[ipfire-2.x.git] / src / patches / samba / samba-3.6.99-fix_setup_domain_child_logic.patch

commit 9dd0bb462b613a5f6f41d4130bfd31c0a64debd7
Author:     Jeremy Allison <jra@samba.org>
AuthorDate: Mon Jan 13 15:23:00 2014 +0100
Commit:     Andreas Schneider <asn@samba.org>
CommitDate: Wed Feb 5 11:45:44 2014 +0100

    s3-winbind: Move setup_domain_child() into add_trusted_domain().
    
    Ensure it only gets called when a new domain is allocated
    and added to the list.
    
    This should fix problems with the previous logic where
    setup_domain_child() was called in places where an existing
    domain was returned.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358
---
 source3/winbindd/winbindd_util.c | 74 ++++++++++++++++++----------------------
 1 file changed, 33 insertions(+), 41 deletions(-)

diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 37b6578..353722e 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -89,7 +89,10 @@ static bool is_in_internal_domain(const struct dom_sid *sid)
 }
 
 
-/* Add a trusted domain to our list of domains */
+/* Add a trusted domain to our list of domains.
+   If the domain already exists in the list,
+   return it and don't re-initialize.
+ */
 static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name,
 						  struct winbindd_methods *methods,
 						  const struct dom_sid *sid)
@@ -99,6 +102,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
 	char *idmap_config_option;
 	const char *param;
 	const char **ignored_domains, **dom;
+	int role = lp_server_role();
 
 	ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL);
 	for (dom=ignored_domains; dom && *dom; dom++) {
@@ -146,7 +150,10 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
 
 	if (domain != NULL) {
 		/*
-		 * We found a match. Possibly update the SID
+		 * We found a match on domain->name or
+		 * domain->alt_name. Possibly update the SID
+		 * if the stored SID was the NULL SID
+		 * and return the matching entry.
 		 */
 		if ((sid != NULL)
 		    && dom_sid_equal(&domain->sid, &global_sid_NULL)) {
@@ -192,6 +199,15 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
 		sid_copy(&domain->sid, sid);
 	}
 
+	/* Is this our primary domain ? */
+	if (strequal(domain_name, get_global_sam_name()) &&
+	    (role != ROLE_DOMAIN_MEMBER)) {
+		domain->primary = true;
+	} else if (strequal(domain_name, lp_workgroup()) &&
+		   (role == ROLE_DOMAIN_MEMBER)) {
+		domain->primary = true;
+	}
+
 	/* Link to domain list */
 	DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *);
 
@@ -228,6 +244,8 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
 
 done:
 
+	setup_domain_child(domain);
+
 	DEBUG(2,("Added domain %s %s %s\n",
 		 domain->name, domain->alt_name,
 		 &domain->sid?sid_string_dbg(&domain->sid):""));
@@ -341,18 +359,10 @@ static void trustdom_list_done(struct tevent_req *req)
  		   necessary.  This is important because we need the
  		   SID for sibling domains */
 
-		if ( find_domain_from_name_noinit(p) != NULL ) {
-			domain = add_trusted_domain(p, alternate_name,
-						    &cache_methods,
-						    &sid);
-		} else {
-			domain = add_trusted_domain(p, alternate_name,
-						    &cache_methods,
-						    &sid);
-			if (domain) {
-				setup_domain_child(domain);
-			}
-		}
+		(void)add_trusted_domain(p, alternate_name,
+					    &cache_methods,
+					    &sid);
+
 		p=q;
 		if (p != NULL)
 			p += 1;
@@ -422,13 +432,10 @@ static void rescan_forest_root_trusts( void )
 		d = find_domain_from_name_noinit( dom_list[i].domain_name );
 
 		if ( !d ) {
-			d = add_trusted_domain( dom_list[i].domain_name,
+			(void)add_trusted_domain( dom_list[i].domain_name,
 						dom_list[i].dns_name,
 						&cache_methods,
-						&dom_list[i].sid );
-			if (d != NULL) {
-				setup_domain_child(d);
-			}
+						&dom_list[i].sid);
 		}
 
 		if (d == NULL) {
@@ -494,13 +501,10 @@ static void rescan_forest_trusts( void )
 			   about it */
 
 			if ( !d ) {
-				d = add_trusted_domain( dom_list[i].domain_name,
+				(void)add_trusted_domain( dom_list[i].domain_name,
 							dom_list[i].dns_name,
 							&cache_methods,
-							&dom_list[i].sid );
-				if (d != NULL) {
-					setup_domain_child(d);
-				}
+							&dom_list[i].sid);
 			}
 
 			if (d == NULL) {
@@ -601,7 +605,6 @@ enum winbindd_result winbindd_dual_init_connection(struct winbindd_domain *domai
 /* Look up global info for the winbind daemon */
 bool init_domain_list(void)
 {
-	struct winbindd_domain *domain;
 	int role = lp_server_role();
 
