[SCM] Samba Shared Repository - branch v4-9-test updated
Karolin Seeger
kseeger at samba.org
Tue Mar 12 16:14:02 UTC 2019
The branch, v4-9-test has been updated
via fc40f87ebbc lib:util: Move debug message for mkdir failing to log level 1
via aaefa8ea0bf WHATSNEW: mention new vfs_glusterfs_fuse module
via f232cd76d3d CI: don't use swap
via 65c85aee4cb lib/winbind_util: Add winbind_xid_to_sid for --without-winbind
via 7f74413a9b9 lib/winbind_util: Move include out of ifdef
via f506180c0b8 passdb: Update ABI to 0.27.2
via 1f915119d5d passdb: Make [ug]id_to_sid use xid_to_sid
via f175abcc68d passdb: Introduce xid_to_sid
via 522b85013ee lib: Add dom_sid_str_buf
via 713c48eb9bd lib: Introduce winbind_xid_to_sid
via 5bf41f42bb3 winbind: Use idmap_cache_find_xid2sid
via d74b8a1cba2 torture: Add tests for idmap cache
via 71f7738ca4c idmap_cache: Introduce idmap_cache_find_xid2sid
via 527ecdbe9c2 winbind: Now we explicitly track if we got ids from cache
via bdeacbabd20 winbind: Initialize "expired" parameter to idmap_cache_xid2sid
via d9b762a3d2d idmap_cache: Only touch "sid" on success in find_xid_to_sid
via 00baebb8dc9 lib: Make idmap_cache return negative mappings
from 3e6b84f8b43 VERSION: Bump version up to 4.9.6...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test
- Log -----------------------------------------------------------------
commit fc40f87ebbc7c24190b3044f045e3e0d20e80889
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 7 12:31:42 2019 +0100
lib:util: Move debug message for mkdir failing to log level 1
If you connnect to a host with smbclient this gets always printed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13823
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c71334ec0c92e791022a9b7c900aa0dd649226c2)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Mar 12 16:13:29 UTC 2019 on sn-devel-144
commit aaefa8ea0bf6d69e2ade5ab47af64e373ac3f179
Author: Günther Deschner <gd at samba.org>
Date: Mon Mar 11 14:11:23 2019 +0100
WHATSNEW: mention new vfs_glusterfs_fuse module
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
commit f232cd76d3d2d7fe72670993b22eb0c6f607ff05
Author: Ralph Boehme <slow at samba.org>
Date: Sun Mar 3 22:09:26 2019 +0100
CI: don't use swap
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Mar 4 13:59:42 UTC 2019 on sn-devel-144
(adapted from from commit 7798bc14fbdae3461eb30421923d53978b3f781d
by Andrew Bartlett)
commit 65c85aee4cbb102d482221ce4be2cf079f9fe294
Author: Christof Schmitt <cs at samba.org>
Date: Tue Mar 5 11:56:49 2019 -0700
lib/winbind_util: Add winbind_xid_to_sid for --without-winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13813
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 6 01:53:16 UTC 2019 on sn-devel-144
(cherry picked from commit 4125ff89e44a3e98882cfc38c06e559a6e1e56a5)
commit 7f74413a9b98477bc8476672002555e1a18377b4
Author: Christof Schmitt <cs at samba.org>
Date: Tue Mar 5 11:50:48 2019 -0700
lib/winbind_util: Move include out of ifdef
This fixes compile errors about missing prototypes with
--picky-developer and --without-winbind
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4b1e4c22128bdefe549a58b181e9b755854f4c3e)
commit f506180c0b8bedb0c284413056ea2a71430ad36e
Author: Christof Schmitt <cs at samba.org>
Date: Mon Mar 4 13:38:48 2019 -0700
passdb: Update ABI to 0.27.2
This change is for the backport only. The change in master increased the
ABI version to 0.28.0 and removed some functions; this should not happen
in a backport.
