From 9346945c4b57ffc937f7800202e5c42504750d3d Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@samba.org>

Date: Mon, 18 Nov 2013 14:58:04 +0100

Subject: [PATCH 1/2] s3-lib: Add grpname to talloc_sub_specified().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191

Signed-off-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Jeremy Allison <jra@samba.org>

(cherry picked from commit 6366ebb79bb72d9dcb12f8fe8d6e35611fcff150)

---

 source3/include/proto.h          |  1 +

 source3/lib/substitute.c         | 31 +++++++++++++++++++++++++------

 source3/passdb/passdb.c          |  8 ++++----

 source3/passdb/pdb_ldap.c        | 24 +++++++++++++++++++++---

 source3/torture/torture.c        |  2 +-

 source3/utils/net_sam.c          |  2 ++

 source3/winbindd/wb_fill_pwent.c |  4 ++--

 7 files changed, 56 insertions(+), 16 deletions(-)

diff --git a/source3/include/proto.h b/source3/include/proto.h

index ddf3fab..a42faf8 100644

--- a/source3/include/proto.h

+++ b/source3/include/proto.h

@@ -222,6 +222,7 @@ char *talloc_sub_basic(TALLOC_CTX *mem_ctx, const char *smb_name,

 char *talloc_sub_specified(TALLOC_CTX *mem_ctx,

 			const char *input_string,

 			const char *username,

+			const char *grpname,

 			const char *domain,

 			uid_t uid,

 			gid_t gid);

diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c

index a254bca..ca2ac79 100644

--- a/source3/lib/substitute.c

+++ b/source3/lib/substitute.c

@@ -613,6 +613,7 @@ done:

 char *talloc_sub_specified(TALLOC_CTX *mem_ctx,

 			const char *input_string,

 			const char *username,

+			const char *grpname,

 			const char *domain,

 			uid_t uid,

 			gid_t gid)

@@ -648,9 +649,18 @@ char *talloc_sub_specified(TALLOC_CTX *mem_ctx,

 			break;

 		case 'G' :

 			if (gid != -1) {

-				a_string = talloc_string_sub(

-					tmp_ctx, a_string, "%G",

-					gidtoname(gid));

+				const char *name;

+

+				if (grpname != NULL) {

+					name = grpname;

+				} else {

+					name = gidtoname(gid);

+				}

+

+				a_string = talloc_string_sub(tmp_ctx,

+							     a_string,

+							     "%G",

+							     name);

 			} else {

 				a_string = talloc_string_sub(

 					tmp_ctx, a_string,

@@ -659,9 +669,18 @@ char *talloc_sub_specified(TALLOC_CTX *mem_ctx,

 			break;

 		case 'g' :

 			if (gid != -1) {

-				a_string = talloc_string_sub(

-					tmp_ctx, a_string, "%g",

-					gidtoname(gid));

+				const char *name;

+

+				if (grpname != NULL) {

+					name = grpname;

+				} else {

+					name = gidtoname(gid);

+				}

+

+				a_string = talloc_string_sub(tmp_ctx,

+							     a_string,

+							     "%g",

+							     name);

 			} else {

 				a_string = talloc_string_sub(

 					tmp_ctx, a_string, "%g", "NO_GROUP");

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c

index 379d858..5a4620f 100644

--- a/source3/passdb/passdb.c

+++ b/source3/passdb/passdb.c

@@ -228,16 +228,16 @@ static NTSTATUS samu_set_unix_internal(struct pdb_methods *methods,

 		/* set some basic attributes */

 		pdb_set_profile_path(user, talloc_sub_specified(user, 

-			lp_logon_path(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid), 

+			lp_logon_path(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),

 			PDB_DEFAULT);		

 		pdb_set_homedir(user, talloc_sub_specified(user, 

-			lp_logon_home(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),

+			lp_logon_home(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),

 			PDB_DEFAULT);

 		pdb_set_dir_drive(user, talloc_sub_specified(user, 

-			lp_logon_drive(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),

+			lp_logon_drive(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),

 			PDB_DEFAULT);

 		pdb_set_logon_script(user, talloc_sub_specified(user, 

-			lp_logon_script(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid), 

+			lp_logon_script(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),

 			PDB_DEFAULT);

 	}

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c

index d7db4d8..bb0d3b3 100644

--- a/source3/passdb/pdb_ldap.c

+++ b/source3/passdb/pdb_ldap.c

@@ -5316,11 +5316,29 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,

 		if (is_machine) {

 			/* TODO: choose a more appropriate default for machines */

-			homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), "SMB_workstations_home", ldap_state->domain_name, uid, gid);

