[PATCH] Universal groups support [5th]

Alexander Bokovoy a.bokovoy at sam-solutions.net
Sat Jan 12 08:14:03 GMT 2002


Greetings!

This seems to be final patch for the moment. Many thanks to Andrew
Bartlett for critics and comments, and partly rewritten code.

New:
- updated fetching code to changed byte order macros
- moved functions to proper namespace
- optimized memory usage by reusing caller's memory context
- enhanced code to more follow Samba coding rules

Todo:
- proper universal group expiration after timeout

-- 
/ Alexander Bokovoy
$ cat /proc/identity >~/.signature
  `Senior software developer and analyst for SaM-Solutions Ltd.`
---
Nov 21 20:58:58 alconost kernel: VFS: Busy inodes after unmount. 
		    Self-destruct in 5 seconds.  Have a nice day...
-------------- next part --------------
? source/nsswitch/.libs
Index: source/Makefile.in
===================================================================
RCS file: /data/cvs/samba/source/Makefile.in,v
retrieving revision 1.432
diff -u -r1.432 Makefile.in
--- source/Makefile.in	12 Jan 2002 02:06:17 -0000	1.432
+++ source/Makefile.in	12 Jan 2002 12:59:07 -0000
@@ -199,9 +199,11 @@
 
 PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
 
+UNIGRP_OBJ = libsmb/netlogon_unigrp.o 
+
 AUTH_OBJ = auth/auth.o auth/auth_sam.o auth/auth_server.o auth/auth_domain.o \
 	   auth/auth_rhosts.o auth/auth_unix.o auth/auth_util.o	auth/auth_winbind.o \
-	   auth/auth_builtin.o auth/auth_compat.o $(PLAINTEXT_AUTH_OBJ)
+	   auth/auth_builtin.o auth/auth_compat.o $(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ)
 
 
 SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \
@@ -430,7 +432,7 @@
 		$(WINBINDD_OBJ1) $(NOPROTO_OBJ) $(PASSDB_OBJ) \
 		$(LIBNMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
 		$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
-		$(GROUPDB_OBJ) $(PROFILE_OBJ)
+		$(GROUPDB_OBJ) $(PROFILE_OBJ) $(UNIGRP_OBJ)
 
 WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o \
 	passdb/secrets.o
Index: source/nsswitch/winbindd.c
===================================================================
RCS file: /data/cvs/samba/source/nsswitch/winbindd.c,v
retrieving revision 1.40
diff -u -r1.40 winbindd.c
--- source/nsswitch/winbindd.c	11 Jan 2002 05:33:45 -0000	1.40
+++ source/nsswitch/winbindd.c	12 Jan 2002 12:59:09 -0000
@@ -881,5 +881,6 @@
 
 	process_loop(accept_sock);
 
+	uni_group_cache_shutdown();
 	return 0;
 }
Index: source/nsswitch/winbindd_pam.c
===================================================================
RCS file: /data/cvs/samba/source/nsswitch/winbindd_pam.c,v
retrieving revision 1.31
diff -u -r1.31 winbindd_pam.c
--- source/nsswitch/winbindd_pam.c	10 Jan 2002 10:23:54 -0000	1.31
+++ source/nsswitch/winbindd_pam.c	12 Jan 2002 12:59:09 -0000
@@ -107,6 +107,7 @@
 						lm_resp, nt_resp, 
 						&info3);
         
+	uni_group_cache_store_netlogon(mem_ctx, &info3);
 done:
 
 	cli_shutdown(cli);
@@ -168,6 +169,7 @@
 						lm_resp, nt_resp, 
 						&info3);
         
+	uni_group_cache_store_netlogon(mem_ctx, &info3);
 done:
 	talloc_destroy(mem_ctx);
 
