[SCM] Samba Shared Repository - branch v4-10-test updated
Karolin Seeger
kseeger at samba.org
Wed Mar 13 12:16:03 UTC 2019
The branch, v4-10-test has been updated
via 00ea6a7d24e lib:util: Move debug message for mkdir failing to log level 1
via 6d901af0f1c lib/winbind_util: Add winbind_xid_to_sid for --without-winbind
via 3c32774b925 lib/winbind_util: Move include out of ifdef
via 545914afefa passdb: Update ABI to 0.27.2
via 2021080a41d passdb: Make [ug]id_to_sid use xid_to_sid
via 8c0268a5fec passdb: Introduce xid_to_sid
via 10a0d77f17c lib: Introduce winbind_xid_to_sid
via ba6dd781d4a winbind: Use idmap_cache_find_xid2sid
via a20e68bcc63 torture: Add tests for idmap cache
via f6f0994a597 idmap_cache: Introduce idmap_cache_find_xid2sid
via 6434de2b76d winbind: Now we explicitly track if we got ids from cache
via 465bd07ff70 winbind: Initialize "expired" parameter to idmap_cache_xid2sid
via 1df6720d74b idmap_cache: Only touch "sid" on success in find_xid_to_sid
via 41c1870a8c2 lib: Make idmap_cache return negative mappings
from 5c2a243d3e7 CI: don't use swap
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test
- Log -----------------------------------------------------------------
commit 00ea6a7d24ed7f6fbbc585a73755070f38d07a2a
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 7 12:31:42 2019 +0100
lib:util: Move debug message for mkdir failing to log level 1
If you connnect to a host with smbclient this gets always printed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13823
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c71334ec0c92e791022a9b7c900aa0dd649226c2)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-10-test): Wed Mar 13 12:15:10 UTC 2019 on sn-devel-144
commit 6d901af0f1ca5ffe349f50c72ad33987f009a73f
Author: Christof Schmitt <cs at samba.org>
Date: Tue Mar 5 11:56:49 2019 -0700
lib/winbind_util: Add winbind_xid_to_sid for --without-winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13813
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 6 01:53:16 UTC 2019 on sn-devel-144
(cherry picked from commit 4125ff89e44a3e98882cfc38c06e559a6e1e56a5)
commit 3c32774b9254dc58801d5a734d148eade1223aaf
Author: Christof Schmitt <cs at samba.org>
Date: Tue Mar 5 11:50:48 2019 -0700
lib/winbind_util: Move include out of ifdef
This fixes compile errors about missing prototypes with
--picky-developer and --without-winbind
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4b1e4c22128bdefe549a58b181e9b755854f4c3e)
commit 545914afefa41708b423299a33730b6f3e46f684
Author: Christof Schmitt <cs at samba.org>
Date: Wed Mar 6 11:55:32 2019 -0800
passdb: Update ABI to 0.27.2
This change is for the backport only. The change in master increased the
ABI version to 0.28.0 and removed some functions; this should not happen
in a backport.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2021080a41d296e9ba8a648e10a418cfce6200ae
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 26 15:17:36 2019 +0100
passdb: Make [ug]id_to_sid use xid_to_sid
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 40de67f1fcc46b7a64a7364c91dcedb474826d51)
commit 8c0268a5fec09e546b98cc88f8fce28dc4543d36
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 26 15:10:21 2019 +0100
passdb: Introduce xid_to_sid
This explicitly avoids the legacy_[ug]id_to_sid calls, which create
long-term cache entries to S-1-22-x-y if anthing fails. We can't do
this, because this will turn temporary winbind communication failures
into long-term problems: A short hickup in winbind_uid_to_sid will
create a mapping to S-1-22-1-uid for a week. It should be up to the
lower layers to do the caching.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 92f27ebb14c0c18b1d0fd49544ad851aeb14781c)
commit 10a0d77f17caf49ba35f2f23974c9518c2f37c83
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 26 14:45:32 2019 +0100
lib: Introduce winbind_xid_to_sid
This does not merge a winbind communication error into
"global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not
go along with is_null_sid(). Instead, this just touches the output sid
when winbind returned success. This success might well be a negative
mapping indicated by S-0-0, which *is* is_null_sid()...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit ef706a3e63b3e25edd27e0f99c3e2d8ff7209cb6)
commit ba6dd781d4ae3d6111b16a8c8cd22132ee3e945e
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 26 14:34:56 2019 +0100
winbind: Use idmap_cache_find_xid2sid
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit bc9824bd42d9370279819ea0d927e236f6041324)
