[PATCH] Remove some unused code from winbind
Volker Lendecke
vl at samba.org
Wed Jan 4 06:18:54 UTC 2017
Hi!
Now that getpwsid is changed, we can remove some unused code.
Review appreciated!
Thanks, Volker
-------------- next part --------------
>From e5121cbfce62c534019c7a7b60800dfe4dc03323 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 2 Jan 2017 10:32:19 +0000
Subject: [PATCH 01/22] winbind: Remove wbint_QueryUser
Signed-off-by: Volker Lendecke <vl at samba.org>
---
librpc/idl/winbind.idl | 5 -----
source3/winbindd/winbindd_dual_srv.c | 15 ---------------
2 files changed, 20 deletions(-)
diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl
index d38b17a0da4..c47f2bd7a66 100644
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -84,11 +84,6 @@ interface winbind
dom_sid group_sid;
} wbint_userinfo;
- NTSTATUS wbint_QueryUser(
- [in] dom_sid *sid,
- [out] wbint_userinfo *info
- );
-
NTSTATUS wbint_GetNssInfo(
[in,out] wbint_userinfo *info
);
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index a75e5771068..a5667d11ca0 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -268,21 +268,6 @@ NTSTATUS _wbint_AllocateGid(struct pipes_struct *p, struct wbint_AllocateGid *r)
return NT_STATUS_OK;
}
-NTSTATUS _wbint_QueryUser(struct pipes_struct *p, struct wbint_QueryUser *r)
-{
- struct winbindd_domain *domain = wb_child_domain();
- NTSTATUS status;
-
- if (domain == NULL) {
- return NT_STATUS_REQUEST_NOT_ACCEPTED;
- }
-
- status = wb_cache_query_user(domain, p->mem_ctx, r->in.sid,
- r->out.info);
- reset_cm_connection_on_error(domain, status);
- return status;
-}
-
NTSTATUS _wbint_GetNssInfo(struct pipes_struct *p, struct wbint_GetNssInfo *r)
{
struct idmap_domain *domain;
--
2.11.0
>From 69c289b834d96b9c12eff5bfead4229916c1cf45 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 2 Jan 2017 10:35:02 +0000
Subject: [PATCH 02/22] winbind: Remove unused wb_cache_query_user
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_cache.c | 50 ---------------------------------------
source3/winbindd/winbindd_proto.h | 4 ----
2 files changed, 54 deletions(-)
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index a130b03ff17..18073809e0f 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -2372,56 +2372,6 @@ NTSTATUS wcache_query_user_fullname(struct winbindd_domain *domain,
return NT_STATUS_OK;
}
-/* Lookup user information from a rid */
-NTSTATUS wb_cache_query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *info)
-{
- NTSTATUS status;
- bool old_status;
-
- old_status = domain->online;
- status = wcache_query_user(domain, mem_ctx, user_sid, info);
- if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
- return status;
- }
-
- ZERO_STRUCTP(info);
-
- /* Return status value returned by seq number check */
-
- if (!NT_STATUS_IS_OK(domain->last_status))
- return domain->last_status;
-
- DEBUG(10,("query_user: [Cached] - doing backend query for info for domain %s\n",
- domain->name ));
-
- status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
-
- if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
- NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
- if (!domain->internal && old_status) {
- set_domain_offline(domain);
- }
- if (!domain->internal &&
- !domain->online &&
- old_status) {
- NTSTATUS cache_status;
- cache_status = wcache_query_user(domain, mem_ctx, user_sid, info);
- return cache_status;
- }
- }
- /* and save it */
- refresh_sequence_number(domain);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- wcache_save_user(domain, status, info);
-
- return status;
-}
-
NTSTATUS wcache_lookup_usergroups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const struct dom_sid *user_sid,
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 2b6f26e0315..a4e05187d32 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -90,10 +90,6 @@ NTSTATUS wb_cache_rids_to_names(struct winbindd_domain *domain,
char **domain_name,
char ***names,
enum lsa_SidType **types);
-NTSTATUS wb_cache_query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *info);
NTSTATUS wb_cache_lookup_usergroups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const struct dom_sid *user_sid,
--
2.11.0
>From 2582fb970b4f7f4d95220f1fe994a048aa9626a9 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 2 Jan 2017 15:56:48 +0000
Subject: [PATCH 03/22] winbind: Remove "query_user" backend function
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd.h | 6 --
source3/winbindd/winbindd_ads.c | 166 ------------------------------
source3/winbindd/winbindd_msrpc.c | 79 --------------
source3/winbindd/winbindd_reconnect.c | 19 ----
source3/winbindd/winbindd_reconnect_ads.c | 19 ----
source3/winbindd/winbindd_samr.c | 64 ------------
6 files changed, 353 deletions(-)
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index 535252b890f..155369f760c 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -263,12 +263,6 @@ struct winbindd_methods {
char ***names,
enum lsa_SidType **types);
- /* lookup user info for a given SID */
- NTSTATUS (*query_user)(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info);
-
/* lookup all groups that a user is a member of. The backend
can also choose to lookup by username or rid for this
function */
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index a4339f1a4ef..7b8603c9092 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -601,171 +601,6 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain,
domain_name, names, types);
}
-/* If you are looking for "dn_lookup": Yes, it used to be here!
- * It has gone now since it was a major speed bottleneck in
- * lookup_groupmem (its only use). It has been replaced by
- * an rpc lookup sids call... R.I.P. */
-
-/* Lookup user information from a rid */
-static NTSTATUS query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *sid,
- struct wbint_userinfo *info)
-{
- ADS_STRUCT *ads = NULL;
- const char *attrs[] = { "*", NULL };
- ADS_STATUS rc;
- int count;
- LDAPMessage *msg = NULL;
- char *ldap_exp;
- char *sidstr;
- uint32_t group_rid;
- NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- struct netr_SamInfo3 *user = NULL;
- gid_t gid = -1;
- int ret;
- char *full_name;
-
- DEBUG(3,("ads: query_user\n"));
-
- info->homedir = NULL;
- info->shell = NULL;
-
- /* try netsamlogon cache first */
-
- if ( (user = netsamlogon_cache_get( mem_ctx, sid )) != NULL )
- {
- DEBUG(5,("query_user: Cache lookup succeeded for %s\n",
- sid_string_dbg(sid)));
-
- sid_compose(&info->user_sid, &domain->sid, user->base.rid);
- sid_compose(&info->group_sid, &domain->sid, user->base.primary_gid);
-
- info->acct_name = talloc_strdup(mem_ctx, user->base.account_name.string);
- info->full_name = talloc_strdup(mem_ctx, user->base.full_name.string);
-
- nss_get_info_cached( domain, sid, mem_ctx,
- &info->homedir, &info->shell, &info->full_name,
- &gid );
- info->primary_gid = gid;
-
- TALLOC_FREE(user);
-
- if (info->full_name == NULL) {
- /* this might fail so we don't check the return code */
- wcache_query_user_fullname(domain,
- mem_ctx,
- sid,
- &info->full_name);
- }
-
- return NT_STATUS_OK;
- }
-
- if ( !winbindd_can_contact_domain(domain)) {
- DEBUG(8,("query_user: No incoming trust from domain %s\n",
- domain->name));
-
- /* We still need to generate some basic information
- about the user even if we cannot contact the
- domain. Most of this stuff we can deduce. */
-
- sid_copy( &info->user_sid, sid );
-
- /* Assume "Domain Users" for the primary group */
-
- sid_compose(&info->group_sid, &domain->sid, DOMAIN_RID_USERS );
-
- /* Try to fill in what the nss_info backend can do */
-
- nss_get_info_cached( domain, sid, mem_ctx,
- &info->homedir, &info->shell, &info->full_name,
- &gid);
- info->primary_gid = gid;
-
- return NT_STATUS_OK;
- }
-
- /* no cache...do the query */
-
- if ( (ads = ads_cached_connection(domain)) == NULL ) {
- domain->last_status = NT_STATUS_SERVER_DISABLED;
- return NT_STATUS_SERVER_DISABLED;
- }
-
- sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
-
- ret = asprintf(&ldap_exp, "(objectSid=%s)", sidstr);
- TALLOC_FREE(sidstr);
- if (ret == -1) {
- return NT_STATUS_NO_MEMORY;
- }
- rc = ads_search_retry(ads, &msg, ldap_exp, attrs);
- SAFE_FREE(ldap_exp);
- if (!ADS_ERR_OK(rc)) {
- DEBUG(1,("query_user(sid=%s) ads_search: %s\n",
- sid_string_dbg(sid), ads_errstr(rc)));
- return ads_ntstatus(rc);
- } else if (!msg) {
- DEBUG(1,("query_user(sid=%s) ads_search returned NULL res\n",
- sid_string_dbg(sid)));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- count = ads_count_replies(ads, msg);
- if (count != 1) {
- DEBUG(1,("query_user(sid=%s): Not found\n",
- sid_string_dbg(sid)));
- ads_msgfree(ads, msg);
- return NT_STATUS_NO_SUCH_USER;
- }
-
- info->acct_name = ads_pull_username(ads, mem_ctx, msg);
-
- if (!ads_pull_uint32(ads, msg, "primaryGroupID", &group_rid)) {
- DEBUG(1,("No primary group for %s !?\n",
- sid_string_dbg(sid)));
- ads_msgfree(ads, msg);
- return NT_STATUS_NO_SUCH_USER;
- }
- sid_copy(&info->user_sid, sid);
- sid_compose(&info->group_sid, &domain->sid, group_rid);
-
- /*
- * We have to fetch the "name" attribute before doing the
- * nss_get_info_cached call. nss_get_info_cached might destroy
- * the ads struct, potentially invalidating the ldap message.
- */
- full_name = ads_pull_string(ads, mem_ctx, msg, "displayName");
- if (full_name == NULL) {
- full_name = ads_pull_string(ads, mem_ctx, msg, "name");
- }
-
- ads_msgfree(ads, msg);
- msg = NULL;
-
- status = nss_get_info_cached( domain, sid, mem_ctx,
- &info->homedir, &info->shell, &info->full_name,
- &gid);
- info->primary_gid = gid;
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("nss_get_info_cached failed: %s\n",
- nt_errstr(status)));
- return status;
- }
-
- if (info->full_name == NULL) {
- info->full_name = full_name;
- } else {
- TALLOC_FREE(full_name);
- }
-
- status = NT_STATUS_OK;
-
- DEBUG(3,("ads query_user gave %s\n", info->acct_name));
- return NT_STATUS_OK;
-}
-
/* Lookup groups a user is a member of - alternate method, for when
tokenGroups are not available. */
static NTSTATUS lookup_usergroups_member(struct winbindd_domain *domain,
@@ -1717,7 +1552,6 @@ struct winbindd_methods ads_methods = {
name_to_sid,
sid_to_name,
rids_to_names,
- query_user,
lookup_usergroups,
lookup_useraliases,
lookup_groupmem,
diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
index 42ca142360a..1aa162c5a10 100644
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -403,84 +403,6 @@ static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,
return result;
}
-/* Lookup user information from a rid or username. */
-static NTSTATUS msrpc_query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info)
-{
- struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
- struct netr_SamInfo3 *user;
- TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
-
- DEBUG(3,("msrpc_query_user sid=%s\n", sid_string_dbg(user_sid)));
-
- tmp_ctx = talloc_stackframe();
- if (tmp_ctx == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- if (user_info) {
- user_info->homedir = NULL;
- user_info->shell = NULL;
- user_info->primary_gid = (gid_t)-1;
- }
-
- /* try netsamlogon cache first */
- user = netsamlogon_cache_get(tmp_ctx, user_sid);
- if (user != NULL) {
- DEBUG(5,("msrpc_query_user: Cache lookup succeeded for %s\n",
- sid_string_dbg(user_sid)));
-
- sid_compose(&user_info->user_sid, &domain->sid, user->base.rid);
- sid_compose(&user_info->group_sid, &domain->sid,
- user->base.primary_gid);
-
- user_info->acct_name = talloc_strdup(user_info,
- user->base.account_name.string);
- user_info->full_name = talloc_strdup(user_info,
- user->base.full_name.string);
-
- if (user_info->full_name == NULL) {
- /* this might fail so we don't check the return code */
- wcache_query_user_fullname(domain,
- mem_ctx,
- user_sid,
- &user_info->full_name);
- }
-
- status = NT_STATUS_OK;
- goto done;
- }
-
- if ( !winbindd_can_contact_domain( domain ) ) {
- DEBUG(10,("query_user: No incoming trust for domain %s\n",
- domain->name));
- /* Tell the cache manager not to remember this one */
- status = NT_STATUS_SYNCHRONIZATION_REQUIRED;
- goto done;
- }
-
- /* no cache; hit the wire */
- status = cm_connect_sam(domain, tmp_ctx, false, &samr_pipe, &dom_pol);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- status = rpc_query_user(tmp_ctx,
- samr_pipe,
- &dom_pol,
- &domain->sid,
- user_sid,
- user_info);
-
-done:
- TALLOC_FREE(tmp_ctx);
- return status;
-}
-
/* Lookup groups a user is a member of. I wish Unix had a call like this! */
static NTSTATUS msrpc_lookup_usergroups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
@@ -1249,7 +1171,6 @@ struct winbindd_methods msrpc_methods = {
msrpc_name_to_sid,
msrpc_sid_to_name,
msrpc_rids_to_names,
- msrpc_query_user,
msrpc_lookup_usergroups,
msrpc_lookup_useraliases,
msrpc_lookup_groupmem,
diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c
index f7dd8053f2e..0406c995b1b 100644
--- a/source3/winbindd/winbindd_reconnect.c
+++ b/source3/winbindd/winbindd_reconnect.c
@@ -201,24 +201,6 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain,
return result;
}
-/* Lookup user information from a rid or username. */
-static NTSTATUS query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info)
-{
- NTSTATUS result;
-
- result = msrpc_methods.query_user(domain, mem_ctx, user_sid,
- user_info);
-
- if (reconnect_need_retry(result, domain))
- result = msrpc_methods.query_user(domain, mem_ctx, user_sid,
- user_info);
-
- return result;
-}
-
/* Lookup groups a user is a member of. I wish Unix had a call like this! */
static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
@@ -354,7 +336,6 @@ struct winbindd_methods reconnect_methods = {
name_to_sid,
sid_to_name,
rids_to_names,
- query_user,
lookup_usergroups,
lookup_useraliases,
lookup_groupmem,
diff --git a/source3/winbindd/winbindd_reconnect_ads.c b/source3/winbindd/winbindd_reconnect_ads.c
index 7ea8298c4a4..5a913607472 100644
--- a/source3/winbindd/winbindd_reconnect_ads.c
+++ b/source3/winbindd/winbindd_reconnect_ads.c
@@ -156,24 +156,6 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain,
return result;
}
-/* Lookup user information from a rid or username. */
-static NTSTATUS query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info)
-{
- NTSTATUS result;
-
- result = ads_methods.query_user(domain, mem_ctx, user_sid, user_info);
-
- if (reconnect_need_retry(result, domain)) {
- result = ads_methods.query_user(domain, mem_ctx, user_sid,
- user_info);
- }
-
- return result;
-}
-
/* Lookup groups a user is a member of. I wish Unix had a call like this! */
