The branch, master has been updated
via e0b1aaea1a3 third_party: Update nss_wrapper to version 1.1.15
via 076d8524671 testprogs: Add test_alias_membership
via 33b3a51a313 s4:torture: Limit run of test_membership_user() only to
ad_member_idmap_rid
via 4cf5abb8b3e s3:selftest: Pass environ to local.nss
via c0b819e3e32 s3:selftest: Add environ parameter to
plansmbtorture4testsuite
via 611444a22c3 tests: Fix idmap.rid.getgrnam for ad_member_idmap_rid
with 'winbind expand groups = 10'
via 99d42ed8654 selftest: set 'winbind expand groups = 10' for
ad_member_idmap_rid
via 09e853af7f8 s4:torture: Skip test_membership_user for users that
get incorrectly assigned group sid
via a1e611a8c74 s3:winbind: Fix the default group for the 'Guest' user
via 783c9d22373 s3:winbind: Include local groups in
_wbint_QueryGroupList
via f116cda34f4 s3:winbind: Remove SID_NAME_ALIAS code from
rpc_lookup_groupmem()
via 47b3a5d0def s3:winbind:
s/wb_group_members_send/wb_alias_members_send/ for SID_NAME_ALIAS in
wb_getgrsid_sid2gid_done()
via d8f7d244f40 lib:dbwrap: Add dbwrap_merge_dbs()
via 6bdd29a7a4d lib:dbwrap: Fix trailing whitespace in
lib/dbwrap/dbwrap.h
via fa7d9c13c3c s3:winbind: Convert wb_group_members_send() to resolve
array of groups
via 6b321cb17ed s3:winbind: Add wb_alias_members_{send/recv}
via 38565ff2df4 s3:winbind: Add wbint_LookupAliasMembers to winbind
interface
via 92b2eb9c3f2 s3:winbind: Add lookup_aliasmem to winbindd_methods and
implement it in all backends
via b67dc2586f8 s3:winbind: Fix trailing whitespace in winbindd_cache.c
via d58872053ce s3:winbind: Fix trailing whitespace in
winbindd_reconnect.c
via f91c8bf8d0a s3:winbind: Fix trailing whitespace in winbindd_msrpc.c
from e40c86e970e gp: Fix user apply failure when droping privs
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e0b1aaea1a3969103b3aab4572f45a333a533ce4
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Tue Jan 24 11:20:49 2023 +0100
third_party: Update nss_wrapper to version 1.1.15
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Tue Jun 13 13:09:41 UTC 2023 on atb-devel-224
commit 076d8524671fec53943cc24ba9da4adccb46d24f
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Wed Apr 12 09:29:18 2023 +0200
testprogs: Add test_alias_membership
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 33b3a51a3138c5001248125a2d930517591f64e7
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Thu Apr 6 16:59:24 2023 +0200
s4:torture: Limit run of test_membership_user() only to ad_member_idmap_rid
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 4cf5abb8b3edb0b6d57d2902c32ec0e5f96bee04
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Tue Apr 11 12:09:10 2023 +0200
s3:selftest: Pass environ to local.nss
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit c0b819e3e32045f98a59c4d1e1943521184e57fa
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Tue Apr 11 12:08:14 2023 +0200
s3:selftest: Add environ parameter to plansmbtorture4testsuite
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 611444a22c3815fcc93c8e81697975f5190f4b5f
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Mon Apr 24 00:11:34 2023 +0200
tests: Fix idmap.rid.getgrnam for ad_member_idmap_rid with 'winbind expand
groups = 10'
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 99d42ed86544e6e3cdeb1a4eb876c45d795e9411
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Mon Feb 27 17:03:31 2023 +0100
selftest: set 'winbind expand groups = 10' for ad_member_idmap_rid
This is for alias members tests.
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 09e853af7f8649bddcc5311e4d3529c3cde7b65d
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Mon Mar 27 20:00:05 2023 +0200
s4:torture: Skip test_membership_user for users that get incorrectly
assigned group sid
This commit should be removed once wb_queryuser() is fixed.
