[PATCH] Universal groups support [2nd iteration]
Alexander Bokovoy
a.bokovoy at sam-solutions.net
Fri Jan 11 02:40:06 GMT 2002
Greetings!
You'll find universal group support attached.
Changes:
1. Storing universal groups in domain_client_validate() is wrapped into
become_root()/unbecome_root()
2. Code moved to libsmb/
3. Access mode changed from 0600 to 0644
4. Data is stored in independent byteorder
--
/ Alexander Bokovoy
$ cat /proc/identity >~/.signature
`Senior software developer and analyst for SaM-Solutions Ltd.`
---
Nov 21 20:58:58 alconost kernel: VFS: Busy inodes after unmount.
Self-destruct in 5 seconds. Have a nice day...
-------------- next part --------------
Index: source/Makefile.in
===================================================================
RCS file: /cvsroot/samba/source/Makefile.in,v
retrieving revision 1.431
diff -u -r1.431 Makefile.in
--- source/Makefile.in 9 Jan 2002 08:27:13 -0000 1.431
+++ source/Makefile.in 11 Jan 2002 10:10:37 -0000
@@ -199,9 +199,11 @@
PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
+UNIGRP_OBJ = libsmb/netlogon_unigrp.o
+
AUTH_OBJ = auth/auth.o auth/auth_sam.o auth/auth_server.o auth/auth_domain.o \
auth/auth_rhosts.o auth/auth_unix.o auth/auth_util.o auth/auth_winbind.o \
- auth/auth_builtin.o auth/auth_compat.o $(PLAINTEXT_AUTH_OBJ)
+ auth/auth_builtin.o auth/auth_compat.o $(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ)
SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \
@@ -430,7 +432,7 @@
$(WINBINDD_OBJ1) $(NOPROTO_OBJ) $(PASSDB_OBJ) \
$(LIBNMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
- $(GROUPDB_OBJ) $(PROFILE_OBJ)
+ $(GROUPDB_OBJ) $(PROFILE_OBJ) $(UNIGRP_OBJ)
WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o \
passdb/secrets.o
Index: source/auth/auth_domain.c
===================================================================
RCS file: /cvsroot/samba/source/auth/auth_domain.c,v
retrieving revision 1.19
diff -u -r1.19 auth_domain.c
--- source/auth/auth_domain.c 5 Jan 2002 04:55:40 -0000 1.19
+++ source/auth/auth_domain.c 11 Jan 2002 10:16:01 -0000
@@ -352,6 +352,10 @@
sid_copy(&ptok->user_sids[i], &domain_sid);
sid_append_rid(&ptok->user_sids[i], info3.gids[i].g_rid);
}
+
+ become_root();
+ cli_store_uni_groups_rpc(&info3);
+ unbecome_root();
}
#if 0
Index: source/nsswitch/winbindd.c
===================================================================
RCS file: /cvsroot/samba/source/nsswitch/winbindd.c,v
retrieving revision 1.37
diff -u -r1.37 winbindd.c
--- source/nsswitch/winbindd.c 10 Jan 2002 10:23:53 -0000 1.37
+++ source/nsswitch/winbindd.c 11 Jan 2002 10:17:04 -0000
@@ -884,5 +884,6 @@
process_loop(accept_sock);
+ cli_shutdown_uni_groups();
return 0;
}
Index: source/nsswitch/winbindd_pam.c
===================================================================
RCS file: /cvsroot/samba/source/nsswitch/winbindd_pam.c,v
retrieving revision 1.31
diff -u -r1.31 winbindd_pam.c
--- source/nsswitch/winbindd_pam.c 10 Jan 2002 10:23:54 -0000 1.31
+++ source/nsswitch/winbindd_pam.c 11 Jan 2002 10:17:04 -0000
@@ -107,6 +107,7 @@
lm_resp, nt_resp,
&info3);
