svn commit: samba r24979 - in branches/SAMBA_3_2_0/source/nsswitch: .

mimir at samba.org mimir at samba.org
Thu Sep 6 12:45:14 GMT 2007 

Author: mimir
Date: 2007-09-06 12:45:12 +0000 (Thu, 06 Sep 2007)
New Revision: 24979

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24979

Log:
Ensure negative caching for name2sid, sid2name and rids2names
mappings.


rafal


Modified:
   branches/SAMBA_3_2_0/source/nsswitch/winbindd_cache.c


Changeset:
Modified: branches/SAMBA_3_2_0/source/nsswitch/winbindd_cache.c
===================================================================
--- branches/SAMBA_3_2_0/source/nsswitch/winbindd_cache.c	2007-09-06 11:08:44 UTC (rev 24978)
+++ branches/SAMBA_3_2_0/source/nsswitch/winbindd_cache.c	2007-09-06 12:45:12 UTC (rev 24979)
@@ -353,6 +353,19 @@
 	return True;
 }
 
+
+/*
+  pull a NTSTATUS from a cache entry
+*/
+static NTSTATUS centry_ntstatus(struct cache_entry *centry)
+{
+	NTSTATUS status;
+
+	status = NT_STATUS(centry_uint32(centry));
+	return status;
+}
+
+
 /* the server is considered down if it can't give us a sequence number */
 static BOOL wcache_server_down(struct winbindd_domain *domain)
 {
@@ -587,7 +600,7 @@
 		return NULL;
 	}
 	
-	centry->status = NT_STATUS(centry_uint32(centry));
+	centry->status = centry_ntstatus(centry);
 	centry->sequence_number = centry_uint32(centry);
 
 	return centry;
@@ -746,7 +759,18 @@
 	centry_put_string(centry, sid_to_string(sid_string, sid));
 }
 
+
 /*
+  put NTSTATUS into a centry
+*/
+static void centry_put_ntstatus(struct cache_entry *centry, NTSTATUS status)
+{
+	uint32 status_value = NT_STATUS_V(status);
+	centry_put_uint32(centry, status_value);
+}
+
+
+/*
   push a NTTIME into a centry 
 */
 static void centry_put_nttime(struct cache_entry *centry, NTTIME nt)
@@ -784,7 +808,7 @@
 	centry->data = SMB_XMALLOC_ARRAY(uint8, centry->len);
 	centry->ofs = 0;
 	centry->sequence_number = domain->sequence_number;
-	centry_put_uint32(centry, NT_STATUS_V(status));
+	centry_put_ntstatus(centry, status);
 	centry_put_uint32(centry, centry->sequence_number);
 	return centry;
 }
@@ -842,18 +866,16 @@
 	struct cache_entry *centry;
 	fstring sid_string;
 
-	if (is_null_sid(sid)) {
-		return;
-	}
-
 	centry = centry_start(domain, status);
 	if (!centry)
 		return;
+
 	if (NT_STATUS_IS_OK(status)) {
 		centry_put_uint32(centry, type);
 		centry_put_string(centry, domain_name);
 		centry_put_string(centry, name);
 	}
+
 	centry_end(centry, "SN/%s", sid_to_string(sid_string, sid));
 	DEBUG(10,("wcache_save_sid_to_name: %s -> %s (%s)\n", sid_string, 
 		  name, nt_errstr(status)));
@@ -1376,9 +1398,10 @@
 	centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
 	if (!centry)
 		goto do_query;
-	*type = (enum lsa_SidType)centry_uint32(centry);
+
 	status = centry->status;
 	if (NT_STATUS_IS_OK(status)) {
+		*type = (enum lsa_SidType)centry_uint32(centry);
 		centry_sid(centry, mem_ctx, sid);
 	}
 
@@ -1411,17 +1434,18 @@
 	/* and save it */
 	refresh_sequence_number(domain, False);
 
-	if (domain->online && !is_null_sid(sid)) {
+	if (domain->online &&
+	    (NT_STATUS_IS_OK(status) || NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))) {
 		wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type);
-	}
 
-	/* Only save the reverse mapping if this was not a UPN */
-	if (NT_STATUS_IS_OK(status) && !strchr(name, '@')) {
-		strupper_m(CONST_DISCARD(char *,domain_name));
-		strlower_m(CONST_DISCARD(char *,name));
-		wcache_save_sid_to_name(domain, status, sid, domain_name, name, *type);
+		/* Only save the reverse mapping if this was not a UPN */
+		if (!strchr(name, '@')) {
+			strupper_m(CONST_DISCARD(char *,domain_name));
+			strlower_m(CONST_DISCARD(char *,name));
+			wcache_save_sid_to_name(domain, status, sid, domain_name, name, *type);
+		}
 	}
-
+	
 	return status;
 }
 
