[SCM] Samba Shared Repository - branch v4-10-test updated

Karolin Seeger kseeger at samba.org
Wed Mar 13 12:16:03 UTC 2019


The branch, v4-10-test has been updated
       via  00ea6a7d24e lib:util: Move debug message for mkdir failing to log level 1
       via  6d901af0f1c lib/winbind_util: Add winbind_xid_to_sid for --without-winbind
       via  3c32774b925 lib/winbind_util: Move include out of ifdef
       via  545914afefa passdb: Update ABI to 0.27.2
       via  2021080a41d passdb: Make [ug]id_to_sid use xid_to_sid
       via  8c0268a5fec passdb: Introduce xid_to_sid
       via  10a0d77f17c lib: Introduce winbind_xid_to_sid
       via  ba6dd781d4a winbind: Use idmap_cache_find_xid2sid
       via  a20e68bcc63 torture: Add tests for idmap cache
       via  f6f0994a597 idmap_cache: Introduce idmap_cache_find_xid2sid
       via  6434de2b76d winbind: Now we explicitly track if we got ids from cache
       via  465bd07ff70 winbind: Initialize "expired" parameter to idmap_cache_xid2sid
       via  1df6720d74b idmap_cache: Only touch "sid" on success in find_xid_to_sid
       via  41c1870a8c2 lib: Make idmap_cache return negative mappings
      from  5c2a243d3e7 CI: don't use swap

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test


- Log -----------------------------------------------------------------
commit 00ea6a7d24ed7f6fbbc585a73755070f38d07a2a
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Mar 7 12:31:42 2019 +0100

    lib:util: Move debug message for mkdir failing to log level 1
    
    If you connnect to a host with smbclient this gets always printed.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13823
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    (cherry picked from commit c71334ec0c92e791022a9b7c900aa0dd649226c2)
    
    Autobuild-User(v4-10-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-10-test): Wed Mar 13 12:15:10 UTC 2019 on sn-devel-144

commit 6d901af0f1ca5ffe349f50c72ad33987f009a73f
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Mar 5 11:56:49 2019 -0700

    lib/winbind_util: Add winbind_xid_to_sid for --without-winbind
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13813
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Wed Mar  6 01:53:16 UTC 2019 on sn-devel-144
    
    (cherry picked from commit 4125ff89e44a3e98882cfc38c06e559a6e1e56a5)

commit 3c32774b9254dc58801d5a734d148eade1223aaf
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Mar 5 11:50:48 2019 -0700

    lib/winbind_util: Move include out of ifdef
    
    This fixes compile errors about missing prototypes with
    --picky-developer and --without-winbind
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 4b1e4c22128bdefe549a58b181e9b755854f4c3e)

commit 545914afefa41708b423299a33730b6f3e46f684
Author: Christof Schmitt <cs at samba.org>
Date:   Wed Mar 6 11:55:32 2019 -0800

    passdb: Update ABI to 0.27.2
    
    This change is for the backport only. The change in master increased the
    ABI version to 0.28.0 and removed some functions; this should not happen
    in a backport.
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 2021080a41d296e9ba8a648e10a418cfce6200ae
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Feb 26 15:17:36 2019 +0100

    passdb: Make [ug]id_to_sid use xid_to_sid
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Christof Schmitt <cs at samba.org>
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
    (cherry picked from commit 40de67f1fcc46b7a64a7364c91dcedb474826d51)

commit 8c0268a5fec09e546b98cc88f8fce28dc4543d36
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Feb 26 15:10:21 2019 +0100

    passdb: Introduce xid_to_sid
    
    This explicitly avoids the legacy_[ug]id_to_sid calls, which create
    long-term cache entries to S-1-22-x-y if anthing fails. We can't do
    this, because this will turn temporary winbind communication failures
    into long-term problems: A short hickup in winbind_uid_to_sid will
    create a mapping to S-1-22-1-uid for a week. It should be up to the
    lower layers to do the caching.
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Christof Schmitt <cs at samba.org>
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
    (cherry picked from commit 92f27ebb14c0c18b1d0fd49544ad851aeb14781c)

commit 10a0d77f17caf49ba35f2f23974c9518c2f37c83
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Feb 26 14:45:32 2019 +0100