+ cli_store_uni_groups_rpc(&info3);
done:
cli_shutdown(cli);
@@ -168,6 +169,7 @@
lm_resp, nt_resp,
&info3);
+ cli_store_uni_groups_rpc(&info3);
done:
talloc_destroy(mem_ctx);
Index: source/nsswitch/winbindd_rpc.c
===================================================================
RCS file: /cvsroot/samba/source/nsswitch/winbindd_rpc.c,v
retrieving revision 1.17
diff -u -r1.17 winbindd_rpc.c
--- source/nsswitch/winbindd_rpc.c 10 Jan 2002 06:20:02 -0000 1.17
+++ source/nsswitch/winbindd_rpc.c 11 Jan 2002 10:17:05 -0000
@@ -301,6 +301,15 @@
*num_groups = 0;
+ /* First try cached universal groups from logon */
+ *user_gids = cli_fetch_uni_groups(&domain->sid, user_rid, mem_ctx, num_groups);
+ if((*num_groups > 0) && *user_gids) {
+ return NT_STATUS_OK;
+ } else {
+ *user_gids = NULL;
+ *num_groups = 0;
+ }
+
/* Get sam handle */
if (!(hnd = cm_get_sam_handle(domain->name)))
goto done;
Index: source/smbd/server.c
===================================================================
RCS file: /cvsroot/samba/source/smbd/server.c,v
retrieving revision 1.357
diff -u -r1.357 server.c
--- source/smbd/server.c 9 Jan 2002 08:27:15 -0000 1.357
+++ source/smbd/server.c 11 Jan 2002 10:17:07 -0000
@@ -884,6 +884,7 @@
smbd_process();
+ cli_shutdown_uni_groups();
exit_server("normal exit");
return(0);
}
Index: source/tdb/tdbutil.c
===================================================================
RCS file: /cvsroot/samba/source/tdb/tdbutil.c,v
retrieving revision 1.31
diff -u -r1.31 tdbutil.c
--- source/tdb/tdbutil.c 9 Jan 2002 01:53:19 -0000 1.31
+++ source/tdb/tdbutil.c 11 Jan 2002 10:17:12 -0000
@@ -489,12 +489,11 @@
if (!lp_use_mmap())
tdb_flags |= TDB_NOMMAP;
- tdb = tdb_open(name, hash_size, tdb_flags,
- open_flags, mode);
+ tdb = tdb_open_ex(name, hash_size, tdb_flags,
+ open_flags, mode, tdb_log);
if (!tdb)
return NULL;
- tdb_logging_function(tdb, tdb_log);
return tdb;
}
Index: source/libsmb/netlogon_unigrp.c
===================================================================
RCS file: /cvsroot/samba/source/libsmb/netlogon_unigrp.c,v
retrieving revision 1.0
--- source/libsmb/netlogon_unigrp.c Thu Jan 10 16:09:16 2002 1.0
+++ source/libsmb/netlogon_unigrp.c Thu Jan 10 16:53:23 2002
@@ -0,0 +1,155 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 3.0
+ Universal groups helpers
+ Copyright (C) Alexander Bokovoy 2002.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+ Handle for netlogon_unigrp.tdb database. It is used internally
+ in cli_store_uni_groups_*() and cli_fetch_uni_groups()
+ and is initialized on first call to cli_store_uni_groups_*()
+*/
+static TDB_CONTEXT *netlogon_unigrp_tdb = NULL;
+
+/*
+ Store universal groups info into netlogon_unigrp.tdb for
+ later usage. We use 'domain_SID/user_rid' as key and
+ array of uint32 where array[0] is number of elements
+ and elements are array[1] ... array[array[0]]
+*/
+void cli_store_uni_groups_rpc(NET_USER_INFO_3 *user)
+{
+ TALLOC_CTX *mem_ctx = talloc_init();
+ TDB_DATA key,data;
+ fstring keystr;
+ int i;
+
+ if (!mem_ctx) {
+ DEBUG(0,("cli_store_uni_groups_rpc: cannot allocate memory context!\n"));
