diff options
| author | Gerald Carter <jerry@samba.org> | 2005-11-10 20:28:23 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:05:23 -0500 |
| commit | ce0a1fa159baab4c4bdaac601d0f56e29a406945 (patch) | |
| tree | 964f0900ccb437f2b574dbfacab2d7627ad0425a /source3/nsswitch/winbindd_cache.c | |
| parent | 438d0ad451678c42614ab800bceaf490e09c120a (diff) | |
| download | samba-ce0a1fa159baab4c4bdaac601d0f56e29a406945.tar.gz samba-ce0a1fa159baab4c4bdaac601d0f56e29a406945.tar.bz2 samba-ce0a1fa159baab4c4bdaac601d0f56e29a406945.zip | |
r11652: Reinstate the netsamlogon_cache in order to work
around failed query_user calls. This fixes
logons to a member of a Samba domain as a user from a
trusted AD domain.
As per comments on samba-technical, I still need to add
(a) cache the PAC info as werll as NTLM net_user_info_3
(b) expire the cache when the SMB session goes away
Both Jeremy and Guenther have signed off on the idea.
(This used to be commit 0c2bb5ba7b92d9210e7fa9f7b70aa67dfe9faaf4)
Diffstat (limited to 'source3/nsswitch/winbindd_cache.c')
| -rw-r--r-- | source3/nsswitch/winbindd_cache.c | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index 993e6d96e8..83ded01d4e 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -1073,6 +1073,18 @@ static NTSTATUS query_user(struct winbindd_domain *domain, centry = wcache_fetch(cache, domain, "U/%s", sid_string_static(user_sid)); + /* If we have an access denied cache entry and a cached info3 in the + samlogon cache then do a query. This will force the rpc back end + to return the info3 data. */ + + if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) && + netsamlogon_cache_have(user_sid)) { + DEBUG(10, ("query_user: cached access denied and have cached info3\n")); + domain->last_status = NT_STATUS_OK; + centry_free(centry); + goto do_query; + } + if (!centry) goto do_query; @@ -1128,6 +1140,18 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid)); + /* If we have an access denied cache entry and a cached info3 in the + samlogon cache then do a query. This will force the rpc back end + to return the info3 data. */ + + if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) && + netsamlogon_cache_have(user_sid)) { + DEBUG(10, ("query_user: cached access denied and have cached info3\n")); + domain->last_status = NT_STATUS_OK; + centry_free(centry); + goto do_query; + } + if (!centry) goto do_query; @@ -1401,6 +1425,20 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, return 0; } +/* Invalidate the getpwnam and getgroups entries for a winbindd domain */ + +void wcache_invalidate_samlogon(struct winbindd_domain *domain, + NET_USER_INFO_3 *info3) +{ + struct winbind_cache *cache; + + if (!domain) + return; + + cache = get_cache(domain); + netsamlogon_clear_cached_user(cache->tdb, info3); +} + void wcache_invalidate_cache(void) { struct winbindd_domain *domain; |