    lib: Introduce winbind_xid_to_sid
    
    This does not merge a winbind communication error into
    "global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not
    go along with is_null_sid(). Instead, this just touches the output sid
    when winbind returned success. This success might well be a negative
    mapping indicated by S-0-0, which *is* is_null_sid()...
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Christof Schmitt <cs at samba.org>
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
    (cherry picked from commit ef706a3e63b3e25edd27e0f99c3e2d8ff7209cb6)

commit ba6dd781d4ae3d6111b16a8c8cd22132ee3e945e
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Feb 26 14:34:56 2019 +0100

    winbind: Use idmap_cache_find_xid2sid
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Christof Schmitt <cs at samba.org>
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
    (cherry picked from commit bc9824bd42d9370279819ea0d927e236f6041324)

commit a20e68bcc635e04ff42dfa3a44819dacc1a8c970
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Feb 27 14:54:12 2019 +0100

    torture: Add tests for idmap cache
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Christof Schmitt <cs at samba.org>
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
    (cherry picked from commit e5a903bab6eda8f7ff2a7c8149d51022d9d8aede)

commit f6f0994a597b76e03d6af8290d2b1845d4320fef
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Feb 26 14:32:52 2019 +0100

    idmap_cache: Introduce idmap_cache_find_xid2sid
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Christof Schmitt <cs at samba.org>
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
    (cherry picked from commit bb8122dd8c53bb307819a79b7888cc0940a7c13b)

commit 6434de2b76dcda8ea917e75709d90cd04250b63e
Author: Volker Lendecke <vl at samba.org>
Date:   Mon Feb 25 14:55:00 2019 +0100

    winbind: Now we explicitly track if we got ids from cache
    
    This now properly makes us use negative cache entries
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Christof Schmitt <cs at samba.org>
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
    (cherry picked from commit 95d33ca79cc315f1a2e41cd60859ef01d6548c77)

commit 465bd07ff70cacac7bbaac79ce1dddedd917279a
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Feb 26 12:52:28 2019 +0100

    winbind: Initialize "expired" parameter to idmap_cache_xid2sid
    
    The code in idmap_cache only touches its output parameters upon success
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Christof Schmitt <cs at samba.org>
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
    (cherry picked from commit 8c28c12702c0935a852c7fed6565987623f09fee)

commit 1df6720d74b325cf1c2eb61723fbf687b06c1c10
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Feb 26 12:46:39 2019 +0100

    idmap_cache: Only touch "sid" on success in find_xid_to_sid
    
    Why? This makes the negative mapping condition (is_null_sid) more
    explicit in the code.
    
    The callers in lookup_sid initialized "psid" anyway before, and the ones
    in wb_xids2sids now do as well. This is more in line with other APIs we
    have: Only touch output parameters if you have something to say.
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Christof Schmitt <cs at samba.org>
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
    (cherry picked from commit 4faf3e9f6da7515fc263d79f77226d105c2f8524)

commit 41c1870a8c20e20697feec25b5407381d5f723ca
Author: Volker Lendecke <vl at samba.org>
Date:   Mon Feb 25 14:38:50 2019 +0100

    lib: Make idmap_cache return negative mappings
    
    Without this we'd query non-existent mappings over and over
    again.
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Christof Schmitt <cs at samba.org>
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
    (cherry picked from commit d9303e8eb90d48f09f2e2e8bdf01f4a7c3c21d11)

-----------------------------------------------------------------------

Summary of changes:
 lib/util/util.c                                    |   6 +-
 source3/lib/idmap_cache.c                          |  48 ++++-
 source3/lib/idmap_cache.h                          |   2 +
 source3/lib/winbind_util.c                         |  41 +++-
 source3/lib/winbind_util.h                         |   2 +
 ...passdb-0.27.1.sigs => samba-passdb-0.27.2.sigs} |   2 +
 source3/passdb/lookup_sid.c                        | 235 ++++++---------------
 source3/passdb/lookup_sid.h                        |   1 +
 source3/selftest/tests.py                          |   1 +
 source3/torture/proto.h                            |   1 +
 source3/torture/test_idmap_cache.c                 | 122 +++++++++++
 source3/torture/torture.c                          |   1 +
 source3/winbindd/wb_xids2sids.c                    |  33 ++-
 source3/wscript_build                              |   3 +-
 14 files changed, 298 insertions(+), 200 deletions(-)
 copy source3/passdb/ABI/{samba-passdb-0.27.1.sigs => samba-passdb-0.27.2.sigs} (99%)
 create mode 100644 source3/torture/test_idmap_cache.c


