tsocket_helpers.c tsocket_bsd.c',
- public_deps='talloc tevent iov_buf',
+ public_deps='talloc tevent iov_buf socket-blocking',
public_headers='tsocket.h tsocket_internal.h',
)
diff --git a/libcli/named_pipe_auth/npa_tstream.c
b/libcli/named_pipe_auth/npa_tstream.c
index 3539202..20ae3de 100644
--- a/libcli/named_pipe_auth/npa_tstream.c
+++ b/libcli/named_pipe_auth/npa_tstream.c
@@ -1460,6 +1460,7 @@ int _tstream_npa_socketpair(uint16_t file_type,
int fd1;
int fd2;
int rc;
+ bool ok;
rc = socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
if (rc == -1) {
@@ -1468,6 +1469,16 @@ int _tstream_npa_socketpair(uint16_t file_type,
fd1 = fds[0];
fd2 = fds[1];
+ ok = smb_set_close_on_exec(fd1);
+ if (!ok) {
+ goto close_fail;
+ }
+
+ ok = smb_set_close_on_exec(fd2);
+ if (!ok) {
+ goto close_fail;
+ }
+
rc = set_blocking(fd1, false);
if (rc == -1) {
goto close_fail;
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index f1f7976..78350fd 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1148,6 +1148,86 @@ static NTSTATUS lookup_useraliases(struct
winbindd_domain *domain,
alias_rids);
}
+static NTSTATUS add_primary_group_members(
+ ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t rid,
+ char ***all_members, size_t *num_all_members)
+{
+ char *filter;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+ ADS_STATUS rc;
+ const char *attrs[] = { "dn", NULL };
+ LDAPMessage *res = NULL;
+ LDAPMessage *msg;
+ char **members;
+ size_t num_members;
+ ads_control args;
+
+ filter = talloc_asprintf(
+ mem_ctx, "(&(objectCategory=user)(primaryGroupID=%u))",
+ (unsigned)rid);
+ if (filter == NULL) {
+ goto done;
+ }
+
+ args.control = ADS_EXTENDED_DN_OID;
+ args.val = ADS_EXTENDED_DN_HEX_STRING;
+ args.critical = True;
+
+ rc = ads_do_search_all_args(ads, ads->config.bind_path,
+ LDAP_SCOPE_SUBTREE, filter, attrs, &args,
+ &res);
+
+ if (!ADS_ERR_OK(rc)) {
+ status = ads_ntstatus(rc);
+ DEBUG(1,("%s: ads_search: %s\n", __func__, ads_errstr(rc)));
+ goto done;
+ }
+ if (res == NULL) {
+ DEBUG(1,("%s: ads_search returned NULL res\n", __func__));
+ goto done;
+ }
+
+ num_members = ads_count_replies(ads, res);
+
+ DEBUG(10, ("%s: Got %ju primary group members\n", __func__,
+ (uintmax_t)num_members));
+
+ if (num_members == 0) {
+ status = NT_STATUS_OK;
+ goto done;
+ }
+
+ members = talloc_realloc(mem_ctx, *all_members, char *,
+ *num_all_members + num_members);
+ if (members == NULL) {
+ DEBUG(1, ("%s: talloc_realloc failed\n", __func__));
+ goto done;
+ }
+ *all_members = members;
+
+ for (msg = ads_first_entry(ads, res); msg != NULL;
+ msg = ads_next_entry(ads, msg)) {
+ char *dn;
+
+ dn = ads_get_dn(ads, members, msg);
+ if (dn == NULL) {
+ DEBUG(1, ("%s: ads_get_dn failed\n", __func__));
+ continue;
+ }
+
+ members[*num_all_members] = dn;
+ *num_all_members += 1;
+ }
+
+ status = NT_STATUS_OK;
+done:
+ if (res != NULL) {
+ ads_msgfree(ads, res);
+ }
+ TALLOC_FREE(filter);
+ return status;
+}
+
/*
find the members of a group, given a group rid and domain
*/
@@ -1174,6 +1254,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain
*domain,
char **domains_nocache = NULL; /* only needed for
rpccli_lsa_lookup_sids */
uint32_t num_nocache = 0;
TALLOC_CTX *tmp_ctx = NULL;
+ uint32_t rid;
DEBUG(10,("ads: lookup_groupmem %s sid=%s\n", domain->name,
sid_string_dbg(group_sid)));
@@ -1187,6 +1268,12 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain
*domain,
goto done;
}
+ if (!sid_peek_rid(group_sid, &rid)) {
+ DEBUG(1, ("%s: sid_peek_rid failed\n", __func__));
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
+
if ( !winbindd_can_contact_domain( domain ) ) {
DEBUG(10,("lookup_groupmem: No incoming trust for domain %s\n",
domain->name));
@@ -1229,6 +1316,17 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain
*domain,
DEBUG(10, ("ads lookup_groupmem: got %d sids via extended dn call\n",
(int)num_members));
+ status = add_primary_group_members(ads, mem_ctx, rid,
+ &members, &num_members);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("%s: add_primary_group_members failed: %s\n",
+ __func__, nt_errstr(status)));
+ goto done;
+ }
+
+ DEBUG(10, ("%s: Got %d sids after adding primary group members\n",
+ __func__, (int)num_members));
+
/* Now that we have a list of sids, we need to get the
* lists of names and name_types belonging to these sids.
* even though conceptually not quite clean, we use the
--
Samba Shared Repository
