The branch, master has been updated
via c906153cc7a lib: Remove some unused code
via 40de67f1fcc passdb: Make [ug]id_to_sid use xid_to_sid
via 92f27ebb14c passdb: Introduce xid_to_sid
via ef706a3e63b lib: Introduce winbind_xid_to_sid
via bc9824bd42d winbind: Use idmap_cache_find_xid2sid
via e5a903bab6e torture: Add tests for idmap cache
via bb8122dd8c5 idmap_cache: Introduce idmap_cache_find_xid2sid
via 95d33ca79cc winbind: Now we explicitly track if we got ids from
cache
via 8c28c12702c winbind: Initialize "expired" parameter to
idmap_cache_xid2sid
via 4faf3e9f6da idmap_cache: Only touch "sid" on success in
find_xid_to_sid
via d9303e8eb90 lib: Make idmap_cache return negative mappings
via d8a7caa5b03 libwbclient: Protect wbcCtxUnixIdsToSids against
integer-wrap
from eb62dc39eb4 docs: fix minor typo in smb.conf "log level" section
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c906153cc7af21abe508ddd30c447642327d6a5d
Author: Volker Lendecke <[email protected]>
Date: Tue Feb 26 15:23:17 2019 +0100
lib: Remove some unused code
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Christof Schmitt <[email protected]>
Autobuild-User(master): Volker Lendecke <[email protected]>
Autobuild-Date(master): Thu Feb 28 13:53:41 UTC 2019 on sn-devel-144
commit 40de67f1fcc46b7a64a7364c91dcedb474826d51
Author: Volker Lendecke <[email protected]>
Date: Tue Feb 26 15:17:36 2019 +0100
passdb: Make [ug]id_to_sid use xid_to_sid
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Christof Schmitt <[email protected]>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
commit 92f27ebb14c0c18b1d0fd49544ad851aeb14781c
Author: Volker Lendecke <[email protected]>
Date: Tue Feb 26 15:10:21 2019 +0100
passdb: Introduce xid_to_sid
This explicitly avoids the legacy_[ug]id_to_sid calls, which create
long-term cache entries to S-1-22-x-y if anthing fails. We can't do
this, because this will turn temporary winbind communication failures
into long-term problems: A short hickup in winbind_uid_to_sid will
create a mapping to S-1-22-1-uid for a week. It should be up to the
lower layers to do the caching.
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Christof Schmitt <[email protected]>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
commit ef706a3e63b3e25edd27e0f99c3e2d8ff7209cb6
Author: Volker Lendecke <[email protected]>
Date: Tue Feb 26 14:45:32 2019 +0100
lib: Introduce winbind_xid_to_sid
This does not merge a winbind communication error into
"global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not
go along with is_null_sid(). Instead, this just touches the output sid
when winbind returned success. This success might well be a negative
mapping indicated by S-0-0, which *is* is_null_sid()...
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Christof Schmitt <[email protected]>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
commit bc9824bd42d9370279819ea0d927e236f6041324
Author: Volker Lendecke <[email protected]>
Date: Tue Feb 26 14:34:56 2019 +0100
winbind: Use idmap_cache_find_xid2sid
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Christof Schmitt <[email protected]>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
commit e5a903bab6eda8f7ff2a7c8149d51022d9d8aede
Author: Volker Lendecke <[email protected]>
Date: Wed Feb 27 14:54:12 2019 +0100
torture: Add tests for idmap cache
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Christof Schmitt <[email protected]>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
commit bb8122dd8c53bb307819a79b7888cc0940a7c13b
Author: Volker Lendecke <[email protected]>
Date: Tue Feb 26 14:32:52 2019 +0100
idmap_cache: Introduce idmap_cache_find_xid2sid
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Christof Schmitt <[email protected]>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
commit 95d33ca79cc315f1a2e41cd60859ef01d6548c77
Author: Volker Lendecke <[email protected]>
Date: Mon Feb 25 14:55:00 2019 +0100
winbind: Now we explicitly track if we got ids from cache
This now properly makes us use negative cache entries
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Christof Schmitt <[email protected]>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
commit 8c28c12702c0935a852c7fed6565987623f09fee
Author: Volker Lendecke <[email protected]>
Date: Tue Feb 26 12:52:28 2019 +0100
winbind: Initialize "expired" parameter to idmap_cache_xid2sid
The code in idmap_cache only touches its output parameters upon success
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Christof Schmitt <[email protected]>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
commit 4faf3e9f6da7515fc263d79f77226d105c2f8524
Author: Volker Lendecke <[email protected]>
Date: Tue Feb 26 12:46:39 2019 +0100
idmap_cache: Only touch "sid" on success in find_xid_to_sid
Why? This makes the negative mapping condition (is_null_sid) more
explicit in the code.
