[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3178-gfc82807

Michael Adam obnox at samba.org
Fri Nov 21 22:34:25 GMT 2008


The branch, v3-2-test has been updated
       via  fc82807659cf4ab23df8ae7b98edfc715b54f591 (commit)
       via  afd1cba6c18cb56ec13659cec7c86b32de2fda39 (commit)
       via  9d5af844c53ff2b25904c96d28546271a249debb (commit)
      from  d4481329438d27a23ded85f01f5cf06725221d0e (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit fc82807659cf4ab23df8ae7b98edfc715b54f591
Author: Michael Adam <obnox at samba.org>
Date:   Fri Nov 21 23:28:08 2008 +0100

    winbindd: make all winbind rpc-methods static.
    
    Now that the methods are no longer needed in winbindd_ads,
    we can make them static again.
    
    Michael

commit afd1cba6c18cb56ec13659cec7c86b32de2fda39
Author: Michael Adam <obnox at samba.org>
Date:   Fri Nov 21 02:24:06 2008 +0100

    winbindd_ads: use the reconnect methods instead of the rpc methods directly
    
    Some of the ads methods just point to the rpc methods.
    This makes winbindd_ads use the reconnect methods instead of
    calling the rpc methods directly in order to prevent
    negative cache entries for e.g. name_to_sid, when the dc
    has closed the connection without sending a reset.
    
    Michael

commit 9d5af844c53ff2b25904c96d28546271a249debb
Author: Michael Adam <obnox at samba.org>
Date:   Thu Nov 20 23:26:35 2008 +0100

    winbindd_ads: prevent negative GM/ cache entries due to broken connections
    
    The ads lookup_groupmem() function calls lda_lookupsids to resolve sids
    to names. This is tried only once. So in case the connection was broken,
    e.g. closed by the server (without a reset packet), there will be an empty
    GM/ cache entry for the requested group which will prevent proper working
    of access checks among other checks for the expiry period.
    
    This patch works around this problem by retrying once if the lsa_lookupsids
    call fails, re-establishing the dc-connection, as we already do in many other
    places (e.g. the winbindd retry methods for the rpc layer).
    
    Michael

-----------------------------------------------------------------------

Summary of changes:
 source/winbindd/winbindd_ads.c |  104 +++++++++++++++++++++++++++++++++++++--
 source/winbindd/winbindd_rpc.c |   63 ++++++++++++------------
 2 files changed, 130 insertions(+), 37 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/winbindd/winbindd_ads.c b/source/winbindd/winbindd_ads.c
index bc8902d..5b29f63 100644
--- a/source/winbindd/winbindd_ads.c
+++ b/source/winbindd/winbindd_ads.c
@@ -401,6 +401,47 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
 	return NT_STATUS_OK;
 }
 
+/* convert a single name to a sid in a domain - use rpc methods */
+static NTSTATUS name_to_sid(struct winbindd_domain *domain,
+			    TALLOC_CTX *mem_ctx,
+			    enum winbindd_cmd orig_cmd,
+			    const char *domain_name,
+			    const char *name,
+			    DOM_SID *sid,
+			    enum lsa_SidType *type)
+{
+	return reconnect_methods.name_to_sid(domain, mem_ctx, orig_cmd,
+					     domain_name, name,
+					     sid, type);
+}
+
+/* convert a domain SID to a user or group name - use rpc methods */
+static NTSTATUS sid_to_name(struct winbindd_domain *domain,
+			    TALLOC_CTX *mem_ctx,
+			    const DOM_SID *sid,
+			    char **domain_name,
+			    char **name,
+			    enum lsa_SidType *type)
+{
+	return reconnect_methods.sid_to_name(domain, mem_ctx, sid,
+					     domain_name, name, type);
+}
+
+/* convert a list of rids to names - use rpc methods */
+static NTSTATUS rids_to_names(struct winbindd_domain *domain,
+			      TALLOC_CTX *mem_ctx,
+			      const DOM_SID *sid,
+			      uint32 *rids,
+			      size_t num_rids,
+			      char **domain_name,
+			      char ***names,
+			      enum lsa_SidType **types)
+{
+	return reconnect_methods.rids_to_names(domain, mem_ctx, sid,
+					       rids, num_rids,
+					       domain_name, names, types);
+}
+
 /* If you are looking for "dn_lookup": Yes, it used to be here!
  * It has gone now since it was a major speed bottleneck in
  * lookup_groupmem (its only use). It has been replaced by
@@ -903,6 +944,18 @@ done:
 	return status;
 }
 
+/* Lookup aliases a user is member of - use rpc methods */
+static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
+				   TALLOC_CTX *mem_ctx,
+				   uint32 num_sids, const DOM_SID *sids,
+				   uint32 *num_aliases, uint32 **alias_rids)
+{
+	return reconnect_methods.lookup_useraliases(domain, mem_ctx,
+						    num_sids, sids,
+						    num_aliases,
+						    alias_rids);
+}
+
 /*
   find the members of a group, given a group rid and domain
  */
@@ -1080,6 +1133,29 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
 						&names_nocache,
 						&name_types_nocache);
 
