[PATCH] Fix idmap cache pollution with S-1-22-

Christof Schmitt cs at samba.org
Wed Feb 27 23:36:34 UTC 2019


On Wed, Feb 27, 2019 at 07:04:46PM +0100, Volker Lendecke via samba-technical wrote:
> Hi!
> 
> Attached find a patchset that fixes a problem in a customer
> environment: A short-term hickup in winbind communication for a
> uid2sid call made smbd fall back to legacy_uid_to_sid, filling the
> idmap cache with S-1-22-1-uid for a week. The main point is that
> conversion to S-1-22-x should not be cached, as this is a fallback of
> last resort. On that way, this cleans up that code path a bit.
> 
> Review appreciated!

You can also add my RB+ to the testcase.

One detail there:

+       xid.type = ID_TYPE_UID;
+       ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired);
+       if (ret) {
+               fprintf(stderr,
+                       "idmap_cache_find_xid2sid found a GID where it "
+                       "should not\n");
+               goto done;
+       }

Since you are asking for a uid, the fprintf should call out the UID, not
a GID.

As this fixes a bug, i would also vote for a bugzilla backport.

Christof

> 
> Thanks, Volker
> 
> -- 
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: 0551-370000-0, mailto:kontakt at sernet.de
> Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
> AG Göttingen: HR-B 2816 - http://www.sernet.de

> From 0f677bc59aa00a86f8f0ffc3eef405f694338c5e Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 11:06:29 +0100
> Subject: [PATCH 01/12] libwbclient: Protect wbcCtxUnixIdsToSids against
>  integer-wrap
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
>  nsswitch/libwbclient/wbc_idmap.c | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/nsswitch/libwbclient/wbc_idmap.c b/nsswitch/libwbclient/wbc_idmap.c
> index f61efb92b8d..6876a95316c 100644
> --- a/nsswitch/libwbclient/wbc_idmap.c
> +++ b/nsswitch/libwbclient/wbc_idmap.c
> @@ -423,10 +423,20 @@ wbcErr wbcCtxUnixIdsToSids(struct wbcContext *ctx,
>  	wbcErr wbc_status;
>  	char *buf;
>  	char *s;
> +	const size_t sidlen = (1 /* U/G */ + 10 /* 2^32 */ + 1 /* \n */);
>  	size_t ofs, buflen;
>  	uint32_t i;
>  
> -	buflen = num_ids * (1 /* U/G */ + 10 /* 2^32 */ + 1 /* \n */) + 1;
> +	if (num_ids > SIZE_MAX / sidlen) {
> +		return WBC_ERR_NO_MEMORY; /* overflow */
> +	}
> +	buflen = num_ids * sidlen;
> +
> +	buflen += 1;		/* trailing \0 */
> +	if (buflen < 1) {
> +		return WBC_ERR_NO_MEMORY; /* overflow */
> +	}
> +
>  	buf = malloc(buflen);
>  	if (buf == NULL) {
>  		return WBC_ERR_NO_MEMORY;
> -- 
> 2.11.0
> 
> 
> From 4d55dbba240da207cd6d86e2a2e5d86db969ef6e Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Mon, 25 Feb 2019 14:38:50 +0100
> Subject: [PATCH 02/12] lib: Make idmap_cache return negative mappings
> 
> Without this we'd query non-existent mappings over and over
> again.
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
>  source3/lib/idmap_cache.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
> index 77618dd5aa1..244a727e01b 100644
> --- a/source3/lib/idmap_cache.c
> +++ b/source3/lib/idmap_cache.c
> @@ -215,7 +215,12 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout,
>  
>  	value = (char *)blob.data;
>  
> -	if (value[0] != '-') {
> +	if ((value[0] == '-') && (value[1] == '\0')) {
> +		/*
> +		 * Return NULL SID, see comment to uid2sid
> +		 */
> +		state->ret = true;
> +	} else {
>  		state->ret = string_to_sid(state->sid, value);
>  	}
>  	if (state->ret) {
> -- 
> 2.11.0
> 
> 
> From 1d48315184d311cae724685b7546ade91b1ae8bd Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 12:46:39 +0100
> Subject: [PATCH 03/12] idmap_cache: Only touch "sid" on success in
>  find_xid_to_sid
> 
> Why? This makes the negative mapping condition (is_null_sid) more
> explicit in the code.
> 
> The callers in lookup_sid initialized "psid" anyway before, and the ones
> in wb_xids2sids now do as well. This is more in line with other APIs we
> have: Only touch output parameters if you have something to say.
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
>  source3/lib/idmap_cache.c       | 5 ++---
>  source3/winbindd/wb_xids2sids.c | 2 +-
>  2 files changed, 3 insertions(+), 4 deletions(-)
> 
> diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
> index 244a727e01b..10c1e8b1e7a 100644
> --- a/source3/lib/idmap_cache.c
> +++ b/source3/lib/idmap_cache.c
> @@ -203,13 +203,11 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout,
>  		(struct idmap_cache_xid2sid_state *)private_data;
>  	char *value;
>  
> -	ZERO_STRUCTP(state->sid);
> -	state->ret = false;
> -
>  	if ((blob.length == 0) || (blob.data[blob.length-1] != 0)) {
>  		/*
>  		 * Not a string, can't be a valid mapping
>  		 */
> +		state->ret = false;
>  		return;
>  	}
>  
> @@ -219,6 +217,7 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout,
>  		/*
>  		 * Return NULL SID, see comment to uid2sid
>  		 */
> +		*state->sid = (struct dom_sid) {0};
>  		state->ret = true;
>  	} else {
>  		state->ret = string_to_sid(state->sid, value);
> diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
> index 95dda89e40f..9e622529c17 100644
> --- a/source3/winbindd/wb_xids2sids.c
> +++ b/source3/winbindd/wb_xids2sids.c
> @@ -465,7 +465,7 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx,
>  		uint32_t i;
>  
>  		for (i=0; i<num_xids; i++) {
> -			struct dom_sid sid;
> +			struct dom_sid sid = {0};
>  			bool ok, expired;
>  
>  			switch (xids[i].type) {
> -- 
> 2.11.0
> 
> 
> From 722b4f5996534a8ba95e31741eca5dce8cd013c9 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 12:52:28 +0100
> Subject: [PATCH 04/12] winbind: Initialize "expired" parameter to
>  idmap_cache_xid2sid
> 
> The code in idmap_cache only touches its output parameters upon success
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
>  source3/winbindd/wb_xids2sids.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
> index 9e622529c17..386ac3ef0ed 100644
> --- a/source3/winbindd/wb_xids2sids.c
> +++ b/source3/winbindd/wb_xids2sids.c
> @@ -466,7 +466,7 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx,
>  
>  		for (i=0; i<num_xids; i++) {
>  			struct dom_sid sid = {0};
> -			bool ok, expired;
> +			bool ok, expired = true;
>  
>  			switch (xids[i].type) {
>  			    case ID_TYPE_UID:
> -- 
> 2.11.0
> 
> 
> From 2f6812dd9c44831ad42d588b33abc15f2fb63ab6 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Mon, 25 Feb 2019 14:55:00 +0100
> Subject: [PATCH 05/12] winbind: Now we explicitly track if we got ids from
>  cache
> 
