[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Tue Jul 6 10:40:56 MDT 2010
The branch, master has been updated
via 44d8c8d... s3-winbind: Handle aliases in rpc_lookup_groupmem().
via 11ae9af... s3-winbind: Fixed the winbind caching.
via 66fc77e... s3-winbind: Use same format for all msrpc debug messages.
via 2794c5a... s3-winbind: Fixed debug messages of open_internal_lsa_pipe().
via 9d23f8f... s3-winbind: Make sure that the policy handles are closed.
via c5cd356... s3-winbind: Make sure we close all policy handles in sam.
via c67cff0... s3-winbind: Create all logfiles in the same directory.
from a56c688... s3: Fix another aspect of bug 7262 and make paged results work again
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 44d8c8dbb721eadface3785cee135b2912ca00e7
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jul 6 14:56:50 2010 +0200
s3-winbind: Handle aliases in rpc_lookup_groupmem().
commit 11ae9aff971759f2b4658b294e9f1845500ecd4e
Author: Günther Deschner <gd at samba.org>
Date: Tue Jul 6 12:50:48 2010 +0200
s3-winbind: Fixed the winbind caching.
commit 66fc77e8863ef126317c1077628989e437827514
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jul 6 10:58:46 2010 +0200
s3-winbind: Use same format for all msrpc debug messages.
commit 2794c5ad24170c58d9d491e1f6cec1a58b82ad3f
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jul 6 10:53:01 2010 +0200
s3-winbind: Fixed debug messages of open_internal_lsa_pipe().
commit 9d23f8fbc5b80b0a2f34bbd1a1beef63cb06d3c1
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jul 6 15:33:50 2010 +0200
s3-winbind: Make sure that the policy handles are closed.
commit c5cd35658be8c473893f4aa230b38de667f12154
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jul 6 01:05:39 2010 +0200
s3-winbind: Make sure we close all policy handles in sam.
commit c67cff0372d987d13105b81a7625ff42a3ceac43
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jul 5 19:43:25 2010 +0200
s3-winbind: Create all logfiles in the same directory.
If log file is set in the config file, we should create the log files of
the winbind child processes in the same directory.
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_cache.c | 8 +++
source3/winbindd/winbindd_cm.c | 12 ++++
source3/winbindd/winbindd_dual.c | 23 ++++++++-
source3/winbindd/winbindd_msrpc.c | 19 ++++---
source3/winbindd/winbindd_rpc.c | 103 ++++++++++++++++++++++++++----------
source3/winbindd/winbindd_samr.c | 87 ++++++++++++++++++++++++++++++-
source3/winbindd/winbindd_util.c | 7 +--
7 files changed, 213 insertions(+), 46 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 1bfbdb6..a3e202b 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -41,6 +41,7 @@ extern struct winbindd_methods reconnect_methods;
extern struct winbindd_methods ads_methods;
#endif
extern struct winbindd_methods builtin_passdb_methods;
+extern struct winbindd_methods sam_passdb_methods;
/*
* JRA. KEEP THIS LIST UP TO DATE IF YOU ADD CACHE ENTRIES.
