[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Wed May 2 07:35:04 MDT 2012
The branch, master has been updated
via 2b5ee34 s3-passdb: Add extra debug on ID mapping failures
via bb1d541 s3-idmap: remove (now) unused function idmap_cache_set_sid2both()
via c844f65 s3-idmap: convert most idmap_cache callers to unixid API
via 583b104 s3-idmap: Rework idmap_cache to store ID_TYPE_BOTH values
via 0cad493 s3-winbindd: Do not use WBC_ types internally in winbindd
via 6e1f6e4 s3:passdb: remove a forward declaration of wbcSidToUnixId that has become unnecessary
via f9c9c49 s3:passdb: rename sids_to_unix_ids() --> sids_to_unixids() for consistency
via ac97f15 s3-passdb: Use struct unixid in sids_to_unix_ids
via 2d5df93 s3-passdb: Rename legacy_sid_to_id -> legacy_sid_to_unixid for clarity
via a6e29f2 s3-passdb: Change pdb_sid_to_id() to return struct unixid
from 8026550 selftest: make the knownfail patterns for the driver_info_winreg more specific
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2b5ee3491aa4cdd44c40720d4d4ca2d36d2e16c7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Apr 21 10:22:35 2012 +1000
s3-passdb: Add extra debug on ID mapping failures
Signed-off-by: Michael Adam <obnox at samba.org>
Autobuild-User: Michael Adam <obnox at samba.org>
Autobuild-Date: Wed May 2 15:34:13 CEST 2012 on sn-devel-104
commit bb1d541da10ca35f7bfc22e9c5e735d8ed01bb49
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed May 2 10:44:16 2012 +0200
s3-idmap: remove (now) unused function idmap_cache_set_sid2both()
Signed-off-by: Michael Adam <obnox at samba.org>
commit c844f657793c0f8df3b2afcf710166b628e8233b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 23 21:11:33 2012 +1100
s3-idmap: convert most idmap_cache callers to unixid API
This will eventually allow the struct unixid to be passed all the way up
and down the stack.
Andrew Bartlett
Signed-off-by: Michael Adam <obnox at samba.org>
commit 583b104d4b9a6ae65e4b43afaba665398a34c72f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 23 21:01:01 2012 +1100
s3-idmap: Rework idmap_cache to store ID_TYPE_BOTH values
This required that the lower level cache store a UID/GID and a type, and that
we operate on struct unixid rather than just uid/gid.
The ID_TYPE_BOTH is then handled as being a positive mapping for both
a UID and GID value. Wrapper functions are provided so that callers are not
changed in this patch.
Andrew Bartlett
Signed-off-by: Michael Adam <obnox at samba.org>
commit 0cad493412c034a7dec36db5dfb11425d897547a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 23 17:58:39 2012 +1100
s3-winbindd: Do not use WBC_ types internally in winbindd
Use the types from idmap.idl instead
Signed-off-by: Michael Adam <obnox at samba.org>
commit 6e1f6e495665246c1eb435942bb63dde7f3bf6e0
Author: Michael Adam <obnox at samba.org>
Date: Wed May 2 09:49:02 2012 +0200
s3:passdb: remove a forward declaration of wbcSidToUnixId that has become unnecessary
commit f9c9c49c51140f708ac58a2b60cbea817df7e056
Author: Michael Adam <obnox at samba.org>
Date: Wed May 2 09:48:28 2012 +0200
s3:passdb: rename sids_to_unix_ids() --> sids_to_unixids() for consistency
commit ac97f151ed18351bf648b00e358cfb127f261826
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 23 17:30:34 2012 +1100
s3-passdb: Use struct unixid in sids_to_unix_ids
This avoids the union in the struct wbcUnixId and moves us to using only struct unixid
internally.
Andrew Bartlett
Signed-off-by: Michael Adam <obnox at samba.org>
commit 2d5df933f421602276c3dfc04852911d91f631fc
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 23 16:51:47 2012 +1100
s3-passdb: Rename legacy_sid_to_id -> legacy_sid_to_unixid for clarity
Signed-off-by: Michael Adam <obnox at samba.org>
commit a6e29f23f09ba5b6b6d362f7683ae8088bc0ba85
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 16 09:16:23 2012 +1100
s3-passdb: Change pdb_sid_to_id() to return struct unixid
This will make it easier to consistantly pass a struct unixid all the way up and
down the idmap stack, and allow ID_TYPE_BOTH to be handled correctly.
