Blob Blame History Raw
From 9346945c4b57ffc937f7800202e5c42504750d3d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 18 Nov 2013 14:58:04 +0100
Subject: [PATCH 1/2] s3-lib: Add grpname to talloc_sub_specified().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6366ebb79bb72d9dcb12f8fe8d6e35611fcff150)
---
 source3/include/proto.h          |  1 +
 source3/lib/substitute.c         | 31 +++++++++++++++++++++++++------
 source3/passdb/passdb.c          |  8 ++++----
 source3/passdb/pdb_ldap.c        | 24 +++++++++++++++++++++---
 source3/torture/torture.c        |  2 +-
 source3/utils/net_sam.c          |  2 ++
 source3/winbindd/wb_fill_pwent.c |  4 ++--
 7 files changed, 56 insertions(+), 16 deletions(-)

diff --git a/source3/include/proto.h b/source3/include/proto.h
index ddf3fab..a42faf8 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -222,6 +222,7 @@ char *talloc_sub_basic(TALLOC_CTX *mem_ctx, const char *smb_name,
 char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
 			const char *input_string,
 			const char *username,
+			const char *grpname,
 			const char *domain,
 			uid_t uid,
 			gid_t gid);
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index a254bca..ca2ac79 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -613,6 +613,7 @@ done:
 char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
 			const char *input_string,
 			const char *username,
+			const char *grpname,
 			const char *domain,
 			uid_t uid,
 			gid_t gid)
@@ -648,9 +649,18 @@ char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
 			break;
 		case 'G' :
 			if (gid != -1) {
-				a_string = talloc_string_sub(
-					tmp_ctx, a_string, "%G",
-					gidtoname(gid));
+				const char *name;
+
+				if (grpname != NULL) {
+					name = grpname;
+				} else {
+					name = gidtoname(gid);
+				}
+
+				a_string = talloc_string_sub(tmp_ctx,
+							     a_string,
+							     "%G",
+							     name);
 			} else {
 				a_string = talloc_string_sub(
 					tmp_ctx, a_string,
@@ -659,9 +669,18 @@ char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
 			break;
 		case 'g' :
 			if (gid != -1) {
-				a_string = talloc_string_sub(
-					tmp_ctx, a_string, "%g",
-					gidtoname(gid));
+				const char *name;
+
+				if (grpname != NULL) {
+					name = grpname;
+				} else {
+					name = gidtoname(gid);
+				}
+
+				a_string = talloc_string_sub(tmp_ctx,
+							     a_string,
+							     "%g",
+							     name);
 			} else {
 				a_string = talloc_string_sub(
 					tmp_ctx, a_string, "%g", "NO_GROUP");
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 379d858..5a4620f 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -228,16 +228,16 @@ static NTSTATUS samu_set_unix_internal(struct pdb_methods *methods,
 		/* set some basic attributes */
 
 		pdb_set_profile_path(user, talloc_sub_specified(user, 
-			lp_logon_path(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid), 
+			lp_logon_path(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),
 			PDB_DEFAULT);		
 		pdb_set_homedir(user, talloc_sub_specified(user, 
-			lp_logon_home(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),
+			lp_logon_home(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),
 			PDB_DEFAULT);
 		pdb_set_dir_drive(user, talloc_sub_specified(user, 
-			lp_logon_drive(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),
+			lp_logon_drive(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),
 			PDB_DEFAULT);
 		pdb_set_logon_script(user, talloc_sub_specified(user, 
-			lp_logon_script(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid), 
+			lp_logon_script(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),
 			PDB_DEFAULT);
 	}
 
