svn commit: samba r20289 - in branches/SAMBA_3_0/source/nsswitch: .

idra at samba.org idra at samba.org
Wed Dec 20 17:56:27 GMT 2006 

Author: idra
Date: 2006-12-20 17:56:26 +0000 (Wed, 20 Dec 2006)
New Revision: 20289

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20289

Log:

IDMAP is part of winbind but not the main process.
Make sure we route all request to remote DCs via the main process
so that IDMAP can correctly reuse DC connections and use the
async interface.

This fixes also idmap_nss so that it is able to resolve local
group names (requires patch on the samba dc earlier committed
to SAMBA_3_0 to make it resolve both the mapped and the unmapped
name).

Simo.


Modified:
   branches/SAMBA_3_0/source/nsswitch/idmap.c
   branches/SAMBA_3_0/source/nsswitch/idmap_nss.c
   branches/SAMBA_3_0/source/nsswitch/idmap_rid.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/idmap.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/idmap.c	2006-12-20 16:58:10 UTC (rev 20288)
+++ branches/SAMBA_3_0/source/nsswitch/idmap.c	2006-12-20 17:56:26 UTC (rev 20289)
@@ -707,16 +707,23 @@
 {
 	NTSTATUS ret;
 	struct idmap_domain *dom;
-	char *domname, *name;
+	const char *domname, *name;
 	enum lsa_SidType sid_type;
+	BOOL wbret;
 
 	ret = idmap_can_map(map, &dom);
 	if ( ! NT_STATUS_IS_OK(ret)) {
 		return NT_STATUS_NONE_MAPPED;
 	}
 	
+	/* by default calls to winbindd are disabled
+	   the following call will not recurse so this is safe */
+	winbind_on();
+	wbret =winbind_lookup_sid(ctx, map->sid, &domname, &name, &sid_type);
+	winbind_off();
+
 	/* check if this is a valid SID and then map it */
-	if (winbindd_lookup_name_by_sid(ctx, map->sid, &domname, &name, &sid_type)) {
+	if (wbret) {
 		switch (sid_type) {
 		case SID_NAME_USER:
 			ret = idmap_allocate_uid(&map->xid);

Modified: branches/SAMBA_3_0/source/nsswitch/idmap_nss.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/idmap_nss.c	2006-12-20 16:58:10 UTC (rev 20288)
+++ branches/SAMBA_3_0/source/nsswitch/idmap_nss.c	2006-12-20 17:56:26 UTC (rev 20289)
@@ -43,7 +43,6 @@
 {
 	TALLOC_CTX *ctx;
 	struct winbindd_domain *wdom;
-	BOOL winbind_env;
 	int i;
 
 	wdom = find_lookup_domain_from_name(dom->name);
@@ -51,6 +50,7 @@
 		DEBUG(2, ("Can't lookup domain %s\n", dom->name));
 		return NT_STATUS_NO_SUCH_DOMAIN;
 	}
+	wdom->initialized = False;
 
 	ctx = talloc_new(dom);
 	if ( ! ctx) {
@@ -58,21 +58,17 @@
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	/* avoid any possible recursion in winbindd,
-	 * these calls are aimed at getting info
-	 * out of alternative nss dbs anyway */
-	winbind_env = winbind_env_set();
-	winbind_off();
-
 	for (i = 0; ids[i]; i++) {
 		struct passwd *pw;
 		struct group *gr;
 		const char *name;
 		enum lsa_SidType type;
+		BOOL ret;
 		
 		switch (ids[i]->xid.type) {
 		case ID_TYPE_UID:
 			pw = getpwuid((uid_t)ids[i]->xid.id);
+
 			if (!pw) {
 				ids[i]->mapped = False;
 				continue;
@@ -81,6 +77,7 @@
 			break;
 		case ID_TYPE_GID:
 			gr = getgrgid((gid_t)ids[i]->xid.id);
+
 			if (!gr) {
 				ids[i]->mapped = False;
 				continue;
@@ -92,8 +89,14 @@
 			continue;
 		}
 
+		/* by default calls to winbindd are disabled
+		   the following call will not recurse so this is safe */
+		winbind_on();
 		/* Lookup name from PDC using lsa_lookup_names() */
-		if (!winbindd_lookup_sid_by_name(ctx, wdom, dom->name, name, ids[i]->sid, &type)) {
+		ret = winbind_lookup_name(dom->name, name, ids[i]->sid, &type);
+		winbind_off();
+
+		if (!ret) {
 			ids[i]->mapped = False;
 			continue;
 		}
@@ -121,10 +124,6 @@
 		}
 	}
 
