Skip to content

Commit 89196c9

Browse files
Samuel Cabrerocryptomilk
Samuel Cabrero
authored and
cryptomilk
committed
s3:winbind: Delegate normalize_name_unmap to the idmap child in winbindd_getgroups
Delegate name unmapping to the idmap child to avoid blocking the parent while querying the LDAP server, depending on the idmap configuration. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Jun 24 08:51:39 UTC 2025 on atb-devel-224
1 parent 8e6226a commit 89196c9

File tree

1 file changed

+47
-15
lines changed

1 file changed

+47
-15
lines changed

source3/winbindd/winbindd_getgroups.c

Lines changed: 47 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -21,9 +21,12 @@
2121
#include "winbindd.h"
2222
#include "passdb/lookup_sid.h" /* only for LOOKUP_NAME_NO_NSS flag */
2323
#include "libcli/security/dom_sid.h"
24+
#include "librpc/gen_ndr/ndr_winbind_c.h"
2425

2526
struct winbindd_getgroups_state {
2627
struct tevent_context *ev;
28+
const char *request_name;
29+
const char *unmapped_name;
2730
char *namespace;
2831
char *domname;
2932
char *username;
@@ -38,6 +41,7 @@ struct winbindd_getgroups_state {
3841
static void winbindd_getgroups_lookupname_done(struct tevent_req *subreq);
3942
static void winbindd_getgroups_gettoken_done(struct tevent_req *subreq);
4043
static void winbindd_getgroups_sid2gid_done(struct tevent_req *subreq);
44+
static void winbindd_getgroups_unmap_done(struct tevent_req *subreq);
4145

4246
struct tevent_req *winbindd_getgroups_send(TALLOC_CTX *mem_ctx,
4347
struct tevent_context *ev,
@@ -46,9 +50,6 @@ struct tevent_req *winbindd_getgroups_send(TALLOC_CTX *mem_ctx,
4650
{
4751
struct tevent_req *req, *subreq;
4852
struct winbindd_getgroups_state *state;
49-
char *domuser, *mapped_user;
50-
NTSTATUS status;
51-
bool ok;
5253

5354
req = tevent_req_create(mem_ctx, &state,
5455
struct winbindd_getgroups_state);
@@ -66,37 +67,68 @@ struct tevent_req *winbindd_getgroups_send(TALLOC_CTX *mem_ctx,
6667
(unsigned int)cli->pid,
6768
request->data.username);
6869

69-
domuser = request->data.username;
70+
state->request_name = talloc_strdup(state, request->data.username);
71+
if (tevent_req_nomem(state->request_name, req)) {
72+
return tevent_req_post(req, ev);
73+
}
74+
75+
subreq = dcerpc_wbint_NormalizeNameUnmap_send(state,
76+
state->ev,
77+
idmap_child_handle(),
78+
state->request_name,
79+
&state->unmapped_name);
80+
if (tevent_req_nomem(subreq, req)) {
81+
return tevent_req_post(req, ev);
82+
}
83+
tevent_req_set_callback(subreq, winbindd_getgroups_unmap_done, req);
84+
return req;
85+
}
86+
87+
static void winbindd_getgroups_unmap_done(struct tevent_req *subreq)
88+
{
89+
struct tevent_req *req = tevent_req_callback_data(subreq,
90+
struct tevent_req);
91+
struct winbindd_getgroups_state *state = tevent_req_data(
92+
req, struct winbindd_getgroups_state);
93+
NTSTATUS status;
94+
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
95+
bool ok;
7096

71-
status = normalize_name_unmap(state, domuser, &mapped_user);
97+
status = dcerpc_wbint_NormalizeNameUnmap_recv(subreq, state, &result);
98+
TALLOC_FREE(subreq);
99+
if (tevent_req_nterror(req, status)) {
100+
return;
101+
}
72102

73-
if (NT_STATUS_IS_OK(status)
74-
|| NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
75-
/* normalize_name_unmapped did something */
76-
domuser = mapped_user;
103+
if (NT_STATUS_IS_OK(result) ||
104+
NT_STATUS_EQUAL(result, NT_STATUS_FILE_RENAMED))
105+
{
106+
/* dcerpc_wbint_NormalizeNameUnmap did something */
107+
state->request_name = state->unmapped_name;
77108
}
78109

79-
ok = parse_domain_user(state, domuser,
110+
ok = parse_domain_user(state,
111+
state->request_name,
80112
&state->namespace,
81113
&state->domname,
82114
&state->username);
83115
if (!ok) {
84-
D_WARNING("Could not parse domain user: %s\n", domuser);
116+
D_WARNING("Could not parse domain user: %s\n", state->request_name);
85117
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
86-
return tevent_req_post(req, ev);
118+
return;
87119
}
88120

89-
subreq = wb_lookupname_send(state, ev,
121+
subreq = wb_lookupname_send(state,
122+
state->ev,
90123
state->namespace,
91124
state->domname,
92125
state->username,
93126
LOOKUP_NAME_NO_NSS);
94127
if (tevent_req_nomem(subreq, req)) {
95-
return tevent_req_post(req, ev);
128+
return;
96129
}
97130
tevent_req_set_callback(subreq, winbindd_getgroups_lookupname_done,
98131
req);
99-
return req;
100132
}
101133

102134
static void winbindd_getgroups_lookupname_done(struct tevent_req *subreq)

0 commit comments

Comments
 (0)