> This now properly makes us use negative cache entries
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
>  source3/winbindd/wb_xids2sids.c | 14 ++++++++++----
>  1 file changed, 10 insertions(+), 4 deletions(-)
> 
> diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
> index 386ac3ef0ed..719f687258d 100644
> --- a/source3/winbindd/wb_xids2sids.c
> +++ b/source3/winbindd/wb_xids2sids.c
> @@ -246,6 +246,7 @@ static NTSTATUS wb_xids2sids_init_dom_maps_recv(struct tevent_req *req)
>  struct wb_xids2sids_dom_state {
>  	struct tevent_context *ev;
>  	struct unixid *all_xids;
> +	const bool *cached;
>  	size_t num_all_xids;
>  	struct dom_sid *all_sids;
>  	struct wb_xids2sids_dom_map *dom_map;
> @@ -262,7 +263,10 @@ static void wb_xids2sids_dom_gotdc(struct tevent_req *subreq);
>  static struct tevent_req *wb_xids2sids_dom_send(
>  	TALLOC_CTX *mem_ctx, struct tevent_context *ev,
>  	struct wb_xids2sids_dom_map *dom_map,
> -	struct unixid *xids, size_t num_xids, struct dom_sid *sids)
> +	struct unixid *xids,
> +	const bool *cached,
> +	size_t num_xids,
> +	struct dom_sid *sids)
>  {
>  	struct tevent_req *req, *subreq;
>  	struct wb_xids2sids_dom_state *state;
> @@ -276,6 +280,7 @@ static struct tevent_req *wb_xids2sids_dom_send(
>  	}
>  	state->ev = ev;
>  	state->all_xids = xids;
> +	state->cached = cached;
>  	state->num_all_xids = num_xids;
>  	state->all_sids = sids;
>  	state->dom_map = dom_map;
> @@ -296,7 +301,7 @@ static struct tevent_req *wb_xids2sids_dom_send(
>  			/* out of range */
>  			continue;
>  		}
> -		if (!is_null_sid(&state->all_sids[i])) {
> +		if (state->cached[i]) {
>  			/* already mapped */
>  			continue;
>  		}
> @@ -363,7 +368,7 @@ static void wb_xids2sids_dom_done(struct tevent_req *subreq)
>  			/* out of range */
>  			continue;
>  		}
> -		if (!is_null_sid(&state->all_sids[i])) {
> +		if (state->cached[i]) {
>  			/* already mapped */
>  			continue;
>  		}
> @@ -525,7 +530,7 @@ static void wb_xids2sids_init_dom_maps_done(struct tevent_req *subreq)
>  
>  	subreq = wb_xids2sids_dom_send(
>  		state, state->ev, &dom_maps[state->dom_idx],
> -		state->xids, state->num_xids, state->sids);
> +		state->xids, state->cached, state->num_xids, state->sids);
>  	if (tevent_req_nomem(subreq, req)) {
>  		return;
>  	}
> @@ -556,6 +561,7 @@ static void wb_xids2sids_done(struct tevent_req *subreq)
>  					       state->ev,
>  					       &dom_maps[state->dom_idx],
>  					       state->xids,
> +					       state->cached,
>  					       state->num_xids,
>  					       state->sids);
>  		if (tevent_req_nomem(subreq, req)) {
> -- 
> 2.11.0
> 
> 
> From 4fd29fd07d108309db6383f5645e081f3251b72a Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 14:32:52 +0100
> Subject: [PATCH 06/12] idmap_cache: Introduce idmap_cache_find_xid2sid
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
>  source3/lib/idmap_cache.c | 36 ++++++++++++++++++++++++++++++++++++
>  source3/lib/idmap_cache.h |  2 ++
>  2 files changed, 38 insertions(+)
> 
> diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
> index 10c1e8b1e7a..9d2149844ed 100644
> --- a/source3/lib/idmap_cache.c
> +++ b/source3/lib/idmap_cache.c
> @@ -278,6 +278,42 @@ bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
>  }
>  
>  /**
> + * Find a xid2sid mapping
> + * @param[in] id		the unix id to map
> + * @param[out] sid		where to put the result
> + * @param[out] expired		is the cache entry expired?
> + * @retval Was anything in the cache at all?
> + *
> + * If "is_null_sid(sid)", this was a negative mapping.
> + */
> +bool idmap_cache_find_xid2sid(
> +	const struct unixid *id, struct dom_sid *sid, bool *expired)
> +{
> +	struct idmap_cache_xid2sid_state state = {
> +		.sid = sid, .expired = expired
> +	};
> +	fstring key;
> +	char c;
> +
> +	switch (id->type) {
> +	case ID_TYPE_UID:
> +		c = 'U';
> +		break;
> +	case ID_TYPE_GID:
> +		c = 'G';
> +		break;
> +	default:
> +		return false;
> +	}
> +
> +	fstr_sprintf(key, "IDMAP/%cID2SID/%d", c, (int)id->id);
> +
> +	gencache_parse(key, idmap_cache_xid2sid_parser, &state);
> +	return state.ret;
> +}
> +
> +
> +/**
>   * Store a mapping in the idmap cache
>   * @param[in] sid		the sid to map
>   * @param[in] unix_id		the unix_id to map
> diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h
> index dc497022e3b..d5afa170e1a 100644
> --- a/source3/lib/idmap_cache.h
> +++ b/source3/lib/idmap_cache.h
> @@ -31,6 +31,8 @@ bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
>  			      bool *expired);
>  bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired);
>  bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired);
> +bool idmap_cache_find_xid2sid(
> +	const struct unixid *id, struct dom_sid *sid, bool *expired);
>  void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id);
>  
>  bool idmap_cache_del_uid(uid_t uid);
> -- 
> 2.11.0
> 
> 
> From 4f75d0bb27ddea5461d1a29e24152a885e8d621f Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Wed, 27 Feb 2019 14:54:12 +0100
> Subject: [PATCH 07/12] torture: Add tests for idmap cache
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
>  source3/selftest/tests.py          |   1 +
>  source3/torture/proto.h            |   1 +
>  source3/torture/test_idmap_cache.c | 122 +++++++++++++++++++++++++++++++++++++
>  source3/torture/torture.c          |   4 ++
>  source3/wscript_build              |   1 +
>  5 files changed, 129 insertions(+)
>  create mode 100644 source3/torture/test_idmap_cache.c
> 
> diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
> index 5d7e4969e59..e8d516573dd 100755
> --- a/source3/selftest/tests.py
> +++ b/source3/selftest/tests.py
> @@ -200,6 +200,7 @@ local_tests = [
>      "LOCAL-G-LOCK5",
>      "LOCAL-G-LOCK6",
>      "LOCAL-NAMEMAP-CACHE1",
> +    "LOCAL-IDMAP-CACHE1",
>      "LOCAL-hex_encode_buf",
>      "LOCAL-remove_duplicate_addrs2"]
>  
> diff --git a/source3/torture/proto.h b/source3/torture/proto.h
> index 669e077051e..b4a2007fa77 100644
> --- a/source3/torture/proto.h
> +++ b/source3/torture/proto.h
> @@ -137,6 +137,7 @@ bool run_g_lock5(int dummy);
>  bool run_g_lock6(int dummy);
>  bool run_g_lock_ping_pong(int dummy);
>  bool run_local_namemap_cache1(int dummy);
> +bool run_local_idmap_cache1(int dummy);
>  bool run_hidenewfiles(int dummy);
>  
>  #endif /* __TORTURE_H__ */
> diff --git a/source3/torture/test_idmap_cache.c b/source3/torture/test_idmap_cache.c
> new file mode 100644
> index 00000000000..fbe04207cb2
> --- /dev/null
> +++ b/source3/torture/test_idmap_cache.c
> @@ -0,0 +1,122 @@
> +/*
> + * Unix SMB/CIFS implementation.
