sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

winbindd: trigger possible passdb_dsdb initialisation

Browse Source 
If the passdb backend is passdb_dsdb the domain SID comes from dsdb, not
from secrets.tdb. As we use the domain SID in various places, we must
ensure the domain SID is migrated from dsdb to secrets.tdb before
get_global_sam_sid() is called the first time.

The migration is done as part of the passdb_dsdb initialisation, calling
pdb_get_domain_info() triggers it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12729

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr  1 21:18:59 CEST 2017 on sn-devel-144
This commit is contained in:
Ralph Boehme 2017-03-29 11:13:46 +02:00 committed by Jeremy Allison
parent 8bd5f774fd
commit 8b32fc4006
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
selftest/knownfail
View File

@ -222,10 +222,6 @@
# #
^samba4.winbind.struct.domain_info\(s4member:local\) ^samba4.winbind.struct.domain_info\(s4member:local\)
^samba4.winbind.struct.getdcname\(s4member:local\) ^samba4.winbind.struct.getdcname\(s4member:local\)
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -r against s4member\(s4member:local\)
^samba.blackbox.wbinfo\(s4member:local\).wbinfo --user-sids against s4member\(s4member:local\)
^samba.wbinfo_simple.\(s4member:local\).--user-groups
^samba.nss.test using winbind\(s4member:local\)
# #
# These fail since ad_dc_ntvfs assigns the local user's uid to SAMBADOMAIN/Administrator # These fail since ad_dc_ntvfs assigns the local user's uid to SAMBADOMAIN/Administrator
# hence we have a duplicate UID in nsswitch. # hence we have a duplicate UID in nsswitch.

14
source3/winbindd/winbindd_util.c
View File

@ -795,6 +795,7 @@ static bool migrate_secrets_tdb_to_ldb(struct winbindd_domain *domain)
bool init_domain_list(void) bool init_domain_list(void)
{ {
int role = lp_server_role(); int role = lp_server_role();
struct pdb_domain_info *pdb_domain_info = NULL;
NTSTATUS status; NTSTATUS status;
/* Free existing list */ /* Free existing list */
@ -806,15 +807,24 @@ bool init_domain_list(void)
/* Local SAM */ /* Local SAM */
/*
* In case the passdb backend is passdb_dsdb the domain SID comes from
* dsdb, not from secrets.tdb. As we use the domain SID in various
* places, we must ensure the domain SID is migrated from dsdb to
* secrets.tdb before get_global_sam_sid() is called the first time.
*
* The migration is done as part of the passdb_dsdb initialisation,
* calling pdb_get_domain_info() triggers it.
*/
pdb_domain_info = pdb_get_domain_info(talloc_tos());
if ( role == ROLE_ACTIVE_DIRECTORY_DC ) { if ( role == ROLE_ACTIVE_DIRECTORY_DC ) {
struct winbindd_domain *domain; struct winbindd_domain *domain;
enum netr_SchannelType sec_chan_type; enum netr_SchannelType sec_chan_type;
const char *account_name; const char *account_name;
struct samr_Password current_nt_hash; struct samr_Password current_nt_hash;
struct pdb_domain_info *pdb_domain_info;
bool ok; bool ok;
pdb_domain_info = pdb_get_domain_info(talloc_tos());
if (pdb_domain_info == NULL) { if (pdb_domain_info == NULL) {
DEBUG(0, ("Failed to fetch our own, local AD " DEBUG(0, ("Failed to fetch our own, local AD "
"domain info from sam.ldb\n")); "domain info from sam.ldb\n"));