static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
@@ -311,7 +293,6 @@ struct winbindd_methods reconnect_ads_methods = {
name_to_sid,
sid_to_name,
rids_to_names,
- query_user,
lookup_usergroups,
lookup_useraliases,
lookup_groupmem,
diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
index dce26d2f5a0..0ce98ab542a 100644
--- a/source3/winbindd/winbindd_samr.c
+++ b/source3/winbindd/winbindd_samr.c
@@ -225,59 +225,6 @@ done:
return status;
}
-/* Lookup user information from a rid or username. */
-static NTSTATUS sam_query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info)
-{
- struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
- TALLOC_CTX *tmp_ctx;
- NTSTATUS status, result;
- struct dcerpc_binding_handle *b = NULL;
-
- DEBUG(3,("sam_query_user\n"));
-
- ZERO_STRUCT(dom_pol);
-
- /* Paranoia check */
- if (!sid_check_is_in_our_sam(user_sid)) {
- return NT_STATUS_NO_SUCH_USER;
- }
-
- user_info->homedir = NULL;
- user_info->shell = NULL;
- user_info->primary_gid = (gid_t) -1;
-
- tmp_ctx = talloc_stackframe();
- if (tmp_ctx == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- status = open_internal_samr_conn(tmp_ctx, domain, &samr_pipe, &dom_pol);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- b = samr_pipe->binding_handle;
-
- status = rpc_query_user(tmp_ctx,
- samr_pipe,
- &dom_pol,
- &domain->sid,
- user_sid,
- user_info);
-
-done:
- if (b && is_valid_policy_hnd(&dom_pol)) {
- dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
- }
-
- TALLOC_FREE(tmp_ctx);
- return status;
-}
-
/* get a list of trusted domains - builtin domain */
static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
@@ -447,15 +394,6 @@ static NTSTATUS builtin_query_user_list(struct winbindd_domain *domain,
return NT_STATUS_OK;
}
-/* Lookup user information from a rid or username. */
-static NTSTATUS builtin_query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info)
-{
- return NT_STATUS_NO_SUCH_USER;
-}
-
/* get a list of trusted domains - builtin domain */
static NTSTATUS builtin_trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
@@ -1040,7 +978,6 @@ struct winbindd_methods builtin_passdb_methods = {
.name_to_sid = sam_name_to_sid,
.sid_to_name = sam_sid_to_name,
.rids_to_names = sam_rids_to_names,
- .query_user = builtin_query_user,
.lookup_usergroups = sam_lookup_usergroups,
.lookup_useraliases = sam_lookup_useraliases,
.lookup_groupmem = sam_lookup_groupmem,
@@ -1060,7 +997,6 @@ struct winbindd_methods sam_passdb_methods = {
.name_to_sid = sam_name_to_sid,
.sid_to_name = sam_sid_to_name,
.rids_to_names = sam_rids_to_names,
- .query_user = sam_query_user,
.lookup_usergroups = sam_lookup_usergroups,
.lookup_useraliases = sam_lookup_useraliases,
.lookup_groupmem = sam_lookup_groupmem,
--
2.11.0
>From 85e322ce9b095188fd2c1d19bb8fe28d2424d02e Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 2 Jan 2017 15:58:39 +0000
Subject: [PATCH 04/22] winbind: Remove rpc_query_user
---
source3/winbindd/winbindd_rpc.c | 76 -----------------------------------------
source3/winbindd/winbindd_rpc.h | 8 -----
2 files changed, 84 deletions(-)
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index cd6174a9814..2a096edf8fd 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -476,82 +476,6 @@ NTSTATUS rpc_rids_to_names(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-/* Lookup user information from a rid or username. */
-NTSTATUS rpc_query_user(TALLOC_CTX *mem_ctx,
- struct rpc_pipe_client *samr_pipe,
- struct policy_handle *samr_policy,
- const struct dom_sid *domain_sid,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info)
-{
- struct policy_handle user_policy;
- union samr_UserInfo *info = NULL;
- uint32_t user_rid;
- NTSTATUS status, result;
- struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
-
- if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* Get user handle */
- status = dcerpc_samr_OpenUser(b,
- mem_ctx,
- samr_policy,
- SEC_FLAG_MAXIMUM_ALLOWED,
- user_rid,
- &user_policy,
- &result);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- if (!NT_STATUS_IS_OK(result)) {
- return result;
- }
-
- /* Get user info */
- status = dcerpc_samr_QueryUserInfo(b,
- mem_ctx,
- &user_policy,
- 0x15,
- &info,
- &result);
- {
- NTSTATUS _result;
- dcerpc_samr_Close(b, mem_ctx, &user_policy, &_result);
- }
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- if (!NT_STATUS_IS_OK(result)) {
- return result;
- }
-
- sid_compose(&user_info->user_sid, domain_sid, user_rid);
- sid_compose(&user_info->group_sid, domain_sid,
- info->info21.primary_gid);
-
- user_info->acct_name = talloc_strdup(user_info,
- info->info21.account_name.string);
- if (user_info->acct_name == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- user_info->full_name = talloc_strdup(user_info,
- info->info21.full_name.string);
- if ((info->info21.full_name.string != NULL) &&
- (user_info->full_name == NULL))
- {
- return NT_STATUS_NO_MEMORY;
- }
-
- user_info->homedir = NULL;
- user_info->shell = NULL;
- user_info->primary_gid = (gid_t)-1;
-
- return NT_STATUS_OK;
-}
-
/* Lookup groups a user is a member of. */
NTSTATUS rpc_lookup_usergroups(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *samr_pipe,
diff --git a/source3/winbindd/winbindd_rpc.h b/source3/winbindd/winbindd_rpc.h
index 5513788ec8d..bdfc3ed948e 100644
--- a/source3/winbindd/winbindd_rpc.h
+++ b/source3/winbindd/winbindd_rpc.h
@@ -79,14 +79,6 @@ NTSTATUS rpc_rids_to_names(TALLOC_CTX *mem_ctx,
char ***pnames,
enum lsa_SidType **ptypes);
-/* Lookup user information from a rid or username. */
-NTSTATUS rpc_query_user(TALLOC_CTX *mem_ctx,
- struct rpc_pipe_client *samr_pipe,
- struct policy_handle *samr_policy,
- const struct dom_sid *domain_sid,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info);
-
/* Lookup groups a user is a member of. */
NTSTATUS rpc_lookup_usergroups(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *samr_pipe,
--
2.11.0
>From 3c2bda1fca1cd7c2a07d2e1a69107fb8a2114ec2 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 14:54:46 +0000
Subject: [PATCH 05/22] winbind: Add "expand_local_aliases" to wb_gettoken
I hate passing down booleans, but we have the "domain_groups_only"
parameter in wbcLookupUserSids which we need to keep for API
compatibility. To make sure we use as few code paths as possible, this
basically passes down this flag.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/wb_gettoken.c | 10 +++++++++-
source3/winbindd/winbindd_getgroups.c | 2 +-
source3/winbindd/winbindd_getusersids.c | 2 +-
source3/winbindd/winbindd_proto.h | 3 ++-
4 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/source3/winbindd/wb_gettoken.c b/source3/winbindd/wb_gettoken.c
index 1c99121bb09..d8867c36b9d 100644
--- a/source3/winbindd/wb_gettoken.c
+++ b/source3/winbindd/wb_gettoken.c
@@ -26,6 +26,7 @@
struct wb_gettoken_state {
struct tevent_context *ev;
struct dom_sid usersid;
+ bool expand_local_aliases;
int num_sids;
struct dom_sid *sids;
};
@@ -41,7 +42,8 @@ static void wb_gettoken_gotbuiltins(struct tevent_req *subreq);
struct tevent_req *wb_gettoken_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
- const struct dom_sid *sid)
+ const struct dom_sid *sid,
+ bool expand_local_aliases)
{
struct tevent_req *req, *subreq;
struct wb_gettoken_state *state;
@@ -52,6 +54,7 @@ struct tevent_req *wb_gettoken_send(TALLOC_CTX *mem_ctx,
}
sid_copy(&state->usersid, sid);
state->ev = ev;
+ state->expand_local_aliases = expand_local_aliases;
subreq = wb_queryuser_send(state, ev, &state->usersid);
if (tevent_req_nomem(subreq, req)) {
@@ -115,6 +118,11 @@ static void wb_gettoken_gotuser(struct tevent_req *subreq)
num_groups * sizeof(struct dom_sid));
state->num_sids += num_groups;
+ if (!state->expand_local_aliases) {
+ tevent_req_done(req);
+ return;
+ }
+
/*
* Expand our domain's aliases
*/
diff --git a/source3/winbindd/winbindd_getgroups.c b/source3/winbindd/winbindd_getgroups.c
index 8b9d0a3ecdf..8bf670654e1 100644
--- a/source3/winbindd/winbindd_getgroups.c
+++ b/source3/winbindd/winbindd_getgroups.c
@@ -99,7 +99,7 @@ static void winbindd_getgroups_lookupname_done(struct tevent_req *subreq)
return;
}
- subreq = wb_gettoken_send(state, state->ev, &state->sid);
+ subreq = wb_gettoken_send(state, state->ev, &state->sid, true);
if (tevent_req_nomem(subreq, req)) {
return;
}
diff --git a/source3/winbindd/winbindd_getusersids.c b/source3/winbindd/winbindd_getusersids.c
index 6b5510ad5a5..d6995c4390a 100644
--- a/source3/winbindd/winbindd_getusersids.c
+++ b/source3/winbindd/winbindd_getusersids.c
@@ -55,7 +55,7 @@ struct tevent_req *winbindd_getusersids_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
- subreq = wb_gettoken_send(state, ev, &state->sid);
+ subreq = wb_gettoken_send(state, ev, &state->sid, true);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index a4e05187d32..2aed8dc25aa 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -687,7 +687,8 @@ NTSTATUS winbindd_getuserdomgroups_recv(struct tevent_req *req,
struct winbindd_response *response);
struct tevent_req *wb_gettoken_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
- const struct dom_sid *sid);
+ const struct dom_sid *sid,
+ bool expand_local_aliases);
NTSTATUS wb_gettoken_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
int *num_sids, struct dom_sid **sids);
struct tevent_req *winbindd_getgroups_send(TALLOC_CTX *mem_ctx,
--
2.11.0
>From 2da33172f9c4eca9fd6d6c9c94063fb81c997488 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 15:00:46 +0000
Subject: [PATCH 06/22] winbind: Use wb_gettoken in getuserdomgroups
This makes sure we return the same information regardless of which call into
winbind is used
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_getuserdomgroups.c | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/source3/winbindd/winbindd_getuserdomgroups.c b/source3/winbindd/winbindd_getuserdomgroups.c
index 55094bb99a2..24ec1ddc019 100644
--- a/source3/winbindd/winbindd_getuserdomgroups.c
+++ b/source3/winbindd/winbindd_getuserdomgroups.c
@@ -36,7 +36,6 @@ struct tevent_req *winbindd_getuserdomgroups_send(TALLOC_CTX *mem_ctx,
{
struct tevent_req *req, *subreq;
struct winbindd_getuserdomgroups_state *state;
- struct winbindd_domain *domain;
req = tevent_req_create(mem_ctx, &state,
struct winbindd_getuserdomgroups_state);
@@ -56,15 +55,7 @@ struct tevent_req *winbindd_getuserdomgroups_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
- domain = find_domain_from_sid_noinit(&state->sid);
- if (domain == NULL) {
- DEBUG(1,("could not find domain entry for sid %s\n",
- request->data.sid));
- tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN);
- return tevent_req_post(req, ev);
- }
-
- subreq = wb_lookupusergroups_send(state, ev, domain, &state->sid);
+ subreq = wb_gettoken_send(state, ev, &state->sid, false);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
@@ -80,8 +71,8 @@ static void winbindd_getuserdomgroups_done(struct tevent_req *subreq)
req, struct winbindd_getuserdomgroups_state);
NTSTATUS status;
- status = wb_lookupusergroups_recv(subreq, state, &state->num_sids,
- &state->sids);
+ status = wb_gettoken_recv(subreq, state, &state->num_sids,
+ &state->sids);
TALLOC_FREE(subreq);
if (tevent_req_nterror(req, status)) {
return;
--
2.11.0
>From 13534ce9878b65085e3f17f148ebda81f227ed81 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 15:02:48 +0000
Subject: [PATCH 07/22] winbind: Remove wb_lookupusergroups
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/wb_lookupusergroups.c | 97 ----------------------------------
source3/winbindd/winbindd_proto.h | 6 ---
source3/winbindd/wscript_build | 1 -
3 files changed, 104 deletions(-)
delete mode 100644 source3/winbindd/wb_lookupusergroups.c
diff --git a/source3/winbindd/wb_lookupusergroups.c b/source3/winbindd/wb_lookupusergroups.c
deleted file mode 100644
index 2d3969236fa..00000000000
--- a/source3/winbindd/wb_lookupusergroups.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- async lookupusergroups
- Copyright (C) Volker Lendecke 2009
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "winbindd.h"
-#include "librpc/gen_ndr/ndr_winbind_c.h"
-#include "../libcli/security/security.h"
-
-struct wb_lookupusergroups_state {
- struct tevent_context *ev;
- struct dom_sid sid;
- struct wbint_SidArray sids;
-};
-
-static void wb_lookupusergroups_done(struct tevent_req *subreq);
-
-struct tevent_req *wb_lookupusergroups_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct winbindd_domain *domain,
- const struct dom_sid *sid)
-{
- struct tevent_req *req, *subreq;
- struct wb_lookupusergroups_state *state;
- NTSTATUS status;
-
- req = tevent_req_create(mem_ctx, &state,
- struct wb_lookupusergroups_state);
- if (req == NULL) {
- return NULL;
- }
- sid_copy(&state->sid, sid);
-
- status = lookup_usergroups_cached(state,
- &state->sid,
- &state->sids.num_sids,
- &state->sids.sids);
- if (NT_STATUS_IS_OK(status)) {
- tevent_req_done(req);
- return tevent_req_post(req, ev);
- }
-
- subreq = dcerpc_wbint_LookupUserGroups_send(
- state, ev, dom_child_handle(domain), &state->sid, &state->sids);
- if (tevent_req_nomem(subreq, req)) {
- return tevent_req_post(req, ev);
- }
- tevent_req_set_callback(subreq, wb_lookupusergroups_done, req);
- return req;
-}
-
-static void wb_lookupusergroups_done(struct tevent_req *subreq)
-{
- struct tevent_req *req = tevent_req_callback_data(
- subreq, struct tevent_req);
- struct wb_lookupusergroups_state *state = tevent_req_data(
- req, struct wb_lookupusergroups_state);
- NTSTATUS status, result;
-
- status = dcerpc_wbint_LookupUserGroups_recv(subreq, state, &result);
- TALLOC_FREE(subreq);
- if (any_nt_status_not_ok(status, result, &status)) {
- tevent_req_nterror(req, status);
- return;
- }
- tevent_req_done(req);
-}
-
-NTSTATUS wb_lookupusergroups_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- int *num_sids, struct dom_sid **sids)
-{
- struct wb_lookupusergroups_state *state = tevent_req_data(
- req, struct wb_lookupusergroups_state);
- NTSTATUS status;
-
- if (tevent_req_is_nterror(req, &status)) {
- return status;
- }
- *num_sids = state->sids.num_sids;
- *sids = talloc_move(mem_ctx, &state->sids.sids);
- return NT_STATUS_OK;
-}
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 2aed8dc25aa..1ab5319eb8a 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -672,12 +672,6 @@ struct tevent_req *winbindd_getsidaliases_send(TALLOC_CTX *mem_ctx,
struct winbindd_request *request);
NTSTATUS winbindd_getsidaliases_recv(struct tevent_req *req,
struct winbindd_response *response);
-struct tevent_req *wb_lookupusergroups_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct winbindd_domain *domain,