Andrew Bartlett
Signed-off-by: Michael Adam <obnox at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_util.c | 15 +-
source3/include/passdb.h | 6 +-
source3/lib/idmap_cache.c | 383 ++++++++++++++++--------------
source3/lib/idmap_cache.h | 10 +-
source3/passdb/lookup_sid.c | 166 ++++++--------
source3/passdb/lookup_sid.h | 6 +-
source3/passdb/pdb_ads.c | 17 +-
source3/passdb/pdb_interface.c | 52 +++--
source3/passdb/pdb_ldap.c | 47 +++--
source3/passdb/pdb_samba4.c | 76 ++++---
source3/passdb/py_passdb.c | 9 +-
source3/winbindd/idmap_passdb.c | 27 +--
source3/winbindd/idmap_util.c | 18 +-
source3/winbindd/winbindd_sids_to_xids.c | 47 ++---
14 files changed, 462 insertions(+), 417 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 4f6ebfa..de395a5 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -32,6 +32,7 @@
#include "passdb.h"
#include "../librpc/gen_ndr/ndr_auth.h"
#include "../auth/auth_sam_reply.h"
+#include "../librpc/gen_ndr/idmap.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -465,7 +466,7 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
size_t i;
struct dom_sid tmp_sid;
struct auth_session_info *session_info;
- struct wbcUnixId *ids;
+ struct unixid *ids;
fstring tmp;
/* Ensure we can't possible take a code path leading to a
@@ -593,31 +594,31 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
t = session_info->security_token;
- ids = talloc_array(talloc_tos(), struct wbcUnixId,
+ ids = talloc_array(talloc_tos(), struct unixid,
t->num_sids);
if (ids == NULL) {
return NT_STATUS_NO_MEMORY;
}
- if (!sids_to_unix_ids(t->sids, t->num_sids, ids)) {
+ if (!sids_to_unixids(t->sids, t->num_sids, ids)) {
TALLOC_FREE(ids);
return NT_STATUS_NO_MEMORY;
}
for (i=0; i<t->num_sids; i++) {
- if (i == 0 && ids[i].type != WBC_ID_TYPE_BOTH) {
+ if (i == 0 && ids[i].type != ID_TYPE_BOTH) {
continue;
}
- if (ids[i].type != WBC_ID_TYPE_GID &&
- ids[i].type != WBC_ID_TYPE_BOTH) {
+ if (ids[i].type != ID_TYPE_GID &&
+ ids[i].type != ID_TYPE_BOTH) {
DEBUG(10, ("Could not convert SID %s to gid, "
"ignoring it\n",
sid_string_dbg(&t->sids[i])));
continue;
}
- if (!add_gid_to_array_unique(session_info, ids[i].id.gid,
+ if (!add_gid_to_array_unique(session_info, ids[i].id,
&session_info->unix_token->groups,
&session_info->unix_token->ngroups)) {
return NT_STATUS_NO_MEMORY;
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 905a5d1..b22d17a 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -33,6 +33,7 @@
#include "../librpc/gen_ndr/lsa.h"
#include <tevent.h>
+struct unixid;
/* group mapping headers */
@@ -561,7 +562,7 @@ struct pdb_methods
bool (*gid_to_sid)(struct pdb_methods *methods, gid_t gid,
struct dom_sid *sid);
bool (*sid_to_id)(struct pdb_methods *methods, const struct dom_sid *sid,
- uid_t *uid, gid_t *gid, enum lsa_SidType *type);
+ struct unixid *id);
uint32_t (*capabilities)(struct pdb_methods *methods);
bool (*new_rid)(struct pdb_methods *methods, uint32_t *rid);
@@ -866,8 +867,7 @@ bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value);
bool pdb_get_seq_num(time_t *seq_num);
bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid);
bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid);
-bool pdb_sid_to_id(const struct dom_sid *sid, uid_t *uid, gid_t *gid,
- enum lsa_SidType *type);
+bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id);
uint32_t pdb_capabilities(void);
bool pdb_new_rid(uint32_t *rid);
bool initialize_password_db(bool reload, struct tevent_context *tevent_ctx);
diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
index 413029c..773579b 100644
--- a/source3/lib/idmap_cache.c
+++ b/source3/lib/idmap_cache.c
@@ -20,150 +20,155 @@
#include "includes.h"
#include "idmap_cache.h"
#include "../libcli/security/security.h"
+#include "../librpc/gen_ndr/idmap.h"
/**
- * Find a sid2uid mapping
+ * Find a sid2xid mapping
* @param[in] sid the sid to map
- * @param[out] puid where to put the result
+ * @param[out] id where to put the result
* @param[out] expired is the cache entry expired?