Signed-off-by: Christof Schmitt <cs at samba.org>
commit 1f915119d5df275cd0389f31abb5c9181fe6c2ce
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 26 15:17:36 2019 +0100
passdb: Make [ug]id_to_sid use xid_to_sid
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 40de67f1fcc46b7a64a7364c91dcedb474826d51)
commit f175abcc68d26fe1852d7470c26dada164ee90bb
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 26 15:10:21 2019 +0100
passdb: Introduce xid_to_sid
This explicitly avoids the legacy_[ug]id_to_sid calls, which create
long-term cache entries to S-1-22-x-y if anthing fails. We can't do
this, because this will turn temporary winbind communication failures
into long-term problems: A short hickup in winbind_uid_to_sid will
create a mapping to S-1-22-1-uid for a week. It should be up to the
lower layers to do the caching.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 92f27ebb14c0c18b1d0fd49544ad851aeb14781c)
commit 522b85013eea84471e913e3ad6cc4c1a63a80a5e
Author: Volker Lendecke <vl at samba.org>
Date: Thu Oct 18 05:46:37 2018 +0200
lib: Add dom_sid_str_buf
This is modeled after server_id_str_buf, which as an API to me is easier to
use: I can rely on the compiler to get the buffer size right.
It is designed to violate README.Coding's "Make use of helper variables", but
as this API is simple enough and the output should never be a surprise at all,
I think that's worth it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Nov 2 20:11:11 CET 2018 on sn-devel-144
(cherry picked from commit 8b9d36221930a487ca5c51bf2e38ed04de9d50f7)
commit 713c48eb9bd79e7b25b31e206ce21daabe2c4f9d
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 26 14:45:32 2019 +0100
lib: Introduce winbind_xid_to_sid
This does not merge a winbind communication error into
"global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not
go along with is_null_sid(). Instead, this just touches the output sid
when winbind returned success. This success might well be a negative
mapping indicated by S-0-0, which *is* is_null_sid()...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit ef706a3e63b3e25edd27e0f99c3e2d8ff7209cb6)
commit 5bf41f42bb32f427ab46a95bfde91a893f0e5d40
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 26 14:34:56 2019 +0100
winbind: Use idmap_cache_find_xid2sid
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit bc9824bd42d9370279819ea0d927e236f6041324)
commit d74b8a1cba2f65282ac9e225ef8d56b5dec29938
Author: Volker Lendecke <vl at samba.org>
Date: Wed Feb 27 14:54:12 2019 +0100
torture: Add tests for idmap cache
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit e5a903bab6eda8f7ff2a7c8149d51022d9d8aede)
commit 71f7738ca4c7edfd19e766fde986fe1a3b374b66
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 26 14:32:52 2019 +0100
idmap_cache: Introduce idmap_cache_find_xid2sid
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit bb8122dd8c53bb307819a79b7888cc0940a7c13b)
commit 527ecdbe9c26e5a5ca50a03f1714189bc9ed9a2d
Author: Volker Lendecke <vl at samba.org>
Date: Mon Feb 25 14:55:00 2019 +0100
winbind: Now we explicitly track if we got ids from cache
This now properly makes us use negative cache entries
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 95d33ca79cc315f1a2e41cd60859ef01d6548c77)
commit bdeacbabd20177b8da3d87be03954cef3e597261
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 26 12:52:28 2019 +0100
winbind: Initialize "expired" parameter to idmap_cache_xid2sid
The code in idmap_cache only touches its output parameters upon success
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 8c28c12702c0935a852c7fed6565987623f09fee)
commit d9b762a3d2def39a26358d5f366bfe74e828303c
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 26 12:46:39 2019 +0100
idmap_cache: Only touch "sid" on success in find_xid_to_sid
Why? This makes the negative mapping condition (is_null_sid) more
explicit in the code.