- const struct dom_sid *sid);
-NTSTATUS wb_lookupusergroups_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- int *num_sids, struct dom_sid **sids);
struct tevent_req *winbindd_getuserdomgroups_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
diff --git a/source3/winbindd/wscript_build b/source3/winbindd/wscript_build
index 51264e9e365..a5d0dd6f97f 100644
--- a/source3/winbindd/wscript_build
+++ b/source3/winbindd/wscript_build
@@ -206,7 +206,6 @@ bld.SAMBA3_BINARY('winbindd',
wb_xids2sids.c
wb_queryuser.c
wb_lookupuseraliases.c
- wb_lookupusergroups.c
wb_getpwsid.c
wb_gettoken.c
wb_seqnum.c
--
2.11.0
>From 9d92e5b3de8e24d099a77ccd5e9263cdd041bcaf Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 15:04:29 +0000
Subject: [PATCH 08/22] winbind: Remove wbint_LookupUserGroups
Signed-off-by: Volker Lendecke <vl at samba.org>
---
librpc/idl/winbind.idl | 5 -----
source3/winbindd/winbindd_dual_srv.c | 17 -----------------
2 files changed, 22 deletions(-)
diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl
index c47f2bd7a66..13b08b53a5f 100644
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -103,11 +103,6 @@ interface winbind
[out] wbint_RidArray *rids
);
- NTSTATUS wbint_LookupUserGroups(
- [in] dom_sid *sid,
- [out] wbint_SidArray *sids
- );
-
NTSTATUS wbint_QuerySequenceNumber(
[out] uint32 *sequence
);
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index a5667d11ca0..38952890ef8 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -301,23 +301,6 @@ NTSTATUS _wbint_LookupUserAliases(struct pipes_struct *p,
return status;
}
-NTSTATUS _wbint_LookupUserGroups(struct pipes_struct *p,
- struct wbint_LookupUserGroups *r)
-{
- struct winbindd_domain *domain = wb_child_domain();
- NTSTATUS status;
-
- if (domain == NULL) {
- return NT_STATUS_REQUEST_NOT_ACCEPTED;
- }
-
- status = wb_cache_lookup_usergroups(domain, p->mem_ctx, r->in.sid,
- &r->out.sids->num_sids,
- &r->out.sids->sids);
- reset_cm_connection_on_error(domain, status);
- return status;
-}
-
NTSTATUS _wbint_QuerySequenceNumber(struct pipes_struct *p,
struct wbint_QuerySequenceNumber *r)
{
--
2.11.0
>From 563afd86dfeb150a74253ccf7d40a67e9069112f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 15:07:03 +0000
Subject: [PATCH 09/22] winbind: Remove wb_cache_lookup_usergroups
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_cache.c | 71 ---------------------------------------
source3/winbindd/winbindd_proto.h | 5 ---
2 files changed, 76 deletions(-)
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 18073809e0f..6d30b45ed85 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -2431,77 +2431,6 @@ NTSTATUS wcache_lookup_usergroups(struct winbindd_domain *domain,
return status;
}
-/* Lookup groups a user is a member of. */
-NTSTATUS wb_cache_lookup_usergroups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- uint32_t *num_groups,
- struct dom_sid **user_gids)
-{
- struct cache_entry *centry = NULL;
- NTSTATUS status;
- unsigned int i;
- fstring sid_string;
- bool old_status;
-
- old_status = domain->online;
- status = wcache_lookup_usergroups(domain, mem_ctx, user_sid,
- num_groups, user_gids);
- if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
- return status;
- }
-
- (*num_groups) = 0;
- (*user_gids) = NULL;
-
- /* Return status value returned by seq number check */
-
- if (!NT_STATUS_IS_OK(domain->last_status))
- return domain->last_status;
-
- DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
- domain->name ));
-
- status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
-
- if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
- NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
- if (!domain->internal && old_status) {
- set_domain_offline(domain);
- }
- if (!domain->internal &&
- !domain->online &&
- old_status) {
- NTSTATUS cache_status;
- cache_status = wcache_lookup_usergroups(domain, mem_ctx, user_sid,
- num_groups, user_gids);
- return cache_status;
- }
- }
- if ( NT_STATUS_EQUAL(status, NT_STATUS_SYNCHRONIZATION_REQUIRED) )
- goto skip_save;
-
- /* and save it */
- refresh_sequence_number(domain);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- centry = centry_start(domain, status);
- if (!centry)
- goto skip_save;
-
- centry_put_uint32(centry, *num_groups);
- for (i=0; i<(*num_groups); i++) {
- centry_put_sid(centry, &(*user_gids)[i]);
- }
-
- centry_end(centry, "UG/%s", sid_to_fstring(sid_string, user_sid));
- centry_free(centry);
-
-skip_save:
- return status;
-}
-
static char *wcache_make_sidlist(TALLOC_CTX *mem_ctx, uint32_t num_sids,
const struct dom_sid *sids)
{
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 1ab5319eb8a..e4d1aff8338 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -90,11 +90,6 @@ NTSTATUS wb_cache_rids_to_names(struct winbindd_domain *domain,
char **domain_name,
char ***names,
enum lsa_SidType **types);
-NTSTATUS wb_cache_lookup_usergroups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- uint32_t *pnum_sids,
- struct dom_sid **psids);
NTSTATUS wb_cache_lookup_useraliases(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32_t num_sids,
--
2.11.0
>From a9447484fbe2be38a1d73b97415687a48a94d93d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 15:12:35 +0000
Subject: [PATCH 10/22] winbind: Remove wcache_lookup_usergroups
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_cache.c | 59 ---------------------------------------
source3/winbindd/winbindd_proto.h | 5 ----
2 files changed, 64 deletions(-)
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 6d30b45ed85..f5f7dc1085b 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -2372,65 +2372,6 @@ NTSTATUS wcache_query_user_fullname(struct winbindd_domain *domain,
return NT_STATUS_OK;
}
-NTSTATUS wcache_lookup_usergroups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- uint32_t *pnum_sids,
- struct dom_sid **psids)
-{
- struct winbind_cache *cache = get_cache(domain);
- struct cache_entry *centry = NULL;
- NTSTATUS status;
- uint32_t i, num_sids;
- struct dom_sid *sids;
- fstring sid_string;
-
- if (cache->tdb == NULL) {
- return NT_STATUS_NOT_FOUND;
- }
-
- centry = wcache_fetch(cache, domain, "UG/%s",
- sid_to_fstring(sid_string, user_sid));
- if (centry == NULL) {
- return NT_STATUS_NOT_FOUND;
- }
-
- /* If we have an access denied cache entry and a cached info3 in the
- samlogon cache then do a query. This will force the rpc back end
- to return the info3 data. */
-
- if (NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)
- && netsamlogon_cache_have(user_sid)) {
- DEBUG(10, ("lookup_usergroups: cached access denied and have "
- "cached info3\n"));
- domain->last_status = NT_STATUS_OK;
- centry_free(centry);
- return NT_STATUS_NOT_FOUND;
- }
-
- num_sids = centry_uint32(centry);
- sids = talloc_array(mem_ctx, struct dom_sid, num_sids);
- if (sids == NULL) {
- centry_free(centry);
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0; i<num_sids; i++) {
- centry_sid(centry, &sids[i]);
- }
-
- status = centry->status;
-
- DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s "
- "status: %s\n", domain->name, nt_errstr(status)));
-
- centry_free(centry);
-
- *pnum_sids = num_sids;
- *psids = sids;
- return status;
-}
-
static char *wcache_make_sidlist(TALLOC_CTX *mem_ctx, uint32_t num_sids,
const struct dom_sid *sids)
{
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index e4d1aff8338..77bab4a1a90 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -170,11 +170,6 @@ NTSTATUS wcache_lookup_useraliases(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32_t num_sids, const struct dom_sid *sids,
uint32_t *pnum_aliases, uint32_t **paliases);
-NTSTATUS wcache_lookup_usergroups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- uint32_t *pnum_sids,
- struct dom_sid **psids);
void wcache_flush_cache(void);
NTSTATUS wcache_count_cached_creds(struct winbindd_domain *domain, int *count);
--
2.11.0
>From 81da5407de4ef16ed250c175a493978cc3561c7f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 15:13:50 +0000
Subject: [PATCH 11/22] winbind: Remove validate_ug
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_cache.c | 32 --------------------------------
1 file changed, 32 deletions(-)
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index f5f7dc1085b..d8a49c7015f 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -2969,11 +2969,6 @@ void wcache_invalidate_samlogon(struct winbindd_domain *domain,
DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str));
tdb_delete(cache->tdb, string_tdb_data(key_str));
- /* Clear UG/SID cache entry */
- fstr_sprintf(key_str, "UG/%s", sid_to_fstring(sid_string, sid));
- DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str));
- tdb_delete(cache->tdb, string_tdb_data(key_str));
-
/* Samba/winbindd never needs this. */
netsamlogon_clear_cached_user(sid);
}
@@ -3746,32 +3741,6 @@ static int validate_gl(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
return 0;
}
-static int validate_ug(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
- struct tdb_validation_status *state)
-{
- struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
- int32_t num_groups, i;
-
- if (!centry) {
- return 1;
- }
-
- num_groups = centry_uint32(centry);
-
- for (i=0; i< num_groups; i++) {
- struct dom_sid sid;
- centry_sid(centry, &sid);
- }
-
- centry_free(centry);
-
- if (!(state->success)) {
- return 1;
- }
- DEBUG(10,("validate_ug: %s ok\n", keystr));
- return 0;
-}
-
static int validate_ua(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
struct tdb_validation_status *state)
{
@@ -3997,7 +3966,6 @@ struct key_val_struct {
{"CRED/", validate_cred},
{"UL/", validate_ul},
{"GL/", validate_gl},
- {"UG/", validate_ug},
{"UA", validate_ua},
{"GM/", validate_gm},
{"DR/", validate_dr},
--
2.11.0
>From c309b3c6b1dcd82082c74123888f438649db382d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 15:21:37 +0000
Subject: [PATCH 12/22] winbind: Remove "lookup_usergroups" winbind method
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd.h | 8 -
source3/winbindd/winbindd_ads.c | 377 ------------------------------
source3/winbindd/winbindd_msrpc.c | 72 ------
source3/winbindd/winbindd_reconnect.c | 21 --
source3/winbindd/winbindd_reconnect_ads.c | 22 --
source3/winbindd/winbindd_samr.c | 65 ------
6 files changed, 565 deletions(-)
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index 155369f760c..3f28fd07a3c 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -263,14 +263,6 @@ struct winbindd_methods {
char ***names,
enum lsa_SidType **types);
- /* lookup all groups that a user is a member of. The backend
- can also choose to lookup by username or rid for this
- function */
- NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- uint32_t *num_groups, struct dom_sid **user_gids);
-
/* Lookup all aliases that the sids delivered are member of. This is
* to implement 'domain local groups' correctly */
NTSTATUS (*lookup_useraliases)(struct winbindd_domain *domain,
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 7b8603c9092..0f70334fe61 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -601,382 +601,6 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain,
domain_name, names, types);
}
-/* Lookup groups a user is a member of - alternate method, for when
- tokenGroups are not available. */
-static NTSTATUS lookup_usergroups_member(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const char *user_dn,
- struct dom_sid *primary_group,
- uint32_t *p_num_groups, struct dom_sid **user_sids)
-{
- ADS_STATUS rc;
- NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- int count;
- LDAPMessage *res = NULL;
- LDAPMessage *msg = NULL;
- char *ldap_exp;
- ADS_STRUCT *ads;
- const char *group_attrs[] = {"objectSid", NULL};
- char *escaped_dn;
- uint32_t num_groups = 0;
-
- DEBUG(3,("ads: lookup_usergroups_member\n"));
-
- if ( !winbindd_can_contact_domain( domain ) ) {
- DEBUG(10,("lookup_usergroups_members: No incoming trust for domain %s\n",
- domain->name));
- return NT_STATUS_OK;
- }
-
- ads = ads_cached_connection(domain);
-
- if (!ads) {
- domain->last_status = NT_STATUS_SERVER_DISABLED;
- goto done;
- }
-
- if (!(escaped_dn = escape_ldap_string(talloc_tos(), user_dn))) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- ldap_exp = talloc_asprintf(mem_ctx,
- "(&(member=%s)(objectCategory=group)(groupType:dn:%s:=%d))",
- escaped_dn,
- ADS_LDAP_MATCHING_RULE_BIT_AND,
- GROUP_TYPE_SECURITY_ENABLED);
- if (!ldap_exp) {
- DEBUG(1,("lookup_usergroups(dn=%s) asprintf failed!\n", user_dn));
- TALLOC_FREE(escaped_dn);
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- TALLOC_FREE(escaped_dn);
-
- rc = ads_search_retry(ads, &res, ldap_exp, group_attrs);
-
- if (!ADS_ERR_OK(rc)) {
- DEBUG(1,("lookup_usergroups ads_search member=%s: %s\n", user_dn, ads_errstr(rc)));
- return ads_ntstatus(rc);
- } else if (!res) {
- DEBUG(1,("lookup_usergroups ads_search returned NULL res\n"));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
-
- count = ads_count_replies(ads, res);
-
- *user_sids = NULL;
- num_groups = 0;
-
- /* always add the primary group to the sid array */
- status = add_sid_to_array(mem_ctx, primary_group, user_sids,
- &num_groups);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- if (count > 0) {
- for (msg = ads_first_entry(ads, res); msg;
- msg = ads_next_entry(ads, msg)) {
- struct dom_sid group_sid;
-
- if (!ads_pull_sid(ads, msg, "objectSid", &group_sid)) {
- DEBUG(1,("No sid for this group ?!?\n"));
- continue;
- }
-
- /* ignore Builtin groups from ADS - Guenther */
- if (sid_check_is_in_builtin(&group_sid)) {
- continue;
- }
-
- status = add_sid_to_array(mem_ctx, &group_sid,
- user_sids, &num_groups);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
- }
-
- }
-
- *p_num_groups = num_groups;
- status = (user_sids != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
-
- DEBUG(3,("ads lookup_usergroups (member) succeeded for dn=%s\n", user_dn));
-done:
- if (res)
- ads_msgfree(ads, res);
-
- return status;
-}
-
-/* Lookup groups a user is a member of - alternate method, for when
- tokenGroups are not available. */
-static NTSTATUS lookup_usergroups_memberof(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const char *user_dn,
- struct dom_sid *primary_group,
- uint32_t *p_num_groups,
- struct dom_sid **user_sids)
-{
- ADS_STATUS rc;
- NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- ADS_STRUCT *ads;
- const char *attrs[] = {"memberOf", NULL};
- uint32_t num_groups = 0;
- struct dom_sid *group_sids = NULL;
- int i;
- char **strings = NULL;
- size_t num_strings = 0, num_sids = 0;
-
-