The callers in lookup_sid initialized "psid" anyway before, and the ones
in wb_xids2sids now do as well. This is more in line with other APIs we
have: Only touch output parameters if you have something to say.
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Christof Schmitt <[email protected]>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
commit d9303e8eb90d48f09f2e2e8bdf01f4a7c3c21d11
Author: Volker Lendecke <[email protected]>
Date: Mon Feb 25 14:38:50 2019 +0100
lib: Make idmap_cache return negative mappings
Without this we'd query non-existent mappings over and over
again.
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Christof Schmitt <[email protected]>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
commit d8a7caa5b03428dd9b0808135b34c21e217dbe2e
Author: Volker Lendecke <[email protected]>
Date: Tue Feb 26 11:06:29 2019 +0100
libwbclient: Protect wbcCtxUnixIdsToSids against integer-wrap
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Christof Schmitt <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
nsswitch/libwbclient/wbc_idmap.c | 12 +-
source3/include/passdb.h | 5 -
source3/lib/idmap_cache.c | 66 +++---
source3/lib/idmap_cache.h | 4 +-
source3/lib/winbind_util.c | 48 ++---
source3/lib/winbind_util.h | 4 +-
...passdb-0.27.1.sigs => samba-passdb-0.27.2.sigs} | 7 +-
source3/passdb/lookup_sid.c | 235 ++++++---------------
source3/passdb/lookup_sid.h | 1 +
source3/passdb/pdb_unixid.c | 47 -----
source3/selftest/tests.py | 1 +
source3/torture/proto.h | 1 +
source3/torture/test_idmap_cache.c | 122 +++++++++++
source3/torture/torture.c | 4 +
source3/winbindd/wb_xids2sids.c | 33 ++-
source3/wscript_build | 6 +-
16 files changed, 277 insertions(+), 319 deletions(-)
copy source3/passdb/ABI/{samba-passdb-0.27.1.sigs => samba-passdb-0.27.2.sigs}
(98%)
delete mode 100644 source3/passdb/pdb_unixid.c
create mode 100644 source3/torture/test_idmap_cache.c
Changeset truncated at 500 lines:
diff --git a/nsswitch/libwbclient/wbc_idmap.c b/nsswitch/libwbclient/wbc_idmap.c
index f61efb92b8d..6876a95316c 100644
--- a/nsswitch/libwbclient/wbc_idmap.c
+++ b/nsswitch/libwbclient/wbc_idmap.c
@@ -423,10 +423,20 @@ wbcErr wbcCtxUnixIdsToSids(struct wbcContext *ctx,
wbcErr wbc_status;
char *buf;
char *s;
+ const size_t sidlen = (1 /* U/G */ + 10 /* 2^32 */ + 1 /* \n */);
size_t ofs, buflen;
uint32_t i;
- buflen = num_ids * (1 /* U/G */ + 10 /* 2^32 */ + 1 /* \n */) + 1;
+ if (num_ids > SIZE_MAX / sidlen) {
+ return WBC_ERR_NO_MEMORY; /* overflow */
+ }
+ buflen = num_ids * sidlen;
+
+ buflen += 1; /* trailing \0 */
+ if (buflen < 1) {
+ return WBC_ERR_NO_MEMORY; /* overflow */
+ }
+
buf = malloc(buflen);
if (buf == NULL) {
return WBC_ERR_NO_MEMORY;
