diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2009-03-20 01:30:36 +0100 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2009-03-20 01:30:36 +0100 |
| commit | 5fe2b28f45289dc5578cdd536600f0d30a14d820 (patch) | |
| tree | 4bdf36d0d4d8bdddcb3d618b4b01839370ed57c3 /source3/winbindd | |
| parent | ec9aeeab00584f4d3dfe9afb83dc1a77b8463b81 (diff) | |
| parent | 3a4638db0351368d3b148bf547546f28fa0b1479 (diff) | |
| download | samba-5fe2b28f45289dc5578cdd536600f0d30a14d820.tar.gz samba-5fe2b28f45289dc5578cdd536600f0d30a14d820.tar.bz2 samba-5fe2b28f45289dc5578cdd536600f0d30a14d820.zip | |
Merge branch 'master' of git://git.samba.org/samba into minschema
Diffstat (limited to 'source3/winbindd')
| -rw-r--r-- | source3/winbindd/idmap_ad.c | 10 | ||||
| -rw-r--r-- | source3/winbindd/idmap_adex/idmap_adex.c | 10 | ||||
| -rw-r--r-- | source3/winbindd/idmap_hash/idmap_hash.c | 10 | ||||
| -rw-r--r-- | source3/winbindd/idmap_nss.c | 10 | ||||
| -rw-r--r-- | source3/winbindd/idmap_rid.c | 10 | ||||
| -rw-r--r-- | source3/winbindd/idmap_tdb.c | 10 | ||||
| -rw-r--r-- | source3/winbindd/idmap_tdb2.c | 10 | ||||
| -rw-r--r-- | source3/winbindd/idmap_util.c | 70 | ||||
| -rw-r--r-- | source3/winbindd/winbindd.c | 209 | ||||
| -rw-r--r-- | source3/winbindd/winbindd.h | 4 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_ads.c | 2 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_cache.c | 8 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_cm.c | 49 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_group.c | 2 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_pam.c | 6 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_passdb.c | 12 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_proto.h | 7 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_rpc.c | 43 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_util.c | 18 |
19 files changed, 324 insertions, 176 deletions
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index b22e5af94a..5c29ba0b22 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -304,6 +304,11 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map char *u_filter = NULL; char *g_filter = NULL; + /* initialize the status to avoid suprise */ + for (i = 0; ids[i]; i++) { + ids[i]->status = ID_UNKNOWN; + } + /* Only do query if we are online */ if (idmap_is_offline()) { return NT_STATUS_FILE_IS_OFFLINE; @@ -516,6 +521,11 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map int i; char *sidstr; + /* initialize the status to avoid suprise */ + for (i = 0; ids[i]; i++) { + ids[i]->status = ID_UNKNOWN; + } + /* Only do query if we are online */ if (idmap_is_offline()) { return NT_STATUS_FILE_IS_OFFLINE; diff --git a/source3/winbindd/idmap_adex/idmap_adex.c b/source3/winbindd/idmap_adex/idmap_adex.c index 7e186ca8a1..e2fcda83d3 100644 --- a/source3/winbindd/idmap_adex/idmap_adex.c +++ b/source3/winbindd/idmap_adex/idmap_adex.c @@ -159,6 +159,11 @@ static NTSTATUS _idmap_adex_get_sid_from_id(struct NTSTATUS nt_status; struct likewise_cell *cell; + /* initialize the status to avoid suprise */ + for (i = 0; ids[i]; i++) { + ids[i]->status = ID_UNKNOWN; + } + nt_status = _idmap_adex_init(dom, NULL); if (!NT_STATUS_IS_OK(nt_status)) return nt_status; @@ -207,6 +212,11 @@ static NTSTATUS _idmap_adex_get_id_from_sid(struct NTSTATUS nt_status; struct likewise_cell *cell; + /* initialize the status to avoid suprise */ + for (i = 0; ids[i]; i++) { + ids[i]->status = ID_UNKNOWN; + } + nt_status = _idmap_adex_init(dom, NULL); if (!NT_STATUS_IS_OK(nt_status)) return nt_status; diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c index 7dd94aede0..42830720f3 100644 --- a/source3/winbindd/idmap_hash/idmap_hash.c +++ b/source3/winbindd/idmap_hash/idmap_hash.c @@ -160,6 +160,11 @@ static NTSTATUS unixids_to_sids(struct idmap_domain *dom, NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; int i; + /* initialize the status to avoid suprise */ + for (i = 0; ids[i]; i++) { + ids[i]->status = ID_UNKNOWN; + } + nt_status = be_init(dom, NULL); BAIL_ON_NTSTATUS_ERROR(nt_status); @@ -206,6 +211,11 @@ static NTSTATUS sids_to_unixids(struct idmap_domain *dom, NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; int i; + /* initialize the status to avoid suprise */ + for (i = 0; ids[i]; i++) { + ids[i]->status = ID_UNKNOWN; + } + nt_status = be_init(dom, NULL); BAIL_ON_NTSTATUS_ERROR(nt_status); diff --git a/source3/winbindd/idmap_nss.c b/source3/winbindd/idmap_nss.c index 156fdc7cc9..f50e6172ba 100644 --- a/source3/winbindd/idmap_nss.c +++ b/source3/winbindd/idmap_nss.c @@ -44,6 +44,11 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma TALLOC_CTX *ctx; int i; + /* initialize the status to avoid suprise */ + for (i = 0; ids[i]; i++) { + ids[i]->status = ID_UNKNOWN; + } + ctx = talloc_new(dom); if ( ! ctx) { DEBUG(0, ("Out of memory!\n")); @@ -130,6 +135,11 @@ static NTSTATUS idmap_nss_sids_to_unixids(struct idmap_domain *dom, struct id_ma TALLOC_CTX *ctx; int i; + /* initialize the status to avoid suprise */ + for (i = 0; ids[i]; i++) { + ids[i]->status = ID_UNKNOWN; + } + ctx = talloc_new(dom); if ( ! ctx) { DEBUG(0, ("Out of memory!\n")); diff --git a/source3/winbindd/idmap_rid.c b/source3/winbindd/idmap_rid.c index 9d1898708c..359bbfd411 100644 --- a/source3/winbindd/idmap_rid.c +++ b/source3/winbindd/idmap_rid.c @@ -171,6 +171,11 @@ static NTSTATUS idmap_rid_unixids_to_sids(struct idmap_domain *dom, struct id_ma NTSTATUS ret; int i; + /* initialize the status to avoid suprise */ + for (i = 0; ids[i]; i++) { + ids[i]->status = ID_UNKNOWN; + } + ridctx = talloc_get_type(dom->private_data, struct idmap_rid_context); ctx = talloc_new(dom); @@ -205,6 +210,11 @@ static NTSTATUS idmap_rid_sids_to_unixids(struct idmap_domain *dom, struct id_ma NTSTATUS ret; int i; + /* initialize the status to avoid suprise */ + for (i = 0; ids[i]; i++) { + ids[i]->status = ID_UNKNOWN; + } + ridctx = talloc_get_type(dom->private_data, struct idmap_rid_context); ctx = talloc_new(dom); diff --git a/source3/winbindd/idmap_tdb.c b/source3/winbindd/idmap_tdb.c index 3a64979f33..22c17578e6 100644 --- a/source3/winbindd/idmap_tdb.c +++ b/source3/winbindd/idmap_tdb.c @@ -775,6 +775,11 @@ static NTSTATUS idmap_tdb_unixids_to_sids(struct idmap_domain *dom, struct id_ma NTSTATUS ret; int i; + /* initialize the status to avoid suprise */ + for (i = 0; ids[i]; i++) { + ids[i]->status = ID_UNKNOWN; + } + ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context); for (i = 0; ids[i]; i++) { @@ -813,6 +818,11 @@ static NTSTATUS idmap_tdb_sids_to_unixids(struct idmap_domain *dom, struct id_ma NTSTATUS ret; int i; + /* initialize the status to avoid suprise */ + for (i = 0; ids[i]; i++) { + ids[i]->status = ID_UNKNOWN; + } + ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context); for (i = 0; ids[i]; i++) { diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c index fb90dd097e..b2723270eb 