summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_rpc.c
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2005-11-10 20:28:23 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:05:23 -0500
commitce0a1fa159baab4c4bdaac601d0f56e29a406945 (patch)
tree964f0900ccb437f2b574dbfacab2d7627ad0425a /source3/nsswitch/winbindd_rpc.c
parent438d0ad451678c42614ab800bceaf490e09c120a (diff)
downloadsamba-ce0a1fa159baab4c4bdaac601d0f56e29a406945.tar.gz
samba-ce0a1fa159baab4c4bdaac601d0f56e29a406945.tar.bz2
samba-ce0a1fa159baab4c4bdaac601d0f56e29a406945.zip
r11652: Reinstate the netsamlogon_cache in order to work
around failed query_user calls. This fixes logons to a member of a Samba domain as a user from a trusted AD domain. As per comments on samba-technical, I still need to add (a) cache the PAC info as werll as NTLM net_user_info_3 (b) expire the cache when the SMB session goes away Both Jeremy and Guenther have signed off on the idea. (This used to be commit 0c2bb5ba7b92d9210e7fa9f7b70aa67dfe9faaf4)
Diffstat (limited to 'source3/nsswitch/winbindd_rpc.c')
-rw-r--r--source3/nsswitch/winbindd_rpc.c52
1 files changed, 52 insertions, 0 deletions
diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
index b3bed2e0be..63e2487700 100644
--- a/source3/nsswitch/winbindd_rpc.c
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -329,6 +329,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
SAM_USERINFO_CTR *ctr;
fstring sid_string;
uint32 user_rid;
+ NET_USER_INFO_3 *user;
struct rpc_pipe_client *cli;
DEBUG(3,("rpc: query_user rid=%s\n",
@@ -337,6 +338,33 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid))
return NT_STATUS_UNSUCCESSFUL;
+ /* try netsamlogon cache first */
+
+ if ( (user = netsamlogon_cache_get( mem_ctx, user_sid )) != NULL )
+ {
+
+ DEBUG(5,("query_user: Cache lookup succeeded for %s\n",
+ sid_string_static(user_sid)));
+
+ sid_compose(&user_info->user_sid, &domain->sid, user_rid);
+ sid_compose(&user_info->group_sid, &domain->sid,
+ user->group_rid);
+
+ user_info->acct_name = unistr2_tdup(mem_ctx,
+ &user->uni_user_name);
+ user_info->full_name = unistr2_tdup(mem_ctx,
+ &user->uni_full_name);
+
+ user_info->homedir = NULL;
+ user_info->shell = NULL;
+
+ SAFE_FREE(user);
+
+ return NT_STATUS_OK;
+ }
+
+ /* no cache; hit the wire */
+
result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -384,6 +412,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
unsigned int i;
fstring sid_string;
uint32 user_rid;
+ NET_USER_INFO_3 *user;
struct rpc_pipe_client *cli;
DEBUG(3,("rpc: lookup_usergroups sid=%s\n",
@@ -394,6 +423,29 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
*num_groups = 0;
*user_grpsids = NULL;
+
+ /* so lets see if we have a cached user_info_3 */
+
+ if ( (user = netsamlogon_cache_get( mem_ctx, user_sid )) != NULL )
+ {
+ DEBUG(5,("query_user: Cache lookup succeeded for %s\n",
+ sid_string_static(user_sid)));
+
+ *num_groups = user->num_groups;
+
+ (*user_grpsids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_groups);
+ for (i=0;i<(*num_groups);i++) {
+ sid_copy(&((*user_grpsids)[i]), &domain->sid);
+ sid_append_rid(&((*user_grpsids)[i]),
+ user->gids[i].g_rid);
+ }
+
+ SAFE_FREE(user);
+
+ return NT_STATUS_OK;
+ }
+
+ /* no cache; hit the wire */
result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol);
if (!NT_STATUS_IS_OK(result))
generated by cgit (git 2.34.1) at 2024-07-07 01:36:06 +0000