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 950c439e7a1..57f1b504941 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -976,11 +976,6 @@ NTSTATUS create_builtin_guests(const struct dom_sid
*dom_sid);
#include "passdb/machine_sid.h"
#include "passdb/lookup_sid.h"
-/* The following definitions come from passdb/pdb_unixid.c */
-void unixid_from_uid(struct unixid *id, uint32_t some_uid);
-void unixid_from_gid(struct unixid *id, uint32_t some_gid);
-void unixid_from_both(struct unixid *id, uint32_t some_id);
-
/* The following definitions come from passdb/pdb_secrets.c
* and should be used by PDB modules if they need to store
* sid/guid information for the domain in secrets database
diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
index 77618dd5aa1..d5a60e73403 100644
--- a/source3/lib/idmap_cache.c
+++ b/source3/lib/idmap_cache.c
@@ -203,19 +203,23 @@ static void idmap_cache_xid2sid_parser(const struct
gencache_timeout *timeout,
(struct idmap_cache_xid2sid_state *)private_data;
char *value;
- ZERO_STRUCTP(state->sid);
- state->ret = false;
-
if ((blob.length == 0) || (blob.data[blob.length-1] != 0)) {
/*
* Not a string, can't be a valid mapping
*/
+ state->ret = false;
return;
}
value = (char *)blob.data;
- if (value[0] != '-') {
+ if ((value[0] == '-') && (value[1] == '\0')) {
+ /*
+ * Return NULL SID, see comment to uid2sid
+ */
+ *state->sid = (struct dom_sid) {0};
+ state->ret = true;
+ } else {
state->ret = string_to_sid(state->sid, value);
}
if (state->ret) {
@@ -224,54 +228,40 @@ static void idmap_cache_xid2sid_parser(const struct
gencache_timeout *timeout,
}
/**
- * Find a uid2sid mapping
- * @param[in] uid the uid to map
+ * Find a xid2sid mapping
+ * @param[in] id the unix id to map
* @param[out] sid where to put the result
* @param[out] expired is the cache entry expired?
* @retval Was anything in the cache at all?
*
* If "is_null_sid(sid)", this was a negative mapping.
*/
-
-bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired)
+bool idmap_cache_find_xid2sid(
+ const struct unixid *id, struct dom_sid *sid, bool *expired)
{
+ struct idmap_cache_xid2sid_state state = {
+ .sid = sid, .expired = expired
+ };
fstring key;
- struct idmap_cache_xid2sid_state state;
-
- fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)uid);
+ char c;
+
+ switch (id->type) {
+ case ID_TYPE_UID:
+ c = 'U';
+ break;
+ case ID_TYPE_GID:
+ c = 'G';
+ break;
+ default:
+ return false;
+ }
- state.sid = sid;
- state.expired = expired;
- state.ret = false;
+ fstr_sprintf(key, "IDMAP/%cID2SID/%d", c, (int)id->id);
gencache_parse(key, idmap_cache_xid2sid_parser, &state);
return state.ret;
}
-/**
- * Find a gid2sid mapping
- * @param[in] gid the gid to map
- * @param[out] sid where to put the result
- * @param[out] expired is the cache entry expired?
- * @retval Was anything in the cache at all?
- *
- * If "is_null_sid(sid)", this was a negative mapping.
