[PATCH] Fix idmap cache pollution with S-1-22-
Christof Schmitt
cs at samba.org
Wed Feb 27 23:36:34 UTC 2019
On Wed, Feb 27, 2019 at 07:04:46PM +0100, Volker Lendecke via samba-technical wrote:
> Hi!
>
> Attached find a patchset that fixes a problem in a customer
> environment: A short-term hickup in winbind communication for a
> uid2sid call made smbd fall back to legacy_uid_to_sid, filling the
> idmap cache with S-1-22-1-uid for a week. The main point is that
> conversion to S-1-22-x should not be cached, as this is a fallback of
> last resort. On that way, this cleans up that code path a bit.
>
> Review appreciated!
You can also add my RB+ to the testcase.
One detail there:
+ xid.type = ID_TYPE_UID;
+ ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired);
+ if (ret) {
+ fprintf(stderr,
+ "idmap_cache_find_xid2sid found a GID where it "
+ "should not\n");
+ goto done;
+ }
Since you are asking for a uid, the fprintf should call out the UID, not
a GID.
As this fixes a bug, i would also vote for a bugzilla backport.
Christof
>
> Thanks, Volker
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: 0551-370000-0, mailto:kontakt at sernet.de
> Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
> AG Göttingen: HR-B 2816 - http://www.sernet.de
> From 0f677bc59aa00a86f8f0ffc3eef405f694338c5e Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 11:06:29 +0100
> Subject: [PATCH 01/12] libwbclient: Protect wbcCtxUnixIdsToSids against
> integer-wrap
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
> nsswitch/libwbclient/wbc_idmap.c | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/nsswitch/libwbclient/wbc_idmap.c b/nsswitch/libwbclient/wbc_idmap.c
> index f61efb92b8d..6876a95316c 100644
> --- a/nsswitch/libwbclient/wbc_idmap.c
> +++ b/nsswitch/libwbclient/wbc_idmap.c
> @@ -423,10 +423,20 @@ wbcErr wbcCtxUnixIdsToSids(struct wbcContext *ctx,
> wbcErr wbc_status;
> char *buf;
> char *s;
> + const size_t sidlen = (1 /* U/G */ + 10 /* 2^32 */ + 1 /* \n */);
> size_t ofs, buflen;
> uint32_t i;
>
> - buflen = num_ids * (1 /* U/G */ + 10 /* 2^32 */ + 1 /* \n */) + 1;
> + if (num_ids > SIZE_MAX / sidlen) {
> + return WBC_ERR_NO_MEMORY; /* overflow */
> + }
> + buflen = num_ids * sidlen;
> +
> + buflen += 1; /* trailing \0 */
> + if (buflen < 1) {
> + return WBC_ERR_NO_MEMORY; /* overflow */
> + }
> +
> buf = malloc(buflen);
> if (buf == NULL) {
> return WBC_ERR_NO_MEMORY;
> --
> 2.11.0
>
>
> From 4d55dbba240da207cd6d86e2a2e5d86db969ef6e Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Mon, 25 Feb 2019 14:38:50 +0100
> Subject: [PATCH 02/12] lib: Make idmap_cache return negative mappings
>
> Without this we'd query non-existent mappings over and over
> again.
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
> source3/lib/idmap_cache.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
> index 77618dd5aa1..244a727e01b 100644
> --- a/source3/lib/idmap_cache.c
> +++ b/source3/lib/idmap_cache.c
> @@ -215,7 +215,12 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout,
>
> value = (char *)blob.data;
>
> - if (value[0] != '-') {
> + if ((value[0] == '-') && (value[1] == '\0')) {
> + /*
> + * Return NULL SID, see comment to uid2sid
> + */
> + state->ret = true;
> + } else {
> state->ret = string_to_sid(state->sid, value);
> }
> if (state->ret) {
> --
> 2.11.0
>
>
> From 1d48315184d311cae724685b7546ade91b1ae8bd Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 12:46:39 +0100
> Subject: [PATCH 03/12] idmap_cache: Only touch "sid" on success in
> find_xid_to_sid
>
> Why? This makes the negative mapping condition (is_null_sid) more
> explicit in the code.
>
> The callers in lookup_sid initialized "psid" anyway before, and the ones
> in wb_xids2sids now do as well. This is more in line with other APIs we
> have: Only touch output parameters if you have something to say.
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
> source3/lib/idmap_cache.c | 5 ++---
> source3/winbindd/wb_xids2sids.c | 2 +-
> 2 files changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
> index 244a727e01b..10c1e8b1e7a 100644
> --- a/source3/lib/idmap_cache.c
> +++ b/source3/lib/idmap_cache.c
> @@ -203,13 +203,11 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout,
> (struct idmap_cache_xid2sid_state *)private_data;
> char *value;
>
> - ZERO_STRUCTP(state->sid);
> - state->ret = false;
> -
> if ((blob.length == 0) || (blob.data[blob.length-1] != 0)) {
> /*
> * Not a string, can't be a valid mapping
> */
> + state->ret = false;
> return;
> }
>
> @@ -219,6 +217,7 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout,
> /*
> * Return NULL SID, see comment to uid2sid
> */
> + *state->sid = (struct dom_sid) {0};
> state->ret = true;
> } else {
> state->ret = string_to_sid(state->sid, value);
> diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
> index 95dda89e40f..9e622529c17 100644
> --- a/source3/winbindd/wb_xids2sids.c
> +++ b/source3/winbindd/wb_xids2sids.c
> @@ -465,7 +465,7 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx,
> uint32_t i;
>
> for (i=0; i<num_xids; i++) {
> - struct dom_sid sid;
> + struct dom_sid sid = {0};
> bool ok, expired;
>
> switch (xids[i].type) {
> --
> 2.11.0
>
>
> From 722b4f5996534a8ba95e31741eca5dce8cd013c9 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 12:52:28 +0100
> Subject: [PATCH 04/12] winbind: Initialize "expired" parameter to
> idmap_cache_xid2sid
>
> The code in idmap_cache only touches its output parameters upon success
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
> source3/winbindd/wb_xids2sids.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
> index 9e622529c17..386ac3ef0ed 100644
> --- a/source3/winbindd/wb_xids2sids.c
> +++ b/source3/winbindd/wb_xids2sids.c
> @@ -466,7 +466,7 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx,
>
> for (i=0; i<num_xids; i++) {
> struct dom_sid sid = {0};
> - bool ok, expired;
> + bool ok, expired = true;
>
> switch (xids[i].type) {
> case ID_TYPE_UID:
> --
> 2.11.0
>
>
> From 2f6812dd9c44831ad42d588b33abc15f2fb63ab6 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Mon, 25 Feb 2019 14:55:00 +0100
> Subject: [PATCH 05/12] winbind: Now we explicitly track if we got ids from
> cache
>