- DEBUG(3,("ads: lookup_usergroups_memberof\n"));
-
- if ( !winbindd_can_contact_domain( domain ) ) {
- DEBUG(10,("lookup_usergroups_memberof: No incoming trust for "
- "domain %s\n", domain->name));
- return NT_STATUS_OK;
- }
-
- ads = ads_cached_connection(domain);
-
- if (!ads) {
- domain->last_status = NT_STATUS_SERVER_DISABLED;
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- rc = ads_search_retry_extended_dn_ranged(ads, mem_ctx, user_dn, attrs,
- ADS_EXTENDED_DN_HEX_STRING,
- &strings, &num_strings);
-
- if (!ADS_ERR_OK(rc)) {
- DEBUG(1,("lookup_usergroups_memberof ads_search "
- "member=%s: %s\n", user_dn, ads_errstr(rc)));
- return ads_ntstatus(rc);
- }
-
- *user_sids = NULL;
- num_groups = 0;
-
- /* always add the primary group to the sid array */
- status = add_sid_to_array(mem_ctx, primary_group, user_sids,
- &num_groups);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- group_sids = talloc_zero_array(mem_ctx, struct dom_sid, num_strings + 1);
- if (!group_sids) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- for (i=0; i<num_strings; i++) {
- rc = ads_get_sid_from_extended_dn(mem_ctx, strings[i],
- ADS_EXTENDED_DN_HEX_STRING,
- &(group_sids)[i]);
- if (!ADS_ERR_OK(rc)) {
- /* ignore members without SIDs */
- if (NT_STATUS_EQUAL(ads_ntstatus(rc),
- NT_STATUS_NOT_FOUND)) {
- continue;
- }
- else {
- status = ads_ntstatus(rc);
- goto done;
- }
- }
- num_sids++;
- }
-
- if (i == 0) {
- DEBUG(1,("No memberOf for this user?!?\n"));
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- for (i=0; i<num_sids; i++) {
-
- /* ignore Builtin groups from ADS - Guenther */
- if (sid_check_is_in_builtin(&group_sids[i])) {
- continue;
- }
-
- status = add_sid_to_array(mem_ctx, &group_sids[i], user_sids,
- &num_groups);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- }
-
- *p_num_groups = num_groups;
- status = (*user_sids != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
-
- DEBUG(3,("ads lookup_usergroups (memberof) succeeded for dn=%s\n",
- user_dn));
-
-done:
- TALLOC_FREE(strings);
- TALLOC_FREE(group_sids);
-
- return status;
-}
-
-
-/* Lookup groups a user is a member of. */
-static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *sid,
- uint32_t *p_num_groups, struct dom_sid **user_sids)
-{
- ADS_STRUCT *ads = NULL;
- const char *attrs[] = {"tokenGroups", "primaryGroupID", NULL};
- ADS_STATUS rc;
- int count;
- LDAPMessage *msg = NULL;
- char *user_dn = NULL;
- struct dom_sid *sids;
- int i;
- struct dom_sid primary_group;
- uint32_t primary_group_rid;
- NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- uint32_t num_groups = 0;
-
- DEBUG(3,("ads: lookup_usergroups\n"));
- *p_num_groups = 0;
-
- status = lookup_usergroups_cached(mem_ctx, sid,
- p_num_groups, user_sids);
- if (NT_STATUS_IS_OK(status)) {
- return NT_STATUS_OK;
- }
-
- if ( !winbindd_can_contact_domain( domain ) ) {
- DEBUG(10,("lookup_usergroups: No incoming trust for domain %s\n",
- domain->name));
-
- /* Tell the cache manager not to remember this one */
-
- return NT_STATUS_SYNCHRONIZATION_REQUIRED;
- }
-
- ads = ads_cached_connection(domain);
-
- if (!ads) {
- domain->last_status = NT_STATUS_SERVER_DISABLED;
- status = NT_STATUS_SERVER_DISABLED;
- goto done;
- }
-
- rc = ads_search_retry_sid(ads, &msg, sid, attrs);
-
- if (!ADS_ERR_OK(rc)) {
- status = ads_ntstatus(rc);
- DEBUG(1, ("lookup_usergroups(sid=%s) ads_search tokenGroups: "
- "%s\n", sid_string_dbg(sid), ads_errstr(rc)));
- goto done;
- }
-
- count = ads_count_replies(ads, msg);
- if (count != 1) {
- status = NT_STATUS_UNSUCCESSFUL;
- DEBUG(1,("lookup_usergroups(sid=%s) ads_search tokenGroups: "
- "invalid number of results (count=%d)\n",
- sid_string_dbg(sid), count));
- goto done;
- }
-
- if (!msg) {
- DEBUG(1,("lookup_usergroups(sid=%s) ads_search tokenGroups: NULL msg\n",
- sid_string_dbg(sid)));
- status = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- user_dn = ads_get_dn(ads, mem_ctx, msg);
- if (user_dn == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- if (!ads_pull_uint32(ads, msg, "primaryGroupID", &primary_group_rid)) {
- DEBUG(1,("%s: No primary group for sid=%s !?\n",
- domain->name, sid_string_dbg(sid)));
- goto done;
- }
-
- sid_compose(&primary_group, &domain->sid, primary_group_rid);
-
- count = ads_pull_sids(ads, mem_ctx, msg, "tokenGroups", &sids);
-
- /* there must always be at least one group in the token,
- unless we are talking to a buggy Win2k server */
-
- /* actually this only happens when the machine account has no read
- * permissions on the tokenGroup attribute - gd */
-
- if (count == 0) {
-
- /* no tokenGroups */
-
- /* lookup what groups this user is a member of by DN search on
- * "memberOf" */
-
- status = lookup_usergroups_memberof(domain, mem_ctx, user_dn,
- &primary_group,
- &num_groups, user_sids);
- *p_num_groups = num_groups;
- if (NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- /* lookup what groups this user is a member of by DN search on
- * "member" */
-
- status = lookup_usergroups_member(domain, mem_ctx, user_dn,
- &primary_group,
- &num_groups, user_sids);
- *p_num_groups = num_groups;
- goto done;
- }
-
- *user_sids = NULL;
- num_groups = 0;
-
- status = add_sid_to_array(mem_ctx, &primary_group, user_sids,
- &num_groups);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- for (i=0;i<count;i++) {
-
- /* ignore Builtin groups from ADS - Guenther */
- if (sid_check_is_in_builtin(&sids[i])) {
- continue;
- }
-
- status = add_sid_to_array_unique(mem_ctx, &sids[i],
- user_sids, &num_groups);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
- }
-
- *p_num_groups = (uint32_t)num_groups;
- status = (*user_sids != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
-
- DEBUG(3,("ads lookup_usergroups (tokenGroups) succeeded for sid=%s\n",
- sid_string_dbg(sid)));
-done:
- TALLOC_FREE(user_dn);
- ads_msgfree(ads, msg);
- return status;
-}
-
/* Lookup aliases a user is member of - use rpc methods */
static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
@@ -1552,7 +1176,6 @@ struct winbindd_methods ads_methods = {
name_to_sid,
sid_to_name,
rids_to_names,
- lookup_usergroups,
lookup_useraliases,
lookup_groupmem,
sequence_number,
diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
index 1aa162c5a10..bc19973082d 100644
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -403,77 +403,6 @@ static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,
return result;
}
-/* Lookup groups a user is a member of. I wish Unix had a call like this! */
-static NTSTATUS msrpc_lookup_usergroups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- uint32_t *pnum_groups,
- struct dom_sid **puser_grpsids)
-{
- struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
- struct dom_sid *user_grpsids = NULL;
- uint32_t num_groups = 0;
- TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
-
- DEBUG(3,("msrpc_lookup_usergroups sid=%s\n", sid_string_dbg(user_sid)));
-
- *pnum_groups = 0;
-
- tmp_ctx = talloc_stackframe();
- if (tmp_ctx == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- /* Check if we have a cached user_info_3 */
- status = lookup_usergroups_cached(tmp_ctx,
- user_sid,
- &num_groups,
- &user_grpsids);
- if (NT_STATUS_IS_OK(status)) {
- goto cached;
- }
-
- if ( !winbindd_can_contact_domain( domain ) ) {
- DEBUG(10,("lookup_usergroups: No incoming trust for domain %s\n",
- domain->name));
-
- /* Tell the cache manager not to remember this one */
- status = NT_STATUS_SYNCHRONIZATION_REQUIRED;
- goto done;
- }
-
- /* no cache; hit the wire */
- status = cm_connect_sam(domain, tmp_ctx, false, &samr_pipe, &dom_pol);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- status = rpc_lookup_usergroups(tmp_ctx,
- samr_pipe,
- &dom_pol,
- &domain->sid,
- user_sid,
- &num_groups,
- &user_grpsids);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
-cached:
- *pnum_groups = num_groups;
-
- if (puser_grpsids) {
- *puser_grpsids = talloc_move(mem_ctx, &user_grpsids);
- }
-
-done:
- TALLOC_FREE(tmp_ctx);
- return status;
- return NT_STATUS_OK;
-}
-
#define MAX_SAM_ENTRIES_W2K 0x400 /* 1024 */
static NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
@@ -1171,7 +1100,6 @@ struct winbindd_methods msrpc_methods = {
msrpc_name_to_sid,
msrpc_sid_to_name,
msrpc_rids_to_names,
- msrpc_lookup_usergroups,
msrpc_lookup_useraliases,
msrpc_lookup_groupmem,
msrpc_sequence_number,
diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c
index 0406c995b1b..5727a653e3e 100644
--- a/source3/winbindd/winbindd_reconnect.c
+++ b/source3/winbindd/winbindd_reconnect.c
@@ -201,26 +201,6 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain,
return result;
}
-/* Lookup groups a user is a member of. I wish Unix had a call like this! */
-static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- uint32_t *num_groups, struct dom_sid **user_gids)
-{
- NTSTATUS result;
-
- result = msrpc_methods.lookup_usergroups(domain, mem_ctx,
- user_sid, num_groups,
- user_gids);
-
- if (reconnect_need_retry(result, domain))
- result = msrpc_methods.lookup_usergroups(domain, mem_ctx,
- user_sid, num_groups,
- user_gids);
-
- return result;
-}
-
static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32_t num_sids, const struct dom_sid *sids,
@@ -336,7 +316,6 @@ struct winbindd_methods reconnect_methods = {
name_to_sid,
sid_to_name,
rids_to_names,
- lookup_usergroups,
lookup_useraliases,
lookup_groupmem,
sequence_number,
diff --git a/source3/winbindd/winbindd_reconnect_ads.c b/source3/winbindd/winbindd_reconnect_ads.c
index 5a913607472..dbfa7ff16d3 100644
--- a/source3/winbindd/winbindd_reconnect_ads.c
+++ b/source3/winbindd/winbindd_reconnect_ads.c
@@ -156,27 +156,6 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain,
return result;
}
-/* Lookup groups a user is a member of. I wish Unix had a call like this! */
-static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- uint32_t *num_groups,
- struct dom_sid **user_gids)
-{
- NTSTATUS result;
-
- result = ads_methods.lookup_usergroups(domain, mem_ctx, user_sid,
- num_groups, user_gids);
-
- if (reconnect_need_retry(result, domain)) {
- result = ads_methods.lookup_usergroups(domain, mem_ctx,
- user_sid, num_groups,
- user_gids);
- }
-
- return result;
-}
-
static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32_t num_sids,
@@ -293,7 +272,6 @@ struct winbindd_methods reconnect_ads_methods = {
name_to_sid,
sid_to_name,
rids_to_names,
- lookup_usergroups,
lookup_useraliases,
lookup_groupmem,
sequence_number,
diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
index 0ce98ab542a..419e328ba28 100644
--- a/source3/winbindd/winbindd_samr.c
+++ b/source3/winbindd/winbindd_samr.c
@@ -790,69 +790,6 @@ error:
return status;
}
-/* Lookup groups a user is a member of. */
-static NTSTATUS sam_lookup_usergroups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- uint32_t *pnum_groups,
- struct dom_sid **puser_grpsids)
-{
- struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
- struct dom_sid *user_grpsids = NULL;
- uint32_t num_groups = 0;
- TALLOC_CTX *tmp_ctx;
- NTSTATUS status, result;
- struct dcerpc_binding_handle *b = NULL;
-
- DEBUG(3,("sam_lookup_usergroups\n"));
-
- ZERO_STRUCT(dom_pol);
-
- if (pnum_groups) {
- *pnum_groups = 0;
- }
-
- tmp_ctx = talloc_stackframe();
- if (tmp_ctx == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- status = open_internal_samr_conn(tmp_ctx, domain, &samr_pipe, &dom_pol);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- b = samr_pipe->binding_handle;
-
- status = rpc_lookup_usergroups(tmp_ctx,
- samr_pipe,
- &dom_pol,
- &domain->sid,
- user_sid,
- &num_groups,
- &user_grpsids);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- if (pnum_groups) {
- *pnum_groups = num_groups;
- }
-
- if (puser_grpsids) {
- *puser_grpsids = talloc_move(mem_ctx, &user_grpsids);
- }
-
-done:
- if (b && is_valid_policy_hnd(&dom_pol)) {
- dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
- }
-
- TALLOC_FREE(tmp_ctx);
- return status;
-}
-
static NTSTATUS sam_lookup_useraliases(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32_t num_sids,
@@ -978,7 +915,6 @@ struct winbindd_methods builtin_passdb_methods = {
.name_to_sid = sam_name_to_sid,
.sid_to_name = sam_sid_to_name,
.rids_to_names = sam_rids_to_names,
- .lookup_usergroups = sam_lookup_usergroups,
.lookup_useraliases = sam_lookup_useraliases,
.lookup_groupmem = sam_lookup_groupmem,
.sequence_number = sam_sequence_number,
@@ -997,7 +933,6 @@ struct winbindd_methods sam_passdb_methods = {
.name_to_sid = sam_name_to_sid,
.sid_to_name = sam_sid_to_name,
.rids_to_names = sam_rids_to_names,
- .lookup_usergroups = sam_lookup_usergroups,
.lookup_useraliases = sam_lookup_useraliases,
.lookup_groupmem = sam_lookup_groupmem,
.sequence_number = sam_sequence_number,
--
2.11.0
>From e06ea9a162428c626f87dc2a9c80bea9e990d17f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 15:23:21 +0000
Subject: [PATCH 13/22] winbind: Remove rpc_lookup_usergroups
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_rpc.c | 74 -----------------------------------------
source3/winbindd/winbindd_rpc.h | 9 -----
2 files changed, 83 deletions(-)
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 2a096edf8fd..1e234ba4181 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -476,80 +476,6 @@ NTSTATUS rpc_rids_to_names(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-/* Lookup groups a user is a member of. */
-NTSTATUS rpc_lookup_usergroups(TALLOC_CTX *mem_ctx,
- struct rpc_pipe_client *samr_pipe,
- struct policy_handle *samr_policy,
- const struct dom_sid *domain_sid,
- const struct dom_sid *user_sid,
- uint32_t *pnum_groups,
- struct dom_sid **puser_grpsids)
-{
- struct policy_handle user_policy;
- struct samr_RidWithAttributeArray *rid_array = NULL;
- struct dom_sid *user_grpsids = NULL;
- uint32_t num_groups = 0, i;
- uint32_t user_rid;
- NTSTATUS status, result;
- struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
-
- if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* Get user handle */
- status = dcerpc_samr_OpenUser(b,
- mem_ctx,
- samr_policy,
- SEC_FLAG_MAXIMUM_ALLOWED,
- user_rid,
- &user_policy,
- &result);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- if (!NT_STATUS_IS_OK(result)) {
- return result;
- }
-
- /* Query user rids */
- status = dcerpc_samr_GetGroupsForUser(b,
- mem_ctx,
- &user_policy,
- &rid_array,
- &result);
- {
- NTSTATUS _result;
- dcerpc_samr_Close(b, mem_ctx, &user_policy, &_result);
- }
-
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- if (!NT_STATUS_IS_OK(result)) {
- return result;
- }
-
- num_groups = rid_array->count;
-