The callers in lookup_sid initialized "psid" anyway before, and the ones
in wb_xids2sids now do as well. This is more in line with other APIs we
have: Only touch output parameters if you have something to say.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 4faf3e9f6da7515fc263d79f77226d105c2f8524)
commit 00baebb8dc907f7fef96d6d6ad1349155c2c14fd
Author: Volker Lendecke <vl at samba.org>
Date: Mon Feb 25 14:38:50 2019 +0100
lib: Make idmap_cache return negative mappings
Without this we'd query non-existent mappings over and over
again.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit d9303e8eb90d48f09f2e2e8bdf01f4a7c3c21d11)
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci.yml | 7 +-
WHATSNEW.txt | 13 ++
lib/util/util.c | 6 +-
libcli/security/dom_sid.c | 10 +
libcli/security/dom_sid.h | 2 +
source3/lib/idmap_cache.c | 48 ++++-
source3/lib/idmap_cache.h | 2 +
source3/lib/winbind_util.c | 41 +++-
source3/lib/winbind_util.h | 2 +
...passdb-0.27.1.sigs => samba-passdb-0.27.2.sigs} | 2 +
source3/passdb/lookup_sid.c | 233 ++++++---------------
source3/passdb/lookup_sid.h | 1 +
source3/selftest/tests.py | 1 +
source3/torture/proto.h | 1 +
source3/torture/test_idmap_cache.c | 122 +++++++++++
source3/torture/torture.c | 1 +
source3/winbindd/wb_xids2sids.c | 33 ++-
source3/wscript_build | 3 +-
18 files changed, 325 insertions(+), 203 deletions(-)
copy source3/passdb/ABI/{samba-passdb-0.27.1.sigs => samba-passdb-0.27.2.sigs} (99%)
create mode 100644 source3/torture/test_idmap_cache.c
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 42a425ea68d..03654fafe1f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,12 +7,7 @@ variables:
GIT_DEPTH: "3"
before_script:
- - echo "Build starting (preparing swap)..."
- - if [ $(df -m / --output=avail | tail -n1) -gt 10240 ]; then
- sudo dd if=/dev/zero of=/samba-swap bs=1M count=6144;
- sudo mkswap /samba-swap;
- sudo swapon /samba-swap;
- fi
+ - echo "Build starting..."
after_script:
- tar -xf logs.tar.gz system-info.txt -O
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 22eeec2ddcc..46298bdbbbc 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -986,6 +986,19 @@ The 'samba_gpoupdate' command (used in applying Group Policies to the
Samba machine itself) has been renamed to "samba_gpupdate" and had the
syntax changed to better match the same tool on Windows.
+New glusterfs_fuse VFS module
+-----------------------------
+
+The new vfs_glusterfs_fuse module improves performance when Samba
+accesses a glusterfs volume mounted via FUSE (Filesystem in Userspace
+as part of the Linux kernel). It achieves that by leveraging a
+mechanism to retrieve the appropriate case of filenames by querying a
+specific extended attribute in the filesystem. No extra configuration
+is required to use this module, only glusterfs_fuse needs to be set in
+the "vfs objects" parameter. Further details can be found in the
+vfs_glusterfs_fuse(8) manpage. This new vfs_glusterfs_fuse module does
+not replace the existing vfs_glusterfs module, it just provides an
+additional, alternative mechanism to access a Gluster volume.
REMOVED FEATURES
================
diff --git a/lib/util/util.c b/lib/util/util.c
index 4291bfa5d57..5839ef83f60 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -212,9 +212,9 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname,
old_umask = umask(0);
ret = mkdir(dname, dir_perms);
if (ret == -1 && errno != EEXIST) {
- DEBUG(0, ("mkdir failed on directory "
- "%s: %s\n", dname,
- strerror(errno)));
+ DBG_WARNING("mkdir failed on directory %s: %s\n",
+ dname,
+ strerror(errno));
umask(old_umask);
return false;
}
diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 17ac0560d83..9d9f466e080 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -488,3 +488,13 @@ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
talloc_set_name_const(result, result);
return result;
}
+
+char *dom_sid_str_buf(const struct dom_sid *sid, struct dom_sid_buf *dst)
+{
+ int ret;
+ ret = dom_sid_string_buf(sid, dst->buf, sizeof(dst->buf));
+ if ((ret < 0) || (ret >= sizeof(dst->buf))) {
+ strlcpy(dst->buf, "(INVALID SID)", sizeof(dst->buf));
