Print this page 
NEX-19057 All zfs/nfs/smb threads in door calls to idle idmap
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-5260 smbd segfaults while running smbtorture:rpc.lsa.lookupnames
NEX-5261 smbd segfaults while running smbtorture:rpc.winreg
NEX-5262 smbd segfaults while running smbtorture:rpc.samba3
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-2667 Wrong error when join domain with wrong password
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
NEX-2225 Unable to join NexentaStor to 2008 AD
*** 19,29 ****
   * CDDL HEADER END
   */
  
  /*
   * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
!  * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
   */
  
  /*
   * This module provides the high level interface to the LSA RPC functions.
   */
--- 19,29 ----
   * CDDL HEADER END
   */
  
  /*
   * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
!  * Copyright 2019 Nexenta Systems, Inc.  All rights reserved.
   */
  
  /*
   * This module provides the high level interface to the LSA RPC functions.
   */

*** 36,45 ****
--- 36,49 ----
  #include <smbsrv/smbinfo.h>
  #include <smbsrv/smb_token.h>
  
  #include <lsalib.h>
  
+ static uint32_t lsa_lookup_name_int(char *, uint16_t, smb_account_t *,
+     boolean_t);
+ static uint32_t lsa_lookup_sid_int(smb_sid_t *, smb_account_t *, boolean_t);
+ 
  static uint32_t lsa_lookup_name_builtin(char *, char *, smb_account_t *);
  static uint32_t lsa_lookup_name_domain(char *, smb_account_t *);
  
  static uint32_t lsa_lookup_sid_builtin(smb_sid_t *, smb_account_t *);
  static uint32_t lsa_lookup_sid_domain(smb_sid_t *, smb_account_t *);

*** 73,88 ****
--- 77,109 ----
   *   NT_STATUS_NONE_MAPPED      Couldn't translate the account
   */
  uint32_t
  lsa_lookup_name(char *account, uint16_t type, smb_account_t *info)
  {
+         return (lsa_lookup_name_int(account, type, info, B_TRUE));
+ }
+ 
+ /* Variant that avoids the call out to AD. */
+ uint32_t
+ lsa_lookup_lname(char *account, uint16_t type, smb_account_t *info)
+ {
+         return (lsa_lookup_name_int(account, type, info, B_FALSE));
+ }
+ 
+ uint32_t
+ lsa_lookup_name_int(char *account, uint16_t type, smb_account_t *info,
+     boolean_t try_ad)
+ {
          char nambuf[SMB_USERNAME_MAXLEN];
          char dombuf[SMB_PI_MAX_DOMAIN];
          char *name, *domain;
          uint32_t status;
          char *slash;
  
+         if (account == NULL)
+                 return (NT_STATUS_NONE_MAPPED);
+ 
          (void) strsubst(account, '/', '\\');
          (void) strcanon(account, "\\");
          /* \john -> john */
          account += strspn(account, "\\");
  

*** 102,132 ****
          if (status == NT_STATUS_NOT_FOUND) {
                  status = smb_sam_lookup_name(domain, name, type, info);
                  if (status == NT_STATUS_SUCCESS)
                          return (status);
  
!                 if ((domain == NULL) || (status == NT_STATUS_NOT_FOUND))
                          status = lsa_lookup_name_domain(account, info);
          }
  
          return ((status == NT_STATUS_SUCCESS) ? status : NT_STATUS_NONE_MAPPED);
  }
  
  uint32_t
  lsa_lookup_sid(smb_sid_t *sid, smb_account_t *info)
  {
          uint32_t status;
  
          if (!smb_sid_isvalid(sid))
                  return (NT_STATUS_INVALID_SID);
  
          status = lsa_lookup_sid_builtin(sid, info);
          if (status == NT_STATUS_NOT_FOUND) {
                  status = smb_sam_lookup_sid(sid, info);
!                 if (status == NT_STATUS_NOT_FOUND)
                          status = lsa_lookup_sid_domain(sid, info);
          }
  
          return ((status == NT_STATUS_SUCCESS) ? status : NT_STATUS_NONE_MAPPED);
  }
  
  /*
--- 123,169 ----
          if (status == NT_STATUS_NOT_FOUND) {
                  status = smb_sam_lookup_name(domain, name, type, info);
                  if (status == NT_STATUS_SUCCESS)
                          return (status);
  
!                 if (try_ad && ((domain == NULL) ||
!                     (status == NT_STATUS_NOT_FOUND))) {
                          status = lsa_lookup_name_domain(account, info);
                  }
+         }
  
          return ((status == NT_STATUS_SUCCESS) ? status : NT_STATUS_NONE_MAPPED);
  }
  
  uint32_t
  lsa_lookup_sid(smb_sid_t *sid, smb_account_t *info)
  {
+         return (lsa_lookup_sid_int(sid, info, B_TRUE));
+ }
+ 
+ /* Variant that avoids the call out to AD. */
+ uint32_t
+ lsa_lookup_lsid(smb_sid_t *sid, smb_account_t *info)
+ {
+         return (lsa_lookup_sid_int(sid, info, B_FALSE));
+ }
+ 
+ static uint32_t
+ lsa_lookup_sid_int(smb_sid_t *sid, smb_account_t *info, boolean_t try_ad)
+ {
          uint32_t status;
  
          if (!smb_sid_isvalid(sid))
                  return (NT_STATUS_INVALID_SID);
  
          status = lsa_lookup_sid_builtin(sid, info);
          if (status == NT_STATUS_NOT_FOUND) {
                  status = smb_sam_lookup_sid(sid, info);
!                 if (try_ad && status == NT_STATUS_NOT_FOUND) {
                          status = lsa_lookup_sid_domain(sid, info);
                  }
+         }
  
          return ((status == NT_STATUS_SUCCESS) ? status : NT_STATUS_NONE_MAPPED);
  }
  
  /*