- user_grpsids = talloc_array(mem_ctx, struct dom_sid, num_groups);
- if (user_grpsids == NULL) {
- status = NT_STATUS_NO_MEMORY;
- return status;
- }
-
- for (i = 0; i < num_groups; i++) {
- sid_compose(&(user_grpsids[i]), domain_sid,
- rid_array->rids[i].rid);
- }
-
- *pnum_groups = num_groups;
-
- *puser_grpsids = user_grpsids;
-
- return NT_STATUS_OK;
-}
-
NTSTATUS rpc_lookup_useraliases(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *samr_pipe,
struct policy_handle *samr_policy,
diff --git a/source3/winbindd/winbindd_rpc.h b/source3/winbindd/winbindd_rpc.h
index bdfc3ed948e..beb605a0053 100644
--- a/source3/winbindd/winbindd_rpc.h
+++ b/source3/winbindd/winbindd_rpc.h
@@ -79,15 +79,6 @@ NTSTATUS rpc_rids_to_names(TALLOC_CTX *mem_ctx,
char ***pnames,
enum lsa_SidType **ptypes);
-/* Lookup groups a user is a member of. */
-NTSTATUS rpc_lookup_usergroups(TALLOC_CTX *mem_ctx,
- struct rpc_pipe_client *samr_pipe,
- struct policy_handle *samr_policy,
- const struct dom_sid *domain_sid,
- const struct dom_sid *user_sid,
- uint32_t *pnum_groups,
- struct dom_sid **puser_grpsids);
-
NTSTATUS rpc_lookup_useraliases(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *samr_pipe,
struct policy_handle *samr_policy,
--
2.11.0
>From 7b21d33b47493495837b2d2525dc3c3bc79a037f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 2 Jan 2017 15:19:14 +0000
Subject: [PATCH 14/22] winbind: Make wb_query_user_list just return names
Yes, this compiles. Nobody call this right now. Hold on :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/wb_query_user_list.c | 70 +++++++++++++++++++++++++++++------
source3/winbindd/winbindd_proto.h | 3 +-
2 files changed, 60 insertions(+), 13 deletions(-)
diff --git a/source3/winbindd/wb_query_user_list.c b/source3/winbindd/wb_query_user_list.c
index 8bdc42b6a27..3c18080e847 100644
--- a/source3/winbindd/wb_query_user_list.c
+++ b/source3/winbindd/wb_query_user_list.c
@@ -20,11 +20,18 @@
#include "includes.h"
#include "winbindd.h"
#include "librpc/gen_ndr/ndr_winbind_c.h"
+#include "lib/util/strv.h"
struct wb_query_user_list_state {
- struct wbint_userinfos users;
+ struct tevent_context *ev;
+ struct winbindd_domain *domain;
+ struct wbint_RidArray rids;
+ const char *domain_name;
+ struct wbint_Principals names;
+ char *users;
};
+static void wb_query_user_list_gotrids(struct tevent_req *subreq);
static void wb_query_user_list_done(struct tevent_req *subreq);
struct tevent_req *wb_query_user_list_send(TALLOC_CTX *mem_ctx,
@@ -39,18 +46,19 @@ struct tevent_req *wb_query_user_list_send(TALLOC_CTX *mem_ctx,
if (req == NULL) {
return NULL;
}
+ state->ev = ev;
+ state->domain = domain;
- subreq = dcerpc_wbint_QueryUserList_send(state, ev,
- dom_child_handle(domain),
- &state->users);
+ subreq = dcerpc_wbint_QueryUserRidList_send(
+ state, ev, dom_child_handle(domain), &state->rids);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
- tevent_req_set_callback(subreq, wb_query_user_list_done, req);
+ tevent_req_set_callback(subreq, wb_query_user_list_gotrids, req);
return req;
}
-static void wb_query_user_list_done(struct tevent_req *subreq)
+static void wb_query_user_list_gotrids(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
@@ -58,7 +66,7 @@ static void wb_query_user_list_done(struct tevent_req *subreq)
req, struct wb_query_user_list_state);
NTSTATUS status, result;
- status = dcerpc_wbint_QueryUserList_recv(subreq, state, &result);
+ status = dcerpc_wbint_QueryUserRidList_recv(subreq, state, &result);
TALLOC_FREE(subreq);
if (any_nt_status_not_ok(status, result, &status)) {
tevent_req_nterror(req, status);
@@ -66,13 +74,53 @@ static void wb_query_user_list_done(struct tevent_req *subreq)
}
DEBUG(10, ("dcerpc_wbint_QueryUserList returned %d users\n",
- state->users.num_userinfos));
+ state->rids.num_rids));
+
+ subreq = dcerpc_wbint_LookupRids_send(
+ state, state->ev, dom_child_handle(state->domain),
+ &state->domain->sid, &state->rids,
+ &state->domain_name, &state->names);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, wb_query_user_list_done, req);
+}
+
+static void wb_query_user_list_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct wb_query_user_list_state *state = tevent_req_data(
+ req, struct wb_query_user_list_state);
+ NTSTATUS status, result;
+ int i;
+
+ status = dcerpc_wbint_LookupRids_recv(subreq, state, &result);
+ TALLOC_FREE(subreq);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ for (i=0; i<state->names.num_principals; i++) {
+ struct wbint_Principal *p = &state->names.principals[i];
+ fstring name;
+ int ret;
+
+ fill_domain_username(name, state->domain_name, p->name, true);
+
+ ret = strv_add(state, &state->users, name);
+ if (ret != 0) {
+ tevent_req_nterror(req, map_nt_error_from_unix(ret));
+ return;
+ }
+ }
tevent_req_done(req);
}
NTSTATUS wb_query_user_list_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- int *num_users, struct wbint_userinfo **users)
+ char **users)
{
struct wb_query_user_list_state *state = tevent_req_data(
req, struct wb_query_user_list_state);
@@ -82,7 +130,7 @@ NTSTATUS wb_query_user_list_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
return status;
}
- *num_users = state->users.num_userinfos;
- *users = talloc_move(mem_ctx, &state->users.userinfos);
+ *users = talloc_move(mem_ctx, &state->users);
+
return NT_STATUS_OK;
}
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 77bab4a1a90..040e8ab5ede 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -753,8 +753,7 @@ struct tevent_req *wb_query_user_list_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct winbindd_domain *domain);
NTSTATUS wb_query_user_list_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- int *num_users,
- struct wbint_userinfo **users);
+ char **users);
struct tevent_req *wb_query_group_list_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
--
2.11.0
>From 245115559cdd46307e58c74a7ad1b9803753943c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 2 Jan 2017 15:44:04 +0000
Subject: [PATCH 15/22] winbind: Make list_users use wb_query_user_list
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_list_users.c | 106 +++++++++++++++------------------
1 file changed, 47 insertions(+), 59 deletions(-)
diff --git a/source3/winbindd/winbindd_list_users.c b/source3/winbindd/winbindd_list_users.c
index a6d6a29e768..4a4343e6658 100644
--- a/source3/winbindd/winbindd_list_users.c
+++ b/source3/winbindd/winbindd_list_users.c
@@ -20,17 +20,18 @@
#include "includes.h"
#include "winbindd.h"
#include "librpc/gen_ndr/ndr_winbind_c.h"
+#include "lib/util/strv.h"
struct winbindd_list_users_domstate {
struct tevent_req *subreq;
struct winbindd_domain *domain;
- struct wbint_userinfos users;
+ char *users;
};
struct winbindd_list_users_state {
- int num_received;
+ size_t num_received;
/* All domains */
- int num_domains;
+ size_t num_domains;
struct winbindd_list_users_domstate *domains;
};
@@ -44,7 +45,7 @@ struct tevent_req *winbindd_list_users_send(TALLOC_CTX *mem_ctx,
struct tevent_req *req;
struct winbindd_list_users_state *state;
struct winbindd_domain *domain;
- int i;
+ size_t i;
req = tevent_req_create(mem_ctx, &state,
struct winbindd_list_users_state);
@@ -90,9 +91,8 @@ struct tevent_req *winbindd_list_users_send(TALLOC_CTX *mem_ctx,
for (i=0; i<state->num_domains; i++) {
struct winbindd_list_users_domstate *d = &state->domains[i];
- d->subreq = dcerpc_wbint_QueryUserList_send(
- state->domains, ev, dom_child_handle(d->domain),
- &d->users);
+ d->subreq = wb_query_user_list_send(
+ state->domains, ev, d->domain);
if (tevent_req_nomem(d->subreq, req)) {
TALLOC_FREE(state->domains);
return tevent_req_post(req, ev);
@@ -110,33 +110,31 @@ static void winbindd_list_users_done(struct tevent_req *subreq)
subreq, struct tevent_req);
struct winbindd_list_users_state *state = tevent_req_data(
req, struct winbindd_list_users_state);
- NTSTATUS status, result;
- int i;
-
- status = dcerpc_wbint_QueryUserList_recv(subreq, state->domains,
- &result);
+ struct winbindd_list_users_domstate *d;
+ NTSTATUS status;
+ size_t i;
for (i=0; i<state->num_domains; i++) {
if (subreq == state->domains[i].subreq) {
break;
}
}
- if (i < state->num_domains) {
- struct winbindd_list_users_domstate *d = &state->domains[i];
-
- DEBUG(10, ("Domain %s returned %d users\n", d->domain->name,
- d->users.num_userinfos));
-
- d->subreq = NULL;
-
- if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(result)) {
- DEBUG(10, ("List_users for domain %s failed\n",
- d->domain->name));
- d->users.num_userinfos = 0;
- }
+ if (i == state->num_domains) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
}
+ d = &state->domains[i];
+
+ status = wb_query_user_list_recv(subreq, state->domains,
+ &d->users);
TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ /*
+ * Just skip this domain
+ */
+ d->users = NULL;
+ }
state->num_received += 1;
@@ -152,55 +150,45 @@ NTSTATUS winbindd_list_users_recv(struct tevent_req *req,
req, struct winbindd_list_users_state);
NTSTATUS status;
char *result;
- int i;
- uint32_t j;
- size_t len;
+ size_t i, len;
if (tevent_req_is_nterror(req, &status)) {
return status;
}
- len = 0;
- response->data.num_entries = 0;
+ result = NULL;
+
for (i=0; i<state->num_domains; i++) {
struct winbindd_list_users_domstate *d = &state->domains[i];
+ int ret;
- for (j=0; j<d->users.num_userinfos; j++) {
- fstring name;
- fill_domain_username(name, d->domain->name,
- d->users.userinfos[j].acct_name,
- True);
- len += strlen(name)+1;
+ if (d->users == NULL) {
+ continue;
}
- response->data.num_entries += d->users.num_userinfos;
- }
- result = talloc_array(response, char, len+1);
- if (result == 0) {
- return NT_STATUS_NO_MEMORY;
- }
-
- len = 0;
- for (i=0; i<state->num_domains; i++) {
- struct winbindd_list_users_domstate *d = &state->domains[i];
-
- for (j=0; j<d->users.num_userinfos; j++) {
- fstring name;
- size_t this_len;
- fill_domain_username(name, d->domain->name,
- d->users.userinfos[j].acct_name,
- True);
- this_len = strlen(name);
- memcpy(result+len, name, this_len);
- len += this_len;
- result[len] = ',';
- len += 1;
+ ret = strv_append(state, &result, d->users);
+ if (ret != 0) {
+ return map_nt_error_from_unix(ret);
}
}
- result[len-1] = '\0';
+
+ len = talloc_get_size(result);
response->extra_data.data = result;
response->length += len;
+ response->data.num_entries = 0;
+
+ if (len >= 1) {
+ len -= 1;
+ response->data.num_entries = 1;
+
+ for (i=0; i<len; i++) {
+ if (result[i] == '\0') {
+ result[i] = ',';
+ response->data.num_entries += 1;
+ }
+ }
+ }
return NT_STATUS_OK;
}
--
2.11.0
>From 217d1a9e1b527d01038a14327e78a8b27c35581f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 2 Jan 2017 15:45:50 +0000
Subject: [PATCH 16/22] winbind: Remove wbint_QueryUserList
Signed-off-by: Volker Lendecke <vl at samba.org>
---
librpc/idl/winbind.idl | 4 ----
source3/winbindd/winbindd_dual_srv.c | 17 -----------------
2 files changed, 21 deletions(-)
diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl
index 13b08b53a5f..6245e13ac6a 100644
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -129,10 +129,6 @@ interface winbind
[size_is(num_userinfos)] wbint_userinfo userinfos[];
} wbint_userinfos;
- NTSTATUS wbint_QueryUserList(
- [out] wbint_userinfos *users
- );
-
NTSTATUS wbint_QueryGroupList(
[out] wbint_Principals *groups
);
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index 38952890ef8..06392ffa742 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -355,23 +355,6 @@ NTSTATUS _wbint_LookupGroupMembers(struct pipes_struct *p,
return NT_STATUS_OK;
}
-NTSTATUS _wbint_QueryUserList(struct pipes_struct *p,
- struct wbint_QueryUserList *r)
-{
- struct winbindd_domain *domain = wb_child_domain();
- NTSTATUS status;
-
- if (domain == NULL) {
- return NT_STATUS_REQUEST_NOT_ACCEPTED;
- }
-
- status = wb_cache_query_user_list(domain, p->mem_ctx,
- &r->out.users->num_userinfos,
- &r->out.users->userinfos);
- reset_cm_connection_on_error(domain, status);
- return status;
-}
-
NTSTATUS _wbint_QueryGroupList(struct pipes_struct *p,
struct wbint_QueryGroupList *r)
{
--
2.11.0
>From 803990367f70d7251b95bcf415009b7eb6302804 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 12:11:30 +0000
Subject: [PATCH 17/22] winbind: Simplify query_user_list to only return rids
Unfortunately this is a pretty large patch, because many functions
implement this API. The alternative would have been to create a new
backend function, add the new one piece by piece and then remove the
original function.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd.h | 3 +-
source3/winbindd/winbindd_ads.c | 70 ++++++------------
source3/winbindd/winbindd_cache.c | 113 +++++++-----------------------
source3/winbindd/winbindd_dual_srv.c | 25 +------
source3/winbindd/winbindd_msrpc.c | 21 ++----
source3/winbindd/winbindd_proto.h | 3 +-
source3/winbindd/winbindd_reconnect.c | 10 ++-
source3/winbindd/winbindd_reconnect_ads.c | 9 +--
source3/winbindd/winbindd_rpc.c | 62 +++-------------
source3/winbindd/winbindd_rpc.h | 3 +-
source3/winbindd/winbindd_samr.c | 27 +++----
11 files changed, 82 insertions(+), 264 deletions(-)
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index 3f28fd07a3c..0f9570338d9 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -222,8 +222,7 @@ struct winbindd_methods {
/* get a list of users, returning a wbint_userinfo for each one */
NTSTATUS (*query_user_list)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32_t *num_entries,
- struct wbint_userinfo **info);
+ uint32_t **rids);
/* get a list of domain groups */
NTSTATUS (*enum_dom_groups)(struct winbindd_domain *domain,
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 0f70334fe61..83579686ff4 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -288,18 +288,18 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
/* Query display info for a realm. This is the basic user list fn */
static NTSTATUS query_user_list(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32_t *num_entries,
- struct wbint_userinfo **pinfo)
+ uint32_t **prids)
{
ADS_STRUCT *ads = NULL;
- const char *attrs[] = { "*", NULL };
- int i, count;
+ const char *attrs[] = { "sAMAccountType", "objectSid", NULL };
+ int count;
+ uint32_t *rids;
ADS_STATUS rc;
LDAPMessage *res = NULL;
LDAPMessage *msg = NULL;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- *num_entries = 0;
+ *prids = NULL;
DEBUG(3,("ads: query_user_list\n"));
@@ -332,8 +332,8 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
goto done;
}
- (*pinfo) = talloc_zero_array(mem_ctx, struct wbint_userinfo, count);
- if (!*pinfo) {
+ rids = talloc_zero_array(mem_ctx, uint32_t, count);