> This now properly makes us use negative cache entries
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
> source3/winbindd/wb_xids2sids.c | 14 ++++++++++----
> 1 file changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
> index 386ac3ef0ed..719f687258d 100644
> --- a/source3/winbindd/wb_xids2sids.c
> +++ b/source3/winbindd/wb_xids2sids.c
> @@ -246,6 +246,7 @@ static NTSTATUS wb_xids2sids_init_dom_maps_recv(struct tevent_req *req)
> struct wb_xids2sids_dom_state {
> struct tevent_context *ev;
> struct unixid *all_xids;
> + const bool *cached;
> size_t num_all_xids;
> struct dom_sid *all_sids;
> struct wb_xids2sids_dom_map *dom_map;
> @@ -262,7 +263,10 @@ static void wb_xids2sids_dom_gotdc(struct tevent_req *subreq);
> static struct tevent_req *wb_xids2sids_dom_send(
> TALLOC_CTX *mem_ctx, struct tevent_context *ev,
> struct wb_xids2sids_dom_map *dom_map,
> - struct unixid *xids, size_t num_xids, struct dom_sid *sids)
> + struct unixid *xids,
> + const bool *cached,
> + size_t num_xids,
> + struct dom_sid *sids)
> {
> struct tevent_req *req, *subreq;
> struct wb_xids2sids_dom_state *state;
> @@ -276,6 +280,7 @@ static struct tevent_req *wb_xids2sids_dom_send(
> }
> state->ev = ev;
> state->all_xids = xids;
> + state->cached = cached;
> state->num_all_xids = num_xids;
> state->all_sids = sids;
> state->dom_map = dom_map;
> @@ -296,7 +301,7 @@ static struct tevent_req *wb_xids2sids_dom_send(
> /* out of range */
> continue;
> }
> - if (!is_null_sid(&state->all_sids[i])) {
> + if (state->cached[i]) {
> /* already mapped */
> continue;
> }
> @@ -363,7 +368,7 @@ static void wb_xids2sids_dom_done(struct tevent_req *subreq)
> /* out of range */
> continue;
> }
> - if (!is_null_sid(&state->all_sids[i])) {
> + if (state->cached[i]) {
> /* already mapped */
> continue;
> }
> @@ -525,7 +530,7 @@ static void wb_xids2sids_init_dom_maps_done(struct tevent_req *subreq)
>
> subreq = wb_xids2sids_dom_send(
> state, state->ev, &dom_maps[state->dom_idx],
> - state->xids, state->num_xids, state->sids);
> + state->xids, state->cached, state->num_xids, state->sids);
> if (tevent_req_nomem(subreq, req)) {
> return;
> }
> @@ -556,6 +561,7 @@ static void wb_xids2sids_done(struct tevent_req *subreq)
> state->ev,
> &dom_maps[state->dom_idx],
> state->xids,
> + state->cached,
> state->num_xids,
> state->sids);
> if (tevent_req_nomem(subreq, req)) {
> --
> 2.11.0
>
>
> From 4fd29fd07d108309db6383f5645e081f3251b72a Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 14:32:52 +0100
> Subject: [PATCH 06/12] idmap_cache: Introduce idmap_cache_find_xid2sid
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
> source3/lib/idmap_cache.c | 36 ++++++++++++++++++++++++++++++++++++
> source3/lib/idmap_cache.h | 2 ++
> 2 files changed, 38 insertions(+)
>
> diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
> index 10c1e8b1e7a..9d2149844ed 100644
> --- a/source3/lib/idmap_cache.c
> +++ b/source3/lib/idmap_cache.c
> @@ -278,6 +278,42 @@ bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
> }
>
> /**
> + * Find a xid2sid mapping
> + * @param[in] id the unix id to map
> + * @param[out] sid where to put the result
> + * @param[out] expired is the cache entry expired?
> + * @retval Was anything in the cache at all?
> + *
> + * If "is_null_sid(sid)", this was a negative mapping.
> + */
> +bool idmap_cache_find_xid2sid(
> + const struct unixid *id, struct dom_sid *sid, bool *expired)
> +{
> + struct idmap_cache_xid2sid_state state = {
> + .sid = sid, .expired = expired
> + };
> + fstring key;
> + char c;
> +
> + switch (id->type) {
> + case ID_TYPE_UID:
> + c = 'U';
> + break;
> + case ID_TYPE_GID:
> + c = 'G';
> + break;
> + default:
> + return false;
> + }
> +
> + fstr_sprintf(key, "IDMAP/%cID2SID/%d", c, (int)id->id);
> +
> + gencache_parse(key, idmap_cache_xid2sid_parser, &state);
> + return state.ret;
> +}
> +
> +
> +/**
> * Store a mapping in the idmap cache
> * @param[in] sid the sid to map
> * @param[in] unix_id the unix_id to map
> diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h
> index dc497022e3b..d5afa170e1a 100644
> --- a/source3/lib/idmap_cache.h
> +++ b/source3/lib/idmap_cache.h
> @@ -31,6 +31,8 @@ bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
> bool *expired);
> bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired);
> bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired);
> +bool idmap_cache_find_xid2sid(
> + const struct unixid *id, struct dom_sid *sid, bool *expired);
> void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id);
>
> bool idmap_cache_del_uid(uid_t uid);
> --
> 2.11.0
>
>
> From 4f75d0bb27ddea5461d1a29e24152a885e8d621f Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Wed, 27 Feb 2019 14:54:12 +0100
> Subject: [PATCH 07/12] torture: Add tests for idmap cache
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/selftest/tests.py | 1 +
> source3/torture/proto.h | 1 +
> source3/torture/test_idmap_cache.c | 122 +++++++++++++++++++++++++++++++++++++
> source3/torture/torture.c | 4 ++
> source3/wscript_build | 1 +
> 5 files changed, 129 insertions(+)
> create mode 100644 source3/torture/test_idmap_cache.c
>
> diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
> index 5d7e4969e59..e8d516573dd 100755
> --- a/source3/selftest/tests.py
> +++ b/source3/selftest/tests.py
> @@ -200,6 +200,7 @@ local_tests = [
> "LOCAL-G-LOCK5",
> "LOCAL-G-LOCK6",
> "LOCAL-NAMEMAP-CACHE1",
> + "LOCAL-IDMAP-CACHE1",
> "LOCAL-hex_encode_buf",
> "LOCAL-remove_duplicate_addrs2"]
>
> diff --git a/source3/torture/proto.h b/source3/torture/proto.h
> index 669e077051e..b4a2007fa77 100644
> --- a/source3/torture/proto.h
> +++ b/source3/torture/proto.h
> @@ -137,6 +137,7 @@ bool run_g_lock5(int dummy);
> bool run_g_lock6(int dummy);
> bool run_g_lock_ping_pong(int dummy);
> bool run_local_namemap_cache1(int dummy);
> +bool run_local_idmap_cache1(int dummy);
> bool run_hidenewfiles(int dummy);
>
> #endif /* __TORTURE_H__ */
> diff --git a/source3/torture/test_idmap_cache.c b/source3/torture/test_idmap_cache.c
> new file mode 100644
> index 00000000000..fbe04207cb2
> --- /dev/null
> +++ b/source3/torture/test_idmap_cache.c
> @@ -0,0 +1,122 @@
> +/*
> + * Unix SMB/CIFS implementation.