* @retval Was anything in the cache at all?
*
- * If *puid == -1 this was a negative mapping.
+ * If id->id == -1 this was a negative mapping.
*/
-bool idmap_cache_find_sid2uid(const struct dom_sid *sid, uid_t *puid,
- bool *expired)
+bool idmap_cache_find_sid2unixid(const struct dom_sid *sid, struct unixid *id,
+ bool *expired)
{
fstring sidstr;
char *key;
char *value;
char *endptr;
time_t timeout;
- uid_t uid;
bool ret;
+ struct unixid tmp_id;
- key = talloc_asprintf(talloc_tos(), "IDMAP/SID2UID/%s",
+ key = talloc_asprintf(talloc_tos(), "IDMAP/SID2XID/%s",
sid_to_fstring(sidstr, sid));
if (key == NULL) {
return false;
}
ret = gencache_get(key, &value, &timeout);
- TALLOC_FREE(key);
if (!ret) {
+ TALLOC_FREE(key);
return false;
}
- uid = strtol(value, &endptr, 10);
- ret = (*endptr == '\0');
- SAFE_FREE(value);
+ tmp_id.id = strtol(value, &endptr, 10);
+ DEBUG(0, ("Parsing result of %s, endptr=%s, id=%llu\n", key, endptr, (unsigned long long)tmp_id.id));
+
+ ret = (*endptr == ':');
if (ret) {
- *puid = uid;
+ switch (endptr[1]) {
+ case 'U':
+ tmp_id.type = ID_TYPE_UID;
+ break;
+
+ case 'G':
+ tmp_id.type = ID_TYPE_GID;
+ break;
+
+ case 'B':
+ tmp_id.type = ID_TYPE_BOTH;
+ break;
+
+ case '\0':
+ default:
+ TALLOC_FREE(key);
+ SAFE_FREE(value);
+ DEBUG(0, ("FAILED Parsing result of %s, endptr=%s, id=%llu\n", key, endptr, (unsigned long long)tmp_id.id));
+ return false;
+ }
+ if (endptr[2] != '\0') {
+ TALLOC_FREE(key);
+ SAFE_FREE(value);
+ DEBUG(0, ("FAILED (2) Parsing result of %s, endptr=%s, id=%llu\n", key, endptr, (unsigned long long)tmp_id.id));
+ return false;
+ }
+
+ *id = tmp_id;
*expired = (timeout <= time(NULL));
+ } else {
+ DEBUG(0, ("FAILED (3) Parsing result of %s, value=%s\n", key, value));
}
+ TALLOC_FREE(key);
+ SAFE_FREE(value);
return ret;
}
/**
- * Find a uid2sid mapping
- * @param[in] uid the uid to map
- * @param[out] sid where to put the result
+ * Find a sid2uid mapping
+ * @param[in] sid the sid to map
+ * @param[out] puid where to put the result
* @param[out] expired is the cache entry expired?
* @retval Was anything in the cache at all?
*
- * If "is_null_sid(sid)", this was a negative mapping.
+ * If *puid == -1 this was a negative mapping.
*/
-bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired)
+bool idmap_cache_find_sid2uid(const struct dom_sid *sid, uid_t *puid,
+ bool *expired)
{
- char *key;
- char *value;
- time_t timeout;
- bool ret = true;
-
- key = talloc_asprintf(talloc_tos(), "IDMAP/UID2SID/%d", (int)uid);
- if (key == NULL) {
- return false;
- }
- ret = gencache_get(key, &value, &timeout);
- TALLOC_FREE(key);
+ bool ret;
+ struct unixid id;
+ ret = idmap_cache_find_sid2unixid(sid, &id, expired);
if (!ret) {
return false;
}
- ZERO_STRUCTP(sid);
- if (value[0] != '-') {
- ret = string_to_sid(sid, value);
- }
- SAFE_FREE(value);
- if (ret) {
- *expired = (timeout <= time(NULL));
+
+ if (id.type == ID_TYPE_BOTH || id.type == ID_TYPE_UID) {
+ *puid = id.id;
+ } else {
+ *puid = -1;
}
- return ret;
+ return true;
}
/**
- * Store a mapping in the idmap cache
+ * Find a sid2gid mapping
* @param[in] sid the sid to map
- * @param[in] uid the uid to map
+ * @param[out] pgid where to put the result
+ * @param[out] expired is the cache entry expired?