+ }
+ return dst->buf;
+}
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index 491fc0699f4..0010fd2c3af 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -103,6 +103,8 @@ bool dom_sid_is_valid_account_domain(const struct dom_sid *sid);
int dom_sid_string_buf(const struct dom_sid *sid, char *buf, int buflen);
char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
+struct dom_sid_buf { char buf[DOM_SID_STR_BUFLEN]; };
+char *dom_sid_str_buf(const struct dom_sid *sid, struct dom_sid_buf *dst);
const char *sid_type_lookup(uint32_t sid_type);
const struct security_token *get_system_token(void);
diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
index 1e8a1ebc607..9fc32215001 100644
--- a/source3/lib/idmap_cache.c
+++ b/source3/lib/idmap_cache.c
@@ -201,19 +201,23 @@ static void idmap_cache_xid2sid_parser(time_t timeout, DATA_BLOB blob,
(struct idmap_cache_xid2sid_state *)private_data;
char *value;
- ZERO_STRUCTP(state->sid);
- state->ret = false;
-
if ((blob.length == 0) || (blob.data[blob.length-1] != 0)) {
/*
* Not a string, can't be a valid mapping
*/
+ state->ret = false;
return;
}
value = (char *)blob.data;
- if (value[0] != '-') {
+ if ((value[0] == '-') && (value[1] == '\0')) {
+ /*
+ * Return NULL SID, see comment to uid2sid
+ */
+ *state->sid = (struct dom_sid) {0};
+ state->ret = true;
+ } else {
state->ret = string_to_sid(state->sid, value);
}
if (state->ret) {
@@ -271,6 +275,42 @@ bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
return state.ret;
}
+/**
+ * Find a xid2sid mapping
+ * @param[in] id the unix id to map
+ * @param[out] sid where to put the result
+ * @param[out] expired is the cache entry expired?
+ * @retval Was anything in the cache at all?
+ *
+ * If "is_null_sid(sid)", this was a negative mapping.
+ */
+bool idmap_cache_find_xid2sid(
+ const struct unixid *id, struct dom_sid *sid, bool *expired)
+{
+ struct idmap_cache_xid2sid_state state = {
+ .sid = sid, .expired = expired
+ };
+ fstring key;
+ char c;
+
+ switch (id->type) {
+ case ID_TYPE_UID:
+ c = 'U';
+ break;
+ case ID_TYPE_GID:
+ c = 'G';
+ break;
+ default:
+ return false;
+ }
+
+ fstr_sprintf(key, "IDMAP/%cID2SID/%d", c, (int)id->id);
+
+ gencache_parse(key, idmap_cache_xid2sid_parser, &state);
+ return state.ret;
+}
+
+
/**
* Store a mapping in the idmap cache
* @param[in] sid the sid to map
diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h
index dc497022e3b..d5afa170e1a 100644
--- a/source3/lib/idmap_cache.h
+++ b/source3/lib/idmap_cache.h
@@ -31,6 +31,8 @@ bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
bool *expired);
bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired);
bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired);
+bool idmap_cache_find_xid2sid(
+ const struct unixid *id, struct dom_sid *sid, bool *expired);
void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id);
bool idmap_cache_del_uid(uid_t uid);
diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
index 427831f04c8..0e31aa8380a 100644
--- a/source3/lib/winbind_util.c
+++ b/source3/lib/winbind_util.c
@@ -23,10 +23,10 @@
#include "../lib/util/util_pw.h"
#include "nsswitch/libwbclient/wbclient.h"
-#if defined(WITH_WINBIND)
-
#include "lib/winbind_util.h"
+#if defined(WITH_WINBIND)
+
struct passwd * winbind_getpwnam(const char * name)
{
wbcErr result;
@@ -197,6 +197,36 @@ bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
return (result == WBC_ERR_SUCCESS);
}
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
+{
+ struct wbcUnixId wbc_xid;
+ struct wbcDomainSid dom_sid;
+ wbcErr result;
+
+ switch (xid->type) {
+ case ID_TYPE_UID:
+ wbc_xid = (struct wbcUnixId) {
+ .type = WBC_ID_TYPE_UID, .id.uid = xid->id
+ };
+ break;
+ case ID_TYPE_GID:
+ wbc_xid = (struct wbcUnixId) {
+ .type = WBC_ID_TYPE_GID, .id.gid = xid->id
+ };
+ break;
+ default:
+ return false;
+ }
+
+ result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid);
+ if (result != WBC_ERR_SUCCESS) {
+ return false;
+ }
+
+ memcpy(sid, &dom_sid, sizeof(struct dom_sid));
+ return true;
+}
+
/* Check for a trusted domain */
wbcErr wb_is_trusted_domain(const char *domain)