+		if (!(NT_STATUS_IS_OK(status) ||
+		      NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) ||
+		      NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)))
+		{
+			DEBUG(1, ("lsa_lookupsids call failed with %s "
+				  "- retrying...\n", nt_errstr(status)));
+
+			status = cm_connect_lsa(domain, tmp_ctx, &cli,
+						&lsa_policy);
+
+			if (!NT_STATUS_IS_OK(status)) {
+				goto done;
+			}
+
+			status = rpccli_lsa_lookup_sids(cli, tmp_ctx,
+							&lsa_policy,
+							num_nocache,
+							sid_mem_nocache,
+							&domains_nocache,
+							&names_nocache,
+							&name_types_nocache);
+		}
+
 		if (NT_STATUS_IS_OK(status) ||
 		    NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED))
 		{
@@ -1169,6 +1245,22 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
 	return ads_ntstatus(rc);
 }
 
+/* find the lockout policy of a domain - use rpc methods */
+static NTSTATUS lockout_policy(struct winbindd_domain *domain,
+			       TALLOC_CTX *mem_ctx,
+			       struct samr_DomInfo12 *policy)
+{
+	return reconnect_methods.lockout_policy(domain, mem_ctx, policy);
+}
+
+/* find the password policy of a domain - use rpc methods */
+static NTSTATUS password_policy(struct winbindd_domain *domain,
+				TALLOC_CTX *mem_ctx,
+				struct samr_DomInfo1 *policy)
+{
+	return reconnect_methods.password_policy(domain, mem_ctx, policy);
+}
+
 /* get a list of trusted domains */
 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 				TALLOC_CTX *mem_ctx,
@@ -1359,16 +1451,16 @@ struct winbindd_methods ads_methods = {
 	query_user_list,
 	enum_dom_groups,
 	enum_local_groups,
-	msrpc_name_to_sid,
-	msrpc_sid_to_name,
-	msrpc_rids_to_names,
+	name_to_sid,
+	sid_to_name,
+	rids_to_names,
 	query_user,
 	lookup_usergroups,
-	msrpc_lookup_useraliases,
+	lookup_useraliases,
 	lookup_groupmem,
 	sequence_number,
-	msrpc_lockout_policy,
-	msrpc_password_policy,
+	lockout_policy,
+	password_policy,
 	trusted_domains,
 };
 
diff --git a/source/winbindd/winbindd_rpc.c b/source/winbindd/winbindd_rpc.c
index 2a7704c..c231d14 100644
--- a/source/winbindd/winbindd_rpc.c
+++ b/source/winbindd/winbindd_rpc.c
@@ -265,13 +265,13 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
 }
 
 /* convert a single name to a sid in a domain */
-NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
-			   TALLOC_CTX *mem_ctx,
-			   enum winbindd_cmd original_cmd,
-			   const char *domain_name,
-			   const char *name,
-			   DOM_SID *sid,
-			   enum lsa_SidType *type)
+static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
+				  TALLOC_CTX *mem_ctx,
+				  enum winbindd_cmd original_cmd,
+				  const char *domain_name,
+				  const char *name,
+				  DOM_SID *sid,
+				  enum lsa_SidType *type)
 {
 	NTSTATUS result;
 	DOM_SID *sids = NULL;
@@ -319,12 +319,12 @@ NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
 /*
   convert a domain SID to a user or group name
 */
-NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,
-			    TALLOC_CTX *mem_ctx,
-			    const DOM_SID *sid,
-			    char **domain_name,
-			    char **name,
-			    enum lsa_SidType *type)
+static NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,
+				  TALLOC_CTX *mem_ctx,
+				  const DOM_SID *sid,
+				  char **domain_name,
+				  char **name,
+				  enum lsa_SidType *type)
 {
 	char **domains;
 	char **names;
@@ -362,14 +362,14 @@ NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,
 	return NT_STATUS_OK;
 }
 
-NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,
-			     TALLOC_CTX *mem_ctx,
-			     const DOM_SID *sid,
-			     uint32 *rids,
-			     size_t num_rids,
-			     char **domain_name,
-			     char ***names,
-			     enum lsa_SidType **types)
+static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,
+				    TALLOC_CTX *mem_ctx,
+				    const DOM_SID *sid,
+				    uint32 *rids,
+				    size_t num_rids,
+				    char **domain_name,
+				    char ***names,
+				    enum lsa_SidType **types)
 {
 	char **domains;
 	NTSTATUS result;
@@ -602,10 +602,11 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	return NT_STATUS_OK;
 }
 
-NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
-				  TALLOC_CTX *mem_ctx,
-				  uint32 num_sids, const DOM_SID *sids,
-				  uint32 *num_aliases, uint32 **alias_rids)
+static NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
+					 TALLOC_CTX *mem_ctx,
+					 uint32 num_sids, const DOM_SID *sids,
+					 uint32 *num_aliases,
+					 uint32 **alias_rids)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND dom_pol;
@@ -1065,9 +1066,9 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 }
 
 /* find the lockout policy for a domain */
-NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
-			      TALLOC_CTX *mem_ctx,
-			      struct samr_DomInfo12 *lockout_policy)
+static NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
+				     TALLOC_CTX *mem_ctx,
+				     struct samr_DomInfo12 *lockout_policy)
 {
 	NTSTATUS result;
 	struct rpc_pipe_client *cli;
@@ -1106,9 +1107,9 @@ NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
 }
 
 /* find the password policy for a domain */
-NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
-			       TALLOC_CTX *mem_ctx,
-			       struct samr_DomInfo1 *password_policy)
+static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
+				      TALLOC_CTX *mem_ctx,
+				      struct samr_DomInfo1 *password_policy)
 {
 	NTSTATUS result;
 	struct rpc_pipe_client *cli;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list