+ * @retval Was anything in the cache at all?
*
- * If both parameters are valid values, then a positive mapping in both
- * directions is stored. If "is_null_sid(sid)" is true, then this will be a
- * negative mapping of uid, we want to cache that for this uid we could not
- * find anything. Likewise if "uid==-1", then we want to cache that we did not
- * find a mapping for the sid passed here.
+ * If *pgid == -1 this was a negative mapping.
*/
-void idmap_cache_set_sid2uid(const struct dom_sid *sid, uid_t uid)
+bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
+ bool *expired)
{
- time_t now = time(NULL);
- time_t timeout;
- fstring sidstr, key, value;
-
- if (!is_null_sid(sid)) {
- fstr_sprintf(key, "IDMAP/SID2UID/%s",
- sid_to_fstring(sidstr, sid));
- fstr_sprintf(value, "%d", (int)uid);
- timeout = (uid == -1)
- ? lp_idmap_negative_cache_time()
- : lp_idmap_cache_time();
- gencache_set(key, value, now + timeout);
+ bool ret;
+ struct unixid id;
+ ret = idmap_cache_find_sid2unixid(sid, &id, expired);
+ if (!ret) {
+ return false;
}
- if (uid != -1) {
- fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)uid);
- if (is_null_sid(sid)) {
- /* negative uid mapping */
- fstrcpy(value, "-");
- timeout = lp_idmap_negative_cache_time();
- }
- else {
- sid_to_fstring(value, sid);
- timeout = lp_idmap_cache_time();
- }
- gencache_set(key, value, now + timeout);
+
+ if (id.type == ID_TYPE_BOTH || id.type == ID_TYPE_GID) {
+ *pgid = id.id;
+ } else {
+ *pgid = -1;
}
+ return true;
}
/**
- * Find a sid2gid mapping
- * @param[in] sid the sid to map
- * @param[out] pgid where to put the result
+ * Find a uid2sid mapping
+ * @param[in] uid the uid to map
+ * @param[out] sid where to put the result
* @param[out] expired is the cache entry expired?
* @retval Was anything in the cache at all?
*
- * If *pgid == -1 this was a negative mapping.
+ * If "is_null_sid(sid)", this was a negative mapping.
*/
-bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
- bool *expired)
+bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired)
{
- fstring sidstr;
char *key;
char *value;
- char *endptr;
time_t timeout;
- gid_t gid;
- bool ret;
+ bool ret = true;
- key = talloc_asprintf(talloc_tos(), "IDMAP/SID2GID/%s",
- sid_to_fstring(sidstr, sid));
+ key = talloc_asprintf(talloc_tos(), "IDMAP/UID2SID/%d", (int)uid);
if (key == NULL) {
return false;
}
@@ -172,11 +177,12 @@ bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
if (!ret) {
return false;
}
- gid = strtol(value, &endptr, 10);
- ret = (*endptr == '\0');
+ ZERO_STRUCTP(sid);
+ if (value[0] != '-') {
+ ret = string_to_sid(sid, value);
+ }
SAFE_FREE(value);
if (ret) {
- *pgid = gid;
*expired = (timeout <= time(NULL));
}
return ret;
@@ -231,23 +237,34 @@ bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
* find a mapping for the sid passed here.