- */
-
-bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
-{
- fstring key;
- struct idmap_cache_xid2sid_state state;
-
- fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)gid);
-
- state.sid = sid;
- state.expired = expired;
- state.ret = false;
-
- gencache_parse(key, idmap_cache_xid2sid_parser, &state);
- return state.ret;
-}
/**
* Store a mapping in the idmap cache
diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h
index dc497022e3b..5a90902e720 100644
--- a/source3/lib/idmap_cache.h
+++ b/source3/lib/idmap_cache.h
@@ -29,8 +29,8 @@ bool idmap_cache_find_sid2uid(const struct dom_sid *sid,
uid_t *puid,
bool *expired);
bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
bool *expired);
-bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired);
-bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired);
+bool idmap_cache_find_xid2sid(
+ const struct unixid *id, struct dom_sid *sid, bool *expired);
void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid
*unix_id);
bool idmap_cache_del_uid(uid_t uid);
diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
index a072166ce18..fe35a6f78d1 100644
--- a/source3/lib/winbind_util.c
+++ b/source3/lib/winbind_util.c
@@ -150,23 +150,6 @@ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid
*sid)
return (result == WBC_ERR_SUCCESS);
}
-/* Call winbindd to convert uid to sid */
-
-bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid)
-{
- struct wbcDomainSid dom_sid;
- wbcErr result;
-
- result = wbcUidToSid(uid, &dom_sid);
- if (result == WBC_ERR_SUCCESS) {
- memcpy(sid, &dom_sid, sizeof(struct dom_sid));
- } else {
- sid_copy(sid, &global_sid_NULL);
- }
-
- return (result == WBC_ERR_SUCCESS);
-}
-
/* Call winbindd to convert SID to gid */
bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid)
@@ -181,21 +164,34 @@ bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid
*sid)
return (result == WBC_ERR_SUCCESS);
}
-/* Call winbindd to convert gid to sid */
-
-bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
{
+ struct wbcUnixId wbc_xid;
struct wbcDomainSid dom_sid;
wbcErr result;
- result = wbcGidToSid(gid, &dom_sid);
- if (result == WBC_ERR_SUCCESS) {
- memcpy(sid, &dom_sid, sizeof(struct dom_sid));
- } else {
- sid_copy(sid, &global_sid_NULL);
+ switch (xid->type) {
+ case ID_TYPE_UID:
+ wbc_xid = (struct wbcUnixId) {
+ .type = WBC_ID_TYPE_UID, .id.uid = xid->id
+ };
+ break;
+ case ID_TYPE_GID:
+ wbc_xid = (struct wbcUnixId) {
+ .type = WBC_ID_TYPE_GID, .id.gid = xid->id
+ };
+ break;
+ default:
+ return false;
}
- return (result == WBC_ERR_SUCCESS);
+ result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid);
+ if (result != WBC_ERR_SUCCESS) {
+ return false;
+ }
+
+ memcpy(sid, &dom_sid, sizeof(struct dom_sid));
+ return true;
}
/* Check for a trusted domain */
diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
index c2bf0e02d76..6056190d7a4 100644
--- a/source3/lib/winbind_util.h
+++ b/source3/lib/winbind_util.h
@@ -22,6 +22,7 @@
#define __LIB__WINBIND_UTIL_H__
#include "../librpc/gen_ndr/lsa.h"
+#include "librpc/gen_ndr/idmap.h"
/* needed for wbcErr below */
#include "nsswitch/libwbclient/wbclient.h"
@@ -35,9 +36,8 @@ bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct
dom_sid *sid,
enum lsa_SidType *name_type);
bool winbind_ping(void);
bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid);
-bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid);
bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid);
-bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid);
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid);
struct passwd * winbind_getpwnam(const char * sname);
struct passwd * winbind_getpwsid(const struct dom_sid *sid);
wbcErr wb_is_trusted_domain(const char *domain);
diff --git a/source3/passdb/ABI/samba-passdb-0.27.1.sigs
b/source3/passdb/ABI/samba-passdb-0.27.2.sigs
similarity index 98%
copy from source3/passdb/ABI/samba-passdb-0.27.1.sigs