> + * Test dbwrap_watch API
> + * Copyright (C) Volker Lendecke 2017
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 3 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include "includes.h"
> +#include "torture/proto.h"
> +#include "lib/idmap_cache.h"
> +#include "librpc/gen_ndr/idmap.h"
> +#include "libcli/security/dom_sid.h"
> +
> +bool run_local_idmap_cache1(int dummy)
> +{
> + struct dom_sid sid, found_sid;
> + struct unixid xid, found_xid;
> + bool ret = false;
> + bool expired = false;
> +
> + xid = (struct unixid) { .id = 1234, .type = ID_TYPE_UID };
> + dom_sid_parse("S-1-5-21-2864185242-3846410404-2398417794-1235", &sid);
> + idmap_cache_set_sid2unixid(&sid, &xid);
> +
> + ret = idmap_cache_find_sid2unixid(&sid, &found_xid, &expired);
> + if (!ret) {
> + fprintf(stderr, "idmap_cache_find_sid2unixid failed\n");
> + goto done;
> + }
> + if (expired) {
> + fprintf(stderr,
> + "idmap_cache_find_sid2unixid returned an expired "
> + "value\n");
> + goto done;
> + }
> + if ((xid.type != found_xid.type) || (xid.id != found_xid.id)) {
> + fprintf(stderr,
> + "idmap_cache_find_sid2unixid returned wrong "
> + "values\n");
> + goto done;
> + }
> +
> + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired);
> + if (!ret) {
> + fprintf(stderr, "idmap_cache_find_xid2sid failed\n");
> + goto done;
> + }
> + if (expired) {
> + fprintf(stderr,
> + "idmap_cache_find_xid2sid returned an expired "
> + "value\n");
> + goto done;
> + }
> + if (!dom_sid_equal(&sid, &found_sid)) {
> + fprintf(stderr,
> + "idmap_cache_find_xid2sid returned wrong sid\n");
> + goto done;
> + }
> +
> + xid.type = ID_TYPE_GID;
> +
> + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired);
> + if (ret) {
> + fprintf(stderr,
> + "idmap_cache_find_xid2sid found a GID where it "
> + "should not\n");
> + goto done;
> + }
> +
> + idmap_cache_del_sid(&sid);
> +
> + xid.type = ID_TYPE_UID;
> + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired);
> + if (ret) {
> + fprintf(stderr,
> + "idmap_cache_find_xid2sid found a GID where it "
> + "should not\n");
> + goto done;
> + }
> +
> + /*
> + * Test that negative mappings can also be cached
> + */
> + sid = (struct dom_sid) {0};
> + xid = (struct unixid) { .id = 1234, .type = ID_TYPE_UID };
> + idmap_cache_set_sid2unixid(&sid, &xid);
> +
> + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired);
> + if (!ret) {
> + fprintf(stderr,
> + "idmap_cache_find_xid2sid failed to find "
> + "negative mapping\n");
> + goto done;
> + }
> + if (expired) {
> + fprintf(stderr,
> + "idmap_cache_find_xid2sid returned an expired "
> + "value\n");
> + goto done;
> + }
> + if (!dom_sid_equal(&sid, &found_sid)) {
> + fprintf(stderr,
> + "idmap_cache_find_xid2sid returned wrong sid\n");
> + goto done;
> + }
> +
> + ret = true;
> +done:
> + return ret;
> +}
> diff --git a/source3/torture/torture.c b/source3/torture/torture.c
> index b47f247356c..3df5e409c57 100644
> --- a/source3/torture/torture.c
> +++ b/source3/torture/torture.c
> @@ -12535,6 +12535,10 @@ static struct {
> .fn = run_local_namemap_cache1,
> },
> {
> + .name = "LOCAL-IDMAP-CACHE1",
> + .fn = run_local_idmap_cache1,
> + },
> + {
> .name = "qpathinfo-bufsize",
> .fn = run_qpathinfo_bufsize,
> },
> diff --git a/source3/wscript_build b/source3/wscript_build
> index aa8fdc17567..e0b983ae2b2 100644
> --- a/source3/wscript_build
> +++ b/source3/wscript_build
> @@ -1198,6 +1198,7 @@ bld.SAMBA3_BINARY('smbtorture' + bld.env.suffix3,
> torture/wbc_async.c
> torture/test_g_lock.c
> torture/test_namemap_cache.c
> + torture/test_idmap_cache.c
> torture/test_hidenewfiles.c
> ''',
> deps='''
> --
> 2.11.0
>
>
> From 9f826b39c2644e8f6a3eeafb7c7c89e59dff209c Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 14:34:56 +0100
> Subject: [PATCH 08/12] winbind: Use idmap_cache_find_xid2sid
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
> source3/winbindd/wb_xids2sids.c | 15 ++-------------
> 1 file changed, 2 insertions(+), 13 deletions(-)
>
> diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
> index 719f687258d..383fc67bc8d 100644
> --- a/source3/winbindd/wb_xids2sids.c
> +++ b/source3/winbindd/wb_xids2sids.c
> @@ -473,19 +473,8 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx,
> struct dom_sid sid = {0};
> bool ok, expired = true;
>
> - switch (xids[i].type) {
> - case ID_TYPE_UID:
> - ok = idmap_cache_find_uid2sid(
> - xids[i].id, &sid, &expired);
> - break;
> - case ID_TYPE_GID:
> - ok = idmap_cache_find_gid2sid(
> - xids[i].id, &sid, &expired);
> - break;
> - default:
> - ok = false;
> - }
> -
> + ok = idmap_cache_find_xid2sid(
> + &xids[i], &sid, &expired);
> if (ok && !expired) {
> struct dom_sid_buf buf;
> DBG_DEBUG("Found %cID in cache: %s\n",
> --
> 2.11.0
>
>
> From 37c1dca5b213edea267d9e735edf6ea1c67b91d4 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 14:45:32 +0100
> Subject: [PATCH 09/12] lib: Introduce winbind_xid_to_sid
>
> This does not merge a winbind communication error into
> "global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not
> go along with is_null_sid(). Instead, this just touches the output sid
> when winbind returned success. This success might well be a negative
> mapping indicated by S-0-0, which *is* is_null_sid()...
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
> source3/lib/winbind_util.c | 30 ++++++++++++++++++++++++++++++
> source3/lib/winbind_util.h | 2 ++
> 2 files changed, 32 insertions(+)
>
> diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
> index a072166ce18..46c95ca3a28 100644
> --- a/source3/lib/winbind_util.c
> +++ b/source3/lib/winbind_util.c
> @@ -198,6 +198,36 @@ bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
> return (result == WBC_ERR_SUCCESS);
> }
>
> +bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
> +{
> + struct wbcUnixId wbc_xid;
> + struct wbcDomainSid dom_sid;
> + wbcErr result;
> +
> + switch (xid->type) {
> + case ID_TYPE_UID:
> + wbc_xid = (struct wbcUnixId) {
> + .type = WBC_ID_TYPE_UID, .id.uid = xid->id
> + };
> + break;
> + case ID_TYPE_GID:
> + wbc_xid = (struct wbcUnixId) {
> + .type = WBC_ID_TYPE_GID, .id.gid = xid->id
> + };
> + break;
> + default:
> + return false;
> + }
> +
> + result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid);
> + if (result != WBC_ERR_SUCCESS) {
> + return false;
> + }
> +
> + memcpy(sid, &dom_sid, sizeof(struct dom_sid));
> + return true;
> +}
> +
> /* Check for a trusted domain */
>
> wbcErr wb_is_trusted_domain(const char *domain)
> diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
> index c2bf0e02d76..5ecda5a7b09 100644
> --- a/source3/lib/winbind_util.h
> +++ b/source3/lib/winbind_util.h
> @@ -22,6 +22,7 @@
> #define __LIB__WINBIND_UTIL_H__
>
> #include "../librpc/gen_ndr/lsa.h"
> +#include "librpc/gen_ndr/idmap.h"
>
> /* needed for wbcErr below */
> #include "nsswitch/libwbclient/wbclient.h"
> @@ -38,6 +39,7 @@ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid);
> bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid);
> bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid);
> bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid);
> +bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid);
> struct passwd * winbind_getpwnam(const char * sname);
> struct passwd * winbind_getpwsid(const struct dom_sid *sid);
> wbcErr wb_is_trusted_domain(const char *domain);
> --
> 2.11.0
>
>
> From 927e422635a23f7324cc98e32b3b598bec39626b Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 15:10:21 +0100
> Subject: [PATCH 10/12] passdb: Introduce xid_to_sid
>
> This explicitly avoids the legacy_[ug]id_to_sid calls, which create
> long-term cache entries to S-1-22-x-y if anthing fails. We can't do
> this, because this will turn temporary winbind communication failures
> into long-term problems: A short hickup in winbind_uid_to_sid will
> create a mapping to S-1-22-1-uid for a week. It should be up to the
> lower layers to do the caching.