Index: source/nsswitch/winbindd_rpc.c
===================================================================
RCS file: /data/cvs/samba/source/nsswitch/winbindd_rpc.c,v
retrieving revision 1.17
diff -u -r1.17 winbindd_rpc.c
--- source/nsswitch/winbindd_rpc.c	10 Jan 2002 06:20:02 -0000	1.17
+++ source/nsswitch/winbindd_rpc.c	12 Jan 2002 12:59:10 -0000
@@ -301,6 +301,15 @@
 
 	*num_groups = 0;
 
+	/* First try cached universal groups from logon */
+	*user_gids = uni_group_cache_fetch(&domain->sid, user_rid, mem_ctx, num_groups);
+	if((*num_groups > 0) && *user_gids) {
+		return NT_STATUS_OK;
+	} else {
+	    *user_gids = NULL;
+	    *num_groups = 0;
+	}
+
 	/* Get sam handle */
 	if (!(hnd = cm_get_sam_handle(domain->name)))
 		goto done;
Index: source/smbd/server.c
===================================================================
RCS file: /data/cvs/samba/source/smbd/server.c,v
retrieving revision 1.357
diff -u -r1.357 server.c
--- source/smbd/server.c	9 Jan 2002 08:27:15 -0000	1.357
+++ source/smbd/server.c	12 Jan 2002 12:59:14 -0000
@@ -884,6 +884,7 @@
 
 	smbd_process();
 	
+	uni_group_cache_shutdown();
 	exit_server("normal exit");
 	return(0);
 }
Index: source/auth/auth_domain.c
===================================================================
RCS file: /data/cvs/samba/source/auth/auth_domain.c,v
retrieving revision 1.21
diff -u -r1.21 auth_domain.c
--- source/auth/auth_domain.c	11 Jan 2002 13:14:27 -0000	1.21
+++ source/auth/auth_domain.c	12 Jan 2002 12:59:14 -0000
@@ -352,6 +352,10 @@
 			sid_copy(&ptok->user_sids[i], &domain_sid);
 			sid_append_rid(&ptok->user_sids[i], info3.gids[i].g_rid);
 		}
+		
+		become_root();
+		uni_group_cache_store_netlogon(mem_ctx, &info3);
+		unbecome_root();
 	}
 
