[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Thu Sep 22 17:48:03 MDT 2011
The branch, master has been updated
via f236c53 s3-winbindd: add support for idmap type WBC_ID_TYPE_BOTH
via dbbb69e wbclient: added support for handling WBC_ID_TYPE_BOTH mappings
via 7945949 libwbclient: added support for WBC_ID_TYPE_BOTH
from 66f8070 lib/util: move some timespec helpers from source3 to the toplevel
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f236c539ad39932ee3c9a5df0276147a45dd1a42
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Jul 26 11:07:12 2011 +1000
s3-winbindd: add support for idmap type WBC_ID_TYPE_BOTH
this allows the s3 code to understand and cache responses from the s4
winbindd which may include a single SID mapped to both a uid and a gid
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Autobuild-User: Michael Adam <obnox at samba.org>
Autobuild-Date: Fri Sep 23 01:47:54 CEST 2011 on sn-devel-104
commit dbbb69e5722075e6c791d350484add378079b1ff
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Jul 26 11:05:38 2011 +1000
wbclient: added support for handling WBC_ID_TYPE_BOTH mappings
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 79459491773205f80b440468b7dba404c6d751b8
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Jul 26 11:05:38 2011 +1000
libwbclient: added support for WBC_ID_TYPE_BOTH
the Samba4 winbindd allows for a single SID to map to both a user and
group id. This is used to support files with the owner_sid set to a
group
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
-----------------------------------------------------------------------
Summary of changes:
nsswitch/libwbclient/wbc_idmap.c | 4 ++
nsswitch/libwbclient/wbclient.h | 3 +-
nsswitch/wbinfo.c | 3 ++
source3/auth/auth_util.c | 3 +-
source3/lib/idmap_cache.c | 57 +++++++++++++++++++++++++++++-
source3/lib/idmap_cache.h | 2 +
source3/winbindd/winbindd_sids_to_xids.c | 6 +++
7 files changed, 75 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/libwbclient/wbc_idmap.c b/nsswitch/libwbclient/wbc_idmap.c
index 5325dbe..04e7d02 100644
--- a/nsswitch/libwbclient/wbc_idmap.c
+++ b/nsswitch/libwbclient/wbc_idmap.c
@@ -370,6 +370,10 @@ wbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, uint32_t num_sids,
id->type = WBC_ID_TYPE_GID;
id->id.gid = strtoul(p+1, &q, 10);
break;
+ case 'B':
+ id->type = WBC_ID_TYPE_BOTH;
+ id->id.uid = strtoul(p+1, &q, 10);
+ break;
default:
id->type = WBC_ID_TYPE_NOT_SPECIFIED;
q = strchr(p, '\n');
diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h
index c5f3b77..809e00a 100644
--- a/nsswitch/libwbclient/wbclient.h
+++ b/nsswitch/libwbclient/wbclient.h
@@ -796,7 +796,8 @@ wbcErr wbcQueryGidToSid(gid_t gid,
enum wbcIdType {
WBC_ID_TYPE_NOT_SPECIFIED,
WBC_ID_TYPE_UID,
- WBC_ID_TYPE_GID
+ WBC_ID_TYPE_GID,
+ WBC_ID_TYPE_BOTH
};
union wbcUnixIdContainer {
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 30e23b6..6459b8e 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -1018,6 +1018,9 @@ static bool wbinfo_sids_to_unix_ids(const char *arg)
case WBC_ID_TYPE_GID:
d_printf("%s -> gid %d\n", sidstr, unix_ids[i].id.gid);
break;
+ case WBC_ID_TYPE_BOTH:
+ d_printf("%s -> uid/gid %d\n", sidstr, unix_ids[i].id.uid);
+ break;
default:
d_printf("%s -> unmapped\n", sidstr);
break;
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index f41809d..11b220e 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -608,7 +608,8 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
for (i=1; i<t->num_sids; i++) {
- if (ids[i].type != WBC_ID_TYPE_GID) {
+ if (ids[i].type != WBC_ID_TYPE_GID &&
+ ids[i].type != WBC_ID_TYPE_BOTH) {
DEBUG(10, ("Could not convert SID %s to gid, "
"ignoring it\n",
sid_string_dbg(&t->sids[i])));
diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
index 6783215..413029c 100644
--- a/source3/lib/idmap_cache.c
+++ b/source3/lib/idmap_cache.c
@@ -261,7 +261,54 @@ void idmap_cache_set_sid2gid(const struct dom_sid *sid, gid_t gid)
}
}
+
+/**
+ * Store a mapping in the idmap cache
+ * @param[in] sid the sid to map
+ * @param[in] uid/gid the uid/gid to map
+ *
+ * If both parameters are valid values, then a positive mapping in both
+ * directions is stored. If "is_null_sid(sid)" is true, then this will be a
+ * negative mapping of gid, we want to cache that for this id we could not
+ * find anything. Likewise if "id==-1", then we want to cache that we did not
+ * find a mapping for the sid passed here.