Changeset truncated at 500 lines:

diff --git a/lib/util/util.c b/lib/util/util.c
index f52f69c6ef0..dc1772c839e 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -200,9 +200,9 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname,
 	old_umask = umask(0);
 	ret = mkdir(dname, dir_perms);
 	if (ret == -1 && errno != EEXIST) {
-		DEBUG(0, ("mkdir failed on directory "
-			  "%s: %s\n", dname,
-			  strerror(errno)));
+		DBG_WARNING("mkdir failed on directory %s: %s\n",
+			    dname,
+			    strerror(errno));
 		umask(old_umask);
 		return false;
 	}
diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
index 77618dd5aa1..9d2149844ed 100644
--- a/source3/lib/idmap_cache.c
+++ b/source3/lib/idmap_cache.c
@@ -203,19 +203,23 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout,
 		(struct idmap_cache_xid2sid_state *)private_data;
 	char *value;
 
-	ZERO_STRUCTP(state->sid);
-	state->ret = false;
-
 	if ((blob.length == 0) || (blob.data[blob.length-1] != 0)) {
 		/*
 		 * Not a string, can't be a valid mapping
 		 */
+		state->ret = false;
 		return;
 	}
 
 	value = (char *)blob.data;
 
-	if (value[0] != '-') {
+	if ((value[0] == '-') && (value[1] == '\0')) {
+		/*
+		 * Return NULL SID, see comment to uid2sid
+		 */
+		*state->sid = (struct dom_sid) {0};
+		state->ret = true;
+	} else {
 		state->ret = string_to_sid(state->sid, value);
 	}
 	if (state->ret) {
@@ -273,6 +277,42 @@ bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
 	return state.ret;
 }
 
+/**
+ * Find a xid2sid mapping
+ * @param[in] id		the unix id to map
+ * @param[out] sid		where to put the result
+ * @param[out] expired		is the cache entry expired?
+ * @retval Was anything in the cache at all?
+ *
+ * If "is_null_sid(sid)", this was a negative mapping.
+ */
+bool idmap_cache_find_xid2sid(
+	const struct unixid *id, struct dom_sid *sid, bool *expired)
+{
+	struct idmap_cache_xid2sid_state state = {
+		.sid = sid, .expired = expired
+	};
+	fstring key;
+	char c;
+
+	switch (id->type) {
+	case ID_TYPE_UID:
+		c = 'U';
+		break;
+	case ID_TYPE_GID:
+		c = 'G';
+		break;
+	default:
+		return false;
+	}
+
+	fstr_sprintf(key, "IDMAP/%cID2SID/%d", c, (int)id->id);
+
+	gencache_parse(key, idmap_cache_xid2sid_parser, &state);
+	return state.ret;
+}
+
+
 /**
  * Store a mapping in the idmap cache
  * @param[in] sid		the sid to map
diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h
index dc497022e3b..d5afa170e1a 100644
--- a/source3/lib/idmap_cache.h
+++ b/source3/lib/idmap_cache.h
@@ -31,6 +31,8 @@ bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
 			      bool *expired);
 bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired);
 bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired);
+bool idmap_cache_find_xid2sid(
+	const struct unixid *id, struct dom_sid *sid, bool *expired);
 void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id);
 
 bool idmap_cache_del_uid(uid_t uid);
diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
index a072166ce18..0c1f2c2552a 100644
--- a/source3/lib/winbind_util.c
+++ b/source3/lib/winbind_util.c
@@ -23,10 +23,10 @@
 #include "../lib/util/util_pw.h"
 #include "nsswitch/libwbclient/wbclient.h"
 
-#if defined(WITH_WINBIND)
-
 #include "lib/winbind_util.h"
 
