From 59694ad0a4cc489f1baa4c2c94c6322c0f22c1df Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 18 Apr 2023 12:47:04 +0200 Subject: rpc_server3: Pass winbind_env_set() state through to rpcd_* Winbind can ask rpcd_lsad for LookupNames etc. This can recurse back into winbind for getpwnam. We have the "_NO_WINBINDD" environment variable set in winbind itself for this case, but this is lost on the way into rpcd_lsad. Use a flag in global_sid_Samba_NPA_Flags to pass this information to dcerpc_core, where it sets the variable on every call if requested. Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Tue May 16 11:54:32 UTC 2023 on atb-devel-224 --- librpc/rpc/dcesrv_core.c | 17 +++++++++++++++++ librpc/rpc/dcesrv_core.h | 1 + 2 files changed, 18 insertions(+) (limited to 'librpc') diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index d2870046248..d0e68d585e3 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -35,6 +35,7 @@ #include "lib/util/tevent_ntstatus.h" #include "system/network.h" #include "lib/util/idtree_random.h" +#include "nsswitch/winbind_client.h" /** * @file @@ -1839,6 +1840,7 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call) enum dcerpc_transport_t transport = dcerpc_binding_get_transport(endpoint->ep_description); struct ndr_pull *pull; + bool turn_winbind_on = false; NTSTATUS status; if (auth->auth_invalid) { @@ -1954,8 +1956,23 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call) pull->data_size - pull->offset)); } + if (call->state_flags & DCESRV_CALL_STATE_FLAG_WINBIND_OFF) { + bool winbind_active = !winbind_env_set(); + if (winbind_active) { + DBG_DEBUG("turning winbind off\n"); + (void)winbind_off(); + turn_winbind_on = true; + } + } + /* call the dispatch function */ status = call->context->iface->dispatch(call, call, call->r); + + if (turn_winbind_on) { + DBG_DEBUG("turning winbind on\n"); + (void)winbind_on(); + } + if (!NT_STATUS_IS_OK(status)) { DEBUG(5,("dcerpc fault in call %s:%02x - %s\n", call->context->iface->name, diff --git a/librpc/rpc/dcesrv_core.h b/librpc/rpc/dcesrv_core.h index 69815b71f3d..aefb3f12732 100644 --- a/librpc/rpc/dcesrv_core.h +++ b/librpc/rpc/dcesrv_core.h @@ -125,6 +125,7 @@ struct dcesrv_call_state { #define DCESRV_CALL_STATE_FLAG_MAY_ASYNC (1<<1) #define DCESRV_CALL_STATE_FLAG_MULTIPLEXED (1<<3) #define DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL (1<<4) +#define DCESRV_CALL_STATE_FLAG_WINBIND_OFF (1 << 5) uint32_t state_flags; /* the time the request arrived in the server */ -- cgit v1.2.1