From 25465d0bc77dd712b3d94e488f2cf0583fd7ac04 Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@cryptomilk.org>

Date: Tue, 26 Apr 2022 07:10:56 +0200

Subject: [PATCH 1/5] s3:passdb: Remove trailing spaces in lookup_sid.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

Reviewed-by: Jeremy Allison <jra@samba.org>

(cherry picked from commit 756cd0eed30322ae6dbd5402ec11441387475884)

---

 source3/passdb/lookup_sid.c | 18 +++++++++---------

 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c

index a551bcfd24a..3a28cdc68a6 100644

--- a/source3/passdb/lookup_sid.c

+++ b/source3/passdb/lookup_sid.c

@@ -1,4 +1,4 @@

-/* 

+/*

    Unix SMB/CIFS implementation.

    uid/user handling

    Copyright (C) Andrew Tridgell         1992-1998

@@ -72,7 +72,7 @@ static bool lookup_unix_group_name(const char *name, struct dom_sid *sid)

  If an explicit domain name was given in the form domain\user, it

  has to try that. If no explicit domain name was given, we have

  to do guesswork.

-*****************************************************************/  

+*****************************************************************/

 bool lookup_name(TALLOC_CTX *mem_ctx,

 		 const char *full_name, int flags,

@@ -300,7 +300,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,

 		goto ok;

 	}

-	/* 6. Builtin aliases */	

+	/* 6. Builtin aliases */

 	if ((flags & LOOKUP_NAME_BUILTIN) &&

 	    lookup_builtin_name(name, &rid))

@@ -882,7 +882,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,

 	}

 	/* First build up the data structures:

-	 * 

+	 *

 	 * dom_infos is a list of domains referenced in the list of

 	 * SIDs. Later we will walk the list of domains and look up the RIDs

 	 * in bulk.

@@ -1070,7 +1070,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,

 /*****************************************************************

  *THE CANONICAL* convert SID to name function.

-*****************************************************************/  

+*****************************************************************/

 bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,

 		const char **ret_domain, const char **ret_name,

@@ -1104,7 +1104,7 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,

 		goto done;

 	}

-	if ((ret_name != NULL) && 

+	if ((ret_name != NULL) &&

 	    !(*ret_name = talloc_strdup(mem_ctx, name->name))) {

 		goto done;

 	}

@@ -1130,7 +1130,7 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,

 /*****************************************************************

  *THE LEGACY* convert SID to id function.

-*****************************************************************/  

+*****************************************************************/

 static bool legacy_sid_to_unixid(const struct dom_sid *psid, struct unixid *id)

 {

@@ -1465,7 +1465,7 @@ fail:

 /*****************************************************************

  *THE CANONICAL* convert SID to uid function.

-*****************************************************************/  

+*****************************************************************/

 bool sid_to_uid(const struct dom_sid *psid, uid_t *puid)

 {

@@ -1527,7 +1527,7 @@ bool sid_to_uid(const struct dom_sid *psid, uid_t *puid)

 /*****************************************************************

  *THE CANONICAL* convert SID to gid function.

  Group mapping is used for gids that maps to Wellknown SIDs

-*****************************************************************/  

+*****************************************************************/

 bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid)

 {

-- 

2.36.0

From e884efce61290ad6f4125ab4e3adb08bcc1a800d Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@cryptomilk.org>

Date: Tue, 26 Apr 2022 07:12:02 +0200

Subject: [PATCH 2/5] s3:passdb: Add support to handle UPNs in lookup_name()

This address an issue if sssd is running and handling nsswitch. If we look up

a user with getpwnam("DOMAIN\user") it will return user@REALM in the passwd

structure. We need to be able to deal with that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

Reviewed-by: Jeremy Allison <jra@samba.org>

(cherry picked from commit 2a03fb91c1120718ada9d4b8421044cb7eae7b83)

---

 source3/passdb/lookup_sid.c | 14 ++++++++++++--

 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c

index 3a28cdc68a6..c14d7a7b123 100644

--- a/source3/passdb/lookup_sid.c

+++ b/source3/passdb/lookup_sid.c

@@ -100,8 +100,18 @@ bool lookup_name(TALLOC_CTX *mem_ctx,

 					PTR_DIFF(p, full_name));

 		name = talloc_strdup(tmp_ctx, p+1);

 	} else {

-		domain = talloc_strdup(tmp_ctx, "");

-		name = talloc_strdup(tmp_ctx, full_name);

+		char *q = strchr_m(full_name, '@');

+

+		/* Set the domain for UPNs */

+		if (q != NULL) {

+			name = talloc_strndup(tmp_ctx,

+					      full_name,

+					      PTR_DIFF(q, full_name));

+			domain = talloc_strdup(tmp_ctx, q + 1);

+		} else {

+			domain = talloc_strdup(tmp_ctx, "");