@@ -370,6 +400,13 @@ bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
return false;
}
+/* Call winbindd to convert uid or gid to SID */
+
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
+{
+ return false;
+}
+
/* Check for a trusted domain */
wbcErr wb_is_trusted_domain(const char *domain)
diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
index c2bf0e02d76..5ecda5a7b09 100644
--- a/source3/lib/winbind_util.h
+++ b/source3/lib/winbind_util.h
@@ -22,6 +22,7 @@
#define __LIB__WINBIND_UTIL_H__
#include "../librpc/gen_ndr/lsa.h"
+#include "librpc/gen_ndr/idmap.h"
/* needed for wbcErr below */
#include "nsswitch/libwbclient/wbclient.h"
@@ -38,6 +39,7 @@ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid);
bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid);
bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid);
bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid);
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid);
struct passwd * winbind_getpwnam(const char * sname);
struct passwd * winbind_getpwsid(const struct dom_sid *sid);
wbcErr wb_is_trusted_domain(const char *domain);
diff --git a/source3/passdb/ABI/samba-passdb-0.27.1.sigs b/source3/passdb/ABI/samba-passdb-0.27.2.sigs
similarity index 99%
copy from source3/passdb/ABI/samba-passdb-0.27.1.sigs
copy to source3/passdb/ABI/samba-passdb-0.27.2.sigs
index 6437ed26ce9..17876abac16 100644
--- a/source3/passdb/ABI/samba-passdb-0.27.1.sigs
+++ b/source3/passdb/ABI/samba-passdb-0.27.2.sigs
@@ -307,3 +307,5 @@ winbind_ping: bool (void)
winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *)
winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *)
winbind_uid_to_sid: bool (struct dom_sid *, uid_t)
+winbind_xid_to_sid: bool (struct dom_sid *, const struct unixid *)
+xid_to_sid: void (struct dom_sid *, const struct unixid *)
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index eeaf2b720a7..caa3442c6f1 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1101,97 +1101,6 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
return ret;
}
-/*****************************************************************
- Id mapping cache. This is to avoid Winbind mappings already
- seen by smbd to be queried too frequently, keeping winbindd
- busy, and blocking smbd while winbindd is busy with other
- stuff. Written by Michael Steffens <michael.steffens at hp.com>,
- modified to use linked lists by jra.
-*****************************************************************/
-
-
-/*****************************************************************
- *THE LEGACY* convert uid_t to SID function.
-*****************************************************************/
-
-static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
-{
- bool ret;
- struct unixid id;
-
- ZERO_STRUCTP(psid);
-
- id.id = uid;
- id.type = ID_TYPE_UID;
-
- become_root();
- ret = pdb_id_to_sid(&id, psid);
- unbecome_root();
-
- if (ret) {
- /* This is a mapped user */
- goto done;
- }
-
- /* This is an unmapped user */
-
- uid_to_unix_users_sid(uid, psid);
-
- {
- struct unixid xid = {
- .id = uid, .type = ID_TYPE_UID
- };
- idmap_cache_set_sid2unixid(psid, &xid);
- }
-
- done:
- DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
- sid_string_dbg(psid)));
-
- return;
-}
-
-/*****************************************************************
- *THE LEGACY* convert gid_t to SID function.
-*****************************************************************/
-
-static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
-{
- bool ret;
- struct unixid id;
-
- ZERO_STRUCTP(psid);
-
- id.id = gid;
- id.type = ID_TYPE_GID;
-
- become_root();
- ret = pdb_id_to_sid(&id, psid);
- unbecome_root();
-
- if (ret) {
- /* This is a mapped group */
- goto done;
- }
-
- /* This is an unmapped group */
-
- gid_to_unix_groups_sid(gid, psid);
-
- {
- struct unixid xid = {
- .id = gid, .type = ID_TYPE_GID
- };
- idmap_cache_set_sid2unixid(psid, &xid);
- }
-
- done:
- DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
- sid_string_dbg(psid)));
-
- return;
-}
-
/*****************************************************************
*THE LEGACY* convert SID to id function.