 	/* Free existing list */
@@ -609,26 +612,18 @@ bool init_domain_list(void)
 
 	/* BUILTIN domain */
 
-	domain = add_trusted_domain("BUILTIN", NULL, &cache_methods,
-				    &global_sid_Builtin);
-	if (domain) {
-		setup_domain_child(domain);
-	}
+	(void)add_trusted_domain("BUILTIN", NULL, &cache_methods,
+				 &global_sid_Builtin);
 
 	/* Local SAM */
 
-	domain = add_trusted_domain(get_global_sam_name(), NULL,
-				    &cache_methods, get_global_sam_sid());
-	if (domain) {
-		if ( role != ROLE_DOMAIN_MEMBER ) {
-			domain->primary = True;
-		}
-		setup_domain_child(domain);
-	}
+	(void)add_trusted_domain(get_global_sam_name(), NULL,
+				 &cache_methods, get_global_sam_sid());
 
 	/* Add ourselves as the first entry. */
 
 	if ( role == ROLE_DOMAIN_MEMBER ) {
+		struct winbindd_domain *domain;
 		struct dom_sid our_sid;
 
 		if (!secrets_fetch_domain_sid(lp_workgroup(), &our_sid)) {
@@ -639,9 +634,6 @@ bool init_domain_list(void)
 		domain = add_trusted_domain( lp_workgroup(), lp_realm(),
 					     &cache_methods, &our_sid);
 		if (domain) {
-			domain->primary = True;
-			setup_domain_child(domain);
-
 			/* Even in the parent winbindd we'll need to
 			   talk to the DC, so try and see if we can
 			   contact it. Theoretically this isn't neccessary
Commit	Line	Data
1d13e637 AF	1	commit 9dd0bb462b613a5f6f41d4130bfd31c0a64debd7
	2	Author: Jeremy Allison <jra@samba.org>
	3	AuthorDate: Mon Jan 13 15:23:00 2014 +0100
	4	Commit: Andreas Schneider <asn@samba.org>
	5	CommitDate: Wed Feb 5 11:45:44 2014 +0100
	6
	7	s3-winbind: Move setup_domain_child() into add_trusted_domain().
	8
	9	Ensure it only gets called when a new domain is allocated
	10	and added to the list.
	11
	12	This should fix problems with the previous logic where
	13	setup_domain_child() was called in places where an existing
	14	domain was returned.
	15
	16	BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358
	17	---
	18	source3/winbindd/winbindd_util.c \| 74 ++++++++++++++++++----------------------
	19	1 file changed, 33 insertions(+), 41 deletions(-)
	20
	21	diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
	22	index 37b6578..353722e 100644
	23	--- a/source3/winbindd/winbindd_util.c
	24	+++ b/source3/winbindd/winbindd_util.c
	25	@@ -89,7 +89,10 @@ static bool is_in_internal_domain(const struct dom_sid *sid)
	26	}
	27
	28
	29	-/* Add a trusted domain to our list of domains */
	30	+/* Add a trusted domain to our list of domains.
	31	+ If the domain already exists in the list,
	32	+ return it and don't re-initialize.
	33	+ */
	34	static struct winbindd_domain add_trusted_domain(const char domain_name, const char *alt_name,
	35	struct winbindd_methods *methods,
	36	const struct dom_sid *sid)
	37	@@ -99,6 +102,7 @@ static struct winbindd_domain add_trusted_domain(const char domain_name, const
	38	char *idmap_config_option;
	39	const char *param;
	40	const char ignored_domains, dom;
	41	+ int role = lp_server_role();
	42
	43	ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL);
	44	for (dom=ignored_domains; dom && *dom; dom++) {
	45	@@ -146,7 +150,10 @@ static struct winbindd_domain add_trusted_domain(const char domain_name, const
	46
	47	if (domain != NULL) {
	48	/*
	49	- * We found a match. Possibly update the SID
	50	+ * We found a match on domain->name or
	51	+ * domain->alt_name. Possibly update the SID
	52	+ * if the stored SID was the NULL SID
	53	+ * and return the matching entry.
	54	*/
	55	if ((sid != NULL)
	56	&& dom_sid_equal(&domain->sid, &global_sid_NULL)) {
	57	@@ -192,6 +199,15 @@ static struct winbindd_domain add_trusted_domain(const char domain_name, const
	58	sid_copy(&domain->sid, sid);
	59	}
	60
	61	+ /* Is this our primary domain ? */
