summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2009-08-28 14:25:11 +0200
committerVolker Lendecke <vl@samba.org>2009-08-29 10:44:13 +0200
commit99cf696150a1b8e24a9d87981b710b703045a2a5 (patch)
tree0a776b96b74473a728f5ecd80bbf74d5bff2704b
parentccc18d4d5d3aa0c6a5767bdb8f0dbdd761b93897 (diff)
downloadsamba-99cf696150a1b8e24a9d87981b710b703045a2a5.tar.gz
samba-99cf696150a1b8e24a9d87981b710b703045a2a5.tar.bz2
samba-99cf696150a1b8e24a9d87981b710b703045a2a5.zip
s3:winbind: Fix a bug found by RPC-SAMR
We need to enumerate passdb alias members Thanks to gd for bugging me :-)
-rw-r--r--source3/winbindd/winbindd.h1
-rw-r--r--source3/winbindd/winbindd_ads.c4
-rw-r--r--source3/winbindd/winbindd_cache.c7
-rw-r--r--source3/winbindd/winbindd_dual_srv.c2
-rw-r--r--source3/winbindd/winbindd_group.c7
-rw-r--r--source3/winbindd/winbindd_passdb.c72
-rw-r--r--source3/winbindd/winbindd_reconnect.c9
-rw-r--r--source3/winbindd/winbindd_rpc.c4
8 files changed, 59 insertions, 47 deletions
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index 44ac022720..773496e8ad 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -286,6 +286,7 @@ struct winbindd_methods {
NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const DOM_SID *group_sid,
+ enum lsa_SidType type,
uint32 *num_names,
DOM_SID **sid_mem, char ***names,
uint32 **name_types);
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index b5fe08093c..450d2ee3e5 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -968,7 +968,9 @@ static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
*/
static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid, uint32 *num_names,
+ const DOM_SID *group_sid,
+ enum lsa_SidType type,
+ uint32 *num_names,
DOM_SID **sid_mem, char ***names,
uint32 **name_types)
{
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index d1aeba9f39..8a879fd3d5 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -2378,7 +2378,9 @@ NTSTATUS wcache_lookup_groupmem(struct winbindd_domain *domain,
static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid, uint32 *num_names,
+ const DOM_SID *group_sid,
+ enum lsa_SidType type,
+ uint32 *num_names,
DOM_SID **sid_mem, char ***names,
uint32 **name_types)
{
@@ -2406,7 +2408,8 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
- status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
+ status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid,
+ type, num_names,
sid_mem, names, name_types);
/* and save it */
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index 01860ebf6f..f07931dbe7 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -173,7 +173,7 @@ NTSTATUS _wbint_LookupGroupMembers(pipes_struct *p,
}
status = domain->methods->lookup_groupmem(
- domain, p->mem_ctx, r->in.sid,
+ domain, p->mem_ctx, r->in.sid, r->in.type,
&num_names, &sid_mem, &names, &name_types);
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c
index e914f0e753..21ab3f7ef9 100644
--- a/source3/winbindd/winbindd_group.c
+++ b/source3/winbindd/winbindd_group.c
@@ -118,7 +118,8 @@ static void add_expanded_sid(const DOM_SID *sid,
}
result = domain->methods->lookup_groupmem(domain, mem_ctx,
- sid, &num_names,
+ sid, SID_NAME_DOM_GRP,
+ &num_names,
&sid_mem, &names,
&types);
@@ -470,7 +471,9 @@ static NTSTATUS expand_groups( TALLOC_CTX *ctx,
/* Lookup the group membership */
lookup_status = d->methods->lookup_groupmem(d, tmp_ctx,
- &glist[i], &num_names,
+ &glist[i],
+ SID_NAME_DOM_GRP,
+ &num_names,
&sid_mem, &names,
&name_types);
if (!NT_STATUS_IS_OK(lookup_status)) {
diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c
index 5a2c31fe2f..c23f87dcd5 100644
--- a/source3/winbindd/winbindd_passdb.c
+++ b/source3/winbindd/winbindd_passdb.c
@@ -396,22 +396,6 @@ static NTSTATUS builtin_query_user(struct winbindd_domain *domain,
return NT_STATUS_NO_SUCH_USER;
}
-static NTSTATUS builtin_lookup_groupmem(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid, uint32 *num_names,
- DOM_SID **sid_mem, char ***names,
- uint32 **name_types)
-{
- DEBUG(10,("passdb: lookup_groupmem (builtin) %s sid=%s\n", domain->name,
- sid_string_dbg(group_sid)));
-
- *num_names = 0;
- *sid_mem = NULL;
- *names = NULL;
- *name_types = 0;
- return NT_STATUS_NO_SUCH_GROUP;
-}
-
/* get a list of trusted domains - builtin domain */
static NTSTATUS builtin_trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