@@ -143,6 +144,13 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain)
domain->backend = &builtin_passdb_methods;
domain->initialized = True;
}
+
+ if (strequal(domain->name, get_global_sam_name()) &&
+ sid_equal(&domain->sid, get_global_sam_sid())) {
+ domain->backend = &sam_passdb_methods;
+ domain->initialized = True;
+ }
+
if ( !domain->initialized ) {
init_dc_connection( domain );
}
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 19b73bc..fa1b78c 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1574,6 +1574,10 @@ void invalidate_cm_connection(struct winbindd_cm_conn *conn)
}
if (conn->samr_pipe != NULL) {
+ if (is_valid_policy_hnd(&conn->sam_connect_handle)) {
+ rpccli_samr_Close(conn->samr_pipe, talloc_tos(),
+ &conn->sam_connect_handle);
+ }
TALLOC_FREE(conn->samr_pipe);
/* Ok, it must be dead. Drop timeout to 0.5 sec. */
if (conn->cli) {
@@ -1582,6 +1586,10 @@ void invalidate_cm_connection(struct winbindd_cm_conn *conn)
}
if (conn->lsa_pipe != NULL) {
+ if (is_valid_policy_hnd(&conn->lsa_policy)) {
+ rpccli_lsa_Close(conn->lsa_pipe, talloc_tos(),
+ &conn->lsa_policy);
+ }
TALLOC_FREE(conn->lsa_pipe);
/* Ok, it must be dead. Drop timeout to 0.5 sec. */
if (conn->cli) {
@@ -1590,6 +1598,10 @@ void invalidate_cm_connection(struct winbindd_cm_conn *conn)
}
if (conn->lsa_pipe_tcp != NULL) {
+ if (is_valid_policy_hnd(&conn->lsa_policy)) {
+ rpccli_lsa_Close(conn->lsa_pipe, talloc_tos(),
+ &conn->lsa_policy);
+ }
TALLOC_FREE(conn->lsa_pipe_tcp);
/* Ok, it must be dead. Drop timeout to 0.5 sec. */
if (conn->cli) {
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index e506d2a..277b174 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -405,10 +405,31 @@ void setup_child(struct winbindd_domain *domain, struct winbindd_child *child,
const char *logname)
{
if (logprefix && logname) {
+ char *logbase = NULL;
+
+ if (lp_logfile()) {
+ char *end = NULL;
+
+ if (asprintf(&logbase, "%s", lp_logfile()) < 0) {
+ smb_panic("Internal error: asprintf failed");
+ }
+
+ if ((end = strrchr_m(logbase, '/'))) {
+ *end = '\0';
+ }
+ } else {
+ if (asprintf(&logbase, "%s", get_dyn_LOGFILEBASE()) < 0) {
+ smb_panic("Internal error: asprintf failed");
+ }
+ }
+
if (asprintf(&child->logfilename, "%s/%s-%s",
- get_dyn_LOGFILEBASE(), logprefix, logname) < 0) {
+ logbase, logprefix, logname) < 0) {
+ SAFE_FREE(logbase);
smb_panic("Internal error: asprintf failed");
}
+
+ SAFE_FREE(logbase);
} else {
smb_panic("Internal error: logprefix == NULL && "
"logname == NULL");
diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
index 09da950..780a675 100644
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -50,7 +50,7 @@ static NTSTATUS msrpc_query_user_list(struct winbindd_domain *domain,
TALLOC_CTX *tmp_ctx;
NTSTATUS status;
- DEBUG(3,("rpc_query_user_list\n"));
+ DEBUG(3, ("msrpc_query_user_list\n"));
if (pnum_info) {
*pnum_info = 0;
@@ -241,7 +241,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
return NT_STATUS_NO_MEMORY;
}
- DEBUG(3,("rpc: name_to_sid name=%s\n", full_name));
+ DEBUG(3, ("msrpc_name_to_sid: name=%s\n", full_name));
name_map_status = normalize_name_unmap(mem_ctx, full_name,
&mapped_name);
@@ -288,7 +288,7 @@ static NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,
NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
char *mapped_name = NULL;
- DEBUG(3,("sid_to_name [rpc] %s for domain %s\n", sid_string_dbg(sid),