+ if (rids == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
@@ -341,8 +341,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
count = 0;
for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
- struct wbint_userinfo *info = &((*pinfo)[count]);
- uint32_t group;
+ struct dom_sid user_sid;
uint32_t atype;
bool ok;
@@ -356,59 +355,30 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
continue;
}
- info->acct_name = ads_pull_username(ads, mem_ctx, msg);
- info->full_name = ads_pull_string(ads, mem_ctx, msg, "displayName");
- if (info->full_name == NULL) {
- info->full_name = ads_pull_string(ads, mem_ctx, msg, "name");
- }
- info->homedir = NULL;
- info->shell = NULL;
- info->primary_gid = (gid_t)-1;
-
- if (!ads_pull_sid(ads, msg, "objectSid",
- &info->user_sid)) {
- DEBUG(1, ("No sid for %s !?\n", info->acct_name));
+ if (!ads_pull_sid(ads, msg, "objectSid", &user_sid)) {
+ DBG_INFO("No sid for %s !?\n",
+ ads_get_dn(ads, talloc_tos(), msg));
continue;
}
- if (!ads_pull_uint32(ads, msg, "primaryGroupID", &group)) {
- DEBUG(1, ("No primary group for %s !?\n",
- info->acct_name));
+ if (!dom_sid_in_domain(&domain->sid, &user_sid)) {
+ fstring sidstr, domstr;
+ DBG_WARNING("Got sid %s in domain %s\n",
+ sid_to_fstring(sidstr, &user_sid),
+ sid_to_fstring(domstr, &domain->sid));
continue;
}
- sid_compose(&info->group_sid, &domain->sid, group);
+ sid_split_rid(&user_sid, &rids[count]);
count += 1;
}
- (*num_entries) = count;
- ads_msgfree(ads, res);
-
- for (i=0; i<count; i++) {
- struct wbint_userinfo *info = &((*pinfo)[i]);
- const char *gecos = NULL;
- gid_t primary_gid = (gid_t)-1;
-
- status = nss_get_info_cached(domain, &info->user_sid, mem_ctx,
- &info->homedir, &info->shell,
- &gecos, &primary_gid);
- if (!NT_STATUS_IS_OK(status)) {
- /*
- * Deliberately ignore this error, there might be more
- * users to fill
- */
- continue;
- }
-
- if (gecos != NULL) {
- info->full_name = gecos;
- }
- info->primary_gid = primary_gid;
- }
+ rids = talloc_realloc(mem_ctx, rids, uint32_t, count);
+ *prids = rids;
status = NT_STATUS_OK;
- DEBUG(3,("ads query_user_list gave %d entries\n", (*num_entries)));
+ DBG_NOTICE("ads query_user_list gave %d entries\n", count);
done:
return status;
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index d8a49c7015f..4a2b1aa9586 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -1006,36 +1006,6 @@ static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS sta
centry_free(centry);
}
-
-static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status,
- struct wbint_userinfo *info)
-{
- struct cache_entry *centry;
- fstring sid_string;
-
- if (is_null_sid(&info->user_sid)) {
- return;
- }
-
- centry = centry_start(domain, status);
- if (!centry)
- return;
- centry_put_string(centry, info->domain_name);
- centry_put_string(centry, info->acct_name);
- centry_put_string(centry, info->full_name);
- centry_put_string(centry, info->homedir);
- centry_put_string(centry, info->shell);
- centry_put_uint32(centry, info->uid);
- centry_put_uint32(centry, info->primary_gid);
- centry_put_string(centry, info->primary_group_name);
- centry_put_sid(centry, &info->user_sid);
- centry_put_sid(centry, &info->group_sid);
- centry_end(centry, "U/%s", sid_to_fstring(sid_string,
- &info->user_sid));
- DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string, info->acct_name));
- centry_free(centry);
-}
-
static void wcache_save_lockout_policy(struct winbindd_domain *domain,
NTSTATUS status,
struct samr_DomInfo12 *lockout_policy)
@@ -1459,15 +1429,18 @@ NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
/* Query display info. This is the basic user list fn */
NTSTATUS wb_cache_query_user_list(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32_t *num_entries,
- struct wbint_userinfo **info)
+ uint32_t **prids)
{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
+ uint32_t num_rids = 0;
+ uint32_t *rids = NULL;
NTSTATUS status;
unsigned int i, retry;
bool old_status = domain->online;
+ *prids = NULL;
+
if (!cache->tdb)
goto do_query;
@@ -1476,26 +1449,19 @@ NTSTATUS wb_cache_query_user_list(struct winbindd_domain *domain,
goto do_query;
do_fetch_cache:
- *num_entries = centry_uint32(centry);
+ num_rids = centry_uint32(centry);
- if (*num_entries == 0)
+ if (num_rids == 0) {
goto do_cached;
+ }
- (*info) = talloc_array(mem_ctx, struct wbint_userinfo, *num_entries);
- if (! (*info)) {
- smb_panic_fn("query_user_list out of memory");
+ rids = talloc_array(mem_ctx, uint32_t, num_rids);
+ if (rids == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
- for (i=0; i<(*num_entries); i++) {
- (*info)[i].domain_name = centry_string(centry, mem_ctx);
- (*info)[i].acct_name = centry_string(centry, mem_ctx);
- (*info)[i].full_name = centry_string(centry, mem_ctx);
- (*info)[i].homedir = centry_string(centry, mem_ctx);
- (*info)[i].shell = centry_string(centry, mem_ctx);
- (*info)[i].uid = centry_uint32(centry);
- (*info)[i].primary_gid = centry_uint32(centry);
- (*info)[i].primary_group_name = centry_string(centry, mem_ctx);
- centry_sid(centry, &(*info)[i].user_sid);
- centry_sid(centry, &(*info)[i].group_sid);
+
+ for (i=0; i<num_rids; i++) {
+ rids[i] = centry_uint32(centry);
}
do_cached:
@@ -1508,8 +1474,6 @@ do_cached:
return status;
do_query:
- *num_entries = 0;
- *info = NULL;
/* Return status value returned by seq number check */
@@ -1530,7 +1494,11 @@ do_query:
DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
domain->name ));
- status = domain->backend->query_user_list(domain, mem_ctx, num_entries, info);
+ rids = NULL;
+ status = domain->backend->query_user_list(domain, mem_ctx,
+ &rids);
+ num_rids = talloc_array_length(rids);
+
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("query_user_list: returned 0x%08x, "
"retrying\n", NT_STATUS_V(status)));
@@ -1546,7 +1514,7 @@ do_query:
set_domain_offline(domain);
}
/* store partial response. */
- if (*num_entries > 0) {
+ if (num_rids > 0) {
/*
* humm, what about the status used for cache?
* Should it be NT_STATUS_OK?
@@ -1581,36 +1549,15 @@ do_query:
centry = centry_start(domain, status);
if (!centry)
goto skip_save;
- centry_put_uint32(centry, *num_entries);
- for (i=0; i<(*num_entries); i++) {
- centry_put_string(centry, (*info)[i].domain_name);
- centry_put_string(centry, (*info)[i].acct_name);
- centry_put_string(centry, (*info)[i].full_name);
- centry_put_string(centry, (*info)[i].homedir);
- centry_put_string(centry, (*info)[i].shell);
- centry_put_uint32(centry, (*info)[i].uid);
- centry_put_uint32(centry, (*info)[i].primary_gid);
- centry_put_string(centry, (*info)[i].primary_group_name);
- centry_put_sid(centry, &(*info)[i].user_sid);
- centry_put_sid(centry, &(*info)[i].group_sid);
- if (domain->backend && domain->backend->consistent) {
- /* when the backend is consistent we can pre-prime some mappings */
- wcache_save_name_to_sid(domain, NT_STATUS_OK,
- domain->name,
- (*info)[i].acct_name,
- &(*info)[i].user_sid,
- SID_NAME_USER);
- wcache_save_sid_to_name(domain, NT_STATUS_OK,
- &(*info)[i].user_sid,
- domain->name,
- (*info)[i].acct_name,
- SID_NAME_USER);
- wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
- }
+ centry_put_uint32(centry, num_rids);
+ for (i=0; i<num_rids; i++) {
+ centry_put_uint32(centry, rids[i]);
}
centry_end(centry, "UL/%s", domain->name);
centry_free(centry);
+ *prids = rids;
+
skip_save:
return status;
}
@@ -3692,17 +3639,7 @@ static int validate_ul(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
num_entries = (int32_t)centry_uint32(centry);
for (i=0; i< num_entries; i++) {
- struct dom_sid sid;
- (void)centry_string(centry, mem_ctx);
- (void)centry_string(centry, mem_ctx);
- (void)centry_string(centry, mem_ctx);
- (void)centry_string(centry, mem_ctx);
- (void)centry_string(centry, mem_ctx);
- (void)centry_uint32(centry);
(void)centry_uint32(centry);
- (void)centry_string(centry, mem_ctx);
- (void)centry_sid(centry, &sid);
- (void)centry_sid(centry, &sid);
}
centry_free(centry);
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index 06392ffa742..49236cdd95c 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -466,8 +466,6 @@ NTSTATUS _wbint_QueryUserRidList(struct pipes_struct *p,
struct wbint_QueryUserRidList *r)
{
struct winbindd_domain *domain = wb_child_domain();
- uint32_t i, num_userinfos;
- struct wbint_userinfo *userinfos;
NTSTATUS status;
if (domain == NULL) {
@@ -480,33 +478,16 @@ NTSTATUS _wbint_QueryUserRidList(struct pipes_struct *p,
*/
status = wb_cache_query_user_list(domain, p->mem_ctx,
- &num_userinfos, &userinfos);
+ &r->out.rids->rids);
reset_cm_connection_on_error(domain, status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- r->out.rids->rids = talloc_array(r->out.rids, uint32_t, num_userinfos);
- if (r->out.rids->rids == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0; i<num_userinfos; i++) {
- struct wbint_userinfo *info = &userinfos[i];
-
- if (!dom_sid_in_domain(&domain->sid, &info->user_sid)) {
- fstring sidstr, domstr;
- DBG_WARNING("Got sid %s in domain %s\n",
- sid_to_fstring(sidstr, &info->user_sid),
- sid_to_fstring(domstr, &domain->sid));
- continue;
- }
- sid_split_rid(&info->user_sid,
- &r->out.rids->rids[r->out.rids->num_rids++]);
- }
+ r->out.rids->num_rids = talloc_array_length(r->out.rids->rids);
- return status;
+ return NT_STATUS_OK;
}
NTSTATUS _wbint_DsGetDcName(struct pipes_struct *p, struct wbint_DsGetDcName *r)
diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
index bc19973082d..4b742c4c58b 100644
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -49,22 +49,16 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
application. */
static NTSTATUS msrpc_query_user_list(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32_t *pnum_info,
- struct wbint_userinfo **pinfo)
+ uint32_t **prids)
{
struct rpc_pipe_client *samr_pipe = NULL;
struct policy_handle dom_pol;
- struct wbint_userinfo *info = NULL;
- uint32_t num_info = 0;
+ uint32_t *rids;
TALLOC_CTX *tmp_ctx;
NTSTATUS status;
DEBUG(3, ("msrpc_query_user_list\n"));
- if (pnum_info) {
- *pnum_info = 0;
- }
-
tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
@@ -86,18 +80,13 @@ static NTSTATUS msrpc_query_user_list(struct winbindd_domain *domain,
samr_pipe,
&dom_pol,
&domain->sid,
- &num_info,
- &info);
+ &rids);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
- if (pnum_info) {
- *pnum_info = num_info;
- }
-
- if (pinfo) {
- *pinfo = talloc_move(mem_ctx, &info);
+ if (prids) {
+ *prids = talloc_move(mem_ctx, &rids);
}
done:
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 040e8ab5ede..42e731d81c1 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -59,8 +59,7 @@ NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
NTSTATUS wb_cache_query_user_list(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32_t *num_entries,
- struct wbint_userinfo **info);
+ uint32_t **prids);
NTSTATUS wb_cache_enum_dom_groups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32_t *num_entries,
diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c
index 5727a653e3e..d23ffcfb8de 100644
--- a/source3/winbindd/winbindd_reconnect.c
+++ b/source3/winbindd/winbindd_reconnect.c
@@ -83,17 +83,15 @@ bool reconnect_need_retry(NTSTATUS status, struct winbindd_domain *domain)
/* List all users */
static NTSTATUS query_user_list(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32_t *num_entries,
- struct wbint_userinfo **info)
+ uint32_t **rids)
{
NTSTATUS result;
- result = msrpc_methods.query_user_list(domain, mem_ctx,
- num_entries, info);
+ result = msrpc_methods.query_user_list(domain, mem_ctx, rids);
if (reconnect_need_retry(result, domain))
- result = msrpc_methods.query_user_list(domain, mem_ctx,
- num_entries, info);
+ result = msrpc_methods.query_user_list(domain, mem_ctx, rids);
+
return result;
}
diff --git a/source3/winbindd/winbindd_reconnect_ads.c b/source3/winbindd/winbindd_reconnect_ads.c
index dbfa7ff16d3..17ea9d28c0c 100644
--- a/source3/winbindd/winbindd_reconnect_ads.c
+++ b/source3/winbindd/winbindd_reconnect_ads.c
@@ -34,17 +34,14 @@ extern struct winbindd_methods ads_methods;
/* List all users */
static NTSTATUS query_user_list(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32_t *num_entries,
- struct wbint_userinfo **info)
+ uint32_t **rids)
{
NTSTATUS result;
- result = ads_methods.query_user_list(domain, mem_ctx,
- num_entries, info);
+ result = ads_methods.query_user_list(domain, mem_ctx, rids);
if (reconnect_need_retry(result, domain)) {
- result = ads_methods.query_user_list(domain, mem_ctx,
- num_entries, info);
+ result = ads_methods.query_user_list(domain, mem_ctx, rids);
}
return result;
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 1e234ba4181..bb8af45c896 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -38,18 +38,17 @@ NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *samr_pipe,
struct policy_handle *samr_policy,
const struct dom_sid *domain_sid,
- uint32_t *pnum_info,
- struct wbint_userinfo **pinfo)
+ uint32_t **prids)
{
- struct wbint_userinfo *info = NULL;
- uint32_t num_info = 0;
+ uint32_t *rids = NULL;
+ uint32_t num_rids = 0;
uint32_t loop_count = 0;
uint32_t start_idx = 0;
uint32_t i = 0;
NTSTATUS status, result;
struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
- *pnum_info = 0;
+ *prids = NULL;
do {
uint32_t j;
@@ -87,62 +86,23 @@ NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx,
loop_count++;
num_dom_users = disp_info.info1.count;
- num_info += num_dom_users;
+ num_rids += num_dom_users;
/* If there are no user to enumerate we're done */
- if (num_info == 0) {
+ if (num_rids == 0) {
return NT_STATUS_OK;
}
- info = talloc_realloc(mem_ctx,
- info,
- struct wbint_userinfo,
- num_info);
- if (info == NULL) {
+ rids = talloc_realloc(mem_ctx, rids, uint32_t, num_rids);
+ if (rids == NULL) {
return NT_STATUS_NO_MEMORY;
}
- for (j = 0; j < num_dom_users; i++, j++) {
- uint32_t rid = disp_info.info1.entries[j].rid;
- struct samr_DispEntryGeneral *src;
- struct wbint_userinfo *dst;
-
- src = &(disp_info.info1.entries[j]);
- dst = &(info[i]);
-
- *dst = (struct wbint_userinfo) {0};
-
- dst->acct_name = talloc_strdup(info,
- src->account_name.string);
- if (dst->acct_name == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- dst->full_name = talloc_strdup(info, src->full_name.string);
- if ((src->full_name.string != NULL) &&
- (dst->full_name == NULL))
- {
- return NT_STATUS_NO_MEMORY;
- }
-
- dst->homedir = NULL;
- dst->shell = NULL;
- dst->primary_gid = (gid_t)-1;
- sid_compose(&dst->user_sid, domain_sid, rid);
-
- /* For the moment we set the primary group for
- every user to be the Domain Users group.