+			homedir = talloc_sub_specified(tmp_ctx,

+						       lp_template_homedir(),

+						       "SMB_workstations_home",

+						       NULL,

+						       ldap_state->domain_name,

+						       uid,

+						       gid);

 			shell = talloc_strdup(tmp_ctx, "/bin/false");

 		} else {

-			homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), name, ldap_state->domain_name, uid, gid);

-			shell = talloc_sub_specified(tmp_ctx, lp_template_shell(), name, ldap_state->domain_name, uid, gid);

+			homedir = talloc_sub_specified(tmp_ctx,

+						       lp_template_homedir(),

+						       name,

+						       NULL,

+						       ldap_state->domain_name,

+						       uid,

+						       gid);

+			shell = talloc_sub_specified(tmp_ctx,

+						     lp_template_shell(),

+						     name,

+						     NULL,

+						     ldap_state->domain_name,

+						     uid,

+						     gid);

 		}

 		uidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)uid);

 		gidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)gid);

diff --git a/source3/torture/torture.c b/source3/torture/torture.c

index ee51a4d..b7badc6 100644

--- a/source3/torture/torture.c

+++ b/source3/torture/torture.c

@@ -6553,7 +6553,7 @@ static bool subst_test(const char *str, const char *user, const char *domain,

 	char *subst;

 	bool result = true;

-	subst = talloc_sub_specified(talloc_tos(), str, user, domain, uid, gid);

+	subst = talloc_sub_specified(talloc_tos(), str, user, NULL, domain, uid, gid);

 	if (strcmp(subst, expected) != 0) {

 		printf("sub_specified(%s, %s, %s, %d, %d) returned [%s], expected "

diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c

index 3a752ce..b7b76e8 100644

--- a/source3/utils/net_sam.c

+++ b/source3/utils/net_sam.c

@@ -1873,10 +1873,12 @@ doma_done:

 		gidstr = talloc_asprintf(tc, "%u", (unsigned int)domadmins_gid);

 		dir = talloc_sub_specified(tc, lp_template_homedir(),

 						"Administrator",

+						NULL,

 						get_global_sam_name(),

 						uid, domadmins_gid);

 		shell = talloc_sub_specified(tc, lp_template_shell(),

 						"Administrator",

+						NULL,

 						get_global_sam_name(),

 						uid, domadmins_gid);

diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c

index 688afc6..3b711bd 100644

--- a/source3/winbindd/wb_fill_pwent.c

+++ b/source3/winbindd/wb_fill_pwent.c

@@ -214,11 +214,11 @@ static bool fillup_pw_field(const char *lp_template,

 	if ((in != NULL) && (in[0] != '\0') && (lp_security() == SEC_ADS)) {

 		templ = talloc_sub_specified(talloc_tos(), in,

-					     username, domname,

+					     username, NULL, domname,

 					     uid, gid);

 	} else {

 		templ = talloc_sub_specified(talloc_tos(), lp_template,

-					     username, domname,

+					     username, NULL, domname,

 					     uid, gid);

 	}

-- 

1.8.4.3

From 5ccae02f63d655d476d887660f28ad4dce08e790 Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@samba.org>

Date: Mon, 18 Nov 2013 14:58:14 +0100

Subject: [PATCH 2/2] s3-winbind: Pass the group name to fillup_pw_field().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191

Signed-off-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>

Autobuild-Date(master): Fri Nov 22 02:04:54 CET 2013 on sn-devel-104

(cherry picked from commit 000172a5ab7e4bfac7ef618d0d78ec7fe95d0e2a)

---

 source3/winbindd/wb_fill_pwent.c | 73 +++++++++++++++++++++++-----------------

 1 file changed, 43 insertions(+), 30 deletions(-)

diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c

index 3b711bd..9d0abbd 100644

--- a/source3/winbindd/wb_fill_pwent.c

+++ b/source3/winbindd/wb_fill_pwent.c

@@ -29,6 +29,7 @@ struct wb_fill_pwent_state {

 static bool fillup_pw_field(const char *lp_template,

 			    const char *username,

+			    const char *grpname,

 			    const char *domname,

 			    uid_t uid,

 			    gid_t gid,

@@ -36,7 +37,7 @@ static bool fillup_pw_field(const char *lp_template,

 			    fstring out);

 static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq);

-static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq);

+static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq);

 struct tevent_req *wb_fill_pwent_send(TALLOC_CTX *mem_ctx,

 				      struct tevent_context *ev,

@@ -90,47 +91,45 @@ static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq)

 	state->pw->pw_uid = (uid_t)xid.id;