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
> source3/passdb/lookup_sid.c | 74 +++++++++++++++++++++++++++++++++++++++++++++
> source3/passdb/lookup_sid.h | 1 +
> 2 files changed, 75 insertions(+)
>
> diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
> index bf3ded6683e..bdd8082afb4 100644
> --- a/source3/passdb/lookup_sid.c
> +++ b/source3/passdb/lookup_sid.c
> @@ -1349,6 +1349,80 @@ void gid_to_sid(struct dom_sid *psid, gid_t gid)
> return;
> }
>
> +void xid_to_sid(struct dom_sid *psid, const struct unixid *xid)
> +{
> + bool expired = true;
> + bool ret;
> + struct dom_sid_buf buf;
> +
> + SMB_ASSERT(xid->type == ID_TYPE_UID || xid->type == ID_TYPE_GID);
> +
> + *psid = (struct dom_sid) {0};
> +
> + ret = idmap_cache_find_xid2sid(xid, psid, &expired);
> + if (ret && !expired) {
> + DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n",
> + xid->type == ID_TYPE_UID ? 'U' : 'G',
> + xid->id,
> + dom_sid_str_buf(psid, &buf));
> + goto done;
> + }
> +
> + ret = winbind_xid_to_sid(psid, xid);
> + if (ret) {
> + /*
> + * winbind can return an explicit negative mapping
> + * here. It's up to winbind to prime the cache either
> + * positively or negatively, don't mess with the cache
> + * here.
> + */
> + DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n",
> + xid->type == ID_TYPE_UID ? 'U' : 'G',
> + xid->id,
> + dom_sid_str_buf(psid, &buf));
> + goto done;
> + }
> +
> + {
> + /*
> + * Make a copy, pdb_id_to_sid might want to turn
> + * xid->type into ID_TYPE_BOTH, which we ignore here.
> + */
> + struct unixid rw_xid = *xid;
> +
> + become_root();
> + ret = pdb_id_to_sid(&rw_xid, psid);
> + unbecome_root();
> + }
> +
> + if (ret) {
> + DBG_DEBUG("%cID %"PRIu32" -> %s from passdb\n",
> + xid->type == ID_TYPE_UID ? 'U' : 'G',
> + xid->id,
> + dom_sid_str_buf(psid, &buf));
> + goto done;
> + }
> +
> +done:
> + if (is_null_sid(psid)) {
> + /*
> + * Nobody found anything: Return S-1-22-xx-yy. Don't
> + * store that in caches, this is up to the layers
> + * beneath us.
> + */
> + if (xid->type == ID_TYPE_UID) {
> + uid_to_unix_users_sid(xid->id, psid);
> + } else {
> + gid_to_unix_groups_sid(xid->id, psid);
> + }
> +
> + DBG_DEBUG("%cID %"PRIu32" -> %s fallback\n",
> + xid->type == ID_TYPE_UID ? 'U' : 'G',
> + xid->id,
> + dom_sid_str_buf(psid, &buf));
> + }
> +}
> +
> bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
> struct unixid *ids)
> {
> diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h
> index 8b5edf6bcb8..8a21cca2a4d 100644
> --- a/source3/passdb/lookup_sid.h
> +++ b/source3/passdb/lookup_sid.h
> @@ -83,6 +83,7 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
> enum lsa_SidType *ret_type);
> void uid_to_sid(struct dom_sid *psid, uid_t uid);
> void gid_to_sid(struct dom_sid *psid, gid_t gid);
> +void xid_to_sid(struct dom_sid *psid, const struct unixid *xid);
> bool sid_to_uid(const struct dom_sid *psid, uid_t *puid);
> bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid);
> bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
> --
> 2.11.0
>
>
> From 37c7c607ea3328b408ae2481d86d07eaa8c1a003 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 15:17:36 +0100
> Subject: [PATCH 11/12] passdb: Make [ug]id_to_sid use xid_to_sid
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
> source3/passdb/lookup_sid.c | 205 +++-----------------------------------------
> 1 file changed, 12 insertions(+), 193 deletions(-)
>
> diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
> index bdd8082afb4..6ab72e57838 100644
> --- a/source3/passdb/lookup_sid.c
> +++ b/source3/passdb/lookup_sid.c
> @@ -1109,99 +1109,6 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
> }
>
> /*****************************************************************
> - Id mapping cache. This is to avoid Winbind mappings already
> - seen by smbd to be queried too frequently, keeping winbindd
> - busy, and blocking smbd while winbindd is busy with other
> - stuff. Written by Michael Steffens <michael.steffens at hp.com>,
> - modified to use linked lists by jra.
> -*****************************************************************/
> -
> -
> -/*****************************************************************
> - *THE LEGACY* convert uid_t to SID function.
> -*****************************************************************/
> -
> -static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
> -{
> - bool ret;
> - struct unixid id;
> - struct dom_sid_buf buf;
> -
> - ZERO_STRUCTP(psid);
> -
> - id.id = uid;
> - id.type = ID_TYPE_UID;
> -
> - become_root();
> - ret = pdb_id_to_sid(&id, psid);
> - unbecome_root();
> -
> - if (ret) {
> - /* This is a mapped user */
> - goto done;
> - }
> -
> - /* This is an unmapped user */
> -
> - uid_to_unix_users_sid(uid, psid);
> -
> - {
> - struct unixid xid = {
> - .id = uid, .type = ID_TYPE_UID
> - };
> - idmap_cache_set_sid2unixid(psid, &xid);
> - }
> -
> - done:
> - DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
> - dom_sid_str_buf(psid, &buf)));
> -
> - return;
> -}
> -
> -/*****************************************************************
> - *THE LEGACY* convert gid_t to SID function.
> -*****************************************************************/
> -
> -static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
> -{
> - bool ret;
> - struct unixid id;
> - struct dom_sid_buf buf;
> -
> - ZERO_STRUCTP(psid);
> -
> - id.id = gid;
> - id.type = ID_TYPE_GID;
> -
> - become_root();
> - ret = pdb_id_to_sid(&id, psid);
> - unbecome_root();
> -
> - if (ret) {
> - /* This is a mapped group */
> - goto done;
> - }
> -
> - /* This is an unmapped group */
> -
> - gid_to_unix_groups_sid(gid, psid);
> -
> - {
> - struct unixid xid = {
> - .id = gid, .type = ID_TYPE_GID
> - };
> - idmap_cache_set_sid2unixid(psid, &xid);
> - }
> -
> - done:
> - DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
> - dom_sid_str_buf(psid, &buf)));
> -
> - return;
> -}
> -
> -/*****************************************************************
> *THE LEGACY* convert SID to id function.
> *****************************************************************/
>
> @@ -1249,106 +1156,6 @@ static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid)
> return false;
> }
>
> -/*****************************************************************
> - *THE CANONICAL* convert uid_t to SID function.
> -*****************************************************************/
> -
> -void uid_to_sid(struct dom_sid *psid, uid_t uid)
> -{
> - bool expired = true;
> - bool ret;
> - struct dom_sid_buf buf;
> - ZERO_STRUCTP(psid);
> -
> - /* Check the winbindd cache directly. */
> - ret = idmap_cache_find_uid2sid(uid, psid, &expired);
> -
> - if (ret && !expired && is_null_sid(psid)) {
> - /*
> - * Negative cache entry, we already asked.
> - * do legacy.
> - */
> - legacy_uid_to_sid(psid, uid);
> - return;
> - }
> -
> - if (!ret || expired) {
> - /* Not in cache. Ask winbindd. */
> - if (!winbind_uid_to_sid(psid, uid)) {
> - /*
> - * We shouldn't return the NULL SID
> - * here if winbind was running and
> - * couldn't map, as winbind will have
> - * added a negative entry that will
> - * cause us to go though the
> - * legacy_uid_to_sid()
> - * function anyway in the case above
> - * the next time we ask.
