CVE-2020-25717 wb_sids2xids: split out wb_sids2xids_next_sids2unix()

Put the code that calls the per-domain idmap backend
in its own function.

This makes further reconstruction easier.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 79c1d3aaf6d465a8edd1871edb85211f8715fea1)

diff --git a/source3/winbindd/wb_sids2xids.c b/source3/winbindd/wb_sids2xids.c
index 59f6ba5891eb9ebf63c2a71dc49d68a24e839788..725fd857ef5d279d306601620f10f09ce27f498e 100644 (file)
--- a/source3/winbindd/wb_sids2xids.c
+++ b/source3/winbindd/wb_sids2xids.c
@@ -65,6 +65,7 @@ static bool wb_sids2xids_in_cache(struct dom_sid *sid, struct id_map *map);
 static void wb_sids2xids_lookupsids_done(struct tevent_req *subreq);
 static void wb_sids2xids_done(struct tevent_req *subreq);
 static void wb_sids2xids_gotdc(struct tevent_req *subreq);
+static void wb_sids2xids_next_sids2unix(struct tevent_req *req);
 
 struct tevent_req *wb_sids2xids_send(TALLOC_CTX *mem_ctx,
                                     struct tevent_context *ev,
@@ -194,7 +195,6 @@ static void wb_sids2xids_lookupsids_done(struct tevent_req *subreq)
                req, struct wb_sids2xids_state);
        struct lsa_RefDomainList *domains = NULL;
        struct lsa_TransNameArray *names = NULL;
-       struct dcerpc_binding_handle *child_binding_handle = NULL;
        NTSTATUS status;
        uint32_t i;
 
@@ -264,6 +264,16 @@ static void wb_sids2xids_lookupsids_done(struct tevent_req *subreq)
        TALLOC_FREE(names);
        TALLOC_FREE(domains);
 
+       wb_sids2xids_next_sids2unix(req);
+}
+
+static void wb_sids2xids_next_sids2unix(struct tevent_req *req)
+{
+       struct wb_sids2xids_state *state = tevent_req_data(
+               req, struct wb_sids2xids_state);
+       struct tevent_req *subreq = NULL;
+       struct dcerpc_binding_handle *child_binding_handle = NULL;
+
        state->dom_ids = wb_sids2xids_extract_for_domain_index(
                state, &state->ids, state->dom_index);
        if (tevent_req_nomem(state->dom_ids, req)) {
@@ -315,7 +325,6 @@ static void wb_sids2xids_done(struct tevent_req *subreq)
        struct wb_sids2xids_state *state = tevent_req_data(
                req, struct wb_sids2xids_state);
        NTSTATUS status, result;
-       struct dcerpc_binding_handle *child_binding_handle = NULL;
        struct wbint_TransIDArray *src, *dst;
        uint32_t i, src_idx;
 
@@ -376,26 +385,7 @@ static void wb_sids2xids_done(struct tevent_req *subreq)
                return;
        }
 
-       state->dom_ids = wb_sids2xids_extract_for_domain_index(
-               state, &state->ids, state->dom_index);
-       if (tevent_req_nomem(state->dom_ids, req)) {
-               return;
-       }
-
-       state->idmap_dom = (struct lsa_RefDomainList) {
-               .count = 1,
-               .domains = &state->idmap_doms.domains[state->dom_index],
-               .max_size = 1
-       };
-
-       child_binding_handle = idmap_child_handle();
-       subreq = dcerpc_wbint_Sids2UnixIDs_send(
-               state, state->ev, child_binding_handle, &state->idmap_dom,
-               state->dom_ids);
-       if (tevent_req_nomem(subreq, req)) {
-               return;
-       }
-       tevent_req_set_callback(subreq, wb_sids2xids_done, req);
+       wb_sids2xids_next_sids2unix(req);
 }
 
 static void wb_sids2xids_gotdc(struct tevent_req *subreq)