-	subreq = wb_sids2xids_send(state, state->ev, &state->info->group_sid, 1);

+	subreq = wb_getgrsid_send(state, state->ev, &state->info->group_sid, 1);

 	if (tevent_req_nomem(subreq, req)) {

 		return;

 	}

-	tevent_req_set_callback(subreq, wb_fill_pwent_sid2gid_done, req);

+	tevent_req_set_callback(subreq, wb_fill_pwent_getgrsid_done, req);

 }

-static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq)

+static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq)

 {

 	struct tevent_req *req = tevent_req_callback_data(

 		subreq, struct tevent_req);

 	struct wb_fill_pwent_state *state = tevent_req_data(

 		req, struct wb_fill_pwent_state);

 	struct winbindd_domain *domain;

-	char *dom_name;

+	const char *dom_name;

+	const char *grp_name;

 	fstring user_name, output_username;

 	char *mapped_name = NULL;

+	struct talloc_dict *members;

+	TALLOC_CTX *tmp_ctx = talloc_stackframe();

 	NTSTATUS status;

-	struct unixid xid;

-

-	status = wb_sids2xids_recv(subreq, &xid;;

+	bool ok;

+

+	/* xid handling is done in getgrsid() */

+	status = wb_getgrsid_recv(subreq,

+				  tmp_ctx,

+				  &dom_name,

+				  &grp_name,

+				  &state->pw->pw_gid,

+				  &members);

 	TALLOC_FREE(subreq);

 	if (tevent_req_nterror(req, status)) {

+		talloc_free(tmp_ctx);

 		return;

 	}

-	/*

-	 * We are filtering further down in sids2xids, but that filtering

-	 * depends on the actual type of the sid handed in (as determined

-	 * by lookupsids). Here we need to filter for the type of object

-	 * actually requested, in this case gid.

-	 */

-	if (!(xid.type == ID_TYPE_GID || xid.type == ID_TYPE_BOTH)) {

-		tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);

-		return;

-	}

-

-	state->pw->pw_gid = (gid_t)xid.id;

-

 	domain = find_domain_from_sid_noinit(&state->info->user_sid);

 	if (domain == NULL) {

+		talloc_free(tmp_ctx);

 		tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);

 		return;

 	}

@@ -166,17 +165,30 @@ static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq)

 	fstrcpy(state->pw->pw_gecos, state->info->full_name);

 	/* Home directory and shell */

-

-	if (!fillup_pw_field(lp_template_homedir(), user_name, dom_name,

-			     state->pw->pw_uid, state->pw->pw_gid,

-			     state->info->homedir, state->pw->pw_dir)) {

+	ok = fillup_pw_field(lp_template_homedir(),

+			     user_name,

+			     grp_name,

+			     dom_name,

+			     state->pw->pw_uid,

+			     state->pw->pw_gid,

+			     state->info->homedir,

+			     state->pw->pw_dir);

+	if (!ok) {

+		talloc_free(tmp_ctx);

 		tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);

 		return;

 	}

-	if (!fillup_pw_field(lp_template_shell(), user_name, dom_name,

-			     state->pw->pw_uid, state->pw->pw_gid,

-			     state->info->shell, state->pw->pw_shell)) {

+	ok = fillup_pw_field(lp_template_shell(),

+			     user_name,

+			     grp_name,

+			     dom_name,

+			     state->pw->pw_uid,

+			     state->pw->pw_gid,

+			     state->info->shell,

+			     state->pw->pw_shell);

+	talloc_free(tmp_ctx);

+	if (!ok) {

 		tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);

 		return;

 	}

@@ -195,6 +207,7 @@ NTSTATUS wb_fill_pwent_recv(struct tevent_req *req)

 static bool fillup_pw_field(const char *lp_template,

 			    const char *username,

+			    const char *grpname,

 			    const char *domname,

 			    uid_t uid,

 			    gid_t gid,

@@ -214,11 +227,11 @@ static bool fillup_pw_field(const char *lp_template,

 	if ((in != NULL) && (in[0] != '\0') && (lp_security() == SEC_ADS)) {

 		templ = talloc_sub_specified(talloc_tos(), in,

-					     username, NULL, domname,

+					     username, grpname, domname,

 					     uid, gid);

 	} else {

 		templ = talloc_sub_specified(talloc_tos(), lp_template,

-					     username, NULL, domname,

+					     username, grpname, domname,

 					     uid, gid);

 	}

-- 

1.8.4.3