> + * Test dbwrap_watch API
> + * Copyright (C) Volker Lendecke 2017
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 3 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program.  If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include "includes.h"
> +#include "torture/proto.h"
> +#include "lib/idmap_cache.h"
> +#include "librpc/gen_ndr/idmap.h"
> +#include "libcli/security/dom_sid.h"
> +
> +bool run_local_idmap_cache1(int dummy)
> +{
> +	struct dom_sid sid, found_sid;
> +	struct unixid xid, found_xid;
> +	bool ret = false;
> +	bool expired = false;
> +
> +	xid = (struct unixid) { .id = 1234, .type = ID_TYPE_UID };
> +	dom_sid_parse("S-1-5-21-2864185242-3846410404-2398417794-1235", &sid);
> +	idmap_cache_set_sid2unixid(&sid, &xid);
> +
> +	ret = idmap_cache_find_sid2unixid(&sid, &found_xid, &expired);
> +	if (!ret) {
> +		fprintf(stderr, "idmap_cache_find_sid2unixid failed\n");
> +		goto done;
> +	}
> +	if (expired) {
> +		fprintf(stderr,
> +			"idmap_cache_find_sid2unixid returned an expired "
> +			"value\n");
> +		goto done;
> +	}
> +	if ((xid.type != found_xid.type) || (xid.id != found_xid.id)) {
> +		fprintf(stderr,
> +			"idmap_cache_find_sid2unixid returned wrong "
> +			"values\n");
> +		goto done;
> +	}
> +
> +	ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired);
> +	if (!ret) {
> +		fprintf(stderr, "idmap_cache_find_xid2sid failed\n");
> +		goto done;
> +	}
> +	if (expired) {
> +		fprintf(stderr,
> +			"idmap_cache_find_xid2sid returned an expired "
> +			"value\n");
> +		goto done;
> +	}
> +	if (!dom_sid_equal(&sid, &found_sid)) {
> +		fprintf(stderr,
> +			"idmap_cache_find_xid2sid returned wrong sid\n");
> +		goto done;
> +	}
> +
> +	xid.type = ID_TYPE_GID;
> +
> +	ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired);
> +	if (ret) {
> +		fprintf(stderr,
> +			"idmap_cache_find_xid2sid found a GID where it "
> +			"should not\n");
> +		goto done;
> +	}
> +
> +	idmap_cache_del_sid(&sid);
> +
> +	xid.type = ID_TYPE_UID;
> +	ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired);
> +	if (ret) {
> +		fprintf(stderr,
> +			"idmap_cache_find_xid2sid found a GID where it "
> +			"should not\n");
> +		goto done;
> +	}
> +
> +	/*
> +	 * Test that negative mappings can also be cached
> +	 */
> +	sid = (struct dom_sid) {0};
> +	xid = (struct unixid) { .id = 1234, .type = ID_TYPE_UID };
> +	idmap_cache_set_sid2unixid(&sid, &xid);
> +
> +	ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired);
> +	if (!ret) {
> +		fprintf(stderr,
> +			"idmap_cache_find_xid2sid failed to find "
> +			"negative mapping\n");
> +		goto done;
> +	}
> +	if (expired) {
> +		fprintf(stderr,
> +			"idmap_cache_find_xid2sid returned an expired "
> +			"value\n");
> +		goto done;
> +	}
> +	if (!dom_sid_equal(&sid, &found_sid)) {
> +		fprintf(stderr,
> +			"idmap_cache_find_xid2sid returned wrong sid\n");
> +		goto done;
> +	}
> +
> +	ret = true;
> +done:
> +	return ret;
> +}
> diff --git a/source3/torture/torture.c b/source3/torture/torture.c
> index b47f247356c..3df5e409c57 100644
> --- a/source3/torture/torture.c
> +++ b/source3/torture/torture.c
> @@ -12535,6 +12535,10 @@ static struct {
>  		.fn    = run_local_namemap_cache1,
>  	},
>  	{
> +		.name  = "LOCAL-IDMAP-CACHE1",
> +		.fn    = run_local_idmap_cache1,
> +	},
> +	{
>  		.name  = "qpathinfo-bufsize",
>  		.fn    = run_qpathinfo_bufsize,
>  	},
> diff --git a/source3/wscript_build b/source3/wscript_build
> index aa8fdc17567..e0b983ae2b2 100644
> --- a/source3/wscript_build
> +++ b/source3/wscript_build
> @@ -1198,6 +1198,7 @@ bld.SAMBA3_BINARY('smbtorture' + bld.env.suffix3,
>                          torture/wbc_async.c
>                          torture/test_g_lock.c
>                          torture/test_namemap_cache.c
> +                        torture/test_idmap_cache.c
>                          torture/test_hidenewfiles.c
>                          ''',
>                   deps='''
> -- 
> 2.11.0
> 
> 
> From 9f826b39c2644e8f6a3eeafb7c7c89e59dff209c Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 14:34:56 +0100
> Subject: [PATCH 08/12] winbind: Use idmap_cache_find_xid2sid
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
>  source3/winbindd/wb_xids2sids.c | 15 ++-------------
>  1 file changed, 2 insertions(+), 13 deletions(-)
> 
> diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
> index 719f687258d..383fc67bc8d 100644
> --- a/source3/winbindd/wb_xids2sids.c
> +++ b/source3/winbindd/wb_xids2sids.c
> @@ -473,19 +473,8 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx,
>  			struct dom_sid sid = {0};
>  			bool ok, expired = true;
>  
> -			switch (xids[i].type) {
> -			    case ID_TYPE_UID:
> -				    ok = idmap_cache_find_uid2sid(
> -					    xids[i].id, &sid, &expired);
> -				    break;
> -			    case ID_TYPE_GID:
> -				    ok = idmap_cache_find_gid2sid(
> -					    xids[i].id, &sid, &expired);
> -				    break;
> -			    default:
> -				    ok = false;
> -			}
> -
> +			ok = idmap_cache_find_xid2sid(
> +				&xids[i], &sid, &expired);
>  			if (ok && !expired) {
>  				struct dom_sid_buf buf;
>  				DBG_DEBUG("Found %cID in cache: %s\n",
> -- 
> 2.11.0
> 
> 
> From 37c1dca5b213edea267d9e735edf6ea1c67b91d4 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 14:45:32 +0100
> Subject: [PATCH 09/12] lib: Introduce winbind_xid_to_sid
> 
> This does not merge a winbind communication error into
> "global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not
> go along with is_null_sid(). Instead, this just touches the output sid
> when winbind returned success. This success might well be a negative
> mapping indicated by S-0-0, which *is* is_null_sid()...
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
>  source3/lib/winbind_util.c | 30 ++++++++++++++++++++++++++++++
>  source3/lib/winbind_util.h |  2 ++
>  2 files changed, 32 insertions(+)
> 
> diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
> index a072166ce18..46c95ca3a28 100644
> --- a/source3/lib/winbind_util.c
> +++ b/source3/lib/winbind_util.c
> @@ -198,6 +198,36 @@ bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
>  	return (result == WBC_ERR_SUCCESS);
>  }
>  
> +bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
> +{
> +	struct wbcUnixId wbc_xid;
> +	struct wbcDomainSid dom_sid;
> +	wbcErr result;
> +
> +	switch (xid->type) {
> +	case ID_TYPE_UID:
> +		wbc_xid = (struct wbcUnixId) {
> +			.type = WBC_ID_TYPE_UID, .id.uid = xid->id
> +		};
> +		break;
> +	case ID_TYPE_GID:
> +		wbc_xid = (struct wbcUnixId) {
> +			.type = WBC_ID_TYPE_GID, .id.gid = xid->id
> +		};
> +		break;
> +	default:
> +		return false;
> +	}
> +
> +	result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid);
> +	if (result != WBC_ERR_SUCCESS) {
> +		return false;
> +	}
> +
> +	memcpy(sid, &dom_sid, sizeof(struct dom_sid));
> +	return true;
> +}
> +
>  /* Check for a trusted domain */
>  
>  wbcErr wb_is_trusted_domain(const char *domain)
> diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
> index c2bf0e02d76..5ecda5a7b09 100644
> --- a/source3/lib/winbind_util.h
> +++ b/source3/lib/winbind_util.h
> @@ -22,6 +22,7 @@
>  #define __LIB__WINBIND_UTIL_H__
>  
>  #include "../librpc/gen_ndr/lsa.h"
> +#include "librpc/gen_ndr/idmap.h"
>  
>  /* needed for wbcErr below */
>  #include "nsswitch/libwbclient/wbclient.h"
> @@ -38,6 +39,7 @@ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid);
>  bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid);
>  bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid);
>  bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid);
> +bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid);
>  struct passwd * winbind_getpwnam(const char * sname);
>  struct passwd * winbind_getpwsid(const struct dom_sid *sid);
>  wbcErr wb_is_trusted_domain(const char *domain);
> -- 
> 2.11.0
> 
> 
> From 927e422635a23f7324cc98e32b3b598bec39626b Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 15:10:21 +0100
> Subject: [PATCH 10/12] passdb: Introduce xid_to_sid
> 
> This explicitly avoids the legacy_[ug]id_to_sid calls, which create
> long-term cache entries to S-1-22-x-y if anthing fails. We can't do
> this, because this will turn temporary winbind communication failures
> into long-term problems: A short hickup in winbind_uid_to_sid will
> create a mapping to S-1-22-1-uid for a week. It should be up to the
> lower layers to do the caching.