+ DEBUG(3, ("msrpc_sid_to_name: %s for domain %s\n", sid_string_dbg(sid),
domain->name ));
result = winbindd_lookup_sids(mem_ctx,
@@ -338,7 +338,7 @@ static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,
size_t i;
char **ret_names;
- DEBUG(3, ("rids_to_names [rpc] for domain %s\n", domain->name ));
+ DEBUG(3, ("msrpc_rids_to_names: domain %s\n", domain->name ));
if (num_rids) {
sids = TALLOC_ARRAY(mem_ctx, struct dom_sid, num_rids);
@@ -616,7 +616,7 @@ static NTSTATUS msrpc_lookup_groupmem(struct winbindd_domain *domain,
unsigned int orig_timeout;
struct samr_RidTypeArray *rids = NULL;
- DEBUG(10,("rpc: lookup_groupmem %s sid=%s\n", domain->name,
+ DEBUG(3,("msrpc_lookup_groupmem: %s sid=%s\n", domain->name,
sid_string_dbg(group_sid)));
if ( !winbindd_can_contact_domain( domain ) ) {
@@ -819,7 +819,7 @@ static NTSTATUS msrpc_sequence_number(struct winbindd_domain *domain,
TALLOC_CTX *tmp_ctx;
NTSTATUS status;
- DEBUG(10,("rpc: fetch sequence_number for %s\n", domain->name));
+ DEBUG(3, ("msrpc_sequence_number: fetch sequence_number for %s\n", domain->name));
if (pseq) {
*pseq = DOM_SEQUENCE_NONE;
@@ -902,7 +902,7 @@ static NTSTATUS msrpc_trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *tmp_ctx;
NTSTATUS status;
- DEBUG(3,("samr: trusted domains\n"));
+ DEBUG(3,("msrpc_trusted_domains\n"));
if (ptrust_list) {
ZERO_STRUCTP(ptrust_list);
@@ -946,7 +946,7 @@ static NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
struct policy_handle dom_pol;
union samr_DomainInfo *info = NULL;
- DEBUG(10,("rpc: fetch lockout policy for %s\n", domain->name));
+ DEBUG(3, ("msrpc_lockout_policy: fetch lockout policy for %s\n", domain->name));
if ( !winbindd_can_contact_domain( domain ) ) {
DEBUG(10,("msrpc_lockout_policy: No incoming trust for domain %s\n",
@@ -987,7 +987,8 @@ static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
struct policy_handle dom_pol;
union samr_DomainInfo *info = NULL;
- DEBUG(10,("rpc: fetch password policy for %s\n", domain->name));
+ DEBUG(3, ("msrpc_password_policy: fetch password policy for %s\n",
+ domain->name));
if ( !winbindd_can_contact_domain( domain ) ) {
DEBUG(10,("msrpc_password_policy: No incoming trust for domain %s\n",
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 785e013..80f7bb6 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -670,7 +670,6 @@ NTSTATUS rpc_lookup_groupmem(TALLOC_CTX *mem_ctx,
uint32_t **pname_types)
{
struct policy_handle group_policy;
- struct samr_RidTypeArray *rids = NULL;
uint32_t group_rid;
uint32_t *rid_mem = NULL;
@@ -690,41 +689,87 @@ NTSTATUS rpc_lookup_groupmem(TALLOC_CTX *mem_ctx,
return NT_STATUS_UNSUCCESSFUL;
}
- status = rpccli_samr_OpenGroup(samr_pipe,
- mem_ctx,
- samr_policy,
- SEC_FLAG_MAXIMUM_ALLOWED,
- group_rid,
- &group_policy);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+ switch(type) {
+ case SID_NAME_DOM_GRP:
+ {
+ struct samr_RidTypeArray *rids = NULL;
- /*
- * Step #1: Get a list of user rids that are the members of the group.
- */
- status = rpccli_samr_QueryGroupMember(samr_pipe,
- mem_ctx,
- &group_policy,
- &rids);
+ status = rpccli_samr_OpenGroup(samr_pipe,
+ mem_ctx,
+ samr_policy,
+ SEC_FLAG_MAXIMUM_ALLOWED,
+ group_rid,
+ &group_policy);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /*
+ * Step #1: Get a list of user rids that are the members of the group.