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit a1e611a8c74827242e6c5ebf766d1fd4abe63748
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Fri Mar 24 15:03:21 2023 +0100
s3:winbind: Fix the default group for the 'Guest' user
If samlogon cache has no entry for the 'Guest' user, the group sid
should default to 'Guests' group.
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 783c9d22373c32d2b2b4172595bc1d7a3352b1d7
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Mon Feb 27 17:03:32 2023 +0100
s3:winbind: Include local groups in _wbint_QueryGroupList
This is needed for GETGRENT to show also e.g. BUILTIN/users.
Otherwise the test_membership_user (local.nss.membership) would fail.
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit f116cda34f4d01f6ba7b9e4c936e57ee24f24cac
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Thu Mar 30 15:32:55 2023 +0200
s3:winbind: Remove SID_NAME_ALIAS code from rpc_lookup_groupmem()
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 47b3a5d0defb2c04cd4144776c15a621015cb629
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Tue Mar 21 08:33:37 2023 +0100
s3:winbind: s/wb_group_members_send/wb_alias_members_send/ for
SID_NAME_ALIAS in wb_getgrsid_sid2gid_done()
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit d8f7d244f408f2b51b4640aaa3e9fcaf36b83a11
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Tue Mar 28 11:15:15 2023 +0200
lib:dbwrap: Add dbwrap_merge_dbs()
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 6bdd29a7a4d7f3fda70df5461b84b0c113636d8e
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Tue Mar 28 11:15:50 2023 +0200
lib:dbwrap: Fix trailing whitespace in lib/dbwrap/dbwrap.h
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit fa7d9c13c3c14b43984db68063451d060d77a813
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Thu Mar 9 16:00:20 2023 +0100
s3:winbind: Convert wb_group_members_send() to resolve array of groups
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 6b321cb17ed723c33a45078937dcabb1116287af
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Wed Mar 29 14:57:50 2023 +0200
s3:winbind: Add wb_alias_members_{send/recv}
wb_alias_members.c is very similar to wb_lookupusergroups.c
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 38565ff2df419d2e27b06b5e9959e168b094ba31
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Wed Mar 29 14:53:14 2023 +0200
s3:winbind: Add wbint_LookupAliasMembers to winbind interface
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 92b2eb9c3f20bc95a66b95a1244c008bb40cb7be
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Wed Mar 8 08:40:58 2023 +0100
s3:winbind: Add lookup_aliasmem to winbindd_methods and implement it in all
backends
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit b67dc2586f82879bbe8ae9b25cde05e37f3022ca
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Wed Mar 8 13:04:40 2023 +0100
s3:winbind: Fix trailing whitespace in winbindd_cache.c
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit d58872053cef087cc2f07d4ae589cb8820968b27
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Wed Mar 29 13:28:35 2023 +0200