commit a20e68bcc635e04ff42dfa3a44819dacc1a8c970
Author: Volker Lendecke <vl at samba.org>
Date: Wed Feb 27 14:54:12 2019 +0100
torture: Add tests for idmap cache
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit e5a903bab6eda8f7ff2a7c8149d51022d9d8aede)
commit f6f0994a597b76e03d6af8290d2b1845d4320fef
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 26 14:32:52 2019 +0100
idmap_cache: Introduce idmap_cache_find_xid2sid
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit bb8122dd8c53bb307819a79b7888cc0940a7c13b)
commit 6434de2b76dcda8ea917e75709d90cd04250b63e
Author: Volker Lendecke <vl at samba.org>
Date: Mon Feb 25 14:55:00 2019 +0100
winbind: Now we explicitly track if we got ids from cache
This now properly makes us use negative cache entries
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 95d33ca79cc315f1a2e41cd60859ef01d6548c77)
commit 465bd07ff70cacac7bbaac79ce1dddedd917279a
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 26 12:52:28 2019 +0100
winbind: Initialize "expired" parameter to idmap_cache_xid2sid
The code in idmap_cache only touches its output parameters upon success
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 8c28c12702c0935a852c7fed6565987623f09fee)
commit 1df6720d74b325cf1c2eb61723fbf687b06c1c10
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 26 12:46:39 2019 +0100
idmap_cache: Only touch "sid" on success in find_xid_to_sid
Why? This makes the negative mapping condition (is_null_sid) more
explicit in the code.
The callers in lookup_sid initialized "psid" anyway before, and the ones
in wb_xids2sids now do as well. This is more in line with other APIs we
have: Only touch output parameters if you have something to say.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 4faf3e9f6da7515fc263d79f77226d105c2f8524)
commit 41c1870a8c20e20697feec25b5407381d5f723ca
Author: Volker Lendecke <vl at samba.org>
Date: Mon Feb 25 14:38:50 2019 +0100
lib: Make idmap_cache return negative mappings
Without this we'd query non-existent mappings over and over
again.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit d9303e8eb90d48f09f2e2e8bdf01f4a7c3c21d11)
-----------------------------------------------------------------------
Summary of changes:
lib/util/util.c | 6 +-
source3/lib/idmap_cache.c | 48 ++++-
source3/lib/idmap_cache.h | 2 +
source3/lib/winbind_util.c | 41 +++-
source3/lib/winbind_util.h | 2 +
...passdb-0.27.1.sigs => samba-passdb-0.27.2.sigs} | 2 +
source3/passdb/lookup_sid.c | 235 ++++++---------------
source3/passdb/lookup_sid.h | 1 +
source3/selftest/tests.py | 1 +
source3/torture/proto.h | 1 +
source3/torture/test_idmap_cache.c | 122 +++++++++++
source3/torture/torture.c | 1 +
source3/winbindd/wb_xids2sids.c | 33 ++-
source3/wscript_build | 3 +-
14 files changed, 298 insertions(+), 200 deletions(-)
copy source3/passdb/ABI/{samba-passdb-0.27.1.sigs => samba-passdb-0.27.2.sigs} (99%)
create mode 100644 source3/torture/test_idmap_cache.c
Changeset truncated at 500 lines:
diff --git a/lib/util/util.c b/lib/util/util.c
index f52f69c6ef0..dc1772c839e 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -200,9 +200,9 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname,
old_umask = umask(0);
ret = mkdir(dname, dir_perms);
if (ret == -1 && errno != EEXIST) {
- DEBUG(0, ("mkdir failed on directory "
- "%s: %s\n", dname,
- strerror(errno)));
+ DBG_WARNING("mkdir failed on directory %s: %s\n",
+ dname,
+ strerror(errno));
umask(old_umask);
return false;
}
diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
index 77618dd5aa1..9d2149844ed 100644
--- a/source3/lib/idmap_cache.c
+++ b/source3/lib/idmap_cache.c
@@ -203,19 +203,23 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout,
(struct idmap_cache_xid2sid_state *)private_data;
char *value;
- ZERO_STRUCTP(state->sid);
- state->ret = false;
-
if ((blob.length == 0) || (blob.data[blob.length-1] != 0)) {
/*
* Not a string, can't be a valid mapping
*/
+ state->ret = false;
return;
}
value = (char *)blob.data;
- if (value[0] != '-') {
+ if ((value[0] == '-') && (value[1] == '\0')) {
+ /*
+ * Return NULL SID, see comment to uid2sid
+ */
+ *state->sid = (struct dom_sid) {0};
+ state->ret = true;
+ } else {
state->ret = string_to_sid(state->sid, value);
}
if (state->ret) {
@@ -273,6 +277,42 @@ bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
return state.ret;
}
+/**
+ * Find a xid2sid mapping
+ * @param[in] id the unix id to map
+ * @param[out] sid where to put the result
+ * @param[out] expired is the cache entry expired?