100644 --- a/source3/winbindd/idmap_tdb2.c +++ b/source3/winbindd/idmap_tdb2.c @@ -655,6 +655,11 @@ static NTSTATUS idmap_tdb2_unixids_to_sids(struct idmap_domain *dom, struct id_m NTSTATUS ret; int i; + /* initialize the status to avoid suprise */ + for (i = 0; ids[i]; i++) { + ids[i]->status = ID_UNKNOWN; + } + ctx = talloc_get_type(dom->private_data, struct idmap_tdb2_context); for (i = 0; ids[i]; i++) { @@ -692,6 +697,11 @@ static NTSTATUS idmap_tdb2_sids_to_unixids(struct idmap_domain *dom, struct id_m NTSTATUS ret; int i; + /* initialize the status to avoid suprise */ + for (i = 0; ids[i]; i++) { + ids[i]->status = ID_UNKNOWN; + } + ctx = talloc_get_type(dom->private_data, struct idmap_tdb2_context); for (i = 0; ids[i]; i++) { diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c index 9abf425f3e..ad4a7ddd99 100644 --- a/source3/winbindd/idmap_util.c +++ b/source3/winbindd/idmap_util.c @@ -18,6 +18,8 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.*/ #include "includes.h" +#include "winbindd.h" +#include "winbindd_proto.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_IDMAP @@ -36,7 +38,8 @@ NTSTATUS idmap_uid_to_sid(const char *domname, DOM_SID *sid, uid_t uid) DEBUG(10,("idmap_uid_to_sid: uid = [%lu], domain = '%s'\n", (unsigned long)uid, domname?domname:"NULL")); - if (idmap_cache_find_uid2sid(uid, sid, &expired)) { + if (winbindd_use_idmap_cache() + && idmap_cache_find_uid2sid(uid, sid, &expired)) { DEBUG(10, ("idmap_cache_find_uid2sid found %d%s\n", uid, expired ? " (expired)": "")); if (expired && idmap_is_online()) { @@ -63,14 +66,18 @@ backend: } if (map.status != ID_MAPPED) { - struct dom_sid null_sid; - ZERO_STRUCT(null_sid); - idmap_cache_set_sid2uid(&null_sid, uid); + if (winbindd_use_idmap_cache()) { + struct dom_sid null_sid; + ZERO_STRUCT(null_sid); + idmap_cache_set_sid2uid(&null_sid, uid); + } DEBUG(10, ("uid [%lu] not mapped\n", (unsigned long)uid)); return NT_STATUS_NONE_MAPPED; } - idmap_cache_set_sid2uid(sid, uid); + if (winbindd_use_idmap_cache()) { + idmap_cache_set_sid2uid(sid, uid); + } return NT_STATUS_OK; } @@ -89,7 +96,8 @@ NTSTATUS idmap_gid_to_sid(const char *domname, DOM_SID *sid, gid_t gid) DEBUG(10,("idmap_gid_to_si: gid = [%lu], domain = '%s'\n", (unsigned long)gid, domname?domname:"NULL")); - if (idmap_cache_find_gid2sid(gid, sid, &expired)) { + if (winbindd_use_idmap_cache() + && idmap_cache_find_gid2sid(gid, sid, &expired)) { DEBUG(10, ("idmap_cache_find_gid2sid found %d%s\n", gid, expired ? " (expired)": "")); if (expired && idmap_is_online()) { @@ -116,14 +124,18 @@ backend: } if (map.status != ID_MAPPED) { - struct dom_sid null_sid; - ZERO_STRUCT(null_sid); - idmap_cache_set_sid2uid(&null_sid, gid); + if (winbindd_use_idmap_cache()) { + struct dom_sid null_sid; + ZERO_STRUCT(null_sid); + idmap_cache_set_sid2uid(&null_sid, gid); + } DEBUG(10, ("gid [%lu] not mapped\n", (unsigned long)gid)); return NT_STATUS_NONE_MAPPED; } - idmap_cache_set_sid2gid(sid, gid); + if (winbindd_use_idmap_cache()) { + idmap_cache_set_sid2gid(sid, gid); + } return NT_STATUS_OK; } @@ -142,7 +154,8 @@ NTSTATUS idmap_sid_to_uid(const char *dom_name, DOM_SID *sid, uid_t *uid) DEBUG(10,("idmap_sid_to_uid: sid = [%s], domain = '%s'\n", sid_string_dbg(sid), dom_name)); - if (idmap_cache_find_sid2uid(sid, uid, &expired)) { + if (winbindd_use_idmap_cache() + && idmap_cache_find_sid2uid(sid, uid, &expired)) { DEBUG(10, ("idmap_cache_find_sid2uid found %d%s\n", (int)(*uid), expired ? " (expired)": "")); if (expired && idmap_is_online()) { @@ -171,7 +184,9 @@ backend: map.status, map.xid.type, map.xid.id)); - idmap_cache_set_sid2uid(sid, -1); + if (winbindd_use_idmap_cache()) { + idmap_cache_set_sid2uid(sid, -1); + } return NT_STATUS_NONE_MAPPED; } goto done; @@ -182,7 +197,9 @@ backend: * We had the task to go to a specific domain which * could not answer our request. Fail. */ - idmap_cache_set_sid2uid(sid, -1); + if (winbindd_use_idmap_cache()) { + idmap_cache_set_sid2uid(sid, -1); + } return NT_STATUS_NONE_MAPPED; } @@ -191,13 +208,17 @@ backend: if (!NT_STATUS_IS_OK(ret)) { DEBUG(10, ("idmap_new_mapping failed: %s\n", nt_errstr(ret))); - idmap_cache_set_sid2uid(sid, -1); + if (winbindd_use_idmap_cache()) { + idmap_cache_set_sid2uid(sid, -1); + } return ret; } done: *uid = (uid_t)map.xid.id; - idmap_cache_set_sid2uid(sid, *uid); + if (winbindd_use_idmap_cache()) { + idmap_cache_set_sid2uid(sid, *uid); + } return NT_STATUS_OK; } @@ -215,7 +236,8 @@ NTSTATUS idmap_sid_to_gid(const char *domname, DOM_SID *sid, gid_t *gid) DEBUG(10,("idmap_sid_to_gid: sid = [%s], domain = '%s'\n", sid_string_dbg(sid), domname)); - if (idmap_cache_find_sid2gid(sid, gid, &expired)) { + if (winbindd_use_idmap_cache() + && idmap_cache_find_sid2gid(sid, gid, &expired)) { DEBUG(10, ("idmap_cache_find_sid2gid found %d%s\n", (int)(*gid), expired ? " (expired)": "")); if (expired && idmap_is_online()) { @@ -243,7 +265,9 @@ backend: map.status, map.xid.type, map.xid.id)); - idmap_cache_set_sid2gid(sid, -1); + if (winbindd_use_idmap_cache()) { + idmap_cache_set_sid2gid(sid, -1); + } return NT_STATUS_NONE_MAPPED; } goto done; @@ -254,7 +278,9 @@ backend: * We had the task to go to a specific domain which * could not answer our request. Fail. */ - idmap_cache_set_sid2uid(sid, -1); + if (winbindd_use_idmap_cache()) { + idmap_cache_set_sid2uid(sid, -1); + } return NT_STATUS_NONE_MAPPED; } @@ -263,12 +289,16 @@ backend: if (!NT_STATUS_IS_OK(ret)) { DEBUG(10, ("idmap_new_mapping failed: %s\n", nt_errstr(ret))); - idmap_cache_set_sid2gid(sid, -1); + if (winbindd_use_idmap_cache()) { + idmap_cache_set_sid2gid(sid, -1); + } return ret; } done: *gid = map.xid.id; - idmap_cache_set_sid2gid(sid, *gid); + if (winbindd_use_idmap_cache()) { + idmap_cache_set_sid2gid(sid, *gid); + } return NT_STATUS_OK; } diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index dbe83152dd..66271068d2 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -28,7 +28,7 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND -bool opt_nocache = False; +static bool opt_nocache = False; static bool interactive = False; extern bool override_logfile; @@ -320,7 +320,7 @@ static bool winbindd_setup_sig_usr2_handler(void) se = tevent_add_signal(winbind_event_context(), winbind_event_context(), - SIGCHLD, 0, + SIGUSR2, 0, winbindd_sig_usr2_handler, NULL); if (!se) { @@ -927,6 +927,97 @@ static bool remove_idle_client(void) return False; } +struct winbindd_listen_state { + bool privileged; + int fd; + struct tevent_fd *fde; +}; + +static void winbindd_listen_fde_handler(struct tevent_context *ev, + struct tevent_fd *fde, + uint16_t flags, + void *private_data) +{ + struct winbindd_listen_state *s = talloc_get_type_abort(private_data, + struct winbindd_listen_state); + + while (winbindd_num_clients() > + WINBINDD_MAX_SIMULTANEOUS_CLIENTS - 1) { + DEBUG(5,("winbindd: Exceeding %d client " + "connections, removing idle " + "connection.