> - */
> - DEBUG(5, ("uid_to_sid: winbind failed to find a sid "
> - "for uid %u\n", (unsigned int)uid));
> -
> - legacy_uid_to_sid(psid, uid);
> - return;
> - }
> - }
> -
> - DEBUG(10,("uid %u -> sid %s\n", (unsigned int)uid,
> - dom_sid_str_buf(psid, &buf)));
> -
> - return;
> -}
> -
> -/*****************************************************************
> - *THE CANONICAL* convert gid_t to SID function.
> -*****************************************************************/
> -
> -void gid_to_sid(struct dom_sid *psid, gid_t gid)
> -{
> - bool expired = true;
> - bool ret;
> - struct dom_sid_buf buf;
> - ZERO_STRUCTP(psid);
> -
> - /* Check the winbindd cache directly. */
> - ret = idmap_cache_find_gid2sid(gid, psid, &expired);
> -
> - if (ret && !expired && is_null_sid(psid)) {
> - /*
> - * Negative cache entry, we already asked.
> - * do legacy.
> - */
> - legacy_gid_to_sid(psid, gid);
> - return;
> - }
> -
> - if (!ret || expired) {
> - /* Not in cache. Ask winbindd. */
> - if (!winbind_gid_to_sid(psid, gid)) {
> - /*
> - * We shouldn't return the NULL SID
> - * here if winbind was running and
> - * couldn't map, as winbind will have
> - * added a negative entry that will
> - * cause us to go though the
> - * legacy_gid_to_sid()
> - * function anyway in the case above
> - * the next time we ask.
> - */
> - DEBUG(5, ("gid_to_sid: winbind failed to find a sid "
> - "for gid %u\n", (unsigned int)gid));
> -
> - legacy_gid_to_sid(psid, gid);
> - return;
> - }
> - }
> -
> - DEBUG(10,("gid %u -> sid %s\n", (unsigned int)gid,
> - dom_sid_str_buf(psid, &buf)));
> -
> - return;
> -}
> -
> void xid_to_sid(struct dom_sid *psid, const struct unixid *xid)
> {
> bool expired = true;
> @@ -1423,6 +1230,18 @@ done:
> }
> }
>
> +void uid_to_sid(struct dom_sid *psid, uid_t uid)
> +{
> + struct unixid xid = { .type = ID_TYPE_UID, .id = uid};
> + xid_to_sid(psid, &xid);
> +}
> +
> +void gid_to_sid(struct dom_sid *psid, gid_t gid)
> +{
> + struct unixid xid = { .type = ID_TYPE_GID, .id = gid};
> + xid_to_sid(psid, &xid);
> +}
> +
> bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
> struct unixid *ids)
> {
> --
> 2.11.0
>
>
> From 0316d4cec43ccbf34a78f9a396f32bfd29f07452 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 15:23:17 +0100
> Subject: [PATCH 12/12] lib: Remove some unused code
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
> source3/include/passdb.h | 5 -
> source3/lib/idmap_cache.c | 50 -----
> source3/lib/idmap_cache.h | 2 -
> source3/lib/winbind_util.c | 34 ----
> source3/lib/winbind_util.h | 2 -
> source3/passdb/ABI/samba-passdb-0.27.2.sigs | 306 ++++++++++++++++++++++++++++
> source3/passdb/pdb_unixid.c | 47 -----
> source3/wscript_build | 5 +-
> 8 files changed, 308 insertions(+), 143 deletions(-)
> create mode 100644 source3/passdb/ABI/samba-passdb-0.27.2.sigs
> delete mode 100644 source3/passdb/pdb_unixid.c
>
> diff --git a/source3/include/passdb.h b/source3/include/passdb.h
> index 950c439e7a1..57f1b504941 100644
> --- a/source3/include/passdb.h
> +++ b/source3/include/passdb.h
> @@ -976,11 +976,6 @@ NTSTATUS create_builtin_guests(const struct dom_sid *dom_sid);
> #include "passdb/machine_sid.h"
> #include "passdb/lookup_sid.h"
>
> -/* The following definitions come from passdb/pdb_unixid.c */
> -void unixid_from_uid(struct unixid *id, uint32_t some_uid);
> -void unixid_from_gid(struct unixid *id, uint32_t some_gid);
> -void unixid_from_both(struct unixid *id, uint32_t some_id);
> -
> /* The following definitions come from passdb/pdb_secrets.c
> * and should be used by PDB modules if they need to store
> * sid/guid information for the domain in secrets database
> diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
> index 9d2149844ed..d5a60e73403 100644
> --- a/source3/lib/idmap_cache.c
> +++ b/source3/lib/idmap_cache.c
> @@ -228,56 +228,6 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout,
> }
>
> /**
> - * Find a uid2sid mapping
> - * @param[in] uid the uid to map
> - * @param[out] sid where to put the result
> - * @param[out] expired is the cache entry expired?
> - * @retval Was anything in the cache at all?
> - *
> - * If "is_null_sid(sid)", this was a negative mapping.
> - */
> -
> -bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired)
> -{
> - fstring key;
> - struct idmap_cache_xid2sid_state state;
> -
> - fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)uid);
> -
> - state.sid = sid;
> - state.expired = expired;
> - state.ret = false;
> -
> - gencache_parse(key, idmap_cache_xid2sid_parser, &state);
> - return state.ret;
> -}
> -
> -/**
> - * Find a gid2sid mapping
> - * @param[in] gid the gid to map
> - * @param[out] sid where to put the result
> - * @param[out] expired is the cache entry expired?
> - * @retval Was anything in the cache at all?
> - *
> - * If "is_null_sid(sid)", this was a negative mapping.
> - */
> -
> -bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
> -{
> - fstring key;
> - struct idmap_cache_xid2sid_state state;
> -
> - fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)gid);
> -
> - state.sid = sid;
> - state.expired = expired;
> - state.ret = false;
> -
> - gencache_parse(key, idmap_cache_xid2sid_parser, &state);
> - return state.ret;
> -}
> -
> -/**
> * Find a xid2sid mapping
> * @param[in] id the unix id to map
> * @param[out] sid where to put the result
> diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h
> index d5afa170e1a..5a90902e720 100644
> --- a/source3/lib/idmap_cache.h
> +++ b/source3/lib/idmap_cache.h
> @@ -29,8 +29,6 @@ bool idmap_cache_find_sid2uid(const struct dom_sid *sid, uid_t *puid,
> bool *expired);
> bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
> bool *expired);
> -bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired);
> -bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired);
> bool idmap_cache_find_xid2sid(
> const struct unixid *id, struct dom_sid *sid, bool *expired);
> void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id);
> diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
> index 46c95ca3a28..fe35a6f78d1 100644
> --- a/source3/lib/winbind_util.c
> +++ b/source3/lib/winbind_util.c
> @@ -150,23 +150,6 @@ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid)
> return (result == WBC_ERR_SUCCESS);
> }
>
> -/* Call winbindd to convert uid to sid */
> -
> -bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid)
> -{
> - struct wbcDomainSid dom_sid;
> - wbcErr result;
> -
> - result = wbcUidToSid(uid, &dom_sid);
> - if (result == WBC_ERR_SUCCESS) {
> - memcpy(sid, &dom_sid, sizeof(struct dom_sid));
> - } else {
> - sid_copy(sid, &global_sid_NULL);
> - }
> -
> - return (result == WBC_ERR_SUCCESS);
> -}
> -
> /* Call winbindd to convert SID to gid */
>
> bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid)
> @@ -181,23 +164,6 @@ bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid)
> return (result == WBC_ERR_SUCCESS);
> }
>
> -/* Call winbindd to convert gid to sid */
> -
> -bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
> -{
> - struct wbcDomainSid dom_sid;
> - wbcErr result;
> -
> - result = wbcGidToSid(gid, &dom_sid);
> - if (result == WBC_ERR_SUCCESS) {
> - memcpy(sid, &dom_sid, sizeof(struct dom_sid));
> - } else {
> - sid_copy(sid, &global_sid_NULL);
> - }
> -
> - return (result == WBC_ERR_SUCCESS);
> -}
> -
> bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
> {
> struct wbcUnixId wbc_xid;
> diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
> index 5ecda5a7b09..6056190d7a4 100644
