[PATCHES] winbindd: use idmap cache in getpwuid and getgrgid
Uri Simchoni
uri at samba.org
Sun Dec 25 18:48:23 UTC 2016
Hi,
The attached patch set makes sure that the winbindd getpwuid() and
getgrgid() implementations use the idmap cache if available (this seems
to be a 4.5.x regression due to the xids->sids cleanup).
Review appreciated,
Uri
-------------- next part --------------
From cba52902fb172f6b20c61b776a798a56a352c842 Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri at samba.org>
Date: Sat, 24 Dec 2016 22:27:43 +0200
Subject: [PATCH 1/3] winbindd: re-introduce wb_uid2sid and wb_gid2sid
This time those are implemented as wrappers around
wb_xids2sids_send / _recv, adding cache lookup before
mapping.
While we now encourage parts of Samba which require xid->sid
mapping to do the cache lookup themselves before contacting
winbindd, the new routines are useful from within winbindd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12484
Signed-off-by: Uri Simchoni <uri at samba.org>
---
source3/winbindd/wb_xids2sids.c | 120 ++++++++++++++++++++++++++++++++++++++
source3/winbindd/winbindd_proto.h | 5 ++
2 files changed, 125 insertions(+)
diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
index 7fc8a72..817cd15 100644
--- a/source3/winbindd/wb_xids2sids.c
+++ b/source3/winbindd/wb_xids2sids.c
@@ -404,3 +404,123 @@ NTSTATUS wb_xids2sids_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
*sids = talloc_move(mem_ctx, &state->sids);
return NT_STATUS_OK;
}
+
+/*
+ * Some wrappers around wb_xids2sids that also do a cache
+ * lookup first
+ */
+
+struct wb_xid2sid_state {
+ struct unixid xid;
+ struct dom_sid sid;
+};
+
+static void wb_xid2sid_done(struct tevent_req *subreq);
+
+struct tevent_req *
+wb_uid2sid_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, uid_t uid)
+{
+ struct tevent_req *req, *subreq;
+ struct wb_xid2sid_state *state;
+ bool expired;
+
+ req = tevent_req_create(mem_ctx, &state, struct wb_xid2sid_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (winbindd_use_idmap_cache() &&
+ idmap_cache_find_uid2sid(uid, &state->sid, &expired)) {
+
+ DBG_DEBUG("idmap_cache_find_uid2sid found %d%s\n", (int)uid,
+ expired ? " (expired)" : "");
+
+ if (!expired || !is_domain_online(find_our_domain())) {
+ if (is_null_sid(&state->sid)) {
+ tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);
+ } else {
+ tevent_req_done(req);
+ }
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ state->xid = (struct unixid){.id = uid, .type = ID_TYPE_UID};
+
+ subreq = wb_xids2sids_send(state, ev, &state->xid, 1);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, wb_xid2sid_done, req);
+ return req;
+}
+
+struct tevent_req *
+wb_gid2sid_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, gid_t gid)
+{
+ struct tevent_req *req, *subreq;
+ struct wb_xid2sid_state *state;
+ bool expired;
+
+ req = tevent_req_create(mem_ctx, &state, struct wb_xid2sid_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (winbindd_use_idmap_cache() &&
+ idmap_cache_find_gid2sid(gid, &state->sid, &expired)) {
+
+ DBG_DEBUG("idmap_cache_find_gid2sid found %d%s\n", (int)gid,
+ expired ? " (expired)" : "");
+
+ if (!expired || !is_domain_online(find_our_domain())) {
+ if (is_null_sid(&state->sid)) {
+ tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);
+ } else {
+ tevent_req_done(req);
+ }
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ state->xid = (struct unixid){.id = gid, .type = ID_TYPE_GID};
+
+ subreq = wb_xids2sids_send(state, ev, &state->xid, 1);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, wb_xid2sid_done, req);
+ return req;
+}
+
+static void wb_xid2sid_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct wb_xid2sid_state *state =
+ tevent_req_data(req, struct wb_xid2sid_state);
+ NTSTATUS status;
+ struct dom_sid *sid = NULL;
+
+ status = wb_xids2sids_recv(subreq, state, &sid);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ sid_copy(&state->sid, sid);
+ TALLOC_FREE(sid);
+ tevent_req_done(req);
+}
+
+NTSTATUS wb_xid2sid_recv(struct tevent_req *req, struct dom_sid *sid)
+{
+ struct wb_xid2sid_state *state =
+ tevent_req_data(req, struct wb_xid2sid_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ sid_copy(sid, &state->sid);
+ return NT_STATUS_OK;
+}
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 675d27f..87df2d5 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -972,6 +972,11 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx,
uint32_t num_xids);
NTSTATUS wb_xids2sids_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
struct dom_sid **sids);
+struct tevent_req *
+wb_uid2sid_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, uid_t uid);
+struct tevent_req *