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
>  source3/passdb/lookup_sid.c | 74 +++++++++++++++++++++++++++++++++++++++++++++
>  source3/passdb/lookup_sid.h |  1 +
>  2 files changed, 75 insertions(+)
> 
> diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
> index bf3ded6683e..bdd8082afb4 100644
> --- a/source3/passdb/lookup_sid.c
> +++ b/source3/passdb/lookup_sid.c
> @@ -1349,6 +1349,80 @@ void gid_to_sid(struct dom_sid *psid, gid_t gid)
>  	return;
>  }
>  
> +void xid_to_sid(struct dom_sid *psid, const struct unixid *xid)
> +{
> +	bool expired = true;
> +	bool ret;
> +	struct dom_sid_buf buf;
> +
> +	SMB_ASSERT(xid->type == ID_TYPE_UID || xid->type == ID_TYPE_GID);
> +
> +	*psid = (struct dom_sid) {0};
> +
> +	ret = idmap_cache_find_xid2sid(xid, psid, &expired);
> +	if (ret && !expired) {
> +		DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n",
> +			  xid->type == ID_TYPE_UID ? 'U' : 'G',
> +			  xid->id,
> +			  dom_sid_str_buf(psid, &buf));
> +		goto done;
> +	}
> +
> +	ret = winbind_xid_to_sid(psid, xid);
> +	if (ret) {
> +		/*
> +		 * winbind can return an explicit negative mapping
> +		 * here. It's up to winbind to prime the cache either
> +		 * positively or negatively, don't mess with the cache
> +		 * here.
> +		 */
> +		DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n",
> +			  xid->type == ID_TYPE_UID ? 'U' : 'G',
> +			  xid->id,
> +			  dom_sid_str_buf(psid, &buf));
> +		goto done;
> +	}
> +
> +	{
> +		/*
> +		 * Make a copy, pdb_id_to_sid might want to turn
> +		 * xid->type into ID_TYPE_BOTH, which we ignore here.
> +		 */
> +		struct unixid rw_xid = *xid;
> +
> +		become_root();
> +		ret = pdb_id_to_sid(&rw_xid, psid);
> +		unbecome_root();
> +	}
> +
> +	if (ret) {
> +		DBG_DEBUG("%cID %"PRIu32" -> %s from passdb\n",
> +			  xid->type == ID_TYPE_UID ? 'U' : 'G',
> +			  xid->id,
> +			  dom_sid_str_buf(psid, &buf));
> +		goto done;
> +	}
> +
> +done:
> +	if (is_null_sid(psid)) {
> +		/*
> +		 * Nobody found anything: Return S-1-22-xx-yy. Don't
> +		 * store that in caches, this is up to the layers
> +		 * beneath us.
> +		 */
> +		if (xid->type == ID_TYPE_UID) {
> +			uid_to_unix_users_sid(xid->id, psid);
> +		} else {
> +			gid_to_unix_groups_sid(xid->id, psid);
> +		}
> +
> +		DBG_DEBUG("%cID %"PRIu32" -> %s fallback\n",
> +			  xid->type == ID_TYPE_UID ? 'U' : 'G',
> +			  xid->id,
> +			  dom_sid_str_buf(psid, &buf));
> +	}
> +}
> +
>  bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
>  		     struct unixid *ids)
>  {
> diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h
> index 8b5edf6bcb8..8a21cca2a4d 100644
> --- a/source3/passdb/lookup_sid.h
> +++ b/source3/passdb/lookup_sid.h
> @@ -83,6 +83,7 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
>  		enum lsa_SidType *ret_type);
>  void uid_to_sid(struct dom_sid *psid, uid_t uid);
>  void gid_to_sid(struct dom_sid *psid, gid_t gid);
> +void xid_to_sid(struct dom_sid *psid, const struct unixid *xid);
>  bool sid_to_uid(const struct dom_sid *psid, uid_t *puid);
>  bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid);
>  bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
> -- 
> 2.11.0
> 
> 
> From 37c7c607ea3328b408ae2481d86d07eaa8c1a003 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 15:17:36 +0100
> Subject: [PATCH 11/12] passdb: Make [ug]id_to_sid use xid_to_sid
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
>  source3/passdb/lookup_sid.c | 205 +++-----------------------------------------
>  1 file changed, 12 insertions(+), 193 deletions(-)
> 
> diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
> index bdd8082afb4..6ab72e57838 100644
> --- a/source3/passdb/lookup_sid.c
> +++ b/source3/passdb/lookup_sid.c
> @@ -1109,99 +1109,6 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
>  }
>  
>  /*****************************************************************
> - Id mapping cache.  This is to avoid Winbind mappings already
> - seen by smbd to be queried too frequently, keeping winbindd
> - busy, and blocking smbd while winbindd is busy with other
> - stuff. Written by Michael Steffens <michael.steffens at hp.com>,
> - modified to use linked lists by jra.
> -*****************************************************************/  
> -
> -
> -/*****************************************************************
> - *THE LEGACY* convert uid_t to SID function.
> -*****************************************************************/  
> -
> -static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
> -{
> -	bool ret;
> -	struct unixid id;
> -	struct dom_sid_buf buf;
> -
> -	ZERO_STRUCTP(psid);
> -
> -	id.id = uid;
> -	id.type = ID_TYPE_UID;
> -
> -	become_root();
> -	ret = pdb_id_to_sid(&id, psid);
> -	unbecome_root();
> -
> -	if (ret) {
> -		/* This is a mapped user */
> -		goto done;
> -	}
> -
> -	/* This is an unmapped user */
> -
> -	uid_to_unix_users_sid(uid, psid);
> -
> -	{
> -		struct unixid xid = {
> -			.id = uid, .type = ID_TYPE_UID
> -		};
> -		idmap_cache_set_sid2unixid(psid, &xid);
> -	}
> -
> - done:
> -	DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
> -		  dom_sid_str_buf(psid, &buf)));
> -
> -	return;
> -}
> -
> -/*****************************************************************
> - *THE LEGACY* convert gid_t to SID function.
> -*****************************************************************/  
> -
> -static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
> -{
> -	bool ret;
> -	struct unixid id;
> -	struct dom_sid_buf buf;
> -
> -	ZERO_STRUCTP(psid);
> -
> -	id.id = gid;
> -	id.type = ID_TYPE_GID;
> -
> -	become_root();
> -	ret = pdb_id_to_sid(&id, psid);
> -	unbecome_root();
> -
> -	if (ret) {
> -		/* This is a mapped group */
> -		goto done;
> -	}
> -
> -	/* This is an unmapped group */
> -
> -	gid_to_unix_groups_sid(gid, psid);
> -
> -	{
> -		struct unixid xid = {
> -			.id = gid, .type = ID_TYPE_GID
> -		};
> -		idmap_cache_set_sid2unixid(psid, &xid);
> -	}
> -
> - done:
> -	DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
> -		  dom_sid_str_buf(psid, &buf)));
> -
> -	return;
> -}
> -
> -/*****************************************************************
>   *THE LEGACY* convert SID to id function.
>  *****************************************************************/  
>  
> @@ -1249,106 +1156,6 @@ static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid)
>  	return false;
>  }
>  
> -/*****************************************************************
> - *THE CANONICAL* convert uid_t to SID function.
> -*****************************************************************/  
> -
> -void uid_to_sid(struct dom_sid *psid, uid_t uid)
> -{
> -	bool expired = true;
> -	bool ret;
> -	struct dom_sid_buf buf;
> -	ZERO_STRUCTP(psid);
> -
> -	/* Check the winbindd cache directly. */
> -	ret = idmap_cache_find_uid2sid(uid, psid, &expired);
> -
> -	if (ret && !expired && is_null_sid(psid)) {
> -		/*
> -		 * Negative cache entry, we already asked.
> -		 * do legacy.
> -		 */
> -		legacy_uid_to_sid(psid, uid);
> -		return;
> -	}
> -
> -	if (!ret || expired) {
> -		/* Not in cache. Ask winbindd. */
> -		if (!winbind_uid_to_sid(psid, uid)) {
> -			/*
> -			 * We shouldn't return the NULL SID
> -			 * here if winbind was running and
> -			 * couldn't map, as winbind will have
> -			 * added a negative entry that will
> -			 * cause us to go though the
> -			 * legacy_uid_to_sid()
> -			 * function anyway in the case above
> -			 * the next time we ask.