+ */
+ status = rpccli_samr_QueryGroupMember(samr_pipe,
+ mem_ctx,
+ &group_policy,
+ &rids);
- rpccli_samr_Close(samr_pipe, mem_ctx, &group_policy);
+ rpccli_samr_Close(samr_pipe, mem_ctx, &group_policy);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- if (rids == NULL || rids->count == 0) {
- pnum_names = 0;
- pnames = NULL;
- pname_types = NULL;
- psid_mem = NULL;
+ if (rids == NULL || rids->count == 0) {
+ pnum_names = 0;
+ pnames = NULL;
+ pname_types = NULL;
+ psid_mem = NULL;
- return NT_STATUS_OK;
+ return NT_STATUS_OK;
+ }
+
+ num_names = rids->count;
+ rid_mem = rids->rids;
+
+ break;
}
+ case SID_NAME_WKN_GRP:
+ case SID_NAME_ALIAS:
+ {
+ struct lsa_SidArray sid_array;
+ struct lsa_SidPtr sid_ptr;
+ struct samr_Ids rids_query;
+
+ sid_ptr.sid = sid_dup_talloc(mem_ctx, group_sid);
+ if (sid_ptr.sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ sid_array.num_sids = 1;
+ sid_array.sids = &sid_ptr;
- num_names = rids->count;
- rid_mem = rids->rids;
+ status = rpccli_samr_GetAliasMembership(samr_pipe,
+ mem_ctx,
+ samr_policy,
+ &sid_array,
+ &rids_query);
+
+ if (rids_query.count == 0) {
+ pnum_names = 0;
+ pnames = NULL;
+ pname_types = NULL;
+ psid_mem = NULL;
+
+ return NT_STATUS_OK;
+ }
+
+ num_names = rids_query.count;
+ rid_mem = rids_query.ids;
+
+ break;
+ }
+ default:
+ return NT_STATUS_UNSUCCESSFUL;
+ }
/*
* Step #2: Convert list of rids into list of usernames.
diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
index 35d4c00..0c077aa 100644
--- a/source3/winbindd/winbindd_samr.c
+++ b/source3/winbindd/winbindd_samr.c
@@ -123,7 +123,7 @@ static NTSTATUS open_internal_lsa_pipe(TALLOC_CTX *mem_ctx,
if (server_info == NULL) {
status = make_server_info_system(mem_ctx, &server_info);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("open_samr_pipe: Could not create auth_serversupplied_info: %s\n",
+ DEBUG(0, ("open_lsa_pipe: Could not create auth_serversupplied_info: %s\n",
nt_errstr(status)));
return status;
}
@@ -136,7 +136,7 @@ static NTSTATUS open_internal_lsa_pipe(TALLOC_CTX *mem_ctx,
server_info,
&cli);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n",
+ DEBUG(0, ("open_lsa_pipe: Could not connect to lsa_pipe: %s\n",
nt_errstr(status)));
return status;
}
@@ -188,6 +188,8 @@ static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain,
DEBUG(3,("sam_enum_dom_groups\n"));
+ ZERO_STRUCT(dom_pol);
+
if (pnum_info) {
*pnum_info = 0;
}
@@ -220,6 +222,9 @@ static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain,
}
error:
+ if (is_valid_policy_hnd(&dom_pol)) {
+ rpccli_samr_Close(samr_pipe, mem_ctx, &dom_pol);
+ }
TALLOC_FREE(tmp_ctx);
return status;
}
@@ -239,6 +244,8 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
DEBUG(3,("samr_query_user_list\n"));
+ ZERO_STRUCT(dom_pol);
+
if (pnum_info) {
*pnum_info = 0;
}
@@ -272,6 +279,10 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
}
done:
+ if (is_valid_policy_hnd(&dom_pol)) {
+ rpccli_samr_Close(samr_pipe, mem_ctx, &dom_pol);