s3:winbind: Fix trailing whitespace in winbindd_reconnect.c
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit f91c8bf8d0aed6dab48a9e5d17a548d51e4710a6
Author: Pavel Filipenský <pfilipen...@samba.org>
Date: Wed Mar 29 13:25:15 2023 +0200
s3:winbind: Fix trailing whitespace in winbindd_msrpc.c
Signed-off-by: Pavel Filipenský <pfilipen...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_third_party.py | 2 +-
lib/dbwrap/dbwrap.c | 29 ++
lib/dbwrap/dbwrap.h | 15 +-
librpc/idl/winbind.idl | 6 +
nsswitch/tests/test_idmap_rid.sh | 10 +-
selftest/target/Samba3.pm | 1 +
source3/selftest/tests.py | 11 +-
.../{wb_lookupusergroups.c => wb_alias_members.c} | 73 ++--
source3/winbindd/wb_getgrsid.c | 193 +++++++++-
source3/winbindd/wb_group_members.c | 26 +-
source3/winbindd/wb_queryuser.c | 11 +-
source3/winbindd/winbindd.h | 8 +
source3/winbindd/winbindd_ads.c | 26 ++
source3/winbindd/winbindd_cache.c | 288 ++++++++++----
source3/winbindd/winbindd_dual_srv.c | 38 ++
source3/winbindd/winbindd_msrpc.c | 57 ++-
source3/winbindd/winbindd_proto.h | 20 +-
source3/winbindd/winbindd_reconnect.c | 45 ++-
source3/winbindd/winbindd_reconnect_ads.c | 28 ++
source3/winbindd/winbindd_rpc.c | 117 ++++--
source3/winbindd/winbindd_rpc.h | 9 +
source3/winbindd/winbindd_samr.c | 69 ++++
source3/winbindd/wscript_build | 1 +
source4/selftest/tests.py | 2 +
source4/torture/local/nss_tests.c | 56 +++
testprogs/blackbox/test_alias_membership.sh | 194 ++++++++++
third_party/nss_wrapper/nss_utils.c | 131 +++++++
.../nss_wrapper/nss_utils.h | 28 +-
third_party/nss_wrapper/nss_wrapper.c | 427 ++++++++++-----------
third_party/nss_wrapper/wscript | 4 +-
30 files changed, 1497 insertions(+), 428 deletions(-)
copy source3/winbindd/{wb_lookupusergroups.c => wb_alias_members.c} (55%)
create mode 100755 testprogs/blackbox/test_alias_membership.sh
create mode 100644 third_party/nss_wrapper/nss_utils.c
copy lib/compression/lzxpress.h => third_party/nss_wrapper/nss_utils.h (74%)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_third_party.py
b/buildtools/wafsamba/samba_third_party.py
index 14b14c517e8..356b041a2a9 100644
--- a/buildtools/wafsamba/samba_third_party.py
+++ b/buildtools/wafsamba/samba_third_party.py
@@ -29,7 +29,7 @@ Build.BuildContext.CHECK_SOCKET_WRAPPER = CHECK_SOCKET_WRAPPER
@conf
def CHECK_NSS_WRAPPER(conf):
- return conf.CHECK_BUNDLED_SYSTEM_PKG('nss_wrapper', minversion='1.1.13')
+ return conf.CHECK_BUNDLED_SYSTEM_PKG('nss_wrapper', minversion='1.1.15')
Build.BuildContext.CHECK_NSS_WRAPPER = CHECK_NSS_WRAPPER
@conf
diff --git a/lib/dbwrap/dbwrap.c b/lib/dbwrap/dbwrap.c
index 9bdbd67dce1..ee4cdc54f92 100644
--- a/lib/dbwrap/dbwrap.c
+++ b/lib/dbwrap/dbwrap.c
@@ -120,6 +120,35 @@ NTSTATUS dbwrap_record_delete(struct db_record *rec)
return NT_STATUS_OK;
}
+struct dbwrap_merge_dbs_state {
+ struct db_context *to;
+ int flags;
+};
+
+/* Copy a single record to the db_context passed in private_data */
+static int dbwrap_merge_dbs_copy_record(struct db_record *rec,
+ void *private_data)
+{
+ struct dbwrap_merge_dbs_state *state = private_data;
+