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index d7db4d8..bb0d3b3 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -5316,11 +5316,29 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
 
 		if (is_machine) {
 			/* TODO: choose a more appropriate default for machines */
-			homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), "SMB_workstations_home", ldap_state->domain_name, uid, gid);
+			homedir = talloc_sub_specified(tmp_ctx,
+						       lp_template_homedir(),
+						       "SMB_workstations_home",
+						       NULL,
+						       ldap_state->domain_name,
+						       uid,
+						       gid);
 			shell = talloc_strdup(tmp_ctx, "/bin/false");
 		} else {
-			homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), name, ldap_state->domain_name, uid, gid);
-			shell = talloc_sub_specified(tmp_ctx, lp_template_shell(), name, ldap_state->domain_name, uid, gid);
+			homedir = talloc_sub_specified(tmp_ctx,
+						       lp_template_homedir(),
+						       name,
+						       NULL,
+						       ldap_state->domain_name,
+						       uid,
+						       gid);
+			shell = talloc_sub_specified(tmp_ctx,
+						     lp_template_shell(),
+						     name,
+						     NULL,
+						     ldap_state->domain_name,
+						     uid,
+						     gid);
 		}
 		uidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)uid);
 		gidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)gid);
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index ee51a4d..b7badc6 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -6553,7 +6553,7 @@ static bool subst_test(const char *str, const char *user, const char *domain,
 	char *subst;
 	bool result = true;
 
-	subst = talloc_sub_specified(talloc_tos(), str, user, domain, uid, gid);
+	subst = talloc_sub_specified(talloc_tos(), str, user, NULL, domain, uid, gid);
 
 	if (strcmp(subst, expected) != 0) {
 		printf("sub_specified(%s, %s, %s, %d, %d) returned [%s], expected "
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 3a752ce..b7b76e8 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -1873,10 +1873,12 @@ doma_done:
 		gidstr = talloc_asprintf(tc, "%u", (unsigned int)domadmins_gid);
 		dir = talloc_sub_specified(tc, lp_template_homedir(),
 						"Administrator",
+						NULL,
 						get_global_sam_name(),
 						uid, domadmins_gid);
 		shell = talloc_sub_specified(tc, lp_template_shell(),
 						"Administrator",
+						NULL,
 						get_global_sam_name(),
 						uid, domadmins_gid);
 
diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c
index 688afc6..3b711bd 100644
--- a/source3/winbindd/wb_fill_pwent.c
+++ b/source3/winbindd/wb_fill_pwent.c
@@ -214,11 +214,11 @@ static bool fillup_pw_field(const char *lp_template,
 
 	if ((in != NULL) && (in[0] != '\0') && (lp_security() == SEC_ADS)) {
 		templ = talloc_sub_specified(talloc_tos(), in,
-					     username, domname,
+					     username, NULL, domname,
 					     uid, gid);
 	} else {
 		templ = talloc_sub_specified(talloc_tos(), lp_template,
-					     username, domname,
+					     username, NULL, domname,
 					     uid, gid);
 	}
 
-- 
1.8.4.3


From 5ccae02f63d655d476d887660f28ad4dce08e790 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 18 Nov 2013 14:58:14 +0100
Subject: [PATCH 2/2] s3-winbind: Pass the group name to fillup_pw_field().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 22 02:04:54 CET 2013 on sn-devel-104

(cherry picked from commit 000172a5ab7e4bfac7ef618d0d78ec7fe95d0e2a)
---
 source3/winbindd/wb_fill_pwent.c | 73 +++++++++++++++++++++++-----------------
 1 file changed, 43 insertions(+), 30 deletions(-)

diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c
index 3b711bd..9d0abbd 100644
--- a/source3/winbindd/wb_fill_pwent.c
+++ b/source3/winbindd/wb_fill_pwent.c
@@ -29,6 +29,7 @@ struct wb_fill_pwent_state {
 
 static bool fillup_pw_field(const char *lp_template,
 			    const char *username,
+			    const char *grpname,
 			    const char *domname,
 			    uid_t uid,
 			    gid_t gid,
@@ -36,7 +37,7 @@ static bool fillup_pw_field(const char *lp_template,
 			    fstring out);
 
 static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq);
-static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq);
+static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq);
 
 struct tevent_req *wb_fill_pwent_send(TALLOC_CTX *mem_ctx,
 				      struct tevent_context *ev,
@@ -90,47 +91,45 @@ static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq)
 
 	state->pw->pw_uid = (uid_t)xid.id;
 
-	subreq = wb_sids2xids_send(state, state->ev, &state->info->group_sid, 1);
+	subreq = wb_getgrsid_send(state, state->ev, &state->info->group_sid, 1);
 	if (tevent_req_nomem(subreq, req)) {
 		return;
 	}
-	tevent_req_set_callback(subreq, wb_fill_pwent_sid2gid_done, req);
+	tevent_req_set_callback(subreq, wb_fill_pwent_getgrsid_done, req);
 }
 