@@ -1445,12 +1469,13 @@
 	centry = wcache_fetch(cache, domain, "SN/%s", sid_to_string(sid_string, sid));
 	if (!centry)
 		goto do_query;
-	if (NT_STATUS_IS_OK(centry->status)) {
+
+	status = centry->status;
+	if (NT_STATUS_IS_OK(status)) {
 		*type = (enum lsa_SidType)centry_uint32(centry);
 		*domain_name = centry_string(centry, mem_ctx);
 		*name = centry_string(centry, mem_ctx);
 	}
-	status = centry->status;
 
 	DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status: %s\n",
 		domain->name, nt_errstr(status) ));
@@ -1547,15 +1572,23 @@
 			char *dom;
 			have_mapped = True;
 			(*types)[i] = (enum lsa_SidType)centry_uint32(centry);
+
 			dom = centry_string(centry, mem_ctx);
 			if (*domain_name == NULL) {
 				*domain_name = dom;
 			} else {
 				talloc_free(dom);
 			}
+
 			(*names)[i] = centry_string(centry, *names);
+
+		} else if (NT_STATUS_EQUAL(centry->status, NT_STATUS_NONE_MAPPED)) {
+			have_unmapped = True;
+
 		} else {
-			have_unmapped = True;
+			/* something's definitely wrong */
+			result = centry->status;
+			goto error;
 		}
 
 		centry_free(centry);
@@ -1578,6 +1611,30 @@
 						rids, num_rids, domain_name,
 						names, types);
 
+	/*
+	  None of the queried rids has been found so save all negative entries
+	*/
+	if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED)) {
+		for (i = 0; i < num_rids; i++) {
+			DOM_SID sid;
+			const char *name = "";
+			const enum lsa_SidType type = SID_NAME_UNKNOWN;
+			NTSTATUS status = NT_STATUS_NONE_MAPPED;
+			
+			if (!sid_compose(&sid, domain_sid, rids[i])) {
+				return NT_STATUS_INTERNAL_ERROR;
+			}
+
+			wcache_save_sid_to_name(domain, status, &sid, *domain_name,
+						name, type);
+		}
+
+		return result;
+	}
+
+	/*
+	  Some or all of the queried rids have been found.
+	*/
 	if (!NT_STATUS_IS_OK(result) &&
 	    !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
 		return result;
@@ -1639,15 +1696,19 @@
 	
 	if (!centry)
 		goto do_query;
-
-	info->acct_name = centry_string(centry, mem_ctx);
-	info->full_name = centry_string(centry, mem_ctx);
-	info->homedir = centry_string(centry, mem_ctx);
-	info->shell = centry_string(centry, mem_ctx);
-	info->primary_gid = centry_uint32(centry);
-	centry_sid(centry, mem_ctx, &info->user_sid);
-	centry_sid(centry, mem_ctx, &info->group_sid);
+	
+	/* if status is not ok then this is a negative hit
+	   and the rest of the data doesn't matter */
 	status = centry->status;
+	if (NT_STATUS_IS_OK(status)) {
+		info->acct_name = centry_string(centry, mem_ctx);
+		info->full_name = centry_string(centry, mem_ctx);
+		info->homedir = centry_string(centry, mem_ctx);
+		info->shell = centry_string(centry, mem_ctx);
+		info->primary_gid = centry_uint32(centry);
+		centry_sid(centry, mem_ctx, &info->user_sid);
+		centry_sid(centry, mem_ctx, &info->group_sid);
+	}
 
 	DEBUG(10,("query_user: [Cached] - cached info for domain %s status: %s\n",
 		domain->name, nt_errstr(status) ));
@@ -1752,10 +1813,12 @@
 	centry = centry_start(domain, status);
 	if (!centry)
 		goto skip_save;
+
 	centry_put_uint32(centry, *num_groups);
 	for (i=0; i<(*num_groups); i++) {
 		centry_put_sid(centry, &(*user_gids)[i]);
 	}	
+
 	centry_end(centry, "UG/%s", sid_to_string(sid_string, user_sid));
 	centry_free(centry);

More information about the samba-cvs mailing list