[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-4506-gcfc7790
Michael Adam
obnox at samba.org
Fri Nov 21 23:08:05 GMT 2008
The branch, v3-3-test has been updated
via cfc77901cace0f6ce241a5873148092e4edac4de (commit)
via b89d75a093ef87bc7cccb8914d246c8e932f0352 (commit)
via c833b19b0c3e746b53e6731988cd8bb6aca927f5 (commit)
from 7204116c9edcd98ea20cbc5f29e5f25737f78a41 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit cfc77901cace0f6ce241a5873148092e4edac4de
Author: Michael Adam <obnox at samba.org>
Date: Sat Nov 22 00:02:40 2008 +0100
winbindd: make all winbind rpc-methods static.
Now that the methods are no longer needed in winbindd_ads,
we can make them static again.
Michael
commit b89d75a093ef87bc7cccb8914d246c8e932f0352
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 21 02:26:50 2008 +0100
s3-winbindd_ads: use the reconnect methods instead of the rpc methods directly
Some of the ads methods just point to the rpc methods.
This makes winbindd_ads use the reconnect methods instead of
calling the rpc methods directly in order to prevent
negative cache entries for e.g. name_to_sid, when the dc
has closed the connection without sending a reset.
Michael
commit c833b19b0c3e746b53e6731988cd8bb6aca927f5
Author: Michael Adam <obnox at samba.org>
Date: Thu Nov 20 16:57:44 2008 +0100
winbindd_ads: prevent negative GM/ cache entries due to broken connections
The ads lookup_groupmem() function calls lda_lookupsids to resolve sids
to names. This is tried only once. So in case the connection was broken,
e.g. closed by the server (without a reset packet), there will be an empty
GM/ cache entry for the requested group which will prevent proper working
of access checks among other checks for the expiry period.
This patch works around this problem by retrying once if the lsa_lookupsids
call fails, re-establishing the dc-connection, as we already do in many other
places (e.g. the winbindd retry methods for the rpc layer).
Michael
-----------------------------------------------------------------------
Summary of changes:
source/winbindd/winbindd_ads.c | 104 +++++++++++++++++++++++++++++++++++--
source/winbindd/winbindd_proto.h | 34 ------------
source/winbindd/winbindd_rpc.c | 63 ++++++++++++-----------
3 files changed, 130 insertions(+), 71 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/winbindd/winbindd_ads.c b/source/winbindd/winbindd_ads.c
index 18cc1cb..5c7d491 100644
--- a/source/winbindd/winbindd_ads.c
+++ b/source/winbindd/winbindd_ads.c
@@ -401,6 +401,47 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
return NT_STATUS_OK;
}
+/* convert a single name to a sid in a domain - use rpc methods */
+static NTSTATUS name_to_sid(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ enum winbindd_cmd orig_cmd,
+ const char *domain_name,
+ const char *name,
+ DOM_SID *sid,
+ enum lsa_SidType *type)
+{
+ return reconnect_methods.name_to_sid(domain, mem_ctx, orig_cmd,
+ domain_name, name,
+ sid, type);
+}
+
+/* convert a domain SID to a user or group name - use rpc methods */
+static NTSTATUS sid_to_name(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *sid,
+ char **domain_name,
+ char **name,
+ enum lsa_SidType *type)
+{
+ return reconnect_methods.sid_to_name(domain, mem_ctx, sid,
+ domain_name, name, type);
+}
+
+/* convert a list of rids to names - use rpc methods */
+static NTSTATUS rids_to_names(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *sid,
+ uint32 *rids,
+ size_t num_rids,
+ char **domain_name,
+ char ***names,
+ enum lsa_SidType **types)
+{
+ return reconnect_methods.rids_to_names(domain, mem_ctx, sid,
+ rids, num_rids,
+ domain_name, names, types);
+}
+
/* If you are looking for "dn_lookup": Yes, it used to be here!