+			name = talloc_strdup(tmp_ctx, full_name);

+		}

 	}

 	if ((domain == NULL) || (name == NULL)) {

-- 

2.36.0

From cc548efd5fa1783e8412e7ac695c8d6be3323d67 Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@cryptomilk.org>

Date: Tue, 26 Apr 2022 12:26:25 +0200

Subject: [PATCH 3/5] s3:passdb: Use already defined pointer in

 lookup_name_smbconf()

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

Reviewed-by: Jeremy Allison <jra@samba.org>

(cherry picked from commit ed8e466854d6d8d6120388716a7b604df7a4db27)

---

 source3/passdb/lookup_sid.c | 12 +++++-------

 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c

index c14d7a7b123..dbea5578f92 100644

--- a/source3/passdb/lookup_sid.c

+++ b/source3/passdb/lookup_sid.c

@@ -464,7 +464,7 @@ bool lookup_name_smbconf(TALLOC_CTX *mem_ctx,

 		 const char **ret_domain, const char **ret_name,

 		 struct dom_sid *ret_sid, enum lsa_SidType *ret_type)

 {

-	char *qualified_name;

+	char *qualified_name = NULL;

 	const char *p;

 	if ((p = strchr_m(full_name, *lp_winbind_separator())) != NULL) {

@@ -472,16 +472,14 @@ bool lookup_name_smbconf(TALLOC_CTX *mem_ctx,

 		/* The name is already qualified with a domain. */

 		if (*lp_winbind_separator() != '\\') {

-			char *tmp;

-

 			/* lookup_name() needs '\\' as a separator */

-			tmp = talloc_strdup(mem_ctx, full_name);

-			if (!tmp) {

+			qualified_name = talloc_strdup(mem_ctx, full_name);

+			if (qualified_name == NULL) {

 				return false;

 			}

-			tmp[p - full_name] = '\\';

-			full_name = tmp;

+			qualified_name[p - full_name] = '\\';

+			full_name = qualified_name;

 		}

 		return lookup_name(mem_ctx, full_name, flags,

-- 

2.36.0

From 3ee3336f4a3fbb80ccabe6c1494a68286af55437 Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@cryptomilk.org>

Date: Tue, 26 Apr 2022 07:24:10 +0200

Subject: [PATCH 4/5] s3:passdb: Refactor lookup_name_smbconf()

This will be changed to support UPNs too in the next patch.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

Reviewed-by: Jeremy Allison <jra@samba.org>

(cherry picked from commit 2690310743920dfe20ac235c1e3617e0f421eddc)

---

 source3/passdb/lookup_sid.c | 7 ++++---

 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c

index dbea5578f92..de9dd123239 100644

--- a/source3/passdb/lookup_sid.c

+++ b/source3/passdb/lookup_sid.c

@@ -465,13 +465,14 @@ bool lookup_name_smbconf(TALLOC_CTX *mem_ctx,

 		 struct dom_sid *ret_sid, enum lsa_SidType *ret_type)

 {

 	char *qualified_name = NULL;

-	const char *p;

+	const char *p = strchr_m(full_name, *lp_winbind_separator());

+	bool is_qualified = p != NULL;

-	if ((p = strchr_m(full_name, *lp_winbind_separator())) != NULL) {

+	if (is_qualified) {

 		/* The name is already qualified with a domain. */

-		if (*lp_winbind_separator() != '\\') {

+		if (p != NULL && *lp_winbind_separator() != '\\') {

 			/* lookup_name() needs '\\' as a separator */

 			qualified_name = talloc_strdup(mem_ctx, full_name);

-- 

2.36.0

From 1baa5b170c36854eaa0a5f2c9aba29d50194f750 Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@cryptomilk.org>

Date: Tue, 26 Apr 2022 07:39:12 +0200

Subject: [PATCH 5/5] s3:passdb: Also allow to handle UPNs in

 lookup_name_smbconf()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

Reviewed-by: Jeremy Allison <jra@samba.org>

(cherry picked from commit 28fc44f2852046d03cada161ed1001d04d9e1554)

---

 source3/passdb/lookup_sid.c | 3 ++-

 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c

index de9dd123239..426ea3f81bd 100644

--- a/source3/passdb/lookup_sid.c

+++ b/source3/passdb/lookup_sid.c

@@ -466,8 +466,9 @@ bool lookup_name_smbconf(TALLOC_CTX *mem_ctx,

 {

 	char *qualified_name = NULL;

 	const char *p = strchr_m(full_name, *lp_winbind_separator());

-	bool is_qualified = p != NULL;

+	bool is_qualified = p != NULL || strchr_m(full_name, '@') != NULL;

+	/* For DOMAIN\user or user@REALM directly call lookup_name(). */

 	if (is_qualified) {

 		/* The name is already qualified with a domain. */

-- 

2.36.0