*/
-void idmap_cache_set_sid2gid(const struct dom_sid *sid, gid_t gid)
+void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id)
{
time_t now = time(NULL);
time_t timeout;
fstring sidstr, key, value;
if (!is_null_sid(sid)) {
- fstr_sprintf(key, "IDMAP/SID2GID/%s",
+ fstr_sprintf(key, "IDMAP/SID2XID/%s",
sid_to_fstring(sidstr, sid));
- fstr_sprintf(value, "%d", (int)gid);
- timeout = (gid == -1)
+ switch (unix_id->type) {
+ case ID_TYPE_UID:
+ fstr_sprintf(value, "%d:U", (int)unix_id->id);
+ break;
+ case ID_TYPE_GID:
+ fstr_sprintf(value, "%d:G", (int)unix_id->id);
+ break;
+ case ID_TYPE_BOTH:
+ fstr_sprintf(value, "%d:B", (int)unix_id->id);
+ break;
+ default:
+ return;
+ }
+ timeout = (unix_id->id == -1)
? lp_idmap_negative_cache_time()
: lp_idmap_cache_time();
gencache_set(key, value, now + timeout);
}
- if (gid != -1) {
- fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)gid);
+ if (unix_id->id != -1) {
if (is_null_sid(sid)) {
/* negative gid mapping */
fstrcpy(value, "-");
@@ -257,58 +274,102 @@ void idmap_cache_set_sid2gid(const struct dom_sid *sid, gid_t gid)
sid_to_fstring(value, sid);
timeout = lp_idmap_cache_time();
}
+ switch (unix_id->type) {
+ case ID_TYPE_BOTH:
+ fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)unix_id->id);
+ gencache_set(key, value, now + timeout);
+ fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)unix_id->id);
+ gencache_set(key, value, now + timeout);
+ return;
+
+ case ID_TYPE_UID:
+ fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)unix_id->id);
+ break;
+
+ case ID_TYPE_GID:
+ fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)unix_id->id);
+ break;
+
+ default:
+ return;
+ }
gencache_set(key, value, now + timeout);
}
}
-
/**
* Store a mapping in the idmap cache
* @param[in] sid the sid to map
- * @param[in] uid/gid the uid/gid to map
+ * @param[in] uid the uid to map
*
* If both parameters are valid values, then a positive mapping in both
* directions is stored. If "is_null_sid(sid)" is true, then this will be a
- * negative mapping of gid, we want to cache that for this id we could not
- * find anything. Likewise if "id==-1", then we want to cache that we did not
+ * negative mapping of uid, we want to cache that for this uid we could not
+ * find anything. Likewise if "uid==-1", then we want to cache that we did not
* find a mapping for the sid passed here.
*/
-void idmap_cache_set_sid2both(const struct dom_sid *sid, uid_t id)
+void idmap_cache_set_sid2uid(const struct dom_sid *sid, uid_t uid)
{
- time_t now = time(NULL);
- time_t timeout;
- fstring sidstr, key, value;
-
- if (!is_null_sid(sid)) {
- fstr_sprintf(key, "IDMAP/SID2BOTH/%s",
- sid_to_fstring(sidstr, sid));
- fstr_sprintf(value, "%d", (int)id);
- timeout = (id == -1)
- ? lp_idmap_negative_cache_time()
- : lp_idmap_cache_time();
- gencache_set(key, value, now + timeout);
- }
- if (id != -1) {
- fstr_sprintf(key, "IDMAP/BOTH2SID/%d", (int)id);
- if (is_null_sid(sid)) {
- /* negative id mapping */
- fstrcpy(value, "-");
- timeout = lp_idmap_negative_cache_time();
+ struct unixid id;
+ id.type = ID_TYPE_UID;
+ id.id = uid;
+
+ if (uid == -1) {
+ uid_t tmp_gid;
+ bool expired;
+ /* If we were asked to invalidate this SID -> UID
+ * mapping, it was because we found out that this was
+ * not a UID at all. Do not overwrite a valid GID or
+ * BOTH mapping */
+ if (idmap_cache_find_sid2gid(sid, &tmp_gid, &expired)) {
+ if (!expired) {
+ return;
+ }
}
- else {
- sid_to_fstring(value, sid);
- timeout = lp_idmap_cache_time();
- }
- gencache_set(key, value, now + timeout);
}
+
+ idmap_cache_set_sid2unixid(sid, &id);
+ return;
}
+/**
+ * Store a mapping in the idmap cache
+ * @param[in] sid the sid to map
+ * @param[in] gid the gid to map
+ *
+ * If both parameters are valid values, then a positive mapping in both
+ * directions is stored. If "is_null_sid(sid)" is true, then this will be a
+ * negative mapping of gid, we want to cache that for this gid we could not
+ * find anything. Likewise if "gid==-1", then we want to cache that we did not
+ * find a mapping for the sid passed here.
+ */
+
+void idmap_cache_set_sid2gid(const struct dom_sid *sid, gid_t gid)
+{
+ struct unixid id;
+ id.type = ID_TYPE_GID;
+ id.id = gid;
+
+ if (gid == -1) {
+ uid_t tmp_uid;
+ bool expired;
--
Samba Shared Repository
More information about the samba-cvs
mailing list