+ TDB_DATA data = dbwrap_record_get_value(rec);
+ TDB_DATA key = dbwrap_record_get_key(rec);
+ NTSTATUS status = dbwrap_store(state->to, key, data, state->flags);
+
+ return NT_STATUS_IS_OK(status) ? 0 : 1;
+}
+
+NTSTATUS
+dbwrap_merge_dbs(struct db_context *to, struct db_context *from, int flags)
+{
+ struct dbwrap_merge_dbs_state state = {.to = to, .flags = flags};
+
+ return dbwrap_traverse(from,
+ dbwrap_merge_dbs_copy_record,
+ &state,
+ NULL);
+}
+
const char *locked_dbs[DBWRAP_LOCK_ORDER_MAX];
static void debug_lock_order(int level)
diff --git a/lib/dbwrap/dbwrap.h b/lib/dbwrap/dbwrap.h
index 834b10f0942..abc5161be05 100644
--- a/lib/dbwrap/dbwrap.h
+++ b/lib/dbwrap/dbwrap.h
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
Database interface wrapper around tdb
Copyright (C) Volker Lendecke 2005-2007
@@ -71,6 +71,19 @@ NTSTATUS dbwrap_record_store(struct db_record *rec, TDB_DATA
data, int flags);
NTSTATUS dbwrap_record_storev(struct db_record *rec,
const TDB_DATA *dbufs, int num_dbufs, int flags);
NTSTATUS dbwrap_record_delete(struct db_record *rec);
+
+/**
+ * @brief Adds TDB records from one db_context to another
+ *
+ * @param to Destination db_context
+ * @param from Source db_context
+ * @param flags (TDB_INSERT or TDB_REPLACE)
+ *
+ * @return NT_STATUS_OK on success or NT_STATUS_INTERNAL_DB_CORRUPTION
+ */
+NTSTATUS
+dbwrap_merge_dbs(struct db_context *to, struct db_context *from, int flags);
+
struct db_record *dbwrap_fetch_locked(struct db_context *db,
TALLOC_CTX *mem_ctx,
TDB_DATA key);
diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl
index de8fbc75c23..50e36884129 100644
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -130,6 +130,12 @@ interface winbind
[out] wbint_Principals *members
);
+ NTSTATUS wbint_LookupAliasMembers(
+ [in] dom_sid *sid,
+ [in] lsa_SidType type,
+ [out] wbint_SidArray *sids
+ );
+
typedef [public] struct {
uint32 num_userinfos;
[size_is(num_userinfos)] wbint_userinfo userinfos[];
diff --git a/nsswitch/tests/test_idmap_rid.sh b/nsswitch/tests/test_idmap_rid.sh
index 1487aa26500..2cd43a7ffe2 100755
--- a/nsswitch/tests/test_idmap_rid.sh
+++ b/nsswitch/tests/test_idmap_rid.sh
@@ -108,13 +108,15 @@ ret=$?
testit "getpwuid for ID_TYPE_BOTH group output" test $ret -eq 0 ||
failed=$(expr $failed + 1)
-group_gr="$DOMAIN/domain users:x:$gid:"
+group_gr="$DOMAIN/domain users:x:$gid"
out=$(getent group "$GROUP")
ret=$?
testit "getgrnam for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||
failed=$(expr $failed + 1)
-test "$out" = "$group_gr"
+# Compare only 'groupname:x:gid' part, drop the members
+normalized_out=$(echo "$out" | cut -d: -f1-3)
+test "$normalized_out" = "$group_gr"
ret=$?
testit "getgrnam for ID_TYPE_BOTH group output" test $ret -eq 0 ||
failed=$(expr $failed + 1)
@@ -123,7 +125,9 @@ out=$(getent group "$gid")
ret=$?
testit "getgrgid for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||
failed=$(expr $failed + 1)
-test "$out" = "$group_gr"
+# Compare only 'groupname:x:gid' part, drop the members
+normalized_out=$(echo "$out" | cut -d: -f1-3)
+test "$normalized_out" = "$group_gr"
ret=$?