+#if defined(WITH_WINBIND)
+
 struct passwd * winbind_getpwnam(const char * name)
 {
 	wbcErr result;
@@ -198,6 +198,36 @@ bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
 	return (result == WBC_ERR_SUCCESS);
 }
 
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
+{
+	struct wbcUnixId wbc_xid;
+	struct wbcDomainSid dom_sid;
+	wbcErr result;
+
+	switch (xid->type) {
+	case ID_TYPE_UID:
+		wbc_xid = (struct wbcUnixId) {
+			.type = WBC_ID_TYPE_UID, .id.uid = xid->id
+		};
+		break;
+	case ID_TYPE_GID:
+		wbc_xid = (struct wbcUnixId) {
+			.type = WBC_ID_TYPE_GID, .id.gid = xid->id
+		};
+		break;
+	default:
+		return false;
+	}
+
+	result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid);
+	if (result != WBC_ERR_SUCCESS) {
+		return false;
+	}
+
+	memcpy(sid, &dom_sid, sizeof(struct dom_sid));
+	return true;
+}
+
 /* Check for a trusted domain */
 
 wbcErr wb_is_trusted_domain(const char *domain)
@@ -371,6 +401,13 @@ bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
 	return false;
 }
 
+/* Call winbindd to convert uid or gid to SID */
+
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
+{
+	return false;
+}
+
 /* Check for a trusted domain */
 
 wbcErr wb_is_trusted_domain(const char *domain)
diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
index c2bf0e02d76..5ecda5a7b09 100644
--- a/source3/lib/winbind_util.h
+++ b/source3/lib/winbind_util.h
@@ -22,6 +22,7 @@
 #define __LIB__WINBIND_UTIL_H__
 
 #include "../librpc/gen_ndr/lsa.h"
+#include "librpc/gen_ndr/idmap.h"
 
 /* needed for wbcErr below */
 #include "nsswitch/libwbclient/wbclient.h"
@@ -38,6 +39,7 @@ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid);
 bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid);
 bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid);
 bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid);
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid);
 struct passwd * winbind_getpwnam(const char * sname);
 struct passwd * winbind_getpwsid(const struct dom_sid *sid);
 wbcErr wb_is_trusted_domain(const char *domain);
diff --git a/source3/passdb/ABI/samba-passdb-0.27.1.sigs b/source3/passdb/ABI/samba-passdb-0.27.2.sigs
similarity index 99%
copy from source3/passdb/ABI/samba-passdb-0.27.1.sigs
copy to source3/passdb/ABI/samba-passdb-0.27.2.sigs
index 6437ed26ce9..17876abac16 100644
--- a/source3/passdb/ABI/samba-passdb-0.27.1.sigs
+++ b/source3/passdb/ABI/samba-passdb-0.27.2.sigs
@@ -307,3 +307,5 @@ winbind_ping: bool (void)
 winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *)
 winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *)
 winbind_uid_to_sid: bool (struct dom_sid *, uid_t)
+winbind_xid_to_sid: bool (struct dom_sid *, const struct unixid *)
+xid_to_sid: void (struct dom_sid *, const struct unixid *)
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 6bda783fa03..2281bd0b64d 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1108,99 +1108,6 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
 	return ret;
 }
 
