diff options
| author | Volker Lendecke <vl@samba.org> | 2023-04-18 12:47:04 +0200 |
|---|---|---|
| committer | Volker Lendecke <vl@samba.org> | 2023-05-16 11:54:32 +0000 |
| commit | 59694ad0a4cc489f1baa4c2c94c6322c0f22c1df (patch) | |
| tree | 2abfdc5792e6f264f89ca96585a1a3d5ab2d7b05 /librpc | |
| parent | bb3ea36e10079ad9c73c68d7ed8fce51ecb40ebe (diff) | |
| download | samba-59694ad0a4cc489f1baa4c2c94c6322c0f22c1df.tar.gz | |
rpc_server3: Pass winbind_env_set() state through to rpcd_*
Winbind can ask rpcd_lsad for LookupNames etc. This can recurse back
into winbind for getpwnam. We have the "_NO_WINBINDD" environment
variable set in winbind itself for this case, but this is lost on the
way into rpcd_lsad. Use a flag in global_sid_Samba_NPA_Flags to pass
this information to dcerpc_core, where it sets the variable on every
call if requested.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 16 11:54:32 UTC 2023 on atb-devel-224
Diffstat (limited to 'librpc')
| -rw-r--r-- | librpc/rpc/dcesrv_core.c | 17 | ||||
| -rw-r--r-- | librpc/rpc/dcesrv_core.h | 1 |
2 files changed, 18 insertions, 0 deletions
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index d2870046248..d0e68d585e3 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -35,6 +35,7 @@ #include "lib/util/tevent_ntstatus.h" #include "system/network.h" #include "lib/util/idtree_random.h" +#include "nsswitch/winbind_client.h" /** * @file @@ -1839,6 +1840,7 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call) enum dcerpc_transport_t transport = dcerpc_binding_get_transport(endpoint->ep_description); struct ndr_pull *pull; + bool turn_winbind_on = false; NTSTATUS status; if (auth->auth_invalid) { @@ -1954,8 +1956,23 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call) pull->data_size - pull->offset)); } + if (call->state_flags & DCESRV_CALL_STATE_FLAG_WINBIND_OFF) { + bool winbind_active = !winbind_env_set(); + if (winbind_active) { + DBG_DEBUG("turning winbind off\n"); + (void)winbind_off(); + turn_winbind_on = true; + } + } + /* call the dispatch function */ status = call->context->iface->dispatch(call, call, call->r); + + if (turn_winbind_on) { + DBG_DEBUG("turning winbind on\n"); + (void)winbind_on(); + } + if (!NT_STATUS_IS_OK(status)) { DEBUG(5,("dcerpc fault in call %s:%02x - %s\n", call->context->iface->name, diff --git a/librpc/rpc/dcesrv_core.h b/librpc/rpc/dcesrv_core.h index 69815b71f3d..aefb3f12732 100644 --- a/librpc/rpc/dcesrv_core.h +++ b/librpc/rpc/dcesrv_core.h @@ -125,6 +125,7 @@ struct dcesrv_call_state { #define DCESRV_CALL_STATE_FLAG_MAY_ASYNC (1<<1) #define DCESRV_CALL_STATE_FLAG_MULTIPLEXED (1<<3) #define DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL (1<<4) +#define DCESRV_CALL_STATE_FLAG_WINBIND_OFF (1 << 5) uint32_t state_flags; /* the time the request arrived in the server */ |