testit "getgrgid for ID_TYPE_BOTH group output" test $ret -eq 0 ||
failed=$(expr $failed + 1)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 6b371ee2714..0bb074cf11e 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1294,6 +1294,7 @@ sub setup_ad_member_idmap_rid
# values required for tests to succeed
create krb5 conf = no
map to guest = bad user
+ winbind expand groups = 10
";
my $ret = $self->provision(
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 75acbf87442..2bc4d372095 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -41,14 +41,14 @@ smbtorture4_options.extend([
])
-def plansmbtorture4testsuite(name, env, options, description=''):
+def plansmbtorture4testsuite(name, env, options, description='', environ=None):
if description == '':
modname = "samba3.%s" % (name, )
else:
modname = "samba3.%s %s" % (name, description)
selftesthelpers.plansmbtorture4testsuite(
- name, env, options, target='samba3', modname=modname)
+ name, env, options, target='samba3', modname=modname, environ=environ)
def compare_versions(version1, version2):
for i in range(max(len(version1),len(version2))):
@@ -1197,7 +1197,12 @@ for t in tests:
plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$%',
description="anonymous password set")
elif t == "local.nss":
for env in ["nt4_dc:local", "ad_member:local", "nt4_member:local",
"ad_dc:local"]:
- plansmbtorture4testsuite(t, env, '//$SERVER/tmp
-U$USERNAME%$PASSWORD')
+ plansmbtorture4testsuite(t,
+ env,
+ '//$SERVER/tmp -U$USERNAME%$PASSWORD',
+ environ = {
+ 'ENVNAME': env,
+ })
elif t == "smb2.change_notify_disabled":
plansmbtorture4testsuite(t, "simpleserver", '//$SERVER/tmp
-U$USERNAME%$PASSWORD')
elif t == "smb2.notify" or t == "raw.notify" or t == "smb2.oplock" or t ==
"raw.oplock":
diff --git a/source3/winbindd/wb_lookupusergroups.c
b/source3/winbindd/wb_alias_members.c
similarity index 55%
copy from source3/winbindd/wb_lookupusergroups.c
copy to source3/winbindd/wb_alias_members.c
index 7f359ee9316..06c229233ce 100644
--- a/source3/winbindd/wb_lookupusergroups.c
+++ b/source3/winbindd/wb_alias_members.c
@@ -1,7 +1,7 @@
/*
Unix SMB/CIFS implementation.
- async lookupusergroups
- Copyright (C) Volker Lendecke 2009
+ async alias_members
+ Copyright (C) Pavel Filipenský 2023
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -22,31 +22,41 @@
#include "librpc/gen_ndr/ndr_winbind_c.h"
#include "../libcli/security/security.h"
-struct wb_lookupusergroups_state {
+struct wb_alias_members_state {
struct tevent_context *ev;
struct dom_sid sid;
struct wbint_SidArray sids;
};
-static void wb_lookupusergroups_done(struct tevent_req *subreq);
+static void wb_alias_members_done(struct tevent_req *subreq);
-struct tevent_req *wb_lookupusergroups_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- const struct dom_sid *sid)
+struct tevent_req *wb_alias_members_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const struct dom_sid *sid,
+ enum lsa_SidType type,
+ int max_nesting)
{
struct tevent_req *req, *subreq;
- struct wb_lookupusergroups_state *state;
+ struct wb_alias_members_state *state;
struct winbindd_domain *domain;
NTSTATUS status;
struct dom_sid_buf buf;
- req = tevent_req_create(mem_ctx, &state,
- struct wb_lookupusergroups_state);
+ req = tevent_req_create(mem_ctx, &state, struct wb_alias_members_state);
if (req == NULL) {
return NULL;
}
- D_INFO("WB command lookupusergroups start.\nLooking up SID %s.\n",
+ D_INFO("WB command alias_members start.\nLooking up SID %s.\n",
dom_sid_str_buf(sid, &buf));
+
+ if (max_nesting <= 0) {
+ D_DEBUG("Finished. The depth based on 'winbind expand groups'
is %d.\n", max_nesting);