-/*****************************************************************
- Id mapping cache.  This is to avoid Winbind mappings already
- seen by smbd to be queried too frequently, keeping winbindd
- busy, and blocking smbd while winbindd is busy with other
- stuff. Written by Michael Steffens <michael.steffens at hp.com>,
- modified to use linked lists by jra.
-*****************************************************************/  
-
-
-/*****************************************************************
- *THE LEGACY* convert uid_t to SID function.
-*****************************************************************/  
-
-static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
-{
-	bool ret;
-	struct unixid id;
-	struct dom_sid_buf buf;
-
-	ZERO_STRUCTP(psid);
-
-	id.id = uid;
-	id.type = ID_TYPE_UID;
-
-	become_root();
-	ret = pdb_id_to_sid(&id, psid);
-	unbecome_root();
-
-	if (ret) {
-		/* This is a mapped user */
-		goto done;
-	}
-
-	/* This is an unmapped user */
-
-	uid_to_unix_users_sid(uid, psid);
-
-	{
-		struct unixid xid = {
-			.id = uid, .type = ID_TYPE_UID
-		};
-		idmap_cache_set_sid2unixid(psid, &xid);
-	}
-
- done:
-	DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
-		  dom_sid_str_buf(psid, &buf)));
-
-	return;
-}
-
-/*****************************************************************
- *THE LEGACY* convert gid_t to SID function.
-*****************************************************************/  
-
-static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
-{
-	bool ret;
-	struct unixid id;
-	struct dom_sid_buf buf;
-
-	ZERO_STRUCTP(psid);
-
-	id.id = gid;
-	id.type = ID_TYPE_GID;
-
-	become_root();
-	ret = pdb_id_to_sid(&id, psid);
-	unbecome_root();
-
-	if (ret) {
-		/* This is a mapped group */
-		goto done;
-	}
-
-	/* This is an unmapped group */
-
-	gid_to_unix_groups_sid(gid, psid);
-
-	{
-		struct unixid xid = {
-			.id = gid, .type = ID_TYPE_GID
-		};
-		idmap_cache_set_sid2unixid(psid, &xid);
-	}
-
- done:
-	DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
-		  dom_sid_str_buf(psid, &buf)));
-
-	return;
-}
-
 /*****************************************************************
  *THE LEGACY* convert SID to id function.
 *****************************************************************/  
@@ -1249,104 +1156,90 @@ static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid)
 	return false;
 }
 
-/*****************************************************************
- *THE CANONICAL* convert uid_t to SID function.
-*****************************************************************/  
-
-void uid_to_sid(struct dom_sid *psid, uid_t uid)
+void xid_to_sid(struct dom_sid *psid, const struct unixid *xid)
 {
 	bool expired = true;
 	bool ret;
 	struct dom_sid_buf buf;
-	ZERO_STRUCTP(psid);
 
-	/* Check the winbindd cache directly. */
-	ret = idmap_cache_find_uid2sid(uid, psid, &expired);
+	SMB_ASSERT(xid->type == ID_TYPE_UID || xid->type == ID_TYPE_GID);
+
+	*psid = (struct dom_sid) {0};
+
+	ret = idmap_cache_find_xid2sid(xid, psid, &expired);
+	if (ret && !expired) {
+		DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n",
+			  xid->type == ID_TYPE_UID ? 'U' : 'G',
+			  xid->id,
+			  dom_sid_str_buf(psid, &buf));
+		goto done;
+	}
 
-	if (ret && !expired && is_null_sid(psid)) {
+	ret = winbind_xid_to_sid(psid, xid);
+	if (ret) {
 		/*
-		 * Negative cache entry, we already asked.
-		 * do legacy.
+		 * winbind can return an explicit negative mapping
+		 * here. It's up to winbind to prime the cache either
+		 * positively or negatively, don't mess with the cache
+		 * here.
 		 */
-		legacy_uid_to_sid(psid, uid);
-		return;
+		DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n",
+			  xid->type == ID_TYPE_UID ? 'U' : 'G',
+			  xid->id,
+			  dom_sid_str_buf(psid, &buf));
+		goto done;
 	}
 
-	if (!ret || expired) {
-		/* Not in cache. Ask winbindd. */
-		if (!winbind_uid_to_sid(psid, uid)) {
-			/*
-			 * We shouldn't return the NULL SID
-			 * here if winbind was running and
-			 * couldn't map, as winbind will have
-			 * added a negative entry that will
-			 * cause us to go though the
-			 * legacy_uid_to_sid()
-			 * function anyway in the case above
-			 * the next time we ask.
-			 */
-			DEBUG(5, ("uid_to_sid: winbind failed to find a sid "
-				  "for uid %u\n", (unsigned int)uid));
+	{
+		/*
+		 * Make a copy, pdb_id_to_sid might want to turn
+		 * xid->type into ID_TYPE_BOTH, which we ignore here.
+		 */
+		struct unixid rw_xid = *xid;
 
-			legacy_uid_to_sid(psid, uid);
-			return;
-		}
+		become_root();
+		ret = pdb_id_to_sid(&rw_xid, psid);
+		unbecome_root();
 	}
 