 #if 0
--- /dev/null	Wed May  6 06:32:27 1998
+++ source/libsmb/netlogon_unigrp.c	Sat Jan 12 18:01:39 2002
@@ -0,0 +1,150 @@
+/* 
+   Unix SMB/Netbios implementation.
+   Version 3.0
+   Universal groups helpers
+   Copyright (C) Alexander Bokovoy                    2002.
+   Copyright (C) Andrew Bartlett                      2002.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+   This work was sponsored by Optifacio Software Services, Inc.
+*/
+
+#include "includes.h"
+
+/*
+    Handle for netlogon_unigrp.tdb database. It is used internally
+    in cli_store_uni_groups_*() and cli_fetch_uni_groups()
+    and is initialized on first call to cli_store_uni_groups_*()
+*/
+static TDB_CONTEXT *netlogon_unigrp_tdb = NULL;
+
+/*
+    Store universal groups info into netlogon_unigrp.tdb for
+    later usage. We use 'domain_SID/user_rid' as key and
+    array of uint32 where array[0] is number of elements
+    and elements are array[1] ... array[array[0]]
+*/
+void uni_group_cache_store_netlogon(TALLOC_CTX *mem_ctx, NET_USER_INFO_3 *user)
+{
+	TDB_DATA key,data;
+        fstring keystr;
+        int i;
+	
+	if (!netlogon_unigrp_tdb) {
+		netlogon_unigrp_tdb = tdb_open_log(lock_path("netlogon_unigrp.tdb"), 0,
+                				    TDB_NOLOCK, O_RDWR | O_CREAT, 0644);
+	}
+
+	if (!netlogon_unigrp_tdb) {
+		DEBUG(0,("uni_group_cache_store_netlogon: cannot open netlogon_unigrp.tdb for write!\n"));
+		return;
+	}
+
+	/* Prepare key as DOMAIN-SID/USER-RID string */
+	slprintf(keystr, sizeof(keystr), "%s/%d", 
+		 sid_string_static(&user->dom_sid.sid), user->user_rid);
+	key.dptr = keystr;
+	key.dsize = strlen(keystr) + 1;
+	
+	/* Prepare data */
+	data.dsize = (user->num_groups2+1)*sizeof(uint32);
+	data.dptr = talloc(mem_ctx, data.dsize);
+	if(!data.dptr) {
+		DEBUG(0,("uni_group_cache_store_netlogon: cannot allocate memory!\n"));
+		talloc_destroy(mem_ctx);
+		return;
+	}
+	
+	/* Store data in byteorder-independent format */
+	SIVAL(&((uint32*)data.dptr)[0],0,user->num_groups2);
+	for(i=1; i<=user->num_groups2; i++) {
+		SIVAL(&((uint32*)data.dptr)[i],0,user->gids[i-1].g_rid);
+	}
+	tdb_store(netlogon_unigrp_tdb, key, data, TDB_REPLACE);	
+}
+
+/*
+    Fetch universal groups info from netlogon_unigrp.tdb for given
+    domain sid and user rid and allocate it using given mem_ctx.
+    Universal groups are returned as array of uint32 elements 
+    and elements are array[0] ... array[num_elements-1]
+    
+*/
+uint32* uni_group_cache_fetch(DOM_SID *domain, uint32 user_rid,
+			      TALLOC_CTX *mem_ctx, uint32 *num_groups)
+{
+	TDB_DATA key,data;
+	fstring keystr;
+	uint32 *groups;
+	uint32 i;
+	
+	if (!domain) {
+		DEBUG(1,("uni_group_cache_fetch: expected non-null domain sid\n"));
+		return NULL;
+	}
+	if (!mem_ctx) {
+		DEBUG(1,("uni_group_cache_fetch: expected non-null memory context\n"));
+		return NULL;
+	}
+	if (!num_groups) {
+		DEBUG(1,("uni_group_cache_fetch: expected non-null num_groups\n"));
+		return NULL;
+	}
+	if (!netlogon_unigrp_tdb) {
+		netlogon_unigrp_tdb = tdb_open_log(lock_path("netlogon_unigrp.tdb"), 0,
+                				    TDB_NOLOCK, O_RDWR, 0644);
+	}
+	if (!netlogon_unigrp_tdb) {
+		DEBUG(5,("uni_group_cache_fetch: cannot open netlogon_unigrp.tdb for read - normal if not created yet\n"));
+		return NULL;
+	}
+	
+	*num_groups = 0;
+	
+	/* Fetch universal groups */
+	slprintf(keystr, sizeof(keystr), "%s/%d", 
+		 sid_string_static(domain), user_rid);
+	key.dptr = keystr;
+	key.dsize = strlen(keystr) + 1;
+	data = tdb_fetch(netlogon_unigrp_tdb, key);
+	
+	/* There is no cached universal groups in netlogon_unigrp.tdb */
+	/* for this user. */
+	if (!data.dptr) return NULL;
+	
+	/* Transfer data to receiver's memory context */
+	*num_groups = IVAL(&((uint32*)data.dptr)[0],0);
+	groups = talloc(mem_ctx, (*num_groups)*sizeof(uint32));
+	if (groups) {
+		for(i=0; i<*num_groups; i++) {
+			groups[i] = IVAL(&((uint32*)data.dptr)[i+1],0);
+		}
+		
+	} else {
+		DEBUG(1,("uni_group_cache_fetch: cannot allocate uni groups in receiver's memory context\n"));
+	}
+	SAFE_FREE(data.dptr);
+	return groups;
+}
+
+/* Shutdown netlogon_unigrp database */
+void uni_group_cache_shutdown(void)
+{
+    if(netlogon_unigrp_tdb) {
+	tdb_close(netlogon_unigrp_tdb);
+    }
+}
+


More information about the samba-technical mailing list