* It has gone now since it was a major speed bottleneck in
* lookup_groupmem (its only use). It has been replaced by
@@ -903,6 +944,18 @@ done:
return status;
}
+/* Lookup aliases a user is member of - use rpc methods */
+static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ uint32 num_sids, const DOM_SID *sids,
+ uint32 *num_aliases, uint32 **alias_rids)
+{
+ return reconnect_methods.lookup_useraliases(domain, mem_ctx,
+ num_sids, sids,
+ num_aliases,
+ alias_rids);
+}
+
/*
find the members of a group, given a group rid and domain
*/
@@ -1081,6 +1134,29 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
&names_nocache,
&name_types_nocache);
+ if (!(NT_STATUS_IS_OK(status) ||
+ NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)))
+ {
+ DEBUG(1, ("lsa_lookupsids call failed with %s "
+ "- retrying...\n", nt_errstr(status)));
+
+ status = cm_connect_lsa(domain, tmp_ctx, &cli,
+ &lsa_policy);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = rpccli_lsa_lookup_sids(cli, tmp_ctx,
+ &lsa_policy,
+ num_nocache,
+ sid_mem_nocache,
+ &domains_nocache,
+ &names_nocache,
+ &name_types_nocache);
+ }
+
if (NT_STATUS_IS_OK(status) ||
NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED))
{
@@ -1171,6 +1247,22 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
return ads_ntstatus(rc);
}
+/* find the lockout policy of a domain - use rpc methods */
+static NTSTATUS lockout_policy(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ struct samr_DomInfo12 *policy)
+{
+ return reconnect_methods.lockout_policy(domain, mem_ctx, policy);
+}
+
+/* find the password policy of a domain - use rpc methods */
+static NTSTATUS password_policy(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ struct samr_DomInfo1 *policy)
+{
+ return reconnect_methods.password_policy(domain, mem_ctx, policy);
+}
+
/* get a list of trusted domains */
static NTSTATUS trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
@@ -1361,16 +1453,16 @@ struct winbindd_methods ads_methods = {
query_user_list,
enum_dom_groups,
enum_local_groups,
- msrpc_name_to_sid,
- msrpc_sid_to_name,
- msrpc_rids_to_names,
+ name_to_sid,
+ sid_to_name,
+ rids_to_names,
query_user,
lookup_usergroups,
- msrpc_lookup_useraliases,
+ lookup_useraliases,
lookup_groupmem,
sequence_number,
- msrpc_lockout_policy,
- msrpc_password_policy,
+ lockout_policy,
+ password_policy,
trusted_domains,
};
diff --git a/source/winbindd/winbindd_proto.h b/source/winbindd/winbindd_proto.h
index 66ab001..a32dfc1 100644
--- a/source/winbindd/winbindd_proto.h
+++ b/source/winbindd/winbindd_proto.h
@@ -469,40 +469,6 @@ enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domai
/* The following definitions come from winbindd/winbindd_reconnect.c */
-/* The following definitions come from winbindd/winbindd_rpc.c */
-
-NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- enum winbindd_cmd original_cmd,
- const char *domain_name,
- const char *name,
- DOM_SID *sid,
- enum lsa_SidType *type);
-NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
- char **domain_name,
- char **name,
- enum lsa_SidType *type);
-NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
- uint32 *rids,
- size_t num_rids,
- char **domain_name,
- char ***names,
- enum lsa_SidType **types);
-NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32 num_sids, const DOM_SID *sids,
- uint32 *num_aliases, uint32 **alias_rids);
-NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- struct samr_DomInfo12 *lockout_policy);
-NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- struct samr_DomInfo1 *password_policy);
-
/* The following definitions come from winbindd/winbindd_sid.c */
void winbindd_lookupsid(struct winbindd_cli_state *state);
diff --git a/source/winbindd/winbindd_rpc.c b/source/winbindd/winbindd_rpc.c
index 9fbea8e..efc9dab 100644
--- a/source/winbindd/winbindd_rpc.c
+++ b/source/winbindd/winbindd_rpc.c
@@ -265,13 +265,13 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
}
/* convert a single name to a sid in a domain */
-NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- enum winbindd_cmd original_cmd,
- const char *domain_name,
- const char *name,
- DOM_SID *sid,
- enum lsa_SidType *type)
+static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ enum winbindd_cmd original_cmd,
+ const char *domain_name,
+ const char *name,
+ DOM_SID *sid,
+ enum lsa_SidType *type)
{
NTSTATUS result;
DOM_SID *sids = NULL;
@@ -331,12 +331,12 @@ NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
/*
convert a domain SID to a user or group name
*/
-NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
- char **domain_name,
- char **name,
- enum lsa_SidType *type)
+static NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *sid,
+ char **domain_name,
+ char **name,
+ enum lsa_SidType *type)
{
char **domains;
char **names;
@@ -384,14 +384,14 @@ NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,
return NT_STATUS_OK;
}
-NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
- uint32 *rids,
- size_t num_rids,
- char **domain_name,
- char ***names,
- enum lsa_SidType **types)
+static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *sid,
+ uint32 *rids,
+ size_t num_rids,
+ char **domain_name,
+ char ***names,
+ enum lsa_SidType **types)
{
char **domains;
NTSTATUS result;
@@ -636,10 +636,11 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
return NT_STATUS_OK;
}
-NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32 num_sids, const DOM_SID *sids,
- uint32 *num_aliases, uint32 **alias_rids)
+static NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ uint32 num_sids, const DOM_SID *sids,
+ uint32 *num_aliases,
+ uint32 **alias_rids)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
POLICY_HND dom_pol;
@@ -1102,9 +1103,9 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
}
/* find the lockout policy for a domain */
-NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- struct samr_DomInfo12 *lockout_policy)
+static NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ struct samr_DomInfo12 *lockout_policy)
{
NTSTATUS result;
struct rpc_pipe_client *cli;
@@ -1143,9 +1144,9 @@ NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
}
/* find the password policy for a domain */
-NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- struct samr_DomInfo1 *password_policy)
+static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ struct samr_DomInfo1 *password_policy)
{
NTSTATUS result;
struct rpc_pipe_client *cli;
--
Samba Shared Repository
More information about the samba-cvs
mailing list