> --- a/source3/lib/winbind_util.h
> +++ b/source3/lib/winbind_util.h
> @@ -36,9 +36,7 @@ bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
> enum lsa_SidType *name_type);
> bool winbind_ping(void);
> bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid);
> -bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid);
> bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid);
> -bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid);
> bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid);
> struct passwd * winbind_getpwnam(const char * sname);
> struct passwd * winbind_getpwsid(const struct dom_sid *sid);
> diff --git a/source3/passdb/ABI/samba-passdb-0.27.2.sigs b/source3/passdb/ABI/samba-passdb-0.27.2.sigs
> new file mode 100644
> index 00000000000..06fc3b76974
> --- /dev/null
> +++ b/source3/passdb/ABI/samba-passdb-0.27.2.sigs
> @@ -0,0 +1,306 @@
> +PDB_secrets_clear_domain_protection: bool (const char *)
> +PDB_secrets_fetch_domain_guid: bool (const char *, struct GUID *)
> +PDB_secrets_fetch_domain_sid: bool (const char *, struct dom_sid *)
> +PDB_secrets_mark_domain_protected: bool (const char *)
> +PDB_secrets_store_domain_guid: bool (const char *, struct GUID *)
> +PDB_secrets_store_domain_sid: bool (const char *, const struct dom_sid *)
> +account_policy_get: bool (enum pdb_policy_type, uint32_t *)
> +account_policy_get_default: bool (enum pdb_policy_type, uint32_t *)
> +account_policy_get_desc: const char *(enum pdb_policy_type)
> +account_policy_name_to_typenum: enum pdb_policy_type (const char *)
> +account_policy_names_list: void (TALLOC_CTX *, const char ***, int *)
> +account_policy_set: bool (enum pdb_policy_type, uint32_t)
> +add_initial_entry: NTSTATUS (gid_t, const char *, enum lsa_SidType, const char *, const char *)
> +algorithmic_pdb_gid_to_group_rid: uint32_t (gid_t)
> +algorithmic_pdb_rid_is_user: bool (uint32_t)
> +algorithmic_pdb_uid_to_user_rid: uint32_t (uid_t)
> +algorithmic_pdb_user_rid_to_uid: uid_t (uint32_t)
> +algorithmic_rid_base: int (void)
> +builtin_domain_name: const char *(void)
> +cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *)
> +cache_account_policy_set: bool (enum pdb_policy_type, uint32_t)
> +create_builtin_administrators: NTSTATUS (const struct dom_sid *)
> +create_builtin_guests: NTSTATUS (const struct dom_sid *)
> +create_builtin_users: NTSTATUS (const struct dom_sid *)
> +decode_account_policy_name: const char *(enum pdb_policy_type)
> +get_account_pol_db: struct db_context *(void)
> +get_account_policy_attr: const char *(enum pdb_policy_type)
> +get_domain_group_from_sid: bool (struct dom_sid, GROUP_MAP *)
> +get_primary_group_sid: NTSTATUS (TALLOC_CTX *, const char *, struct passwd **, struct dom_sid **)
> +get_privileges_for_sid_as_set: NTSTATUS (TALLOC_CTX *, PRIVILEGE_SET **, struct dom_sid *)
> +get_privileges_for_sids: bool (uint64_t *, struct dom_sid *, int)
> +get_trust_pw_clear: bool (const char *, char **, const char **, enum netr_SchannelType *)
> +get_trust_pw_hash: bool (const char *, uint8_t *, const char **, enum netr_SchannelType *)
> +gid_to_sid: void (struct dom_sid *, gid_t)
> +gid_to_unix_groups_sid: void (gid_t, struct dom_sid *)
> +grab_named_mutex: struct named_mutex *(TALLOC_CTX *, const char *, int)
> +grant_all_privileges: bool (const struct dom_sid *)
> +grant_privilege_by_name: bool (const struct dom_sid *, const char *)
> +grant_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *)
> +groupdb_tdb_init: const struct mapping_backend *(void)
> +init_account_policy: bool (void)
> +init_buffer_from_samu: uint32_t (uint8_t **, struct samu *, bool)
> +init_samu_from_buffer: bool (struct samu *, uint32_t, uint8_t *, uint32_t)
> +initialize_password_db: bool (bool, struct tevent_context *)
> +is_dc_trusted_domain_situation: bool (const char *)
> +is_privileged_sid: bool (const struct dom_sid *)
> +local_password_change: NTSTATUS (const char *, int, const char *, char **, char **)
> +login_cache_delentry: bool (const struct samu *)
> +login_cache_init: bool (void)
> +login_cache_read: bool (struct samu *, struct login_cache *)
> +login_cache_shutdown: bool (void)
> +login_cache_write: bool (const struct samu *, const struct login_cache *)
> +lookup_builtin_name: bool (const char *, uint32_t *)
> +lookup_builtin_rid: bool (TALLOC_CTX *, uint32_t, const char **)
> +lookup_global_sam_name: bool (const char *, int, uint32_t *, enum lsa_SidType *)
> +lookup_name: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *)
> +lookup_name_smbconf: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *)
> +lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *)
> +lookup_sids: NTSTATUS (TALLOC_CTX *, int, const struct dom_sid **, int, struct lsa_dom_info **, struct lsa_name_info **)
> +lookup_wellknown_name: bool (TALLOC_CTX *, const char *, struct dom_sid *, const char **)
> +lookup_wellknown_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **)
> +make_pdb_method: NTSTATUS (struct pdb_methods **)
> +make_pdb_method_name: NTSTATUS (struct pdb_methods **, const char *)
> +max_algorithmic_gid: gid_t (void)
> +max_algorithmic_uid: uid_t (void)
> +pdb_add_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *)
> +pdb_add_group_mapping_entry: NTSTATUS (GROUP_MAP *)
> +pdb_add_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t)
> +pdb_add_sam_account: NTSTATUS (struct samu *)
> +pdb_build_fields_present: uint32_t (struct samu *)
> +pdb_capabilities: uint32_t (void)
> +pdb_copy_sam_account: bool (struct samu *, struct samu *)
> +pdb_create_alias: NTSTATUS (const char *, uint32_t *)
> +pdb_create_builtin: NTSTATUS (uint32_t)
> +pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t)
> +pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *)
> +pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *)
> +pdb_decode_acct_ctrl: uint32_t (const char *)
> +pdb_default_add_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *)
> +pdb_default_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
> +pdb_default_alias_memberships: NTSTATUS (struct pdb_methods *, TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
> +pdb_default_create_alias: NTSTATUS (struct pdb_methods *, const char *, uint32_t *)
> +pdb_default_del_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *)
> +pdb_default_delete_alias: NTSTATUS (struct pdb_methods *, const struct dom_sid *)
> +pdb_default_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid)
> +pdb_default_enum_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *)
> +pdb_default_enum_group_mapping: NTSTATUS (struct pdb_methods *, const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool)
> +pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *)
> +pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t)
> +pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *)
> +pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid)
> +pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *)
> +pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
> +pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *)
> +pdb_del_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t)
> +pdb_del_trusted_domain: NTSTATUS (const char *)
> +pdb_del_trusteddom_pw: bool (const char *)
> +pdb_delete_alias: NTSTATUS (const struct dom_sid *)
> +pdb_delete_dom_group: NTSTATUS (TALLOC_CTX *, uint32_t)
> +pdb_delete_group_mapping_entry: NTSTATUS (struct dom_sid)
> +pdb_delete_sam_account: NTSTATUS (struct samu *)
> +pdb_delete_secret: NTSTATUS (const char *)