> -			 */
> -			DEBUG(5, ("uid_to_sid: winbind failed to find a sid "
> -				  "for uid %u\n", (unsigned int)uid));
> -
> -			legacy_uid_to_sid(psid, uid);
> -			return;
> -		}
> -	}
> -
> -	DEBUG(10,("uid %u -> sid %s\n", (unsigned int)uid,
> -		  dom_sid_str_buf(psid, &buf)));
> -
> -	return;
> -}
> -
> -/*****************************************************************
> - *THE CANONICAL* convert gid_t to SID function.
> -*****************************************************************/  
> -
> -void gid_to_sid(struct dom_sid *psid, gid_t gid)
> -{
> -	bool expired = true;
> -	bool ret;
> -	struct dom_sid_buf buf;
> -	ZERO_STRUCTP(psid);
> -
> -	/* Check the winbindd cache directly. */
> -	ret = idmap_cache_find_gid2sid(gid, psid, &expired);
> -
> -	if (ret && !expired && is_null_sid(psid)) {
> -		/*
> -		 * Negative cache entry, we already asked.
> -		 * do legacy.
> -		 */
> -		legacy_gid_to_sid(psid, gid);
> -		return;
> -	}
> -
> -	if (!ret || expired) {
> -		/* Not in cache. Ask winbindd. */
> -		if (!winbind_gid_to_sid(psid, gid)) {
> -			/*
> -			 * We shouldn't return the NULL SID
> -			 * here if winbind was running and
> -			 * couldn't map, as winbind will have
> -			 * added a negative entry that will
> -			 * cause us to go though the
> -			 * legacy_gid_to_sid()
> -			 * function anyway in the case above
> -			 * the next time we ask.
> -			 */
> -			DEBUG(5, ("gid_to_sid: winbind failed to find a sid "
> -				  "for gid %u\n", (unsigned int)gid));
> -
> -			legacy_gid_to_sid(psid, gid);
> -			return;
> -		}
> -	}
> -
> -	DEBUG(10,("gid %u -> sid %s\n", (unsigned int)gid,
> -		  dom_sid_str_buf(psid, &buf)));
> -
> -	return;
> -}
> -
>  void xid_to_sid(struct dom_sid *psid, const struct unixid *xid)
>  {
>  	bool expired = true;
> @@ -1423,6 +1230,18 @@ done:
>  	}
>  }
>  
> +void uid_to_sid(struct dom_sid *psid, uid_t uid)
> +{
> +	struct unixid xid = { .type = ID_TYPE_UID, .id = uid};
> +	xid_to_sid(psid, &xid);
> +}
> +
> +void gid_to_sid(struct dom_sid *psid, gid_t gid)
> +{
> +	struct unixid xid = { .type = ID_TYPE_GID, .id = gid};
> +	xid_to_sid(psid, &xid);
> +}
> +
>  bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
>  		     struct unixid *ids)
>  {
> -- 
> 2.11.0
> 
> 
> From 0316d4cec43ccbf34a78f9a396f32bfd29f07452 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 26 Feb 2019 15:23:17 +0100
> Subject: [PATCH 12/12] lib: Remove some unused code
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Christof Schmitt <cs at samba.org>
> ---
>  source3/include/passdb.h                    |   5 -
>  source3/lib/idmap_cache.c                   |  50 -----
>  source3/lib/idmap_cache.h                   |   2 -
>  source3/lib/winbind_util.c                  |  34 ----
>  source3/lib/winbind_util.h                  |   2 -
>  source3/passdb/ABI/samba-passdb-0.27.2.sigs | 306 ++++++++++++++++++++++++++++
>  source3/passdb/pdb_unixid.c                 |  47 -----
>  source3/wscript_build                       |   5 +-
>  8 files changed, 308 insertions(+), 143 deletions(-)
>  create mode 100644 source3/passdb/ABI/samba-passdb-0.27.2.sigs
>  delete mode 100644 source3/passdb/pdb_unixid.c
> 
> diff --git a/source3/include/passdb.h b/source3/include/passdb.h
> index 950c439e7a1..57f1b504941 100644
> --- a/source3/include/passdb.h
> +++ b/source3/include/passdb.h
> @@ -976,11 +976,6 @@ NTSTATUS create_builtin_guests(const struct dom_sid *dom_sid);
>  #include "passdb/machine_sid.h"
>  #include "passdb/lookup_sid.h"
>  
> -/* The following definitions come from passdb/pdb_unixid.c */
> -void unixid_from_uid(struct unixid *id, uint32_t some_uid);
> -void unixid_from_gid(struct unixid *id, uint32_t some_gid);
> -void unixid_from_both(struct unixid *id, uint32_t some_id);
> -
>  /* The following definitions come from passdb/pdb_secrets.c
>   * and should be used by PDB modules if they need to store
>   * sid/guid information for the domain in secrets database
> diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
> index 9d2149844ed..d5a60e73403 100644
> --- a/source3/lib/idmap_cache.c
> +++ b/source3/lib/idmap_cache.c
> @@ -228,56 +228,6 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout,
>  }
>  
>  /**
> - * Find a uid2sid mapping
> - * @param[in] uid		the uid to map
> - * @param[out] sid		where to put the result
> - * @param[out] expired		is the cache entry expired?
> - * @retval Was anything in the cache at all?
> - *
> - * If "is_null_sid(sid)", this was a negative mapping.
> - */
> -
> -bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired)
> -{
> -	fstring key;
> -	struct idmap_cache_xid2sid_state state;
> -
> -	fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)uid);
> -
> -	state.sid = sid;
> -	state.expired = expired;
> -	state.ret = false;
> -
> -	gencache_parse(key, idmap_cache_xid2sid_parser, &state);
> -	return state.ret;
> -}
> -
> -/**
> - * Find a gid2sid mapping
> - * @param[in] gid		the gid to map
> - * @param[out] sid		where to put the result
> - * @param[out] expired		is the cache entry expired?
> - * @retval Was anything in the cache at all?
> - *
> - * If "is_null_sid(sid)", this was a negative mapping.
