Print this page
NEX-19057 All zfs/nfs/smb threads in door calls to idle idmap
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-5260 smbd segfaults while running smbtorture:rpc.lsa.lookupnames
NEX-5261 smbd segfaults while running smbtorture:rpc.winreg
NEX-5262 smbd segfaults while running smbtorture:rpc.samba3
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-2667 Wrong error when join domain with wrong password
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
NEX-2225 Unable to join NexentaStor to 2008 AD
@@ -19,11 +19,11 @@
* CDDL HEADER END
*/
/*
* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
+ * Copyright 2019 Nexenta Systems, Inc. All rights reserved.
*/
/*
* This module provides the high level interface to the LSA RPC functions.
*/
@@ -36,10 +36,14 @@
#include <smbsrv/smbinfo.h>
#include <smbsrv/smb_token.h>
#include <lsalib.h>
+static uint32_t lsa_lookup_name_int(char *, uint16_t, smb_account_t *,
+ boolean_t);
+static uint32_t lsa_lookup_sid_int(smb_sid_t *, smb_account_t *, boolean_t);
+
static uint32_t lsa_lookup_name_builtin(char *, char *, smb_account_t *);
static uint32_t lsa_lookup_name_domain(char *, smb_account_t *);
static uint32_t lsa_lookup_sid_builtin(smb_sid_t *, smb_account_t *);
static uint32_t lsa_lookup_sid_domain(smb_sid_t *, smb_account_t *);
@@ -73,16 +77,33 @@
* NT_STATUS_NONE_MAPPED Couldn't translate the account
*/
uint32_t
lsa_lookup_name(char *account, uint16_t type, smb_account_t *info)
{
+ return (lsa_lookup_name_int(account, type, info, B_TRUE));
+}
+
+/* Variant that avoids the call out to AD. */
+uint32_t
+lsa_lookup_lname(char *account, uint16_t type, smb_account_t *info)
+{
+ return (lsa_lookup_name_int(account, type, info, B_FALSE));
+}
+
+uint32_t
+lsa_lookup_name_int(char *account, uint16_t type, smb_account_t *info,
+ boolean_t try_ad)
+{
char nambuf[SMB_USERNAME_MAXLEN];
char dombuf[SMB_PI_MAX_DOMAIN];
char *name, *domain;
uint32_t status;
char *slash;
+ if (account == NULL)
+ return (NT_STATUS_NONE_MAPPED);
+
(void) strsubst(account, '/', '\\');
(void) strcanon(account, "\\");
/* \john -> john */
account += strspn(account, "\\");
@@ -102,31 +123,47 @@
if (status == NT_STATUS_NOT_FOUND) {
status = smb_sam_lookup_name(domain, name, type, info);
if (status == NT_STATUS_SUCCESS)
return (status);
- if ((domain == NULL) || (status == NT_STATUS_NOT_FOUND))
+ if (try_ad && ((domain == NULL) ||
+ (status == NT_STATUS_NOT_FOUND))) {
status = lsa_lookup_name_domain(account, info);
}
+ }
return ((status == NT_STATUS_SUCCESS) ? status : NT_STATUS_NONE_MAPPED);
}
uint32_t
lsa_lookup_sid(smb_sid_t *sid, smb_account_t *info)
{
+ return (lsa_lookup_sid_int(sid, info, B_TRUE));
+}
+
+/* Variant that avoids the call out to AD. */
+uint32_t
+lsa_lookup_lsid(smb_sid_t *sid, smb_account_t *info)
+{
+ return (lsa_lookup_sid_int(sid, info, B_FALSE));
+}
+
+static uint32_t
+lsa_lookup_sid_int(smb_sid_t *sid, smb_account_t *info, boolean_t try_ad)
+{
uint32_t status;
if (!smb_sid_isvalid(sid))
return (NT_STATUS_INVALID_SID);
status = lsa_lookup_sid_builtin(sid, info);
if (status == NT_STATUS_NOT_FOUND) {
status = smb_sam_lookup_sid(sid, info);
- if (status == NT_STATUS_NOT_FOUND)
+ if (try_ad && status == NT_STATUS_NOT_FOUND) {
status = lsa_lookup_sid_domain(sid, info);
}
+ }
return ((status == NT_STATUS_SUCCESS) ? status : NT_STATUS_NONE_MAPPED);
}
/*