> +pdb_delete_user: NTSTATUS (TALLOC_CTX *, struct samu *)
> +pdb_element_is_changed: bool (const struct samu *, enum pdb_elements)
> +pdb_element_is_set_or_changed: bool (const struct samu *, enum pdb_elements)
> +pdb_encode_acct_ctrl: char *(uint32_t, size_t)
> +pdb_enum_alias_memberships: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
> +pdb_enum_aliasmem: NTSTATUS (const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *)
> +pdb_enum_group_mapping: bool (const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool)
> +pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, uint32_t **, size_t *)
> +pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, struct dom_sid **, gid_t **, uint32_t *)
> +pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct pdb_trusted_domain ***)
> +pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***)
> +pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***)
> +pdb_find_backend_entry: struct pdb_init_function_entry *(const char *)
> +pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *)
> +pdb_get_acct_ctrl: uint32_t (const struct samu *)
> +pdb_get_acct_desc: const char *(const struct samu *)
> +pdb_get_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *)
> +pdb_get_backend_private_data: void *(const struct samu *, const struct pdb_methods *)
> +pdb_get_backends: const struct pdb_init_function_entry *(void)
> +pdb_get_bad_password_count: uint16_t (const struct samu *)
> +pdb_get_bad_password_time: time_t (const struct samu *)
> +pdb_get_code_page: uint16_t (const struct samu *)
> +pdb_get_comment: const char *(const struct samu *)
> +pdb_get_country_code: uint16_t (const struct samu *)
> +pdb_get_dir_drive: const char *(const struct samu *)
> +pdb_get_domain: const char *(const struct samu *)
> +pdb_get_domain_info: struct pdb_domain_info *(TALLOC_CTX *)
> +pdb_get_fullname: const char *(const struct samu *)
> +pdb_get_group_rid: uint32_t (struct samu *)
> +pdb_get_group_sid: const struct dom_sid *(struct samu *)
> +pdb_get_homedir: const char *(const struct samu *)
> +pdb_get_hours: const uint8_t *(const struct samu *)
> +pdb_get_hours_len: uint32_t (const struct samu *)
> +pdb_get_init_flags: enum pdb_value_state (const struct samu *, enum pdb_elements)
> +pdb_get_kickoff_time: time_t (const struct samu *)
> +pdb_get_lanman_passwd: const uint8_t *(const struct samu *)
> +pdb_get_logoff_time: time_t (const struct samu *)
> +pdb_get_logon_count: uint16_t (const struct samu *)
> +pdb_get_logon_divs: uint16_t (const struct samu *)
> +pdb_get_logon_script: const char *(const struct samu *)
> +pdb_get_logon_time: time_t (const struct samu *)
> +pdb_get_munged_dial: const char *(const struct samu *)
> +pdb_get_nt_passwd: const uint8_t *(const struct samu *)
> +pdb_get_nt_username: const char *(const struct samu *)
> +pdb_get_pass_can_change: bool (const struct samu *)
> +pdb_get_pass_can_change_time: time_t (const struct samu *)
> +pdb_get_pass_can_change_time_noncalc: time_t (const struct samu *)
> +pdb_get_pass_last_set_time: time_t (const struct samu *)
> +pdb_get_pass_must_change_time: time_t (const struct samu *)
> +pdb_get_plaintext_passwd: const char *(const struct samu *)
> +pdb_get_profile_path: const char *(const struct samu *)
> +pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *)
> +pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **)
> +pdb_get_seq_num: bool (time_t *)
> +pdb_get_tevent_context: struct tevent_context *(void)
> +pdb_get_trust_credentials: NTSTATUS (const char *, const char *, TALLOC_CTX *, struct cli_credentials **)
> +pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **)
> +pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **)
> +pdb_get_trusteddom_creds: NTSTATUS (const char *, TALLOC_CTX *, struct cli_credentials **)
> +pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *)
> +pdb_get_unknown_6: uint32_t (const struct samu *)
> +pdb_get_user_rid: uint32_t (const struct samu *)
> +pdb_get_user_sid: const struct dom_sid *(const struct samu *)
> +pdb_get_username: const char *(const struct samu *)
> +pdb_get_workstations: const char *(const struct samu *)
> +pdb_getgrgid: bool (GROUP_MAP *, gid_t)
> +pdb_getgrnam: bool (GROUP_MAP *, const char *)
> +pdb_getgrsid: bool (GROUP_MAP *, struct dom_sid)
> +pdb_gethexhours: bool (const char *, unsigned char *)
> +pdb_gethexpwd: bool (const char *, unsigned char *)
> +pdb_getsampwnam: bool (struct samu *, const char *)
> +pdb_getsampwsid: bool (struct samu *, const struct dom_sid *)
> +pdb_group_rid_to_gid: gid_t (uint32_t)
> +pdb_id_to_sid: bool (struct unixid *, struct dom_sid *)
> +pdb_increment_bad_password_count: bool (struct samu *)
> +pdb_is_password_change_time_max: bool (time_t)
> +pdb_is_responsible_for_builtin: bool (void)
> +pdb_is_responsible_for_everything_else: bool (void)
> +pdb_is_responsible_for_our_sam: bool (void)
> +pdb_is_responsible_for_unix_groups: bool (void)
> +pdb_is_responsible_for_unix_users: bool (void)
> +pdb_is_responsible_for_wellknown: bool (void)
> +pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *, const char **, enum lsa_SidType *)
> +pdb_new_rid: bool (uint32_t *)
> +pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
> +pdb_nop_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid)
> +pdb_nop_enum_group_mapping: NTSTATUS (struct pdb_methods *, enum lsa_SidType, GROUP_MAP **, size_t *, bool)
> +pdb_nop_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t)
> +pdb_nop_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *)
> +pdb_nop_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid)
> +pdb_nop_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
> +pdb_rename_sam_account: NTSTATUS (struct samu *, const char *)
> +pdb_search_aliases: struct pdb_search *(TALLOC_CTX *, const struct dom_sid *)
> +pdb_search_entries: uint32_t (struct pdb_search *, uint32_t, uint32_t, struct samr_displayentry **)
> +pdb_search_groups: struct pdb_search *(TALLOC_CTX *)
> +pdb_search_users: struct pdb_search *(TALLOC_CTX *, uint32_t)
> +pdb_set_account_policy: bool (enum pdb_policy_type, uint32_t)
> +pdb_set_acct_ctrl: bool (struct samu *, uint32_t, enum pdb_value_state)
> +pdb_set_acct_desc: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *)
> +pdb_set_backend_private_data: bool (struct samu *, void *, void (*)(void **), const struct pdb_methods *, enum pdb_value_state)
> +pdb_set_bad_password_count: bool (struct samu *, uint16_t, enum pdb_value_state)
> +pdb_set_bad_password_time: bool (struct samu *, time_t, enum pdb_value_state)
> +pdb_set_code_page: bool (struct samu *, uint16_t, enum pdb_value_state)
> +pdb_set_comment: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_country_code: bool (struct samu *, uint16_t, enum pdb_value_state)
> +pdb_set_dir_drive: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_domain: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_fullname: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_group_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state)
> +pdb_set_group_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state)
> +pdb_set_homedir: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_hours: bool (struct samu *, const uint8_t *, int, enum pdb_value_state)
> +pdb_set_hours_len: bool (struct samu *, uint32_t, enum pdb_value_state)
> +pdb_set_init_flags: bool (struct samu *, enum pdb_elements, enum pdb_value_state)
> +pdb_set_kickoff_time: bool (struct samu *, time_t, enum pdb_value_state)