-static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq)
+static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq)
 {
 	struct tevent_req *req = tevent_req_callback_data(
 		subreq, struct tevent_req);
 	struct wb_fill_pwent_state *state = tevent_req_data(
 		req, struct wb_fill_pwent_state);
 	struct winbindd_domain *domain;
-	char *dom_name;
+	const char *dom_name;
+	const char *grp_name;
 	fstring user_name, output_username;
 	char *mapped_name = NULL;
+	struct talloc_dict *members;
+	TALLOC_CTX *tmp_ctx = talloc_stackframe();
 	NTSTATUS status;
-	struct unixid xid;
-
-	status = wb_sids2xids_recv(subreq, &xid);
+	bool ok;
+
+	/* xid handling is done in getgrsid() */
+	status = wb_getgrsid_recv(subreq,
+				  tmp_ctx,
+				  &dom_name,
+				  &grp_name,
+				  &state->pw->pw_gid,
+				  &members);
 	TALLOC_FREE(subreq);
 	if (tevent_req_nterror(req, status)) {
+		talloc_free(tmp_ctx);
 		return;
 	}
 
-	/*
-	 * We are filtering further down in sids2xids, but that filtering
-	 * depends on the actual type of the sid handed in (as determined
-	 * by lookupsids). Here we need to filter for the type of object
-	 * actually requested, in this case gid.
-	 */
-	if (!(xid.type == ID_TYPE_GID || xid.type == ID_TYPE_BOTH)) {
-		tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);
-		return;
-	}
-
-	state->pw->pw_gid = (gid_t)xid.id;
-
 	domain = find_domain_from_sid_noinit(&state->info->user_sid);
 	if (domain == NULL) {
+		talloc_free(tmp_ctx);
 		tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
 		return;
 	}
@@ -166,17 +165,30 @@ static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq)
 	fstrcpy(state->pw->pw_gecos, state->info->full_name);
 
 	/* Home directory and shell */
-
-	if (!fillup_pw_field(lp_template_homedir(), user_name, dom_name,
-			     state->pw->pw_uid, state->pw->pw_gid,
-			     state->info->homedir, state->pw->pw_dir)) {
+	ok = fillup_pw_field(lp_template_homedir(),
+			     user_name,
+			     grp_name,
+			     dom_name,
+			     state->pw->pw_uid,
+			     state->pw->pw_gid,
+			     state->info->homedir,
+			     state->pw->pw_dir);
+	if (!ok) {
+		talloc_free(tmp_ctx);
 		tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
 		return;
 	}
 
-	if (!fillup_pw_field(lp_template_shell(), user_name, dom_name,
-			     state->pw->pw_uid, state->pw->pw_gid,
-			     state->info->shell, state->pw->pw_shell)) {
+	ok = fillup_pw_field(lp_template_shell(),
+			     user_name,
+			     grp_name,
+			     dom_name,
+			     state->pw->pw_uid,
+			     state->pw->pw_gid,
+			     state->info->shell,
+			     state->pw->pw_shell);
+	talloc_free(tmp_ctx);
+	if (!ok) {
 		tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
 		return;
 	}
@@ -195,6 +207,7 @@ NTSTATUS wb_fill_pwent_recv(struct tevent_req *req)
 
 static bool fillup_pw_field(const char *lp_template,
 			    const char *username,
+			    const char *grpname,
 			    const char *domname,
 			    uid_t uid,
 			    gid_t gid,
@@ -214,11 +227,11 @@ static bool fillup_pw_field(const char *lp_template,
 
 	if ((in != NULL) && (in[0] != '\0') && (lp_security() == SEC_ADS)) {
 		templ = talloc_sub_specified(talloc_tos(), in,
-					     username, NULL, domname,
+					     username, grpname, domname,
 					     uid, gid);
 	} else {
 		templ = talloc_sub_specified(talloc_tos(), lp_template,
-					     username, NULL, domname,
+					     username, grpname, domname,
 					     uid, gid);
 	}
 
-- 
1.8.4.3