-	DEBUG(10,("uid %u -> sid %s\n", (unsigned int)uid,
-		  dom_sid_str_buf(psid, &buf)));
-
-	return;
-}
-
-/*****************************************************************
- *THE CANONICAL* convert gid_t to SID function.
-*****************************************************************/  
-
-void gid_to_sid(struct dom_sid *psid, gid_t gid)
-{
-	bool expired = true;
-	bool ret;
-	struct dom_sid_buf buf;
-	ZERO_STRUCTP(psid);
-
-	/* Check the winbindd cache directly. */
-	ret = idmap_cache_find_gid2sid(gid, psid, &expired);
+	if (ret) {
+		DBG_DEBUG("%cID %"PRIu32" -> %s from passdb\n",
+			  xid->type == ID_TYPE_UID ? 'U' : 'G',
+			  xid->id,
+			  dom_sid_str_buf(psid, &buf));
+		goto done;
+	}
 
-	if (ret && !expired && is_null_sid(psid)) {
+done:
+	if (is_null_sid(psid)) {
 		/*
-		 * Negative cache entry, we already asked.
-		 * do legacy.
+		 * Nobody found anything: Return S-1-22-xx-yy. Don't
+		 * store that in caches, this is up to the layers
+		 * beneath us.
 		 */
-		legacy_gid_to_sid(psid, gid);
-		return;
-	}
-
-	if (!ret || expired) {
-		/* Not in cache. Ask winbindd. */
-		if (!winbind_gid_to_sid(psid, gid)) {
-			/*
-			 * We shouldn't return the NULL SID
-			 * here if winbind was running and
-			 * couldn't map, as winbind will have
-			 * added a negative entry that will
-			 * cause us to go though the
-			 * legacy_gid_to_sid()
-			 * function anyway in the case above
-			 * the next time we ask.
-			 */
-			DEBUG(5, ("gid_to_sid: winbind failed to find a sid "
-				  "for gid %u\n", (unsigned int)gid));
-
-			legacy_gid_to_sid(psid, gid);
-			return;
+		if (xid->type == ID_TYPE_UID) {
+			uid_to_unix_users_sid(xid->id, psid);
+		} else {
+			gid_to_unix_groups_sid(xid->id, psid);
 		}
+
+		DBG_DEBUG("%cID %"PRIu32" -> %s fallback\n",
+			  xid->type == ID_TYPE_UID ? 'U' : 'G',
+			  xid->id,
+			  dom_sid_str_buf(psid, &buf));
 	}
+}
 
-	DEBUG(10,("gid %u -> sid %s\n", (unsigned int)gid,
-		  dom_sid_str_buf(psid, &buf)));
+void uid_to_sid(struct dom_sid *psid, uid_t uid)
+{
+	struct unixid xid = { .type = ID_TYPE_UID, .id = uid};
+	xid_to_sid(psid, &xid);
+}
 
-	return;
+void gid_to_sid(struct dom_sid *psid, gid_t gid)
+{
+	struct unixid xid = { .type = ID_TYPE_GID, .id = gid};
+	xid_to_sid(psid, &xid);
 }
 
 bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h
index 8b5edf6bcb8..8a21cca2a4d 100644
--- a/source3/passdb/lookup_sid.h
+++ b/source3/passdb/lookup_sid.h
@@ -83,6 +83,7 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
 		enum lsa_SidType *ret_type);
 void uid_to_sid(struct dom_sid *psid, uid_t uid);
 void gid_to_sid(struct dom_sid *psid, gid_t gid);
+void xid_to_sid(struct dom_sid *psid, const struct unixid *xid);
 bool sid_to_uid(const struct dom_sid *psid, uid_t *puid);
 bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid);
 bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 5d7e4969e59..e8d516573dd 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -200,6 +200,7 @@ local_tests = [
     "LOCAL-G-LOCK5",
     "LOCAL-G-LOCK6",
     "LOCAL-NAMEMAP-CACHE1",
+    "LOCAL-IDMAP-CACHE1",


-- 
Samba Shared Repository



More information about the samba-cvs mailing list