- There are serious problems with determining
- the actual primary group for large domains.
- This should really be made into a 'winbind
- force group' smb.conf parameter or
- something like that. */
- sid_compose(&dst->group_sid, domain_sid,
- DOMAIN_RID_USERS);
+ for (j = 0; j < num_dom_users; j++) {
+ rids[i++] = disp_info.info1.entries[j].rid;
}
} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
- *pnum_info = num_info;
- *pinfo = info;
+ *prids = rids;
return NT_STATUS_OK;
}
diff --git a/source3/winbindd/winbindd_rpc.h b/source3/winbindd/winbindd_rpc.h
index beb605a0053..ee4b21073b5 100644
--- a/source3/winbindd/winbindd_rpc.h
+++ b/source3/winbindd/winbindd_rpc.h
@@ -31,8 +31,7 @@ NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *samr_pipe,
struct policy_handle *samr_policy,
const struct dom_sid *domain_sid,
- uint32_t *pnum_info,
- struct wbint_userinfo **pinfo);
+ uint32_t **prids);
NTSTATUS rpc_enum_dom_groups(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *samr_pipe,
diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
index 419e328ba28..7f6c37ae7ee 100644
--- a/source3/winbindd/winbindd_samr.c
+++ b/source3/winbindd/winbindd_samr.c
@@ -167,13 +167,11 @@ error:
/* Query display info for a domain */
static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32_t *pnum_info,
- struct wbint_userinfo **pinfo)
+ uint32_t **prids)
{
struct rpc_pipe_client *samr_pipe = NULL;
struct policy_handle dom_pol;
- struct wbint_userinfo *info = NULL;
- uint32_t num_info = 0;
+ uint32_t *rids;
TALLOC_CTX *tmp_ctx;
NTSTATUS status, result;
struct dcerpc_binding_handle *b = NULL;
@@ -182,9 +180,7 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
ZERO_STRUCT(dom_pol);
- if (pnum_info) {
- *pnum_info = 0;
- }
+ *prids = NULL;
tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
@@ -202,18 +198,13 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
samr_pipe,
&dom_pol,
&domain->sid,
- &num_info,
- &info);
+ &rids);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
- if (pnum_info) {
- *pnum_info = num_info;
- }
-
- if (pinfo) {
- *pinfo = talloc_move(mem_ctx, &info);
+ if (prids) {
+ *prids = talloc_move(mem_ctx, &rids);
}
done:
@@ -385,12 +376,10 @@ static NTSTATUS builtin_enum_dom_groups(struct winbindd_domain *domain,
/* Query display info for a domain */
static NTSTATUS builtin_query_user_list(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32_t *num_entries,
- struct wbint_userinfo **info)
+ uint32_t **rids)
{
/* We don't have users */
- *num_entries = 0;
- *info = NULL;
+ *rids = NULL;
return NT_STATUS_OK;
}
--
2.11.0
>From 8c755f2c448d7cf21602a2cd713e6509e1ffe0e1 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 12:17:27 +0000
Subject: [PATCH 18/22] winbind: Remove unused nss_get_info_cached
---
source3/winbindd/winbindd_cache.c | 116 --------------------------------------
source3/winbindd/winbindd_proto.h | 8 ---
2 files changed, 124 deletions(-)
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 4a2b1aa9586..0b8a9aa86a7 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -3763,29 +3763,6 @@ static int validate_de(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
return 0;
}
-static int validate_pwinfo(TALLOC_CTX *mem_ctx, const char *keystr,
- TDB_DATA dbuf, struct tdb_validation_status *state)
-{
- struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
-
- if (!centry) {
- return 1;
- }
-
- (void)centry_string(centry, mem_ctx);
- (void)centry_string(centry, mem_ctx);
- (void)centry_string(centry, mem_ctx);
- (void)centry_uint32(centry);
-
- centry_free(centry);
-
- if (!(state->success)) {
- return 1;
- }
- DEBUG(10,("validate_pwinfo: %s ok\n", keystr));
- return 0;
-}
-
static int validate_nss_an(TALLOC_CTX *mem_ctx, const char *keystr,
TDB_DATA dbuf,
struct tdb_validation_status *state)
@@ -3907,7 +3884,6 @@ struct key_val_struct {
{"GM/", validate_gm},
{"DR/", validate_dr},
{"DE/", validate_de},
- {"NSS/PWINFO/", validate_pwinfo},
{"TRUSTDOMCACHE/", validate_trustdomcache},
{"NSS/NA/", validate_nss_na},
{"NSS/AN/", validate_nss_an},
@@ -4639,98 +4615,6 @@ void wcache_tdc_clear( void )
return;
}
-
-/*********************************************************************
- ********************************************************************/
-
-static void wcache_save_user_pwinfo(struct winbindd_domain *domain,
- NTSTATUS status,
- const struct dom_sid *user_sid,
- const char *homedir,
- const char *shell,
- const char *gecos,
- uint32_t gid)
-{
- struct cache_entry *centry;
- fstring tmp;
-
- if ( (centry = centry_start(domain, status)) == NULL )
- return;
-
- centry_put_string( centry, homedir );
- centry_put_string( centry, shell );
- centry_put_string( centry, gecos );
- centry_put_uint32( centry, gid );
-
- centry_end(centry, "NSS/PWINFO/%s", sid_to_fstring(tmp, user_sid) );
-
- DEBUG(10,("wcache_save_user_pwinfo: %s\n", sid_string_dbg(user_sid) ));
-
- centry_free(centry);
-}
-
-#ifdef HAVE_ADS
-
-NTSTATUS nss_get_info_cached( struct winbindd_domain *domain,
- const struct dom_sid *user_sid,
- TALLOC_CTX *ctx,
- const char **homedir, const char **shell,
- const char **gecos, gid_t *p_gid)
-{
- struct winbind_cache *cache = get_cache(domain);
- struct cache_entry *centry = NULL;
- NTSTATUS nt_status;
- fstring tmp;
-
- if (!cache->tdb)
- goto do_query;
-
- centry = wcache_fetch(cache, domain, "NSS/PWINFO/%s",
- sid_to_fstring(tmp, user_sid));
-
- if (!centry)
- goto do_query;
-
- *homedir = centry_string( centry, ctx );
- *shell = centry_string( centry, ctx );
- *gecos = centry_string( centry, ctx );
- *p_gid = centry_uint32( centry );
-
- centry_free(centry);
-
- DEBUG(10,("nss_get_info_cached: [Cached] - user_sid %s\n",
- sid_string_dbg(user_sid)));
-
- return NT_STATUS_OK;
-
-do_query:
-
- nt_status = nss_get_info( domain->name, user_sid, ctx,
- homedir, shell, gecos, p_gid );
-
- DEBUG(10, ("nss_get_info returned %s\n", nt_errstr(nt_status)));
-
- if ( NT_STATUS_IS_OK(nt_status) ) {
- DEBUG(10, ("result:\n\thomedir = '%s'\n", *homedir));
- DEBUGADD(10, ("\tshell = '%s'\n", *shell));
- DEBUGADD(10, ("\tgecos = '%s'\n", *gecos));
- DEBUGADD(10, ("\tgid = '%u'\n", (unsigned int)*p_gid));
-
- wcache_save_user_pwinfo( domain, nt_status, user_sid,
- *homedir, *shell, *gecos, *p_gid );
- }
-
- if ( NT_STATUS_EQUAL( nt_status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND ) ) {
- DEBUG(5,("nss_get_info_cached: Setting domain %s offline\n",
- domain->name ));
- set_domain_offline( domain );
- }
-
- return nt_status;
-}
-
-#endif
-
static bool wcache_ndr_key(TALLOC_CTX *mem_ctx, const char *domain_name,
uint32_t opnum, const DATA_BLOB *req,
TDB_DATA *pkey)
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 42e731d81c1..d7dec3a4076 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -184,14 +184,6 @@ bool wcache_tdc_add_domain( struct winbindd_domain *domain );
struct winbindd_tdc_domain * wcache_tdc_fetch_domain( TALLOC_CTX *ctx, const char *name );
struct winbindd_tdc_domain* wcache_tdc_fetch_domainbysid(TALLOC_CTX *ctx, const struct dom_sid *sid);
void wcache_tdc_clear( void );
-#ifdef HAVE_ADS
-struct ads_struct;
-NTSTATUS nss_get_info_cached( struct winbindd_domain *domain,
- const struct dom_sid *user_sid,
- TALLOC_CTX *ctx,
- const char **homedir, const char **shell,
- const char **gecos, gid_t *p_gid);
-#endif
bool wcache_store_seqnum(const char *domain_name, uint32_t seqnum,
time_t last_seq_check);
bool wcache_fetch_ndr(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain,
--
2.11.0
>From 7ccd3b504ae97d0d4168e2606ca77f8163719f07 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 12:32:07 +0000
Subject: [PATCH 19/22] winbind: Remove nss_get_info()
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/include/nss_info.h | 5 -----
source3/winbindd/nss_info.c | 26 --------------------------
2 files changed, 31 deletions(-)
diff --git a/source3/include/nss_info.h b/source3/include/nss_info.h
index f92937e990d..b3fb151739b 100644
--- a/source3/include/nss_info.h
+++ b/source3/include/nss_info.h
@@ -82,11 +82,6 @@ NTSTATUS smb_register_idmap_nss(int version,
const char *name,
struct nss_info_methods *methods);
-NTSTATUS nss_get_info( const char *domain, const struct dom_sid *user_sid,
- TALLOC_CTX *ctx,
- const char **homedir, const char **shell,
- const char **gecos, gid_t *p_gid);
-
NTSTATUS nss_map_to_alias( TALLOC_CTX *mem_ctx, const char *domain,
const char *name, char **alias );
diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c
index d7306ed71ac..2c6bb01aded 100644
--- a/source3/winbindd/nss_info.c
+++ b/source3/winbindd/nss_info.c
@@ -306,32 +306,6 @@ static struct nss_domain_entry *find_nss_domain( const char *domain )
/********************************************************************
*******************************************************************/
-NTSTATUS nss_get_info( const char *domain, const struct dom_sid *user_sid,
- TALLOC_CTX *ctx,
- const char **homedir, const char **shell,
- const char **gecos, gid_t *p_gid)
-{
- struct nss_domain_entry *p;
- struct nss_info_methods *m;
-
- DEBUG(10, ("nss_get_info called for sid [%s] in domain '%s'\n",
- sid_string_dbg(user_sid), domain?domain:"NULL"));
-
- if ( (p = find_nss_domain( domain )) == NULL ) {
- DEBUG(4,("nss_get_info: Failed to find nss domain pointer for %s\n",
- domain ));
- return NT_STATUS_NOT_FOUND;
- }
-
- m = p->backend->methods;
-
- return m->get_nss_info( p, user_sid, ctx,
- homedir, shell, gecos, p_gid );
-}
-
-/********************************************************************
- *******************************************************************/
-
NTSTATUS nss_map_to_alias( TALLOC_CTX *mem_ctx, const char *domain,
const char *name, char **alias )
{
--
2.11.0
>From f8fb4db355af54b8df57a0ce06e26059a0b9b092 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 12:35:15 +0000
Subject: [PATCH 20/22] winbind: remove nss_get_info backend functions
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/include/nss_info.h | 5 --
source3/winbindd/idmap_ad_nss.c | 106 -------------------------------
source3/winbindd/idmap_hash/idmap_hash.c | 41 ------------
source3/winbindd/nss_info_template.c | 27 --------
4 files changed, 179 deletions(-)
diff --git a/source3/include/nss_info.h b/source3/include/nss_info.h
index b3fb151739b..54b4399056a 100644
--- a/source3/include/nss_info.h
+++ b/source3/include/nss_info.h
@@ -61,11 +61,6 @@ struct nss_domain_entry {
struct nss_info_methods {
NTSTATUS (*init)( struct nss_domain_entry *e );
- NTSTATUS (*get_nss_info)( struct nss_domain_entry *e,
- const struct dom_sid *sid,
- TALLOC_CTX *ctx,
- const char **homedir, const char **shell,
- const char **gecos, gid_t *p_gid);
NTSTATUS (*map_to_alias)(TALLOC_CTX *mem_ctx,
struct nss_domain_entry *e,
const char *name, char **alias);
diff --git a/source3/winbindd/idmap_ad_nss.c b/source3/winbindd/idmap_ad_nss.c
index d979231e88a..8b27b36b2ca 100644
--- a/source3/winbindd/idmap_ad_nss.c
+++ b/source3/winbindd/idmap_ad_nss.c
@@ -197,109 +197,6 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e )
return nss_ad_generic_init(e, WB_POSIX_MAP_RFC2307);
}
-
-/************************************************************************
- ***********************************************************************/
-
-static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e,
- const struct dom_sid *sid,
- TALLOC_CTX *mem_ctx,
- const char **homedir,
- const char **shell,
- const char **gecos,
- gid_t *p_gid )
-{
- const char *attrs[] = {NULL, /* attr_homedir */
- NULL, /* attr_shell */
- NULL, /* attr_gecos */
- NULL, /* attr_gidnumber */
- NULL };
- char *filter = NULL;
- LDAPMessage *msg_internal = NULL;
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- char *sidstr = NULL;
- struct idmap_domain *dom;
- struct idmap_ad_context *ctx;
-
- DEBUG(10, ("nss_ad_get_info called for sid [%s] in domain '%s'\n",
- sid_string_dbg(sid), e->domain?e->domain:"NULL"));
-
- /* Only do query if we are online */
- if (idmap_is_offline()) {
- return NT_STATUS_FILE_IS_OFFLINE;
- }
-
- dom = talloc_get_type(e->state, struct idmap_domain);
- ctx = talloc_get_type(dom->private_data, struct idmap_ad_context);
-
- ads_status = ad_idmap_cached_connection(dom);
- if (!ADS_ERR_OK(ads_status)) {
- return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- }
-
- if (!ctx->ad_schema) {
- DEBUG(10, ("nss_ad_get_info: no ad_schema configured!\n"));
- return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- }
-
- if (!sid || !homedir || !shell || !gecos) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- /* Have to do our own query */