> - */
> -
> -bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
> -{
> -	fstring key;
> -	struct idmap_cache_xid2sid_state state;
> -
> -	fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)gid);
> -
> -	state.sid = sid;
> -	state.expired = expired;
> -	state.ret = false;
> -
> -	gencache_parse(key, idmap_cache_xid2sid_parser, &state);
> -	return state.ret;
> -}
> -
> -/**
>   * Find a xid2sid mapping
>   * @param[in] id		the unix id to map
>   * @param[out] sid		where to put the result
> diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h
> index d5afa170e1a..5a90902e720 100644
> --- a/source3/lib/idmap_cache.h
> +++ b/source3/lib/idmap_cache.h
> @@ -29,8 +29,6 @@ bool idmap_cache_find_sid2uid(const struct dom_sid *sid, uid_t *puid,
>  			      bool *expired);
>  bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
>  			      bool *expired);
> -bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired);
> -bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired);
>  bool idmap_cache_find_xid2sid(
>  	const struct unixid *id, struct dom_sid *sid, bool *expired);
>  void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id);
> diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
> index 46c95ca3a28..fe35a6f78d1 100644
> --- a/source3/lib/winbind_util.c
> +++ b/source3/lib/winbind_util.c
> @@ -150,23 +150,6 @@ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid)
>  	return (result == WBC_ERR_SUCCESS);
>  }
>  
> -/* Call winbindd to convert uid to sid */
> -
> -bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid)
> -{
> -	struct wbcDomainSid dom_sid;
> -	wbcErr result;
> -
> -	result = wbcUidToSid(uid, &dom_sid);
> -	if (result == WBC_ERR_SUCCESS) {
> -		memcpy(sid, &dom_sid, sizeof(struct dom_sid));
> -	} else {
> -		sid_copy(sid, &global_sid_NULL);
> -	}
> -
> -	return (result == WBC_ERR_SUCCESS);
> -}
> -
>  /* Call winbindd to convert SID to gid */
>  
>  bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid)
> @@ -181,23 +164,6 @@ bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid)
>  	return (result == WBC_ERR_SUCCESS);
>  }
>  
> -/* Call winbindd to convert gid to sid */
> -
> -bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
> -{
> -	struct wbcDomainSid dom_sid;
> -	wbcErr result;
> -
> -	result = wbcGidToSid(gid, &dom_sid);
> -	if (result == WBC_ERR_SUCCESS) {
> -		memcpy(sid, &dom_sid, sizeof(struct dom_sid));
> -	} else {
> -		sid_copy(sid, &global_sid_NULL);
> -	}
> -
> -	return (result == WBC_ERR_SUCCESS);
> -}
> -
>  bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
>  {
>  	struct wbcUnixId wbc_xid;
> diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
> index 5ecda5a7b09..6056190d7a4 100644
> --- a/source3/lib/winbind_util.h
> +++ b/source3/lib/winbind_util.h
> @@ -36,9 +36,7 @@ bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
>                          enum lsa_SidType *name_type);
>  bool winbind_ping(void);
>  bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid);
> -bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid);
>  bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid);
> -bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid);
>  bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid);
>  struct passwd * winbind_getpwnam(const char * sname);
>  struct passwd * winbind_getpwsid(const struct dom_sid *sid);
> diff --git a/source3/passdb/ABI/samba-passdb-0.27.2.sigs b/source3/passdb/ABI/samba-passdb-0.27.2.sigs
> new file mode 100644
> index 00000000000..06fc3b76974
> --- /dev/null
> +++ b/source3/passdb/ABI/samba-passdb-0.27.2.sigs
> @@ -0,0 +1,306 @@
> +PDB_secrets_clear_domain_protection: bool (const char *)
> +PDB_secrets_fetch_domain_guid: bool (const char *, struct GUID *)
> +PDB_secrets_fetch_domain_sid: bool (const char *, struct dom_sid *)
> +PDB_secrets_mark_domain_protected: bool (const char *)
> +PDB_secrets_store_domain_guid: bool (const char *, struct GUID *)
> +PDB_secrets_store_domain_sid: bool (const char *, const struct dom_sid *)
> +account_policy_get: bool (enum pdb_policy_type, uint32_t *)
> +account_policy_get_default: bool (enum pdb_policy_type, uint32_t *)
> +account_policy_get_desc: const char *(enum pdb_policy_type)
> +account_policy_name_to_typenum: enum pdb_policy_type (const char *)
> +account_policy_names_list: void (TALLOC_CTX *, const char ***, int *)
> +account_policy_set: bool (enum pdb_policy_type, uint32_t)
> +add_initial_entry: NTSTATUS (gid_t, const char *, enum lsa_SidType, const char *, const char *)
> +algorithmic_pdb_gid_to_group_rid: uint32_t (gid_t)
> +algorithmic_pdb_rid_is_user: bool (uint32_t)
> +algorithmic_pdb_uid_to_user_rid: uint32_t (uid_t)
> +algorithmic_pdb_user_rid_to_uid: uid_t (uint32_t)
> +algorithmic_rid_base: int (void)
> +builtin_domain_name: const char *(void)
> +cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *)
> +cache_account_policy_set: bool (enum pdb_policy_type, uint32_t)
> +create_builtin_administrators: NTSTATUS (const struct dom_sid *)
> +create_builtin_guests: NTSTATUS (const struct dom_sid *)
> +create_builtin_users: NTSTATUS (const struct dom_sid *)
> +decode_account_policy_name: const char *(enum pdb_policy_type)
> +get_account_pol_db: struct db_context *(void)
> +get_account_policy_attr: const char *(enum pdb_policy_type)
> +get_domain_group_from_sid: bool (struct dom_sid, GROUP_MAP *)
> +get_primary_group_sid: NTSTATUS (TALLOC_CTX *, const char *, struct passwd **, struct dom_sid **)
> +get_privileges_for_sid_as_set: NTSTATUS (TALLOC_CTX *, PRIVILEGE_SET **, struct dom_sid *)
> +get_privileges_for_sids: bool (uint64_t *, struct dom_sid *, int)
> +get_trust_pw_clear: bool (const char *, char **, const char **, enum netr_SchannelType *)
> +get_trust_pw_hash: bool (const char *, uint8_t *, const char **, enum netr_SchannelType *)
> +gid_to_sid: void (struct dom_sid *, gid_t)
> +gid_to_unix_groups_sid: void (gid_t, struct dom_sid *)
> +grab_named_mutex: struct named_mutex *(TALLOC_CTX *, const char *, int)
> +grant_all_privileges: bool (const struct dom_sid *)
> +grant_privilege_by_name: bool (const struct dom_sid *, const char *)
> +grant_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *)
> +groupdb_tdb_init: const struct mapping_backend *(void)
> +init_account_policy: bool (void)
> +init_buffer_from_samu: uint32_t (uint8_t **, struct samu *, bool)
> +init_samu_from_buffer: bool (struct samu *, uint32_t, uint8_t *, uint32_t)
> +initialize_password_db: bool (bool, struct tevent_context *)
> +is_dc_trusted_domain_situation: bool (const char *)
> +is_privileged_sid: bool (const struct dom_sid *)
> +local_password_change: NTSTATUS (const char *, int, const char *, char **, char **)
> +login_cache_delentry: bool (const struct samu *)
> +login_cache_init: bool (void)
> +login_cache_read: bool (struct samu *, struct login_cache *)
> +login_cache_shutdown: bool (void)
> +login_cache_write: bool (const struct samu *, const struct login_cache *)
> +lookup_builtin_name: bool (const char *, uint32_t *)
> +lookup_builtin_rid: bool (TALLOC_CTX *, uint32_t, const char **)
> +lookup_global_sam_name: bool (const char *, int, uint32_t *, enum lsa_SidType *)
> +lookup_name: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *)
> +lookup_name_smbconf: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *)
> +lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *)
> +lookup_sids: NTSTATUS (TALLOC_CTX *, int, const struct dom_sid **, int, struct lsa_dom_info **, struct lsa_name_info **)
> +lookup_wellknown_name: bool (TALLOC_CTX *, const char *, struct dom_sid *, const char **)
> +lookup_wellknown_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **)
> +make_pdb_method: NTSTATUS (struct pdb_methods **)
> +make_pdb_method_name: NTSTATUS (struct pdb_methods **, const char *)
> +max_algorithmic_gid: gid_t (void)
> +max_algorithmic_uid: uid_t (void)
> +pdb_add_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *)
> +pdb_add_group_mapping_entry: NTSTATUS (GROUP_MAP *)
> +pdb_add_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t)
> +pdb_add_sam_account: NTSTATUS (struct samu *)
> +pdb_build_fields_present: uint32_t (struct samu *)
> +pdb_capabilities: uint32_t (void)
> +pdb_copy_sam_account: bool (struct samu *, struct samu *)
> +pdb_create_alias: NTSTATUS (const char *, uint32_t *)
> +pdb_create_builtin: NTSTATUS (uint32_t)
> +pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t)
> +pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *)
> +pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *)
> +pdb_decode_acct_ctrl: uint32_t (const char *)
> +pdb_default_add_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *)