+ */
+
+void idmap_cache_set_sid2both(const struct dom_sid *sid, uid_t id)
+{
+ time_t now = time(NULL);
+ time_t timeout;
+ fstring sidstr, key, value;
+
+ if (!is_null_sid(sid)) {
+ fstr_sprintf(key, "IDMAP/SID2BOTH/%s",
+ sid_to_fstring(sidstr, sid));
+ fstr_sprintf(value, "%d", (int)id);
+ timeout = (id == -1)
+ ? lp_idmap_negative_cache_time()
+ : lp_idmap_cache_time();
+ gencache_set(key, value, now + timeout);
+ }
+ if (id != -1) {
+ fstr_sprintf(key, "IDMAP/BOTH2SID/%d", (int)id);
+ if (is_null_sid(sid)) {
+ /* negative id mapping */
+ fstrcpy(value, "-");
+ timeout = lp_idmap_negative_cache_time();
+ }
+ else {
+ sid_to_fstring(value, sid);
+ timeout = lp_idmap_cache_time();
+ }
+ gencache_set(key, value, now + timeout);
+ }
+}
+
+
static char* key_xid2sid_str(TALLOC_CTX* mem_ctx, char t, const char* id) {
+ if (t == 'B') {
+ return talloc_asprintf(mem_ctx, "IDMAP/BOTH2SID/%s", id);
+ }
return talloc_asprintf(mem_ctx, "IDMAP/%cID2SID/%s", t, id);
}
@@ -272,6 +319,9 @@ static char* key_xid2sid(TALLOC_CTX* mem_ctx, char t, int id) {
}
static char* key_sid2xid_str(TALLOC_CTX* mem_ctx, char t, const char* sid) {
+ if (t == 'B') {
+ return talloc_asprintf(mem_ctx, "IDMAP/SID2BOTH/%s", sid);
+ }
return talloc_asprintf(mem_ctx, "IDMAP/SID2%cID/%s", t, sid);
}
@@ -328,6 +378,10 @@ bool idmap_cache_del_gid(gid_t gid) {
return idmap_cache_del_xid('G', gid);
}
+bool idmap_cache_del_both(uid_t id) {
+ return idmap_cache_del_xid('B', id);
+}
+
static bool idmap_cache_del_sid2xid(TALLOC_CTX* mem_ctx, char t, const char* sid)
{
const char* sid_key = key_sid2xid_str(mem_ctx, t, sid);
@@ -367,7 +421,8 @@ bool idmap_cache_del_sid(const struct dom_sid *sid)
bool ret = true;
if (!idmap_cache_del_sid2xid(mem_ctx, 'U', sid_str) &&
- !idmap_cache_del_sid2xid(mem_ctx, 'G', sid_str))
+ !idmap_cache_del_sid2xid(mem_ctx, 'G', sid_str) &&
+ !idmap_cache_del_sid2xid(mem_ctx, 'B', sid_str))
{
DEBUG(3, ("no entry: %s\n", key_xid2sid_str(mem_ctx, '?', sid_str)));
ret = false;
diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h
index 1a62dba..4c87139 100644
--- a/source3/lib/idmap_cache.h
+++ b/source3/lib/idmap_cache.h
@@ -31,9 +31,11 @@ bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
bool *expired);
bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired);
void idmap_cache_set_sid2gid(const struct dom_sid *sid, gid_t gid);
+void idmap_cache_set_sid2both(const struct dom_sid *sid, uid_t id);
bool idmap_cache_del_uid(uid_t uid);
bool idmap_cache_del_gid(gid_t gid);
+bool idmap_cache_del_both(uid_t uid);
bool idmap_cache_del_sid(const struct dom_sid *sid);
#endif /* _LIB_IDMAP_CACHE_H_ */
diff --git a/source3/winbindd/winbindd_sids_to_xids.c b/source3/winbindd/winbindd_sids_to_xids.c
index d08064f..b416e3a 100644
--- a/source3/winbindd/winbindd_sids_to_xids.c
+++ b/source3/winbindd/winbindd_sids_to_xids.c
@@ -284,6 +284,12 @@ NTSTATUS winbindd_sids_to_xids_recv(struct tevent_req *req,
&state->non_cached[num_non_cached],
unix_id);
break;
+ case WBC_ID_TYPE_BOTH:
+ type = 'B';
+ idmap_cache_set_sid2both(
+ &state->non_cached[num_non_cached],
+ unix_id);
+ break;
default:
found = false;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list