*****************************************************************/
@@ -1239,102 +1148,90 @@ static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid)
return false;
}
-/*****************************************************************
- *THE CANONICAL* convert uid_t to SID function.
-*****************************************************************/
-
-void uid_to_sid(struct dom_sid *psid, uid_t uid)
+void xid_to_sid(struct dom_sid *psid, const struct unixid *xid)
{
bool expired = true;
bool ret;
- ZERO_STRUCTP(psid);
+ struct dom_sid_buf buf;
- /* Check the winbindd cache directly. */
- ret = idmap_cache_find_uid2sid(uid, psid, &expired);
+ SMB_ASSERT(xid->type == ID_TYPE_UID || xid->type == ID_TYPE_GID);
+
+ *psid = (struct dom_sid) {0};
+
+ ret = idmap_cache_find_xid2sid(xid, psid, &expired);
+ if (ret && !expired) {
+ DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n",
+ xid->type == ID_TYPE_UID ? 'U' : 'G',
+ xid->id,
+ dom_sid_str_buf(psid, &buf));
+ goto done;
+ }
- if (ret && !expired && is_null_sid(psid)) {
+ ret = winbind_xid_to_sid(psid, xid);
+ if (ret) {
/*
- * Negative cache entry, we already asked.
- * do legacy.
+ * winbind can return an explicit negative mapping
+ * here. It's up to winbind to prime the cache either
+ * positively or negatively, don't mess with the cache
+ * here.
*/
- legacy_uid_to_sid(psid, uid);
- return;
+ DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n",
+ xid->type == ID_TYPE_UID ? 'U' : 'G',
+ xid->id,
+ dom_sid_str_buf(psid, &buf));
+ goto done;
}
- if (!ret || expired) {
- /* Not in cache. Ask winbindd. */
- if (!winbind_uid_to_sid(psid, uid)) {
- /*
- * We shouldn't return the NULL SID
- * here if winbind was running and
- * couldn't map, as winbind will have
- * added a negative entry that will
- * cause us to go though the
- * legacy_uid_to_sid()
- * function anyway in the case above
- * the next time we ask.
- */
- DEBUG(5, ("uid_to_sid: winbind failed to find a sid "
- "for uid %u\n", (unsigned int)uid));
+ {
+ /*
+ * Make a copy, pdb_id_to_sid might want to turn
+ * xid->type into ID_TYPE_BOTH, which we ignore here.
+ */
+ struct unixid rw_xid = *xid;
- legacy_uid_to_sid(psid, uid);
- return;
- }
+ become_root();
+ ret = pdb_id_to_sid(&rw_xid, psid);
+ unbecome_root();
}
- DEBUG(10,("uid %u -> sid %s\n", (unsigned int)uid,
- sid_string_dbg(psid)));
-
- return;
-}
-
-/*****************************************************************
- *THE CANONICAL* convert gid_t to SID function.
-*****************************************************************/
-
-void gid_to_sid(struct dom_sid *psid, gid_t gid)
-{
- bool expired = true;
- bool ret;
- ZERO_STRUCTP(psid);
-
- /* Check the winbindd cache directly. */
- ret = idmap_cache_find_gid2sid(gid, psid, &expired);
+ if (ret) {
+ DBG_DEBUG("%cID %"PRIu32" -> %s from passdb\n",
+ xid->type == ID_TYPE_UID ? 'U' : 'G',
+ xid->id,
+ dom_sid_str_buf(psid, &buf));
+ goto done;
+ }
- if (ret && !expired && is_null_sid(psid)) {
+done:
+ if (is_null_sid(psid)) {
/*
- * Negative cache entry, we already asked.
- * do legacy.
+ * Nobody found anything: Return S-1-22-xx-yy. Don't
+ * store that in caches, this is up to the layers
+ * beneath us.
*/
- legacy_gid_to_sid(psid, gid);
- return;
--
Samba Shared Repository
More information about the samba-cvs
mailing list