diff options
| author | Simo Sorce <idra@samba.org> | 2006-12-20 17:56:26 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:16:39 -0500 |
| commit | ced5c1f9aa525addf4c0a4649fdbeb36128157e7 (patch) | |
| tree | 77ad45ec03a24df04e47534d5faef689463894e2 /source3/nsswitch/idmap_nss.c | |
| parent | 8b0fce0b0c4fb76d4e89b26eefcd0168f9429f40 (diff) | |
| download | samba-ced5c1f9aa525addf4c0a4649fdbeb36128157e7.tar.gz samba-ced5c1f9aa525addf4c0a4649fdbeb36128157e7.tar.bz2 samba-ced5c1f9aa525addf4c0a4649fdbeb36128157e7.zip | |
r20289: IDMAP is part of winbind but not the main process.
Make sure we route all request to remote DCs via the main process
so that IDMAP can correctly reuse DC connections and use the
async interface.
This fixes also idmap_nss so that it is able to resolve local
group names (requires patch on the samba dc earlier committed
to SAMBA_3_0 to make it resolve both the mapped and the unmapped
name).
Simo.
(This used to be commit 4297510f22c3fd60afd062e3c5eb142be2122b16)
Diffstat (limited to 'source3/nsswitch/idmap_nss.c')
| -rw-r--r-- | source3/nsswitch/idmap_nss.c | 53 |
1 files changed, 23 insertions, 30 deletions
diff --git a/source3/nsswitch/idmap_nss.c b/source3/nsswitch/idmap_nss.c index 2748141d3b..6c513fd120 100644 --- a/source3/nsswitch/idmap_nss.c +++ b/source3/nsswitch/idmap_nss.c @@ -43,7 +43,6 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma { TALLOC_CTX *ctx; struct winbindd_domain *wdom; - BOOL winbind_env; int i; wdom = find_lookup_domain_from_name(dom->name); @@ -51,6 +50,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma DEBUG(2, ("Can't lookup domain %s\n", dom->name)); return NT_STATUS_NO_SUCH_DOMAIN; } + wdom->initialized = False; ctx = talloc_new(dom); if ( ! ctx) { @@ -58,21 +58,17 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma return NT_STATUS_NO_MEMORY; } - /* avoid any possible recursion in winbindd, - * these calls are aimed at getting info - * out of alternative nss dbs anyway */ - winbind_env = winbind_env_set(); - winbind_off(); - for (i = 0; ids[i]; i++) { struct passwd *pw; struct group *gr; const char *name; enum lsa_SidType type; + BOOL ret; switch (ids[i]->xid.type) { case ID_TYPE_UID: pw = getpwuid((uid_t)ids[i]->xid.id); + if (!pw) { ids[i]->mapped = False; continue; @@ -81,6 +77,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma break; case ID_TYPE_GID: gr = getgrgid((gid_t)ids[i]->xid.id); + if (!gr) { ids[i]->mapped = False; continue; @@ -92,8 +89,14 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma continue; } + /* by default calls to winbindd are disabled + the following call will not recurse so this is safe */ + winbind_on(); /* Lookup name from PDC using lsa_lookup_names() */ - if (!winbindd_lookup_sid_by_name(ctx, wdom, dom->name, name, ids[i]->sid, &type)) { + ret = winbind_lookup_name(dom->name, name, ids[i]->sid, &type); + winbind_off(); + + if (!ret) { ids[i]->mapped = False; continue; } @@ -121,10 +124,6 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma } } - /* allow winbindd calls again, if they were enabled */ - if (!winbind_env) { - winbind_on(); - } talloc_free(ctx); return NT_STATUS_OK; @@ -137,7 +136,6 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma static NTSTATUS idmap_nss_sids_to_unixids(struct idmap_domain *dom, struct id_map **ids) { TALLOC_CTX *ctx; - BOOL winbind_env; int i; ctx = talloc_new(dom); @@ -146,20 +144,21 @@ static NTSTATUS idmap_nss_sids_to_unixids(struct idmap_domain *dom, struct id_ma return NT_STATUS_NO_MEMORY; } - /* avoid any possible recursion in winbindd, - * these calls are aimed at getting info - * out of alternative nss dbs anyway */ - winbind_env = winbind_env_set(); - winbind_off(); - for (i = 0; ids[i]; i++) { struct passwd *pw; struct group *gr; enum lsa_SidType type; - char *dom_name = NULL; - char *name = NULL; + const char *dom_name = NULL; + const char *name = NULL; + BOOL ret; - if (!winbindd_lookup_name_by_sid(ctx, ids[i]->sid, &dom_name, &name, &type)) { + /* by default calls to winbindd are disabled + the following call will not recurse so this is safe */ + winbind_on(); + ret =winbind_lookup_sid(ctx, ids[i]->sid, &dom_name, &name, &type); + winbind_off(); + + if (!ret) { ids[i]->mapped = False; continue; } @@ -171,6 +170,7 @@ static NTSTATUS idmap_nss_sids_to_unixids(struct idmap_domain *dom, struct id_ma case SID_NAME_USER: /* this will find also all lower case name and use username level */ + pw = Get_Pwnam(name); if (pw) { ids[i]->xid.id = pw->pw_uid; @@ -192,16 +192,9 @@ static NTSTATUS idmap_nss_sids_to_unixids(struct idmap_domain *dom, struct id_ma break; default: + ids[i]->mapped = False; break; } - - TALLOC_FREE(dom_name); - TALLOC_FREE(name); - } - - /* allow winbindd calls again, if they were enabled */ - if (!winbind_env) { - winbind_on(); } talloc_free(ctx); |