> +pdb_default_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
> +pdb_default_alias_memberships: NTSTATUS (struct pdb_methods *, TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
> +pdb_default_create_alias: NTSTATUS (struct pdb_methods *, const char *, uint32_t *)
> +pdb_default_del_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *)
> +pdb_default_delete_alias: NTSTATUS (struct pdb_methods *, const struct dom_sid *)
> +pdb_default_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid)
> +pdb_default_enum_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *)
> +pdb_default_enum_group_mapping: NTSTATUS (struct pdb_methods *, const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool)
> +pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *)
> +pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t)
> +pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *)
> +pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid)
> +pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *)
> +pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
> +pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *)
> +pdb_del_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t)
> +pdb_del_trusted_domain: NTSTATUS (const char *)
> +pdb_del_trusteddom_pw: bool (const char *)
> +pdb_delete_alias: NTSTATUS (const struct dom_sid *)
> +pdb_delete_dom_group: NTSTATUS (TALLOC_CTX *, uint32_t)
> +pdb_delete_group_mapping_entry: NTSTATUS (struct dom_sid)
> +pdb_delete_sam_account: NTSTATUS (struct samu *)
> +pdb_delete_secret: NTSTATUS (const char *)
> +pdb_delete_user: NTSTATUS (TALLOC_CTX *, struct samu *)
> +pdb_element_is_changed: bool (const struct samu *, enum pdb_elements)
> +pdb_element_is_set_or_changed: bool (const struct samu *, enum pdb_elements)
> +pdb_encode_acct_ctrl: char *(uint32_t, size_t)
> +pdb_enum_alias_memberships: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
> +pdb_enum_aliasmem: NTSTATUS (const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *)
> +pdb_enum_group_mapping: bool (const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool)
> +pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, uint32_t **, size_t *)
> +pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, struct dom_sid **, gid_t **, uint32_t *)
> +pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct pdb_trusted_domain ***)
> +pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***)
> +pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***)
> +pdb_find_backend_entry: struct pdb_init_function_entry *(const char *)
> +pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *)
> +pdb_get_acct_ctrl: uint32_t (const struct samu *)
> +pdb_get_acct_desc: const char *(const struct samu *)
> +pdb_get_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *)
> +pdb_get_backend_private_data: void *(const struct samu *, const struct pdb_methods *)
> +pdb_get_backends: const struct pdb_init_function_entry *(void)
> +pdb_get_bad_password_count: uint16_t (const struct samu *)
> +pdb_get_bad_password_time: time_t (const struct samu *)
> +pdb_get_code_page: uint16_t (const struct samu *)
> +pdb_get_comment: const char *(const struct samu *)
> +pdb_get_country_code: uint16_t (const struct samu *)
> +pdb_get_dir_drive: const char *(const struct samu *)
> +pdb_get_domain: const char *(const struct samu *)
> +pdb_get_domain_info: struct pdb_domain_info *(TALLOC_CTX *)
> +pdb_get_fullname: const char *(const struct samu *)
> +pdb_get_group_rid: uint32_t (struct samu *)
> +pdb_get_group_sid: const struct dom_sid *(struct samu *)
> +pdb_get_homedir: const char *(const struct samu *)
> +pdb_get_hours: const uint8_t *(const struct samu *)
> +pdb_get_hours_len: uint32_t (const struct samu *)
> +pdb_get_init_flags: enum pdb_value_state (const struct samu *, enum pdb_elements)
> +pdb_get_kickoff_time: time_t (const struct samu *)
> +pdb_get_lanman_passwd: const uint8_t *(const struct samu *)
> +pdb_get_logoff_time: time_t (const struct samu *)
> +pdb_get_logon_count: uint16_t (const struct samu *)
> +pdb_get_logon_divs: uint16_t (const struct samu *)
> +pdb_get_logon_script: const char *(const struct samu *)
> +pdb_get_logon_time: time_t (const struct samu *)
> +pdb_get_munged_dial: const char *(const struct samu *)
> +pdb_get_nt_passwd: const uint8_t *(const struct samu *)
> +pdb_get_nt_username: const char *(const struct samu *)
> +pdb_get_pass_can_change: bool (const struct samu *)
> +pdb_get_pass_can_change_time: time_t (const struct samu *)
> +pdb_get_pass_can_change_time_noncalc: time_t (const struct samu *)
> +pdb_get_pass_last_set_time: time_t (const struct samu *)
> +pdb_get_pass_must_change_time: time_t (const struct samu *)
> +pdb_get_plaintext_passwd: const char *(const struct samu *)
> +pdb_get_profile_path: const char *(const struct samu *)
> +pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *)
> +pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **)
> +pdb_get_seq_num: bool (time_t *)
> +pdb_get_tevent_context: struct tevent_context *(void)
> +pdb_get_trust_credentials: NTSTATUS (const char *, const char *, TALLOC_CTX *, struct cli_credentials **)
> +pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **)
> +pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **)
> +pdb_get_trusteddom_creds: NTSTATUS (const char *, TALLOC_CTX *, struct cli_credentials **)
> +pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *)
> +pdb_get_unknown_6: uint32_t (const struct samu *)
> +pdb_get_user_rid: uint32_t (const struct samu *)
> +pdb_get_user_sid: const struct dom_sid *(const struct samu *)
> +pdb_get_username: const char *(const struct samu *)
> +pdb_get_workstations: const char *(const struct samu *)
> +pdb_getgrgid: bool (GROUP_MAP *, gid_t)
> +pdb_getgrnam: bool (GROUP_MAP *, const char *)
> +pdb_getgrsid: bool (GROUP_MAP *, struct dom_sid)
> +pdb_gethexhours: bool (const char *, unsigned char *)
> +pdb_gethexpwd: bool (const char *, unsigned char *)
> +pdb_getsampwnam: bool (struct samu *, const char *)
> +pdb_getsampwsid: bool (struct samu *, const struct dom_sid *)
> +pdb_group_rid_to_gid: gid_t (uint32_t)
> +pdb_id_to_sid: bool (struct unixid *, struct dom_sid *)
> +pdb_increment_bad_password_count: bool (struct samu *)
> +pdb_is_password_change_time_max: bool (time_t)
> +pdb_is_responsible_for_builtin: bool (void)
> +pdb_is_responsible_for_everything_else: bool (void)
> +pdb_is_responsible_for_our_sam: bool (void)
> +pdb_is_responsible_for_unix_groups: bool (void)
> +pdb_is_responsible_for_unix_users: bool (void)
> +pdb_is_responsible_for_wellknown: bool (void)
> +pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *, const char **, enum lsa_SidType *)
> +pdb_new_rid: bool (uint32_t *)
> +pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
> +pdb_nop_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid)
> +pdb_nop_enum_group_mapping: NTSTATUS (struct pdb_methods *, enum lsa_SidType, GROUP_MAP **, size_t *, bool)
> +pdb_nop_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t)
> +pdb_nop_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *)
> +pdb_nop_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid)
> +pdb_nop_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
> +pdb_rename_sam_account: NTSTATUS (struct samu *, const char *)
> +pdb_search_aliases: struct pdb_search *(TALLOC_CTX *, const struct dom_sid *)
> +pdb_search_entries: uint32_t (struct pdb_search *, uint32_t, uint32_t, struct samr_displayentry **)
> +pdb_search_groups: struct pdb_search *(TALLOC_CTX *)
> +pdb_search_users: struct pdb_search *(TALLOC_CTX *, uint32_t)
> +pdb_set_account_policy: bool (enum pdb_policy_type, uint32_t)
> +pdb_set_acct_ctrl: bool (struct samu *, uint32_t, enum pdb_value_state)
> +pdb_set_acct_desc: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *)
> +pdb_set_backend_private_data: bool (struct samu *, void *, void (*)(void **), const struct pdb_methods *, enum pdb_value_state)
> +pdb_set_bad_password_count: bool (struct samu *, uint16_t, enum pdb_value_state)
> +pdb_set_bad_password_time: bool (struct samu *, time_t, enum pdb_value_state)
> +pdb_set_code_page: bool (struct samu *, uint16_t, enum pdb_value_state)
> +pdb_set_comment: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_country_code: bool (struct samu *, uint16_t, enum pdb_value_state)
> +pdb_set_dir_drive: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_domain: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_fullname: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_group_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state)
> +pdb_set_group_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state)