	62	+ if (strequal(domain_name, get_global_sam_name()) &&
	63	+ (role != ROLE_DOMAIN_MEMBER)) {
	64	+ domain->primary = true;
65	+ } else if (strequal(domain_name, lp_workgroup()) &&
66	+ (role == ROLE_DOMAIN_MEMBER)) {
67	+ domain->primary = true;
68	+ }
69	+
70	/* Link to domain list */
71	DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *);
72
73	@@ -228,6 +244,8 @@ static struct winbindd_domain add_trusted_domain(const char domain_name, const
74
75	done:
76
77	+ setup_domain_child(domain);
78	+
79	DEBUG(2,("Added domain %s %s %s\n",
80	domain->name, domain->alt_name,
81	&domain->sid?sid_string_dbg(&domain->sid):""));
82	@@ -341,18 +359,10 @@ static void trustdom_list_done(struct tevent_req *req)
83	necessary. This is important because we need the
84	SID for sibling domains */
85
86	- if ( find_domain_from_name_noinit(p) != NULL ) {
87	- domain = add_trusted_domain(p, alternate_name,
88	- &cache_methods,
89	- &sid);
90	- } else {
91	- domain = add_trusted_domain(p, alternate_name,
92	- &cache_methods,
93	- &sid);
94	- if (domain) {
95	- setup_domain_child(domain);
96	- }
97	- }
98	+ (void)add_trusted_domain(p, alternate_name,
99	+ &cache_methods,
100	+ &sid);
101	+
102	p=q;
103	if (p != NULL)
104	p += 1;
105	@@ -422,13 +432,10 @@ static void rescan_forest_root_trusts( void )
106	d = find_domain_from_name_noinit( dom_list[i].domain_name );
107
108	if ( !d ) {
109	- d = add_trusted_domain( dom_list[i].domain_name,
110	+ (void)add_trusted_domain( dom_list[i].domain_name,
111	dom_list[i].dns_name,
112	&cache_methods,
113	- &dom_list[i].sid );
114	- if (d != NULL) {
115	- setup_domain_child(d);
116	- }
117	+ &dom_list[i].sid);
118	}
119
120	if (d == NULL) {
121	@@ -494,13 +501,10 @@ static void rescan_forest_trusts( void )
122	about it */
123
124	if ( !d ) {
125	- d = add_trusted_domain( dom_list[i].domain_name,
126	+ (void)add_trusted_domain( dom_list[i].domain_name,
127	dom_list[i].dns_name,
128	&cache_methods,
129	- &dom_list[i].sid );
130	- if (d != NULL) {
131	- setup_domain_child(d);
132	- }
133	+ &dom_list[i].sid);
134	}
135
136	if (d == NULL) {
137	@@ -601,7 +605,6 @@ enum winbindd_result winbindd_dual_init_connection(struct winbindd_domain *domai
138	/* Look up global info for the winbind daemon */
139	bool init_domain_list(void)
140	{
141	- struct winbindd_domain *domain;
142	int role = lp_server_role();
143
144	/* Free existing list */
145	@@ -609,26 +612,18 @@ bool init_domain_list(void)
146
147	/* BUILTIN domain */
148
149	- domain = add_trusted_domain("BUILTIN", NULL, &cache_methods,
150	- &global_sid_Builtin);
151	- if (domain) {
152	- setup_domain_child(domain);
153	- }
154	+ (void)add_trusted_domain("BUILTIN", NULL, &cache_methods,
155	+ &global_sid_Builtin);
156
157	/* Local SAM */
158
159	- domain = add_trusted_domain(get_global_sam_name(), NULL,
160	- &cache_methods, get_global_sam_sid());
161	- if (domain) {
162	- if ( role != ROLE_DOMAIN_MEMBER ) {
163	- domain->primary = True;
164	- }
165	- setup_domain_child(domain);
166	- }
167	+ (void)add_trusted_domain(get_global_sam_name(), NULL,
168	+ &cache_methods, get_global_sam_sid());
169
170	/* Add ourselves as the first entry. */
171
172	if ( role == ROLE_DOMAIN_MEMBER ) {
173	+ struct winbindd_domain *domain;
174	struct dom_sid our_sid;
175
176	if (!secrets_fetch_domain_sid(lp_workgroup(), &our_sid)) {
177	@@ -639,9 +634,6 @@ bool init_domain_list(void)
178	domain = add_trusted_domain( lp_workgroup(), lp_realm(),
179	&cache_methods, &our_sid);
180	if (domain) {
181	- domain->primary = True;
182	- setup_domain_child(domain);
183	-
184	/* Even in the parent winbindd we'll need to
185	talk to the DC, so try and see if we can
186	contact it. Theoretically this isn't neccessary