+ * @retval Was anything in the cache at all?
+ *
+ * If "is_null_sid(sid)", this was a negative mapping.
+ */
+bool idmap_cache_find_xid2sid(
+ const struct unixid *id, struct dom_sid *sid, bool *expired)
+{
+ struct idmap_cache_xid2sid_state state = {
+ .sid = sid, .expired = expired
+ };
+ fstring key;
+ char c;
+
+ switch (id->type) {
+ case ID_TYPE_UID:
+ c = 'U';
+ break;
+ case ID_TYPE_GID:
+ c = 'G';
+ break;
+ default:
+ return false;
+ }
+
+ fstr_sprintf(key, "IDMAP/%cID2SID/%d", c, (int)id->id);
+
+ gencache_parse(key, idmap_cache_xid2sid_parser, &state);
+ return state.ret;
+}
+
+
/**
* Store a mapping in the idmap cache
* @param[in] sid the sid to map
diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h
index dc497022e3b..d5afa170e1a 100644
--- a/source3/lib/idmap_cache.h
+++ b/source3/lib/idmap_cache.h
@@ -31,6 +31,8 @@ bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
bool *expired);
bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired);
bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired);
+bool idmap_cache_find_xid2sid(
+ const struct unixid *id, struct dom_sid *sid, bool *expired);
void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id);
bool idmap_cache_del_uid(uid_t uid);
diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
index a072166ce18..0c1f2c2552a 100644
--- a/source3/lib/winbind_util.c
+++ b/source3/lib/winbind_util.c
@@ -23,10 +23,10 @@
#include "../lib/util/util_pw.h"
#include "nsswitch/libwbclient/wbclient.h"
-#if defined(WITH_WINBIND)
-
#include "lib/winbind_util.h"
+#if defined(WITH_WINBIND)
+
struct passwd * winbind_getpwnam(const char * name)
{
wbcErr result;
@@ -198,6 +198,36 @@ bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
return (result == WBC_ERR_SUCCESS);
}
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
+{
+ struct wbcUnixId wbc_xid;
+ struct wbcDomainSid dom_sid;
+ wbcErr result;
+
+ switch (xid->type) {
+ case ID_TYPE_UID:
+ wbc_xid = (struct wbcUnixId) {
+ .type = WBC_ID_TYPE_UID, .id.uid = xid->id
+ };
+ break;
+ case ID_TYPE_GID:
+ wbc_xid = (struct wbcUnixId) {
+ .type = WBC_ID_TYPE_GID, .id.gid = xid->id
+ };
+ break;
+ default:
+ return false;
+ }
+
+ result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid);
+ if (result != WBC_ERR_SUCCESS) {
+ return false;
+ }
+
+ memcpy(sid, &dom_sid, sizeof(struct dom_sid));
+ return true;
+}
+
/* Check for a trusted domain */
wbcErr wb_is_trusted_domain(const char *domain)
@@ -371,6 +401,13 @@ bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
return false;
}
+/* Call winbindd to convert uid or gid to SID */
+
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
+{
+ return false;
+}
+
/* Check for a trusted domain */
wbcErr wb_is_trusted_domain(const char *domain)
diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
index c2bf0e02d76..5ecda5a7b09 100644
--- a/source3/lib/winbind_util.h
+++ b/source3/lib/winbind_util.h
@@ -22,6 +22,7 @@
#define __LIB__WINBIND_UTIL_H__
#include "../librpc/gen_ndr/lsa.h"
+#include "librpc/gen_ndr/idmap.h"
/* needed for wbcErr below */
#include "nsswitch/libwbclient/wbclient.h"
@@ -38,6 +39,7 @@ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid);
bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid);
bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid);
bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid);
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid);
struct passwd * winbind_getpwnam(const char * sname);
struct passwd * winbind_getpwsid(const struct dom_sid *sid);
wbcErr wb_is_trusted_domain(const char *domain);
diff --git a/source3/passdb/ABI/samba-passdb-0.27.1.sigs b/source3/passdb/ABI/samba-passdb-0.27.2.sigs
similarity index 99%
copy from source3/passdb/ABI/samba-passdb-0.27.1.sigs
copy to source3/passdb/ABI/samba-passdb-0.27.2.sigs
index 6437ed26ce9..17876abac16 100644
--- a/source3/passdb/ABI/samba-passdb-0.27.1.sigs
+++ b/source3/passdb/ABI/samba-passdb-0.27.2.sigs
@@ -307,3 +307,5 @@ winbind_ping: bool (void)
winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *)
winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *)
winbind_uid_to_sid: bool (struct dom_sid *, uid_t)
+winbind_xid_to_sid: bool (struct dom_sid *, const struct unixid *)
+xid_to_sid: void (struct dom_sid *, const struct unixid *)
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 6bda783fa03..2281bd0b64d 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1108,99 +1108,6 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
return ret;
}
-/*****************************************************************
- Id mapping cache. This is to avoid Winbind mappings already
- seen by smbd to be queried too frequently, keeping winbindd
- busy, and blocking smbd while winbindd is busy with other
- stuff. Written by Michael Steffens <michael.steffens at hp.com>,
- modified to use linked lists by jra.