+wb_gid2sid_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, gid_t gid);
+NTSTATUS wb_xid2sid_recv(struct tevent_req *req, struct dom_sid *sid);
struct tevent_req *winbindd_xids_to_sids_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct winbindd_cli_state *cli,
--
2.9.3
From 318864a4e7db5e313e7fa401c92f9b4843f8c49f Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri at samba.org>
Date: Sat, 24 Dec 2016 22:31:06 +0200
Subject: [PATCH 2/3] winbindd: use uid->sid cached lookup in getpwuid()
The first step of winbindd's getpwuid implementation
is to convert the uid to a SID. Utilize the id mapping
cached in the conversion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12484
Signed-off-by: Uri Simchoni <uri at samba.org>
---
source3/winbindd/winbindd_getpwuid.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/source3/winbindd/winbindd_getpwuid.c b/source3/winbindd/winbindd_getpwuid.c
index d7a1f4d..927db48 100644
--- a/source3/winbindd/winbindd_getpwuid.c
+++ b/source3/winbindd/winbindd_getpwuid.c
@@ -23,8 +23,7 @@
struct winbindd_getpwuid_state {
struct tevent_context *ev;
- struct unixid xid;
- struct dom_sid *sid;
+ struct dom_sid sid;
struct winbindd_pw pw;
};
@@ -48,10 +47,7 @@ struct tevent_req *winbindd_getpwuid_send(TALLOC_CTX *mem_ctx,
DEBUG(3, ("getpwuid %d\n", (int)request->data.uid));
- state->xid = (struct unixid) {
- .id = request->data.uid, .type = ID_TYPE_UID };
-
- subreq = wb_xids2sids_send(state, ev, &state->xid, 1);
+ subreq = wb_uid2sid_send(state, ev, request->data.uid);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
@@ -68,17 +64,17 @@ static void winbindd_getpwuid_uid2sid_done(struct tevent_req *subreq)
req, struct winbindd_getpwuid_state);
NTSTATUS status;
- status = wb_xids2sids_recv(subreq, state, &state->sid);
+ status = wb_xid2sid_recv(subreq, &state->sid);
TALLOC_FREE(subreq);
if (tevent_req_nterror(req, status)) {
return;
}
- if (is_null_sid(state->sid)) {
+ if (is_null_sid(&state->sid)) {
tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
return;
}
- subreq = wb_getpwsid_send(state, state->ev, state->sid, &state->pw);
+ subreq = wb_getpwsid_send(state, state->ev, &state->sid, &state->pw);
if (tevent_req_nomem(subreq, req)) {
return;
}
@@ -108,7 +104,7 @@ NTSTATUS winbindd_getpwuid_recv(struct tevent_req *req,
if (tevent_req_is_nterror(req, &status)) {
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(state->sid), nt_errstr(status)));
+ sid_string_dbg(&state->sid), nt_errstr(status)));
return status;
}
response->data.pw = state->pw;
--
2.9.3
From 33ea967de3044e5ef2fa45ee80ce3b6bd3e4c4e7 Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri at samba.org>
Date: Sat, 24 Dec 2016 22:32:45 +0200
Subject: [PATCH 3/3] winbindd: use cached gid->sid lookup in getgrgid()
The first step of winbindd's getgrgid() implementation
is to convert the gid to a SID. Use the id-mapping cached
for the conversion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12484
Signed-off-by: Uri Simchoni <uri at samba.org>
---
source3/winbindd/winbindd_getgrgid.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/source3/winbindd/winbindd_getgrgid.c b/source3/winbindd/winbindd_getgrgid.c
index 8e8bdee..0e1879f 100644
--- a/source3/winbindd/winbindd_getgrgid.c
+++ b/source3/winbindd/winbindd_getgrgid.c
@@ -23,8 +23,7 @@
struct winbindd_getgrgid_state {
struct tevent_context *ev;
- struct unixid xid;
- struct dom_sid *sid;
+ struct dom_sid sid;
const char *domname;
const char *name;
gid_t gid;
@@ -51,10 +50,7 @@ struct tevent_req *winbindd_getgrgid_send(TALLOC_CTX *mem_ctx,
DEBUG(3, ("getgrgid %d\n", (int)request->data.gid));
- state->xid = (struct unixid) {
- .id = request->data.uid, .type = ID_TYPE_GID };
-
- subreq = wb_xids2sids_send(state, ev, &state->xid, 1);
+ subreq = wb_gid2sid_send(state, ev, request->data.uid);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
@@ -71,13 +67,13 @@ static void winbindd_getgrgid_gid2sid_done(struct tevent_req *subreq)
req, struct winbindd_getgrgid_state);
NTSTATUS status;
- status = wb_xids2sids_recv(subreq, state, &state->sid);
+ status = wb_xid2sid_recv(subreq, &state->sid);
TALLOC_FREE(subreq);
if (tevent_req_nterror(req, status)) {
return;
}
- subreq = wb_getgrsid_send(state, state->ev, state->sid,
+ subreq = wb_getgrsid_send(state, state->ev, &state->sid,
lp_winbind_expand_groups());
if (tevent_req_nomem(subreq, req)) {
return;
@@ -113,7 +109,7 @@ NTSTATUS winbindd_getgrgid_recv(struct tevent_req *req,
if (tevent_req_is_nterror(req, &status)) {
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(state->sid), nt_errstr(status)));
+ sid_string_dbg(&state->sid), nt_errstr(status)));
return status;
}
--
2.9.3
More information about the samba-technical
mailing list