+ return;
+ }
+
+ if (!netlogon_unigrp_tdb) {
+ netlogon_unigrp_tdb = tdb_open_log(lock_path("netlogon_unigrp.tdb"), 0,
+ TDB_NOLOCK, O_RDWR | O_CREAT, 0644);
+ }
+ if (netlogon_unigrp_tdb) {
+ /* Prepare key as DOMAIN-SID/USER-RID string */
+ slprintf(keystr, sizeof(keystr), "%s/%d",
+ sid_string_static(&user->dom_sid.sid), user->user_rid);
+ key.dptr = keystr;
+ key.dsize = strlen(keystr) + 1;
+
+ /* Prepare data */
+ data.dsize = (user->num_groups2+1)*sizeof(uint32);
+ data.dptr = talloc(mem_ctx, data.dsize);
+ if(!data.dptr) {
+ DEBUG(0,("cli_store_uni_groups_rpc: cannot allocate memory!\n"));
+ talloc_destroy(mem_ctx);
+ return;
+ }
+
+ /* Store data in byteorder-independent format */
+ ((uint32*)data.dptr)[0] = user->num_groups2;
+ for(i=1; i<=user->num_groups2; i++) {
+ SIVAL(((uint32*)data.dptr)[i],0,user->gids[i-1].g_rid);
+ }
+ tdb_store(netlogon_unigrp_tdb, key, data, TDB_REPLACE);
+
+ /* Destroy temprory memory context*/
+ talloc_destroy(mem_ctx);
+
+ } else {
+ DEBUG(0,("cli_store_uni_groups_rpc: cannot open netlogon_unigrp.tdb for write!\n"));
+ }
+
+}
+
+/*
+ Fetch universal groups info from netlogon_unigrp.tdb for given
+ domain sid and user rid and allocate it using given mem_ctx.
+ Universal groups are returned as array of uint32 elements
+ and elements are array[0] ... array[num_elements-1]
+
+*/
+uint32* cli_fetch_uni_groups(DOM_SID *domain, uint32 user_rid,
+ TALLOC_CTX *mem_ctx, uint32 *num_groups)
+{
+ TDB_DATA key,data;
+ fstring keystr;
+ uint32 *groups;
+ uint32 i;
+
+ if (!domain) {
+ DEBUG(1,("cli_fetch_uni_groups: expected non-null domain sid\n"));
+ return NULL;
+ }
+ if (!mem_ctx) {
+ DEBUG(1,("cli_fetch_uni_groups: expected non-null memory context\n"));
+ return NULL;
+ }
+ if (!num_groups) {
+ DEBUG(1,("cli_fetch_uni_groups: expected non-null num_groups\n"));
+ return NULL;
+ }
+ if (!netlogon_unigrp_tdb) {
+ netlogon_unigrp_tdb = tdb_open_log(lock_path("netlogon_unigrp.tdb"), 0,
+ TDB_NOLOCK, O_RDWR, 0644);
+ }
+ if (netlogon_unigrp_tdb) {
+ /* Fetch universal groups */
+ slprintf(keystr, sizeof(keystr), "%s/%d",
+ sid_string_static(domain), user_rid);
+ key.dptr = keystr;
+ key.dsize = strlen(keystr) + 1;
+ data = tdb_fetch(netlogon_unigrp_tdb, key);
+
+ /* There is no cached universal groups in netlogon_unigrp.tdb */
+ /* for this user. */
+ if (!data.dptr) return NULL;
+
+ /* Transfer data to receiver's memory context */
+ *num_groups = ((uint32*)data.dptr)[0];
+ groups = talloc(mem_ctx, (*num_groups)*sizeof(uint32));
+ if (groups) {
+ for(i=0; i<*num_groups; i++) {
+ groups[i] = IVAL(((uint32*)data.dptr)[i+1],0);
+ }
+
+ } else {
+ DEBUG(1,("cli_fetch_uni_groups: cannot allocate uni groups in receiver's memory context\n"));
+ }
+ SAFE_FREE(data.dptr);
+ return groups;
+
+ } else {
+ DEBUG(1,("cli_store_uni_groups_rpc: cannot open netlogon_unigrp.tdb for read!\n"));
+ }
+ return NULL;
+}
+
+/* Shutdown netlogon_unigrp database */
+void cli_shutdown_uni_groups(void)
+{
+ if(netlogon_unigrp_tdb) {
+ tdb_close(netlogon_unigrp_tdb);
+ }
+}
+
More information about the samba-technical
mailing list