-	/* allow winbindd calls again, if they were enabled */
-	if (!winbind_env) {
-		winbind_on();
-	}
 
 	talloc_free(ctx);
 	return NT_STATUS_OK;
@@ -137,7 +136,6 @@
 static NTSTATUS idmap_nss_sids_to_unixids(struct idmap_domain *dom, struct id_map **ids)
 {
 	TALLOC_CTX *ctx;
-	BOOL winbind_env;
 	int i;
 
 	ctx = talloc_new(dom);
@@ -146,20 +144,21 @@
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	/* avoid any possible recursion in winbindd,
-	 * these calls are aimed at getting info
-	 * out of alternative nss dbs anyway */
-	winbind_env = winbind_env_set();
-	winbind_off();
-
 	for (i = 0; ids[i]; i++) {
 		struct passwd *pw;
 		struct group *gr;
 		enum lsa_SidType type;
-		char *dom_name = NULL;
-		char *name = NULL;
+		const char *dom_name = NULL;
+		const char *name = NULL;
+		BOOL ret;
 
-		if (!winbindd_lookup_name_by_sid(ctx, ids[i]->sid, &dom_name, &name, &type)) {
+		/* by default calls to winbindd are disabled
+		   the following call will not recurse so this is safe */
+		winbind_on();
+		ret =winbind_lookup_sid(ctx, ids[i]->sid, &dom_name, &name, &type);
+		winbind_off();
+
+		if (!ret) {
 			ids[i]->mapped = False;
 			continue;
 		}
@@ -171,6 +170,7 @@
 		case SID_NAME_USER:
 
 			/* this will find also all lower case name and use username level */
+			
 			pw = Get_Pwnam(name);
 			if (pw) {
 				ids[i]->xid.id = pw->pw_uid;
@@ -192,18 +192,11 @@
 			break;
 
 		default:
+			ids[i]->mapped = False;
 			break;
 		}
-
-		TALLOC_FREE(dom_name);
-		TALLOC_FREE(name);
 	}
 
-	/* allow winbindd calls again, if they were enabled */
-	if (!winbind_env) {
-		winbind_on();
-	}
-
 	talloc_free(ctx);
 	return NT_STATUS_OK;
 }

Modified: branches/SAMBA_3_0/source/nsswitch/idmap_rid.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/idmap_rid.c	2006-12-20 16:58:10 UTC (rev 20288)
+++ branches/SAMBA_3_0/source/nsswitch/idmap_rid.c	2006-12-20 17:56:26 UTC (rev 20289)
@@ -83,8 +83,9 @@
 
 static NTSTATUS idmap_rid_id_to_sid(TALLOC_CTX *memctx, struct idmap_rid_context *ctx, struct id_map *map)
 {
-	char *domname, *name;
+	const char *domname, *name;
 	enum lsa_SidType sid_type;
+	BOOL ret;
 
 	/* apply filters before checking */
 	if ((map->xid.id < ctx->low_id) || (map->xid.id > ctx->high_id)) {
@@ -95,7 +96,13 @@
 
 	sid_compose(map->sid, &ctx->dom_sid, map->xid.id - ctx->low_id + ctx->base_rid);
 
-	if (winbindd_lookup_name_by_sid(memctx, map->sid, &domname, &name, &sid_type)) {
+	/* by default calls to winbindd are disabled
+	   the following call will not recurse so this is safe */
+	winbind_on();
+	ret = winbind_lookup_sid(memctx, map->sid, &domname, &name, &sid_type);
+	winbind_off();
+
+	if (ret) {
 		switch (sid_type) {
 		case SID_NAME_USER:
 			if (map->xid.type != ID_TYPE_UID) {
@@ -134,15 +141,22 @@
 
 static NTSTATUS idmap_rid_sid_to_id(TALLOC_CTX *memctx, struct idmap_rid_context *ctx, struct id_map *map)
 {
-	char *domname, *name;
+	const char *domname, *name;
 	enum lsa_SidType sid_type;
 	uint32_t rid;
+	BOOL ret;
 
 	sid_peek_rid(map->sid, &rid);
 	map->xid.id = rid - ctx->base_rid + ctx->low_id;
 
+	/* by default calls to winbindd are disabled
+	   the following call will not recurse so this is safe */
+	winbind_on();
 	/* check if this is a valid SID and set the type */
-	if (winbindd_lookup_name_by_sid(memctx, map->sid, &domname, &name, &sid_type)) {
+	ret = winbind_lookup_sid(memctx, map->sid, &domname, &name, &sid_type);
+	winbind_off();
+
+	if (ret) {
 		switch (sid_type) {
 		case SID_NAME_USER:
 			map->xid.type = ID_TYPE_UID;

More information about the samba-cvs mailing list