-*****************************************************************/
-
-
-/*****************************************************************
- *THE LEGACY* convert uid_t to SID function.
-*****************************************************************/
-
-static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
-{
- bool ret;
- struct unixid id;
- struct dom_sid_buf buf;
-
- ZERO_STRUCTP(psid);
-
- id.id = uid;
- id.type = ID_TYPE_UID;
-
- become_root();
- ret = pdb_id_to_sid(&id, psid);
- unbecome_root();
-
- if (ret) {
- /* This is a mapped user */
- goto done;
- }
-
- /* This is an unmapped user */
-
- uid_to_unix_users_sid(uid, psid);
-
- {
- struct unixid xid = {
- .id = uid, .type = ID_TYPE_UID
- };
- idmap_cache_set_sid2unixid(psid, &xid);
- }
-
- done:
- DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
- dom_sid_str_buf(psid, &buf)));
-
- return;
-}
-
-/*****************************************************************
- *THE LEGACY* convert gid_t to SID function.
-*****************************************************************/
-
-static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
-{
- bool ret;
- struct unixid id;
- struct dom_sid_buf buf;
-
- ZERO_STRUCTP(psid);
-
- id.id = gid;
- id.type = ID_TYPE_GID;
-
- become_root();
- ret = pdb_id_to_sid(&id, psid);
- unbecome_root();
-
- if (ret) {
- /* This is a mapped group */
- goto done;
- }
-
- /* This is an unmapped group */
-
- gid_to_unix_groups_sid(gid, psid);
-
- {
- struct unixid xid = {
- .id = gid, .type = ID_TYPE_GID
- };
- idmap_cache_set_sid2unixid(psid, &xid);
- }
-
- done:
- DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
- dom_sid_str_buf(psid, &buf)));
-
- return;
-}
-
/*****************************************************************
*THE LEGACY* convert SID to id function.
*****************************************************************/
@@ -1249,104 +1156,90 @@ static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid)
return false;
}
-/*****************************************************************
- *THE CANONICAL* convert uid_t to SID function.
-*****************************************************************/
-
-void uid_to_sid(struct dom_sid *psid, uid_t uid)
+void xid_to_sid(struct dom_sid *psid, const struct unixid *xid)
{
bool expired = true;
bool ret;
struct dom_sid_buf buf;
- ZERO_STRUCTP(psid);
- /* Check the winbindd cache directly. */
- ret = idmap_cache_find_uid2sid(uid, psid, &expired);
+ SMB_ASSERT(xid->type == ID_TYPE_UID || xid->type == ID_TYPE_GID);
+
+ *psid = (struct dom_sid) {0};
+
+ ret = idmap_cache_find_xid2sid(xid, psid, &expired);
+ if (ret && !expired) {
+ DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n",
+ xid->type == ID_TYPE_UID ? 'U' : 'G',
+ xid->id,
+ dom_sid_str_buf(psid, &buf));
+ goto done;
+ }
- if (ret && !expired && is_null_sid(psid)) {
+ ret = winbind_xid_to_sid(psid, xid);
+ if (ret) {
/*
- * Negative cache entry, we already asked.
- * do legacy.
+ * winbind can return an explicit negative mapping
+ * here. It's up to winbind to prime the cache either
+ * positively or negatively, don't mess with the cache
+ * here.
*/
- legacy_uid_to_sid(psid, uid);
- return;
+ DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n",
+ xid->type == ID_TYPE_UID ? 'U' : 'G',
+ xid->id,
+ dom_sid_str_buf(psid, &buf));
+ goto done;
}
- if (!ret || expired) {
- /* Not in cache. Ask winbindd. */
- if (!winbind_uid_to_sid(psid, uid)) {
- /*
- * We shouldn't return the NULL SID
- * here if winbind was running and
- * couldn't map, as winbind will have
- * added a negative entry that will
- * cause us to go though the
- * legacy_uid_to_sid()
- * function anyway in the case above
- * the next time we ask.