> +pdb_set_homedir: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_hours: bool (struct samu *, const uint8_t *, int, enum pdb_value_state)
> +pdb_set_hours_len: bool (struct samu *, uint32_t, enum pdb_value_state)
> +pdb_set_init_flags: bool (struct samu *, enum pdb_elements, enum pdb_value_state)
> +pdb_set_kickoff_time: bool (struct samu *, time_t, enum pdb_value_state)
> +pdb_set_lanman_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state)
> +pdb_set_logoff_time: bool (struct samu *, time_t, enum pdb_value_state)
> +pdb_set_logon_count: bool (struct samu *, uint16_t, enum pdb_value_state)
> +pdb_set_logon_divs: bool (struct samu *, uint16_t, enum pdb_value_state)
> +pdb_set_logon_script: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_logon_time: bool (struct samu *, time_t, enum pdb_value_state)
> +pdb_set_munged_dial: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_nt_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state)
> +pdb_set_nt_username: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_pass_can_change: bool (struct samu *, bool)
> +pdb_set_pass_can_change_time: bool (struct samu *, time_t, enum pdb_value_state)
> +pdb_set_pass_last_set_time: bool (struct samu *, time_t, enum pdb_value_state)
> +pdb_set_plaintext_passwd: bool (struct samu *, const char *)
> +pdb_set_plaintext_pw_only: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_profile_path: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_pw_history: bool (struct samu *, const uint8_t *, uint32_t, enum pdb_value_state)
> +pdb_set_secret: NTSTATUS (const char *, DATA_BLOB *, DATA_BLOB *, struct security_descriptor *)
> +pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_trusted_domain *)
> +pdb_set_trusteddom_pw: bool (const char *, const char *, const struct dom_sid *)
> +pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *)
> +pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_state)
> +pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **)
> +pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state)
> +pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state)
> +pdb_set_user_sid_from_string: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_username: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_set_workstations: bool (struct samu *, const char *, enum pdb_value_state)
> +pdb_sethexhours: void (char *, const unsigned char *)
> +pdb_sethexpwd: void (char *, const unsigned char *, uint32_t)
> +pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *)
> +pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, struct unixid *)
> +pdb_update_autolock_flag: bool (struct samu *, bool *)
> +pdb_update_bad_password_count: bool (struct samu *, bool *)
> +pdb_update_group_mapping_entry: NTSTATUS (GROUP_MAP *)
> +pdb_update_history: bool (struct samu *, const uint8_t *)
> +pdb_update_login_attempts: NTSTATUS (struct samu *, bool)
> +pdb_update_sam_account: NTSTATUS (struct samu *)
> +privilege_create_account: NTSTATUS (const struct dom_sid *)
> +privilege_delete_account: NTSTATUS (const struct dom_sid *)
> +privilege_enum_sids: NTSTATUS (enum sec_privilege, TALLOC_CTX *, struct dom_sid **, int *)
> +privilege_enumerate_accounts: NTSTATUS (struct dom_sid **, int *)
> +revoke_all_privileges: bool (const struct dom_sid *)
> +revoke_privilege_by_name: bool (const struct dom_sid *, const char *)
> +revoke_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *)
> +samu_alloc_rid_unix: NTSTATUS (struct pdb_methods *, struct samu *, const struct passwd *)
> +samu_new: struct samu *(TALLOC_CTX *)
> +samu_set_unix: NTSTATUS (struct samu *, const struct passwd *)
> +secrets_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***)
> +sid_check_is_builtin: bool (const struct dom_sid *)
> +sid_check_is_for_passdb: bool (const struct dom_sid *)
> +sid_check_is_in_builtin: bool (const struct dom_sid *)
> +sid_check_is_in_unix_groups: bool (const struct dom_sid *)
> +sid_check_is_in_unix_users: bool (const struct dom_sid *)
> +sid_check_is_in_wellknown_domain: bool (const struct dom_sid *)
> +sid_check_is_unix_groups: bool (const struct dom_sid *)
> +sid_check_is_unix_users: bool (const struct dom_sid *)
> +sid_check_is_wellknown_builtin: bool (const struct dom_sid *)
> +sid_check_is_wellknown_domain: bool (const struct dom_sid *, const char **)
> +sid_check_object_is_for_passdb: bool (const struct dom_sid *)
> +sid_to_gid: bool (const struct dom_sid *, gid_t *)
> +sid_to_uid: bool (const struct dom_sid *, uid_t *)
> +sids_to_unixids: bool (const struct dom_sid *, uint32_t, struct unixid *)
> +smb_add_user_group: int (const char *, const char *)
> +smb_create_group: int (const char *, gid_t *)
> +smb_delete_group: int (const char *)
> +smb_delete_user_group: int (const char *, const char *)
> +smb_nscd_flush_group_cache: void (void)
> +smb_nscd_flush_user_cache: void (void)
> +smb_register_passdb: NTSTATUS (int, const char *, pdb_init_function)
> +smb_set_primary_group: int (const char *, const char *)
> +uid_to_sid: void (struct dom_sid *, uid_t)
> +uid_to_unix_users_sid: void (uid_t, struct dom_sid *)
> +unix_groups_domain_name: const char *(void)
> +unix_users_domain_name: const char *(void)
> +wb_is_trusted_domain: wbcErr (const char *)
> +winbind_allocate_gid: bool (gid_t *)
> +winbind_allocate_uid: bool (uid_t *)
> +winbind_getpwnam: struct passwd *(const char *)
> +winbind_getpwsid: struct passwd *(const struct dom_sid *)
> +winbind_lookup_name: bool (const char *, const char *, struct dom_sid *, enum lsa_SidType *)
> +winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, int, uint32_t *, const char **, const char ***, enum lsa_SidType **)
> +winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *)
> +winbind_lookup_usersids: bool (TALLOC_CTX *, const struct dom_sid *, uint32_t *, struct dom_sid **)
> +winbind_ping: bool (void)
> +winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *)
> +winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *)
> +winbind_xid_to_sid: bool (struct dom_sid *, const struct unixid *)
> +xid_to_sid: void (struct dom_sid *, const struct unixid *)
> diff --git a/source3/passdb/pdb_unixid.c b/source3/passdb/pdb_unixid.c
> deleted file mode 100644
> index 59b157668a2..00000000000
> --- a/source3/passdb/pdb_unixid.c
> +++ /dev/null
> @@ -1,47 +0,0 @@
> -/*
> - *  Unix SMB/CIFS implementation.
> - *  IDMAP unixid utility functions
> - *  Copyright (C) Alexander Bokovoy 2012
> - *
> - *  This program is free software; you can redistribute it and/or modify
> - *  it under the terms of the GNU General Public License as published by
> - *  the Free Software Foundation; either version 3 of the License, or
> - *  (at your option) any later version.
> - *
> - *  This program is distributed in the hope that it will be useful,
> - *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> - *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> - *  GNU General Public License for more details.
> - *
> - *  You should have received a copy of the GNU General Public License
> - *  along with this program; if not, see <http://www.gnu.org/licenses/>.
> - */
> -
> -#include "includes.h"
> -#include "passdb.h"
> -#include "../librpc/gen_ndr/idmap.h"
> -
> -void unixid_from_uid(struct unixid *id, uint32_t some_uid)
> -{
> -	if(id) {
> -		id->id = some_uid;
> -		id->type = ID_TYPE_UID;
> -	}
> -}
> -
> -void unixid_from_gid(struct unixid *id, uint32_t some_gid)
> -{
> -	if(id) {
> -		id->id = some_gid;
> -		id->type = ID_TYPE_GID;
> -	}
> -}
> -
> -void unixid_from_both(struct unixid *id, uint32_t some_id)
> -{
> -	if(id) {
> -		id->id = some_id;
> -		id->type = ID_TYPE_BOTH;
> -	}
> -}
> -
> diff --git a/source3/wscript_build b/source3/wscript_build
> index e0b983ae2b2..04df7645622 100644
> --- a/source3/wscript_build
> +++ b/source3/wscript_build
> @@ -149,7 +149,7 @@ bld.SAMBA3_LIBRARY('samba-passdb',
>                                    ''',
>                     abi_match=private_pdb_match,
>                     abi_directory='passdb/ABI',
> -                   vnum='0.27.1')
> +                   vnum='0.27.2')
>  
>  bld.SAMBA3_SUBSYSTEM('pdb',
>                     source='''
> @@ -168,8 +168,7 @@ bld.SAMBA3_SUBSYSTEM('pdb',
>                            lib/winbind_util.c
>                            passdb/pdb_util.c
>                            passdb/pdb_interface.c
> -                          passdb/pdb_secrets.c
> -                          passdb/pdb_unixid.c''',
> +                          passdb/pdb_secrets.c''',
>                     deps='''
>                          secrets3
>                          GROUPDB
> -- 
> 2.11.0
> 




More information about the samba-technical mailing list