diff options
author | Ralph Boehme <slow@samba.org> | 2017-03-24 17:06:38 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2017-04-12 01:41:14 +0200 |
commit | 32e752e145395c8dbe73c90250ce471ab6744e8b (patch) | |
tree | 49dedcf38c611aecc0e6cb5011a5647ea9b7e0b3 /source3/winbindd/wb_lookupsids.c | |
parent | 36e01b6232247abdd2d4ad75f405b328456c1b9e (diff) | |
download | samba-32e752e145395c8dbe73c90250ce471ab6744e8b.tar.gz |
winbindd: handling of failed lookupsids in wb_lookupsids_single_done()
If lookupsid() failed with NT_STATUS_SOME_NOT_MAPPED or
NT_STATUS_NONE_MAPPED, if we didn't get a domain name, don't add a fake
domain to the lsa_RefDomainList. Just set the domain index in the
translated name to UINT32_MAX.
It's up to callers like wb_sids2xids to handle such failed mappings and
wb_sids2xids_lookupsids_done() has been updated in a previous commit to
deal with it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3/winbindd/wb_lookupsids.c')
-rw-r--r-- | source3/winbindd/wb_lookupsids.c | 82 |
1 files changed, 35 insertions, 47 deletions
diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c index d7f882084be..dbb24fde0aa 100644 --- a/source3/winbindd/wb_lookupsids.c +++ b/source3/winbindd/wb_lookupsids.c @@ -23,6 +23,7 @@ #include "librpc/gen_ndr/ndr_winbind_c.h" #include "../libcli/security/security.h" #include "passdb/machine_sid.h" +#include "lsa.h" struct wb_lookupsids_domain { struct winbindd_domain *domain; @@ -537,7 +538,8 @@ static void wb_lookupsids_single_done(struct tevent_req *subreq) subreq, struct tevent_req); struct wb_lookupsids_state *state = tevent_req_data( req, struct wb_lookupsids_state); - const char *domain_name, *name; + const char *domain_name = NULL; + const char *name = NULL; enum lsa_SidType type; uint32_t res_sid_index; uint32_t src_rid; @@ -545,67 +547,53 @@ static void wb_lookupsids_single_done(struct tevent_req *subreq) struct dom_sid src_domain_sid; struct lsa_DomainInfo src_domain; struct lsa_RefDomainList src_domains; + struct lsa_RefDomainList *psrc_domains = NULL; struct lsa_TranslatedName src_name; + uint32_t domain_idx = UINT32_MAX; NTSTATUS status; + bool ok; status = wb_lookupsid_recv(subreq, talloc_tos(), &type, &domain_name, &name); TALLOC_FREE(subreq); - if (!NT_STATUS_IS_OK(status)) { - struct winbindd_domain *wb_domain = NULL; - const char *tmpname; - - type = SID_NAME_UNKNOWN; - - res_sid_index = state->single_sids[state->single_sids_done]; - wb_domain = find_domain_from_sid_noinit(&state->sids[res_sid_index]); - if (wb_domain != NULL) { - /* - * If the lookupsid failed because the rid not - * found in a domain and we have a reference - * to the lookup domain, use the name from - * there. - * - * Callers like sid2xid will use the domain - * name in the idmap backend to figure out - * which domain to use in processing. - */ - tmpname = wb_domain->name; - } else { - tmpname = ""; - } - domain_name = talloc_strdup(talloc_tos(), tmpname); - if (tevent_req_nomem(domain_name, req)) { - return; - } - name = talloc_strdup(talloc_tos(), ""); - if (tevent_req_nomem(name, req)) { - return; - } + if (NT_STATUS_LOOKUP_ERR(status)) { + tevent_req_nterror(req, status); + return; } - /* - * Fake up structs for wb_lookupsids_move_name - */ res_sid_index = state->single_sids[state->single_sids_done]; - sid_copy(&src_domain_sid, &state->sids[res_sid_index]); - sid_split_rid(&src_domain_sid, &src_rid); - src_domain.name.string = domain_name; - src_domain.sid = &src_domain_sid; + if ((domain_name != NULL) && (domain_name[0] != '\0')) { + /* + * Build structs with the domain name for + * wb_lookupsids_move_name(). If we didn't get a name, we will + * pass NULL and UINT32_MAX. + */ - src_domains.count = 1; - src_domains.domains = &src_domain; + sid_copy(&src_domain_sid, &state->sids[res_sid_index]); + sid_split_rid(&src_domain_sid, &src_rid); + + src_domain.name.string = domain_name; + src_domain.sid = &src_domain_sid; + + src_domains.count = 1; + src_domains.domains = &src_domain; + psrc_domains = &src_domains; + + domain_idx = 0; + } src_name.sid_type = type; src_name.name.string = name; - src_name.sid_index = 0; - - if (!wb_lookupsids_move_name( - &src_domains, &src_name, - state->res_domains, state->res_names, - res_sid_index)) { + src_name.sid_index = domain_idx; + + ok = wb_lookupsids_move_name(psrc_domains, + &src_name, + state->res_domains, + state->res_names, + res_sid_index); + if (!ok) { tevent_req_oom(req); return; } |