-
- DEBUG(10, ("nss_ad_get_info: no ads connection given, doing our "
- "own query\n"));
-
- attrs[0] = ctx->ad_schema->posix_homedir_attr;
- attrs[1] = ctx->ad_schema->posix_shell_attr;
- attrs[2] = ctx->ad_schema->posix_gecos_attr;
- attrs[3] = ctx->ad_schema->posix_gidnumber_attr;
-
- sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
- filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr);
- TALLOC_FREE(sidstr);
-
- if (!filter) {
- nt_status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- ads_status = ads_search_retry(ctx->ads, &msg_internal, filter, attrs);
- if (!ADS_ERR_OK(ads_status)) {
- nt_status = ads_ntstatus(ads_status);
- goto done;
- }
-
- *homedir = ads_pull_string(ctx->ads, mem_ctx, msg_internal, ctx->ad_schema->posix_homedir_attr);
- *shell = ads_pull_string(ctx->ads, mem_ctx, msg_internal, ctx->ad_schema->posix_shell_attr);
- *gecos = ads_pull_string(ctx->ads, mem_ctx, msg_internal, ctx->ad_schema->posix_gecos_attr);
-
- if (p_gid != NULL) {
- uint32_t gid = UINT32_MAX;
- bool ok;
-
- ok = ads_pull_uint32(ctx->ads, msg_internal,
- ctx->ad_schema->posix_gidnumber_attr,
- &gid);
- if (ok) {
- *p_gid = gid;
- } else {
- *p_gid = (gid_t)-1;
- }
- }
-
- nt_status = NT_STATUS_OK;
-
-done:
- if (msg_internal) {
- ads_msgfree(ctx->ads, msg_internal);
- }
-
- return nt_status;
-}
-
/**********************************************************************
*********************************************************************/
@@ -475,21 +372,18 @@ done:
static struct nss_info_methods nss_rfc2307_methods = {
.init = nss_rfc2307_init,
- .get_nss_info = nss_ad_get_info,
.map_to_alias = nss_ad_map_to_alias,
.map_from_alias = nss_ad_map_from_alias,
};
static struct nss_info_methods nss_sfu_methods = {
.init = nss_sfu_init,
- .get_nss_info = nss_ad_get_info,
.map_to_alias = nss_ad_map_to_alias,
.map_from_alias = nss_ad_map_from_alias,
};
static struct nss_info_methods nss_sfu20_methods = {
.init = nss_sfu20_init,
- .get_nss_info = nss_ad_get_info,
.map_to_alias = nss_ad_map_to_alias,
.map_from_alias = nss_ad_map_from_alias,
};
diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c
index 0aba36c3035..743b0ec4ff8 100644
--- a/source3/winbindd/idmap_hash/idmap_hash.c
+++ b/source3/winbindd/idmap_hash/idmap_hash.c
@@ -285,46 +285,6 @@ static NTSTATUS nss_hash_init(struct nss_domain_entry *e )
/**********************************************************************
*********************************************************************/
-static NTSTATUS nss_hash_get_info(struct nss_domain_entry *e,
- const struct dom_sid *sid,
- TALLOC_CTX *ctx,
- const char **homedir,
- const char **shell,
- const char **gecos,
- gid_t *p_gid )
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
-
- nt_status = nss_hash_init(e);
- BAIL_ON_NTSTATUS_ERROR(nt_status);
-
- if (!homedir || !shell || !gecos) {
- nt_status = NT_STATUS_INVALID_PARAMETER;
- BAIL_ON_NTSTATUS_ERROR(nt_status);
- }
-
- *homedir = talloc_strdup(ctx, lp_template_homedir());
- BAIL_ON_PTR_NT_ERROR(*homedir, nt_status);
-
- *shell = talloc_strdup(ctx, lp_template_shell());
- BAIL_ON_PTR_NT_ERROR(*shell, nt_status);
-
- *gecos = NULL;
-
- /* Initialize the gid so that the upper layer fills
- in the proper Windows primary group */
-
- if (*p_gid) {
- *p_gid = (gid_t)-1;
- }
-
-done:
- return nt_status;
-}
-
-/**********************************************************************
- *********************************************************************/
-
static NTSTATUS nss_hash_map_to_alias(TALLOC_CTX *mem_ctx,
struct nss_domain_entry *e,
const char *name,
@@ -374,7 +334,6 @@ static struct idmap_methods hash_idmap_methods = {
static struct nss_info_methods hash_nss_methods = {
.init = nss_hash_init,
- .get_nss_info = nss_hash_get_info,
.map_to_alias = nss_hash_map_to_alias,
.map_from_alias = nss_hash_map_from_alias,
.close_fn = nss_hash_close
diff --git a/source3/winbindd/nss_info_template.c b/source3/winbindd/nss_info_template.c
index de93803064d..53159b6c02e 100644
--- a/source3/winbindd/nss_info_template.c
+++ b/source3/winbindd/nss_info_template.c
@@ -30,32 +30,6 @@ static NTSTATUS nss_template_init( struct nss_domain_entry *e )
return NT_STATUS_OK;
}
-/************************************************************************
- ***********************************************************************/
-
-static NTSTATUS nss_template_get_info( struct nss_domain_entry *e,
- const struct dom_sid *sid,
- TALLOC_CTX *ctx,
- const char **homedir,
- const char **shell,
- const char **gecos,
- gid_t *gid )
-{
- if ( !homedir || !shell || !gecos )
- return NT_STATUS_INVALID_PARAMETER;
-
- /* protect against home directories using whitespace in the
- username */
- *homedir = talloc_strdup( ctx, lp_template_homedir() );
- *shell = talloc_strdup( ctx, lp_template_shell() );
-
- if ( !*homedir || !*shell ) {
- return NT_STATUS_NO_MEMORY;
- }
-
- return NT_STATUS_OK;
-}
-
/**********************************************************************
*********************************************************************/
@@ -92,7 +66,6 @@ static NTSTATUS nss_template_close( void )
static struct nss_info_methods nss_template_methods = {
.init = nss_template_init,
- .get_nss_info = nss_template_get_info,
.map_to_alias = nss_template_map_to_alias,
.map_from_alias = nss_template_map_from_alias,
.close_fn = nss_template_close
--
2.11.0
>From afd2b5e934e74c0c8a29c7637e96c3240066d626 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 09:54:33 +0000
Subject: [PATCH 21/22] winbind: Avoid a few explicit ZERO_STRUCT calls
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_samr.c | 48 ++++++++++------------------------------
1 file changed, 12 insertions(+), 36 deletions(-)
diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
index 7f6c37ae7ee..dd674965f17 100644
--- a/source3/winbindd/winbindd_samr.c
+++ b/source3/winbindd/winbindd_samr.c
@@ -112,7 +112,7 @@ static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain,
struct wb_acct_info **pinfo)
{
struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
+ struct policy_handle dom_pol = { 0 };
struct wb_acct_info *info = NULL;
uint32_t num_info = 0;
TALLOC_CTX *tmp_ctx;
@@ -121,8 +121,6 @@ static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain,
DEBUG(3,("sam_enum_dom_groups\n"));
- ZERO_STRUCT(dom_pol);
-
if (pnum_info) {
*pnum_info = 0;
}
@@ -170,7 +168,7 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
uint32_t **prids)
{
struct rpc_pipe_client *samr_pipe = NULL;
- struct policy_handle dom_pol;
+ struct policy_handle dom_pol = { 0 };
uint32_t *rids;
TALLOC_CTX *tmp_ctx;
NTSTATUS status, result;
@@ -178,8 +176,6 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
DEBUG(3,("samr_query_user_list\n"));
- ZERO_STRUCT(dom_pol);
-
*prids = NULL;
tmp_ctx = talloc_stackframe();
@@ -222,7 +218,7 @@ static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
struct netr_DomainTrustList *ptrust_list)
{
struct rpc_pipe_client *lsa_pipe;
- struct policy_handle lsa_policy;
+ struct policy_handle lsa_policy = { 0 };
struct netr_DomainTrust *trusts = NULL;
uint32_t num_trusts = 0;
TALLOC_CTX *tmp_ctx;
@@ -231,8 +227,6 @@ static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
DEBUG(3,("samr: trusted domains\n"));
- ZERO_STRUCT(lsa_policy);
-
if (ptrust_list) {
ZERO_STRUCTP(ptrust_list);
}
@@ -283,7 +277,7 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
uint32_t **pname_types)
{
struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
+ struct policy_handle dom_pol = { 0 };
uint32_t num_names = 0;
struct dom_sid *sid_mem = NULL;
@@ -296,8 +290,6 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
DEBUG(3,("sam_lookup_groupmem\n"));
- ZERO_STRUCT(dom_pol);
-
/* Paranoia check */
if (sid_check_is_in_builtin(group_sid) && (type != SID_NAME_ALIAS)) {
/* There's no groups, only aliases in BUILTIN */
@@ -403,7 +395,7 @@ static NTSTATUS sam_enum_local_groups(struct winbindd_domain *domain,
struct wb_acct_info **pinfo)
{
struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
+ struct policy_handle dom_pol = { 0 };
struct wb_acct_info *info = NULL;
uint32_t num_info = 0;
TALLOC_CTX *tmp_ctx;
@@ -412,8 +404,6 @@ static NTSTATUS sam_enum_local_groups(struct winbindd_domain *domain,
DEBUG(3,("samr: enum local groups\n"));
- ZERO_STRUCT(dom_pol);
-
if (pnum_info) {
*pnum_info = 0;
}
@@ -466,7 +456,7 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
enum lsa_SidType *ptype)
{
struct rpc_pipe_client *lsa_pipe;
- struct policy_handle lsa_policy;
+ struct policy_handle lsa_policy = { 0 };
struct dom_sid sid;
enum lsa_SidType type;
TALLOC_CTX *tmp_ctx;
@@ -475,8 +465,6 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
DEBUG(3,("sam_name_to_sid\n"));
- ZERO_STRUCT(lsa_policy);
-
tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
@@ -526,7 +514,7 @@ static NTSTATUS sam_sid_to_name(struct winbindd_domain *domain,
enum lsa_SidType *ptype)
{
struct rpc_pipe_client *lsa_pipe;
- struct policy_handle lsa_policy;
+ struct policy_handle lsa_policy = { 0 };
char *domain_name = NULL;
char *name = NULL;
enum lsa_SidType type;
@@ -536,8 +524,6 @@ static NTSTATUS sam_sid_to_name(struct winbindd_domain *domain,
DEBUG(3,("sam_sid_to_name\n"));
- ZERO_STRUCT(lsa_policy);
-
/* Paranoia check */
if (!sid_check_is_in_builtin(sid) &&
!sid_check_is_builtin(sid) &&
@@ -605,7 +591,7 @@ static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain,
enum lsa_SidType **ptypes)
{
struct rpc_pipe_client *lsa_pipe;
- struct policy_handle lsa_policy;
+ struct policy_handle lsa_policy = { 0 };
enum lsa_SidType *types = NULL;
char *domain_name = NULL;
char **names = NULL;
@@ -615,8 +601,6 @@ static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain,
DEBUG(3,("sam_rids_to_names for %s\n", domain->name));
- ZERO_STRUCT(lsa_policy);
-
/* Paranoia check */
if (!sid_check_is_builtin(domain_sid) &&
!sid_check_is_our_sam(domain_sid) &&
@@ -680,7 +664,7 @@ static NTSTATUS sam_lockout_policy(struct winbindd_domain *domain,
struct samr_DomInfo12 *lockout_policy)
{
struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
+ struct policy_handle dom_pol = { 0 };
union samr_DomainInfo *info = NULL;
TALLOC_CTX *tmp_ctx;
NTSTATUS status, result;
@@ -688,8 +672,6 @@ static NTSTATUS sam_lockout_policy(struct winbindd_domain *domain,
DEBUG(3,("sam_lockout_policy\n"));
- ZERO_STRUCT(dom_pol);
-
tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
@@ -732,7 +714,7 @@ static NTSTATUS sam_password_policy(struct winbindd_domain *domain,
struct samr_DomInfo1 *passwd_policy)
{
struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
+ struct policy_handle dom_pol = { 0 };
union samr_DomainInfo *info = NULL;
TALLOC_CTX *tmp_ctx;
NTSTATUS status, result;
@@ -740,8 +722,6 @@ static NTSTATUS sam_password_policy(struct winbindd_domain *domain,
DEBUG(3,("sam_password_policy\n"));
- ZERO_STRUCT(dom_pol);
-
tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
@@ -787,7 +767,7 @@ static NTSTATUS sam_lookup_useraliases(struct winbindd_domain *domain,
uint32_t **palias_rids)
{
struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
+ struct policy_handle dom_pol = { 0 };
uint32_t num_aliases = 0;
uint32_t *alias_rids = NULL;
TALLOC_CTX *tmp_ctx;
@@ -796,8 +776,6 @@ static NTSTATUS sam_lookup_useraliases(struct winbindd_domain *domain,
DEBUG(3,("sam_lookup_useraliases\n"));
- ZERO_STRUCT(dom_pol);
-
if (pnum_aliases) {
*pnum_aliases = 0;
}
@@ -847,7 +825,7 @@ static NTSTATUS sam_sequence_number(struct winbindd_domain *domain,
uint32_t *pseq)
{
struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
+ struct policy_handle dom_pol = { 0 };
uint32_t seq = DOM_SEQUENCE_NONE;
TALLOC_CTX *tmp_ctx;
NTSTATUS status, result;
@@ -855,8 +833,6 @@ static NTSTATUS sam_sequence_number(struct winbindd_domain *domain,
DEBUG(3,("samr: sequence number\n"));
- ZERO_STRUCT(dom_pol);
-
if (pseq) {
*pseq = DOM_SEQUENCE_NONE;
}
--
2.11.0
>From b83600ffebd1f32fe6a363ca8fef0100fcdc8c34 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Jan 2017 12:18:25 +0000
Subject: [PATCH 22/22] winbind: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_cache.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 0b8a9aa86a7..d92c050ee70 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -3801,7 +3801,7 @@ static int validate_nss_na(TALLOC_CTX *mem_ctx, const char *keystr,
if (!(state->success)) {
return 1;
}
- DEBUG(10,("validate_pwinfo: %s ok\n", keystr));
+ DBG_DEBUG("%s ok\n", keystr);
return 0;
}
--
2.11.0
More information about the samba-technical
mailing list