> +pdb_set_lanman_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state)
> +pdb_set_logoff_time: bool (struct samu *, time_t, enum pdb_value_state)
> +pdb_set_logon_count: bool (struct samu *, uint16_t, enum pdb_value_state)
> +pdb_set_logon_divs: bool (struct samu *, uint16_t, enum pdb_value_state)
> +pdb_set_logon_script: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_logon_time: bool (struct samu *, time_t, enum pdb_value_state)
> +pdb_set_munged_dial: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_nt_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state)
> +pdb_set_nt_username: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_pass_can_change: bool (struct samu *, bool)
> +pdb_set_pass_can_change_time: bool (struct samu *, time_t, enum pdb_value_state)
> +pdb_set_pass_last_set_time: bool (struct samu *, time_t, enum pdb_value_state)
> +pdb_set_plaintext_passwd: bool (struct samu *, const char *)
> +pdb_set_plaintext_pw_only: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_profile_path: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_pw_history: bool (struct samu *, const uint8_t *, uint32_t, enum pdb_value_state)
> +pdb_set_secret: NTSTATUS (const char *, DATA_BLOB *, DATA_BLOB *, struct security_descriptor *)
> +pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_trusted_domain *)
> +pdb_set_trusteddom_pw: bool (const char *, const char *, const struct dom_sid *)
> +pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *)
> +pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_state)
> +pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **)
> +pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state)
> +pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state)
> +pdb_set_user_sid_from_string: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_username: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_workstations: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_sethexhours: void (char *, const unsigned char *)
> +pdb_sethexpwd: void (char *, const unsigned char *, uint32_t)
> +pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *)
> +pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, struct unixid *)
> +pdb_update_autolock_flag: bool (struct samu *, bool *)
> +pdb_update_bad_password_count: bool (struct samu *, bool *)
> +pdb_update_group_mapping_entry: NTSTATUS (GROUP_MAP *)
> +pdb_update_history: bool (struct samu *, const uint8_t *)
> +pdb_update_login_attempts: NTSTATUS (struct samu *, bool)
> +pdb_update_sam_account: NTSTATUS (struct samu *)
> +privilege_create_account: NTSTATUS (const struct dom_sid *)
> +privilege_delete_account: NTSTATUS (const struct dom_sid *)
> +privilege_enum_sids: NTSTATUS (enum sec_privilege, TALLOC_CTX *, struct dom_sid **, int *)
> +privilege_enumerate_accounts: NTSTATUS (struct dom_sid **, int *)
> +revoke_all_privileges: bool (const struct dom_sid *)
> +revoke_privilege_by_name: bool (const struct dom_sid *, const char *)
> +revoke_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *)
> +samu_alloc_rid_unix: NTSTATUS (struct pdb_methods *, struct samu *, const struct passwd *)
> +samu_new: struct samu *(TALLOC_CTX *)
> +samu_set_unix: NTSTATUS (struct samu *, const struct passwd *)
> +secrets_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***)
> +sid_check_is_builtin: bool (const struct dom_sid *)
> +sid_check_is_for_passdb: bool (const struct dom_sid *)
> +sid_check_is_in_builtin: bool (const struct dom_sid *)
> +sid_check_is_in_unix_groups: bool (const struct dom_sid *)
> +sid_check_is_in_unix_users: bool (const struct dom_sid *)
> +sid_check_is_in_wellknown_domain: bool (const struct dom_sid *)
> +sid_check_is_unix_groups: bool (const struct dom_sid *)
> +sid_check_is_unix_users: bool (const struct dom_sid *)
> +sid_check_is_wellknown_builtin: bool (const struct dom_sid *)
> +sid_check_is_wellknown_domain: bool (const struct dom_sid *, const char **)
> +sid_check_object_is_for_passdb: bool (const struct dom_sid *)
> +sid_to_gid: bool (const struct dom_sid *, gid_t *)
> +sid_to_uid: bool (const struct dom_sid *, uid_t *)
> +sids_to_unixids: bool (const struct dom_sid *, uint32_t, struct unixid *)
> +smb_add_user_group: int (const char *, const char *)
> +smb_create_group: int (const char *, gid_t *)
> +smb_delete_group: int (const char *)
> +smb_delete_user_group: int (const char *, const char *)
> +smb_nscd_flush_group_cache: void (void)
> +smb_nscd_flush_user_cache: void (void)
> +smb_register_passdb: NTSTATUS (int, const char *, pdb_init_function)
> +smb_set_primary_group: int (const char *, const char *)
> +uid_to_sid: void (struct dom_sid *, uid_t)
> +uid_to_unix_users_sid: void (uid_t, struct dom_sid *)
> +unix_groups_domain_name: const char *(void)
> +unix_users_domain_name: const char *(void)
> +wb_is_trusted_domain: wbcErr (const char *)
> +winbind_allocate_gid: bool (gid_t *)
> +winbind_allocate_uid: bool (uid_t *)
> +winbind_getpwnam: struct passwd *(const char *)
> +winbind_getpwsid: struct passwd *(const struct dom_sid *)
> +winbind_lookup_name: bool (const char *, const char *, struct dom_sid *, enum lsa_SidType *)
> +winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, int, uint32_t *, const char **, const char ***, enum lsa_SidType **)
> +winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *)
> +winbind_lookup_usersids: bool (TALLOC_CTX *, const struct dom_sid *, uint32_t *, struct dom_sid **)
> +winbind_ping: bool (void)
> +winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *)
> +winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *)
> +winbind_xid_to_sid: bool (struct dom_sid *, const struct unixid *)
> +xid_to_sid: void (struct dom_sid *, const struct unixid *)
> diff --git a/source3/passdb/pdb_unixid.c b/source3/passdb/pdb_unixid.c
> deleted file mode 100644
> index 59b157668a2..00000000000
> --- a/source3/passdb/pdb_unixid.c
> +++ /dev/null
> @@ -1,47 +0,0 @@
> -/*
> - * Unix SMB/CIFS implementation.
> - * IDMAP unixid utility functions
> - * Copyright (C) Alexander Bokovoy 2012
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 3 of the License, or
> - * (at your option) any later version.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License
> - * along with this program; if not, see <http://www.gnu.org/licenses/>.
> - */
> -
> -#include "includes.h"
> -#include "passdb.h"
> -#include "../librpc/gen_ndr/idmap.h"
> -
> -void unixid_from_uid(struct unixid *id, uint32_t some_uid)
> -{
> - if(id) {
> - id->id = some_uid;
> - id->type = ID_TYPE_UID;
> - }
> -}
> -
> -void unixid_from_gid(struct unixid *id, uint32_t some_gid)
> -{
> - if(id) {
> - id->id = some_gid;
> - id->type = ID_TYPE_GID;
> - }
> -}
> -
> -void unixid_from_both(struct unixid *id, uint32_t some_id)
> -{
> - if(id) {
> - id->id = some_id;
> - id->type = ID_TYPE_BOTH;
> - }
> -}
> -
> diff --git a/source3/wscript_build b/source3/wscript_build
> index e0b983ae2b2..04df7645622 100644
> --- a/source3/wscript_build
> +++ b/source3/wscript_build
> @@ -149,7 +149,7 @@ bld.SAMBA3_LIBRARY('samba-passdb',
> ''',
> abi_match=private_pdb_match,
> abi_directory='passdb/ABI',
> - vnum='0.27.1')
> + vnum='0.27.2')
>
> bld.SAMBA3_SUBSYSTEM('pdb',
> source='''
> @@ -168,8 +168,7 @@ bld.SAMBA3_SUBSYSTEM('pdb',
> lib/winbind_util.c
> passdb/pdb_util.c
> passdb/pdb_interface.c
> - passdb/pdb_secrets.c
> - passdb/pdb_unixid.c''',
> + passdb/pdb_secrets.c''',
> deps='''
> secrets3
> GROUPDB
> --
> 2.11.0
>
More information about the samba-technical
mailing list