- */
- DEBUG(5, ("uid_to_sid: winbind failed to find a sid "
- "for uid %u\n", (unsigned int)uid));
+ {
+ /*
+ * Make a copy, pdb_id_to_sid might want to turn
+ * xid->type into ID_TYPE_BOTH, which we ignore here.
+ */
+ struct unixid rw_xid = *xid;
- legacy_uid_to_sid(psid, uid);
- return;
- }
+ become_root();
+ ret = pdb_id_to_sid(&rw_xid, psid);
+ unbecome_root();
}
- DEBUG(10,("uid %u -> sid %s\n", (unsigned int)uid,
- dom_sid_str_buf(psid, &buf)));
-
- return;
-}
-
-/*****************************************************************
- *THE CANONICAL* convert gid_t to SID function.
-*****************************************************************/
-
-void gid_to_sid(struct dom_sid *psid, gid_t gid)
-{
- bool expired = true;
- bool ret;
- struct dom_sid_buf buf;
- ZERO_STRUCTP(psid);
-
- /* Check the winbindd cache directly. */
- ret = idmap_cache_find_gid2sid(gid, psid, &expired);
+ if (ret) {
+ DBG_DEBUG("%cID %"PRIu32" -> %s from passdb\n",
+ xid->type == ID_TYPE_UID ? 'U' : 'G',
+ xid->id,
+ dom_sid_str_buf(psid, &buf));
+ goto done;
+ }
- if (ret && !expired && is_null_sid(psid)) {
+done:
+ if (is_null_sid(psid)) {
/*
- * Negative cache entry, we already asked.
- * do legacy.
+ * Nobody found anything: Return S-1-22-xx-yy. Don't
+ * store that in caches, this is up to the layers
+ * beneath us.
*/
- legacy_gid_to_sid(psid, gid);
- return;
- }
-
- if (!ret || expired) {
- /* Not in cache. Ask winbindd. */
- if (!winbind_gid_to_sid(psid, gid)) {
- /*
- * We shouldn't return the NULL SID
- * here if winbind was running and
- * couldn't map, as winbind will have
- * added a negative entry that will
- * cause us to go though the
- * legacy_gid_to_sid()
- * function anyway in the case above
- * the next time we ask.
- */
- DEBUG(5, ("gid_to_sid: winbind failed to find a sid "
- "for gid %u\n", (unsigned int)gid));
-
- legacy_gid_to_sid(psid, gid);
- return;
+ if (xid->type == ID_TYPE_UID) {
+ uid_to_unix_users_sid(xid->id, psid);
+ } else {
+ gid_to_unix_groups_sid(xid->id, psid);
}
+
+ DBG_DEBUG("%cID %"PRIu32" -> %s fallback\n",
+ xid->type == ID_TYPE_UID ? 'U' : 'G',
+ xid->id,
+ dom_sid_str_buf(psid, &buf));
}
+}
- DEBUG(10,("gid %u -> sid %s\n", (unsigned int)gid,
- dom_sid_str_buf(psid, &buf)));
+void uid_to_sid(struct dom_sid *psid, uid_t uid)
+{
+ struct unixid xid = { .type = ID_TYPE_UID, .id = uid};
+ xid_to_sid(psid, &xid);
+}
- return;
+void gid_to_sid(struct dom_sid *psid, gid_t gid)
+{
+ struct unixid xid = { .type = ID_TYPE_GID, .id = gid};
+ xid_to_sid(psid, &xid);
}
bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h
index 8b5edf6bcb8..8a21cca2a4d 100644
--- a/source3/passdb/lookup_sid.h
+++ b/source3/passdb/lookup_sid.h
@@ -83,6 +83,7 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
enum lsa_SidType *ret_type);
void uid_to_sid(struct dom_sid *psid, uid_t uid);
void gid_to_sid(struct dom_sid *psid, gid_t gid);
+void xid_to_sid(struct dom_sid *psid, const struct unixid *xid);
bool sid_to_uid(const struct dom_sid *psid, uid_t *puid);
bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid);
bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 5d7e4969e59..e8d516573dd 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -200,6 +200,7 @@ local_tests = [
"LOCAL-G-LOCK5",
"LOCAL-G-LOCK6",
"LOCAL-NAMEMAP-CACHE1",
+ "LOCAL-IDMAP-CACHE1",
--
Samba Shared Repository
More information about the samba-cvs
mailing list