+ state->sids.num_sids = 0;
+ state->sids.sids = NULL;
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+ }
+
sid_copy(&state->sid, sid);
status = lookup_usergroups_cached(state,
@@ -62,28 +72,32 @@ struct tevent_req *wb_lookupusergroups_send(TALLOC_CTX
*mem_ctx,
if (domain == NULL) {
DBG_WARNING("could not find domain entry for sid %s\n",
dom_sid_str_buf(&state->sid, &buf));
- tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN);
+ tevent_req_nterror(req, NT_STATUS_NO_SUCH_ALIAS);
return tevent_req_post(req, ev);
}
- subreq = dcerpc_wbint_LookupUserGroups_send(
- state, ev, dom_child_handle(domain), &state->sid, &state->sids);
+ subreq = dcerpc_wbint_LookupAliasMembers_send(state,
+ ev,
+ dom_child_handle(domain),
+ &state->sid,
+ type,
+ &state->sids);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
- tevent_req_set_callback(subreq, wb_lookupusergroups_done, req);
+ tevent_req_set_callback(subreq, wb_alias_members_done, req);
return req;
}
-static void wb_lookupusergroups_done(struct tevent_req *subreq)
+static void wb_alias_members_done(struct tevent_req *subreq)
{
- struct tevent_req *req = tevent_req_callback_data(
- subreq, struct tevent_req);
- struct wb_lookupusergroups_state *state = tevent_req_data(
- req, struct wb_lookupusergroups_state);
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct wb_alias_members_state *state =
+ tevent_req_data(req, struct wb_alias_members_state);
NTSTATUS status, result;
- status = dcerpc_wbint_LookupUserGroups_recv(subreq, state, &result);
+ status = dcerpc_wbint_LookupAliasMembers_recv(subreq, state, &result);
TALLOC_FREE(subreq);
if (any_nt_status_not_ok(status, result, &status)) {
D_WARNING("Failed with %s.\n", nt_errstr(status));
@@ -93,11 +107,13 @@ static void wb_lookupusergroups_done(struct tevent_req
*subreq)
tevent_req_done(req);
}
-NTSTATUS wb_lookupusergroups_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- uint32_t *num_sids, struct dom_sid **sids)
+NTSTATUS wb_alias_members_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ uint32_t *num_sids,
+ struct dom_sid **sids)
{
- struct wb_lookupusergroups_state *state = tevent_req_data(
- req, struct wb_lookupusergroups_state);
+ struct wb_alias_members_state *state =
+ tevent_req_data(req, struct wb_alias_members_state);
NTSTATUS status;
uint32_t i;
@@ -107,13 +123,14 @@ NTSTATUS wb_lookupusergroups_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
*num_sids = state->sids.num_sids;
*sids = talloc_move(mem_ctx, &state->sids.sids);
- D_INFO("WB command lookupusergroups end.\nReceived %"PRIu32" SID(s).\n",
+ D_INFO("WB command alias_members end.\nReceived %" PRIu32 " SID(s).\n",
*num_sids);
if (CHECK_DEBUGLVL(DBGLVL_INFO)) {
for (i = 0; i < *num_sids; i++) {
struct dom_sid_buf buf;
- D_INFO("%"PRIu32": %s\n",
- i, dom_sid_str_buf(&(*sids)[i], &buf));
+ D_INFO("%" PRIu32 ": %s\n",
+ i,
+ dom_sid_str_buf(&(*sids)[i], &buf));
}
}
return NT_STATUS_OK;
diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c
index c62d5040dc9..4fd696dfa10 100644
--- a/source3/winbindd/wb_getgrsid.c
+++ b/source3/winbindd/wb_getgrsid.c
@@ -22,6 +22,7 @@
#include "librpc/gen_ndr/ndr_winbind_c.h"
#include "../libcli/security/security.h"
#include "lib/dbwrap/dbwrap_rbt.h"
+#include "lib/dbwrap/dbwrap.h"
struct wb_getgrsid_state {
struct tevent_context *ev;
@@ -32,11 +33,14 @@ struct wb_getgrsid_state {
enum lsa_SidType type;
gid_t gid;
struct db_context *members;
+ uint32_t num_sids;
+ struct dom_sid *sids;
};
static void wb_getgrsid_lookupsid_done(struct tevent_req *subreq);
static void wb_getgrsid_sid2gid_done(struct tevent_req *subreq);
static void wb_getgrsid_got_members(struct tevent_req *subreq);