copy to source3/passdb/ABI/samba-passdb-0.27.2.sigs
index 6437ed26ce9..06fc3b76974 100644
--- a/source3/passdb/ABI/samba-passdb-0.27.1.sigs
+++ b/source3/passdb/ABI/samba-passdb-0.27.2.sigs
@@ -290,15 +290,11 @@ uid_to_sid: void (struct dom_sid *, uid_t)
uid_to_unix_users_sid: void (uid_t, struct dom_sid *)
unix_groups_domain_name: const char *(void)
unix_users_domain_name: const char *(void)
-unixid_from_both: void (struct unixid *, uint32_t)
-unixid_from_gid: void (struct unixid *, uint32_t)
-unixid_from_uid: void (struct unixid *, uint32_t)
wb_is_trusted_domain: wbcErr (const char *)
winbind_allocate_gid: bool (gid_t *)
winbind_allocate_uid: bool (uid_t *)
winbind_getpwnam: struct passwd *(const char *)
winbind_getpwsid: struct passwd *(const struct dom_sid *)
-winbind_gid_to_sid: bool (struct dom_sid *, gid_t)
winbind_lookup_name: bool (const char *, const char *, struct dom_sid *, enum
lsa_SidType *)
winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, int, uint32_t
*, const char **, const char ***, enum lsa_SidType **)
winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **,
const char **, enum lsa_SidType *)
@@ -306,4 +302,5 @@ winbind_lookup_usersids: bool (TALLOC_CTX *, const struct
dom_sid *, uint32_t *,
winbind_ping: bool (void)
winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *)
winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *)
-winbind_uid_to_sid: bool (struct dom_sid *, uid_t)
+winbind_xid_to_sid: bool (struct dom_sid *, const struct unixid *)
+xid_to_sid: void (struct dom_sid *, const struct unixid *)
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index bf3ded6683e..6ab72e57838 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1108,99 +1108,6 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct
dom_sid *sid,
return ret;
}
-/*****************************************************************
- Id mapping cache. This is to avoid Winbind mappings already
- seen by smbd to be queried too frequently, keeping winbindd
- busy, and blocking smbd while winbindd is busy with other
- stuff. Written by Michael Steffens <[email protected]>,
- modified to use linked lists by jra.
-*****************************************************************/
-
-
-/*****************************************************************
- *THE LEGACY* convert uid_t to SID function.
-*****************************************************************/
-
-static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
-{
- bool ret;
- struct unixid id;
- struct dom_sid_buf buf;
-
- ZERO_STRUCTP(psid);
-
- id.id = uid;
- id.type = ID_TYPE_UID;
-
- become_root();
- ret = pdb_id_to_sid(&id, psid);
- unbecome_root();
-
- if (ret) {
- /* This is a mapped user */
- goto done;
- }
-
- /* This is an unmapped user */
-
- uid_to_unix_users_sid(uid, psid);
-
- {
- struct unixid xid = {
- .id = uid, .type = ID_TYPE_UID
- };
- idmap_cache_set_sid2unixid(psid, &xid);
- }
-
- done:
- DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
- dom_sid_str_buf(psid, &buf)));
-
- return;
-}
-
-/*****************************************************************
- *THE LEGACY* convert gid_t to SID function.
-*****************************************************************/
-
-static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
-{
- bool ret;
- struct unixid id;
- struct dom_sid_buf buf;
-
- ZERO_STRUCTP(psid);
-
- id.id = gid;
- id.type = ID_TYPE_GID;
-
- become_root();
- ret = pdb_id_to_sid(&id, psid);
- unbecome_root();
-
- if (ret) {
- /* This is a mapped group */
- goto done;
- }
-
- /* This is an unmapped group */
-
- gid_to_unix_groups_sid(gid, psid);
-
- {
- struct unixid xid = {
- .id = gid, .type = ID_TYPE_GID
- };
- idmap_cache_set_sid2unixid(psid, &xid);
- }
-
- done:
- DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
- dom_sid_str_buf(psid, &buf)));
-
- return;
-}
-
/*****************************************************************
*THE LEGACY* convert SID to id function.