@@ -552,13 +536,14 @@ static NTSTATUS sam_query_user(struct winbindd_domain *domain,
/* Lookup group membership given a rid. */
static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid, uint32 *num_names,
- DOM_SID **sid_mem, char ***names,
- uint32 **name_types)
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *group_sid,
+ enum lsa_SidType type,
+ uint32 *num_names,
+ DOM_SID **sid_mem, char ***names,
+ uint32 **name_types)
{
size_t i, num_members, num_mapped;
- uint32 *rids;
NTSTATUS result;
const DOM_SID **sids;
struct lsa_dom_info *lsa_domains;
@@ -568,7 +553,7 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
DEBUG(10,("passdb: lookup_groupmem (sam) %s sid=%s\n", domain->name,
sid_string_dbg(group_sid)));
- if (!sid_check_is_in_our_domain(group_sid)) {
+ if (sid_check_is_in_builtin(group_sid) && (type != SID_NAME_ALIAS)) {
/* There's no groups, only aliases in BUILTIN */
return NT_STATUS_NO_SUCH_GROUP;
}
@@ -577,11 +562,31 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
return NT_STATUS_NO_MEMORY;
}
- result = pdb_enum_group_members(tmp_ctx, group_sid, &rids,
- &num_members);
- if (!NT_STATUS_IS_OK(result)) {
- TALLOC_FREE(tmp_ctx);
- return result;
+ if (type == SID_NAME_DOM_GRP) {
+ uint32 *rids;
+
+ result = pdb_enum_group_members(tmp_ctx, group_sid, &rids,
+ &num_members);
+ if (!NT_STATUS_IS_OK(result)) {
+ TALLOC_FREE(tmp_ctx);
+ return result;
+ }
+ *sid_mem = talloc_array(mem_ctx, struct dom_sid, num_members);
+ if (*sid_mem == NULL) {
+ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+ for (i=0; i<num_members; i++) {
+ sid_compose(&((*sid_mem)[i]), &domain->sid, rids[i]);
+ }
+ TALLOC_FREE(rids);
+ } else {
+ result = pdb_enum_aliasmem(group_sid, mem_ctx, sid_mem,
+ &num_members);
+ if (!NT_STATUS_IS_OK(result)) {
+ TALLOC_FREE(tmp_ctx);
+ return result;
+ }
}
if (num_members == 0) {
@@ -593,13 +598,11 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
return NT_STATUS_OK;
}
- *sid_mem = TALLOC_ARRAY(mem_ctx, DOM_SID, num_members);
*names = TALLOC_ARRAY(mem_ctx, char *, num_members);
*name_types = TALLOC_ARRAY(mem_ctx, uint32, num_members);
sids = TALLOC_ARRAY(tmp_ctx, const DOM_SID *, num_members);
- if (((*sid_mem) == NULL) || ((*names) == NULL) ||
- ((*name_types) == NULL) || (sids == NULL)) {
+ if (((*names) == NULL) || ((*name_types) == NULL) || (sids == NULL)) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
@@ -610,12 +613,7 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
*/
for (i=0; i<num_members; i++) {
- DOM_SID *sid = &((*sid_mem)[i]);
- if (!sid_compose(sid, &domain->sid, rids[i])) {
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_INTERNAL_ERROR;
- }
- sids[i] = sid;
+ sids[i] = &((*sid_mem)[i]);
}
result = lookup_sids(tmp_ctx, num_members, sids, 1,
@@ -718,7 +716,7 @@ struct winbindd_methods builtin_passdb_methods = {
builtin_query_user,
lookup_usergroups,
lookup_useraliases,
- builtin_lookup_groupmem,
+ sam_lookup_groupmem,
sequence_number,
lockout_policy,
password_policy,
diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c
index aa2f6670f6..3efd4a9428 100644
--- a/source3/winbindd/winbindd_reconnect.c
+++ b/source3/winbindd/winbindd_reconnect.c
@@ -210,20 +210,23 @@ static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
/* Lookup group membership given a rid. */
static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid, uint32 *num_names,
+ const DOM_SID *group_sid,
+ enum lsa_SidType type,
+ uint32 *num_names,
DOM_SID **sid_mem, char ***names,
uint32 **name_types)
{
NTSTATUS result;
result = msrpc_methods.lookup_groupmem(domain, mem_ctx,
- group_sid, num_names,
+ group_sid, type, num_names,
sid_mem, names,
name_types);
if (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL))
result = msrpc_methods.lookup_groupmem(domain, mem_ctx,
- group_sid, num_names,
+ group_sid, type,
+ num_names,
sid_mem, names,
name_types);
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 9d84612646..f664f22232 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -775,7 +775,9 @@ static NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
/* Lookup group membership given a rid. */
static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid, uint32 *num_names,
+ const DOM_SID *group_sid,
+ enum lsa_SidType type,
+ uint32 *num_names,
DOM_SID **sid_mem, char ***names,
uint32 **name_types)
{