+static void wb_getgrsid_got_alias_members(struct tevent_req *subreq);
struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -137,7 +141,9 @@ static void wb_getgrsid_sid2gid_done(struct tevent_req
*subreq)
state->gid = (gid_t)xids[0].id;
- if (state->type == SID_NAME_USER || state->type == SID_NAME_COMPUTER) {
+ switch (state->type) {
+ case SID_NAME_USER:
+ case SID_NAME_COMPUTER: {
/*
* special treatment for a user sid that is
* mapped to ID_TYPE_BOTH:
@@ -172,19 +178,180 @@ static void wb_getgrsid_sid2gid_done(struct tevent_req
*subreq)
tevent_req_done(req);
return;
}
+ case SID_NAME_ALIAS:
+ subreq = wb_alias_members_send(state,
+ state->ev,
+ &state->sid,
+ state->type,
+ state->max_nesting);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ /* Decrement the depth based on 'winbind expand groups' */
+ state->max_nesting--;
+ tevent_req_set_callback(subreq,
+ wb_getgrsid_got_alias_members,
+ req);
+ break;
+ case SID_NAME_DOM_GRP:
+ subreq = wb_group_members_send(state,
+ state->ev,
+ &state->sid,
+ 1,
+ &state->type,
+ state->max_nesting);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, wb_getgrsid_got_members, req);
+ break;
+ case SID_NAME_WKN_GRP:
+ state->members = db_open_rbt(state);
+ if (tevent_req_nomem(state->members, req)) {
+ return;
+ }
+ tevent_req_done(req);
+ return;
+ default:
+ tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
+ break;
+ }
+}
- /*
- * the "regular" case of a group type sid.
- */
+static void wb_getgrsid_got_alias_members_names(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct wb_getgrsid_state *state =
+ tevent_req_data(req, struct wb_getgrsid_state);
+ struct lsa_RefDomainList *domains = NULL;
+ struct lsa_TransNameArray *names = NULL;
+ NTSTATUS status;
+ uint32_t li;
+ uint32_t num_sids = 0;
+ struct dom_sid *sids = NULL;
+ enum lsa_SidType *types = NULL;
- subreq = wb_group_members_send(state, state->ev, &state->sid,
- state->type, state->max_nesting);
+ status = wb_lookupsids_recv(subreq, state, &domains, &names);
+
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ D_WARNING("Failed with %s.\n", nt_errstr(status));
+ return;
+ }
+
+ if (domains == NULL) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ D_WARNING("Failed with NT_STATUS_INTERNAL_ERROR.\n");
+ return;
+ }
+
+ if (names == NULL) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ D_WARNING("Failed with NT_STATUS_INTERNAL_ERROR.\n");
+ return;
+ }
+
+ state->members = db_open_rbt(state);
+ if (tevent_req_nomem(state->members, req)) {
+ return;
+ }
+
+ for (li = 0; li < state->num_sids; li++) {
+ struct lsa_TranslatedName *n = &names->names[li];
+
+ if (n->sid_type == SID_NAME_USER ||
+ n->sid_type == SID_NAME_COMPUTER) {
+ const char *name = fill_domain_username_talloc(
+ talloc_tos(),
+ domains->domains[n->sid_index].name.string,
+ n->name.string,
+ false /* can_assume */);
+ if (tevent_req_nomem(name, req)) {
+ return;
+ }
+
+ status = add_member_to_db(state->members,
+ &state->sids[li],
+ name);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ } else if (n->sid_type == SID_NAME_DOM_GRP) {
+ sids = talloc_realloc(talloc_tos(),
+ sids,
+ struct dom_sid,
+ num_sids + 1);
+ if (tevent_req_nomem(sids, req)) {
+ return;
+ }
+ sids[num_sids] = state->sids[li];
+ types = talloc_realloc(talloc_tos(),
+ types,
+ enum lsa_SidType,
+ num_sids + 1);
+ if (tevent_req_nomem(types, req)) {
+ return;
+ }
+ types[num_sids] = n->sid_type;
+ num_sids++;
+ } else {
+ struct dom_sid_buf buf;
+ D_DEBUG("SID %s with sid_type=%d is ignored!\n",
+ dom_sid_str_buf(&state->sids[li], &buf),
+ n->sid_type);
+ }
+ }
+
--
Samba Shared Repository