+ }
+
TALLOC_FREE(tmp_ctx);
return status;
}
@@ -289,6 +300,8 @@ static NTSTATUS sam_query_user(struct winbindd_domain *domain,
DEBUG(3,("sam_query_user\n"));
+ ZERO_STRUCT(dom_pol);
+
/* Paranoia check */
if (!sid_check_is_in_our_domain(user_sid)) {
return NT_STATUS_NO_SUCH_USER;
@@ -318,6 +331,10 @@ static NTSTATUS sam_query_user(struct winbindd_domain *domain,
user_info);
done:
+ if (is_valid_policy_hnd(&dom_pol)) {
+ rpccli_samr_Close(samr_pipe, mem_ctx, &dom_pol);
+ }
+
TALLOC_FREE(tmp_ctx);
return status;
}
@@ -336,6 +353,8 @@ static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
DEBUG(3,("samr: trusted domains\n"));
+ ZERO_STRUCT(lsa_policy);
+
if (ptrust_list) {
ZERO_STRUCTP(ptrust_list);
}
@@ -365,6 +384,10 @@ static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
}
done:
+ if (is_valid_policy_hnd(&lsa_policy)) {
+ rpccli_lsa_Close(lsa_pipe, mem_ctx, &lsa_policy);
+ }
+
TALLOC_FREE(tmp_ctx);
return status;
}
@@ -392,6 +415,8 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
DEBUG(3,("sam_lookup_groupmem\n"));
+ ZERO_STRUCT(dom_pol);
+
/* Paranoia check */
if (sid_check_is_in_builtin(group_sid) && (type != SID_NAME_ALIAS)) {
/* There's no groups, only aliases in BUILTIN */
@@ -441,6 +466,10 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
}
done:
+ if (is_valid_policy_hnd(&dom_pol)) {
+ rpccli_samr_Close(samr_pipe, mem_ctx, &dom_pol);
+ }
+
TALLOC_FREE(tmp_ctx);
return status;
}
@@ -510,6 +539,8 @@ static NTSTATUS sam_enum_local_groups(struct winbindd_domain *domain,
DEBUG(3,("samr: enum local groups\n"));
+ ZERO_STRUCT(dom_pol);
+
if (pnum_info) {
*pnum_info = 0;
}
@@ -542,6 +573,10 @@ static NTSTATUS sam_enum_local_groups(struct winbindd_domain *domain,
}
done:
+ if (is_valid_policy_hnd(&dom_pol)) {
+ rpccli_samr_Close(samr_pipe, mem_ctx, &dom_pol);
+ }
+
TALLOC_FREE(tmp_ctx);
return status;
}
@@ -564,6 +599,8 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
DEBUG(3,("sam_name_to_sid\n"));
+ ZERO_STRUCT(lsa_policy);
+
tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
@@ -594,6 +631,10 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
}
done:
+ if (is_valid_policy_hnd(&lsa_policy)) {
+ rpccli_lsa_Close(lsa_pipe, mem_ctx, &lsa_policy);
+ }
+
TALLOC_FREE(tmp_ctx);
return status;
}
@@ -616,6 +657,8 @@ static NTSTATUS sam_sid_to_name(struct winbindd_domain *domain,
DEBUG(3,("sam_sid_to_name\n"));
+ ZERO_STRUCT(lsa_policy);
+
/* Paranoia check */
if (!sid_check_is_in_builtin(sid) &&
!sid_check_is_in_our_domain(sid) &&
@@ -661,6 +704,10 @@ static NTSTATUS sam_sid_to_name(struct winbindd_domain *domain,
}
done:
+ if (is_valid_policy_hnd(&lsa_policy)) {
+ rpccli_lsa_Close(lsa_pipe, mem_ctx, &lsa_policy);
+ }
+
TALLOC_FREE(tmp_ctx);
return status;
}
@@ -684,6 +731,8 @@ static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain,
DEBUG(3,("sam_rids_to_names for %s\n", domain->name));
+ ZERO_STRUCT(lsa_policy);
--
Samba Shared Repository
More information about the samba-cvs
mailing list