*****************************************************************/
@@ -1249,104 +1156,90 @@ static bool legacy_sid_to_uid(const struct dom_sid
*psid, uid_t *puid)
return false;
}
-/*****************************************************************
- *THE CANONICAL* convert uid_t to SID function.
-*****************************************************************/
-
-void uid_to_sid(struct dom_sid *psid, uid_t uid)
+void xid_to_sid(struct dom_sid *psid, const struct unixid *xid)
{
bool expired = true;
bool ret;
struct dom_sid_buf buf;
- ZERO_STRUCTP(psid);
- /* Check the winbindd cache directly. */
- ret = idmap_cache_find_uid2sid(uid, psid, &expired);
+ SMB_ASSERT(xid->type == ID_TYPE_UID || xid->type == ID_TYPE_GID);
+
+ *psid = (struct dom_sid) {0};
+
+ ret = idmap_cache_find_xid2sid(xid, psid, &expired);
+ if (ret && !expired) {
+ DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n",
+ xid->type == ID_TYPE_UID ? 'U' : 'G',
+ xid->id,
+ dom_sid_str_buf(psid, &buf));
+ goto done;
+ }
- if (ret && !expired && is_null_sid(psid)) {
+ ret = winbind_xid_to_sid(psid, xid);
+ if (ret) {
/*
- * Negative cache entry, we already asked.
- * do legacy.
+ * winbind can return an explicit negative mapping
+ * here. It's up to winbind to prime the cache either
+ * positively or negatively, don't mess with the cache
+ * here.
*/
- legacy_uid_to_sid(psid, uid);
- return;
+ DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n",
+ xid->type == ID_TYPE_UID ? 'U' : 'G',
+ xid->id,
+ dom_sid_str_buf(psid, &buf));
+ goto done;
}
- if (!ret || expired) {
- /* Not in cache. Ask winbindd. */
- if (!winbind_uid_to_sid(psid, uid)) {
- /*
- * We shouldn't return the NULL SID
- * here if winbind was running and
- * couldn't map, as winbind will have
- * added a negative entry that will
- * cause us to go though the
- * legacy_uid_to_sid()
- * function anyway in the case above
- * the next time we ask.
- */
- DEBUG(5, ("uid_to_sid: winbind failed to find a sid "
- "for uid %u\n", (unsigned int)uid));
+ {
+ /*
+ * Make a copy, pdb_id_to_sid might want to turn
+ * xid->type into ID_TYPE_BOTH, which we ignore here.
+ */
+ struct unixid rw_xid = *xid;
- legacy_uid_to_sid(psid, uid);
- return;
- }
+ become_root();
+ ret = pdb_id_to_sid(&rw_xid, psid);
+ unbecome_root();
}
- DEBUG(10,("uid %u -> sid %s\n", (unsigned int)uid,
- dom_sid_str_buf(psid, &buf)));
-
- return;
-}
-
-/*****************************************************************
- *THE CANONICAL* convert gid_t to SID function.
-*****************************************************************/
-
-void gid_to_sid(struct dom_sid *psid, gid_t gid)
-{
- bool expired = true;
- bool ret;
- struct dom_sid_buf buf;
- ZERO_STRUCTP(psid);
-
- /* Check the winbindd cache directly. */
- ret = idmap_cache_find_gid2sid(gid, psid, &expired);
+ if (ret) {
+ DBG_DEBUG("%cID %"PRIu32" -> %s from passdb\n",
+ xid->type == ID_TYPE_UID ? 'U' : 'G',
+ xid->id,
+ dom_sid_str_buf(psid, &buf));
+ goto done;
+ }
--
Samba Shared Repository