\n", + WINBINDD_MAX_SIMULTANEOUS_CLIENTS)); + if (!remove_idle_client()) { + DEBUG(0,("winbindd: Exceeding %d " + "client connections, no idle " + "connection found\n", + WINBINDD_MAX_SIMULTANEOUS_CLIENTS)); + break; + } + } + + /* new, non-privileged connection */ + new_connection(s->fd, s->privileged); +} + +static bool winbindd_setup_listeners(void) +{ + struct winbindd_listen_state *pub_state = NULL; + struct winbindd_listen_state *priv_state = NULL; + + pub_state = talloc(winbind_event_context(), + struct winbindd_listen_state); + if (!pub_state) { + goto failed; + } + + pub_state->privileged = false; + pub_state->fd = open_winbindd_socket(); + if (pub_state->fd == -1) { + goto failed; + } + + pub_state->fde = tevent_add_fd(winbind_event_context(), + pub_state, pub_state->fd, + TEVENT_FD_READ, + winbindd_listen_fde_handler, + pub_state); + if (!pub_state->fde) { + close(pub_state->fd); + goto failed; + } + tevent_fd_set_auto_close(pub_state->fde); + + priv_state = talloc(winbind_event_context(), + struct winbindd_listen_state); + if (!priv_state) { + goto failed; + } + + priv_state->privileged = true; + priv_state->fd = open_winbindd_priv_socket(); + if (priv_state->fd == -1) { + goto failed; + } + + priv_state->fde = tevent_add_fd(winbind_event_context(), + priv_state, priv_state->fd, + TEVENT_FD_READ, + winbindd_listen_fde_handler, + priv_state); + if (!priv_state->fde) { + close(priv_state->fd); + goto failed; + } + tevent_fd_set_auto_close(priv_state->fde); + + return true; +failed: + TALLOC_FREE(pub_state); + TALLOC_FREE(priv_state); + return false; +} + /* Process incoming clients on listen_sock. We use a tricky non-blocking, non-forking, non-threaded model which allows us to handle many simultaneous connections while remaining impervious to many denial of @@ -934,35 +1025,17 @@ static bool remove_idle_client(void) static void process_loop(void) { - struct winbindd_cli_state *state; struct winbindd_fd_event *ev; fd_set r_fds, w_fds; - int maxfd, listen_sock, listen_priv_sock, selret; + int maxfd = 0, selret; struct timeval timeout, ev_timeout; - /* Open Sockets here to get stuff going ASAP */ - listen_sock = open_winbindd_socket(); - listen_priv_sock = open_winbindd_priv_socket(); - - if (listen_sock == -1 || listen_priv_sock == -1) { - perror("open_winbind_socket"); - exit(1); - } - run_events(winbind_event_context(), 0, NULL, NULL); - /* refresh the trusted domain cache */ - - rescan_trusted_domains(); - /* Initialise fd lists for select() */ - maxfd = MAX(listen_sock, listen_priv_sock); - FD_ZERO(&r_fds); FD_ZERO(&w_fds); - FD_SET(listen_sock, &r_fds); - FD_SET(listen_priv_sock, &r_fds); timeout.tv_sec = WINBINDD_ESTABLISH_LOOP; timeout.tv_usec = 0; @@ -979,23 +1052,6 @@ static void process_loop(void) timeout = timeval_min(&timeout, &ev_timeout); } - /* Set up client readers and writers */ - - state = winbindd_client_list(); - - while (state) { - - struct winbindd_cli_state *next = state->next; - - /* Dispose of client connection if it is marked as - finished */ - - if (state->finished) - remove_client(state); - - state = next; - } - for (ev = fd_events; ev; ev = ev->next) { if (ev->flags & EVENT_FD_READ) { FD_SET(ev->fd, &r_fds); @@ -1043,43 +1099,7 @@ static void process_loop(void) ev = next; } - if (FD_ISSET(listen_sock, &r_fds)) { - while (winbindd_num_clients() > - WINBINDD_MAX_SIMULTANEOUS_CLIENTS - 1) { - DEBUG(5,("winbindd: Exceeding %d client " - "connections, removing idle " - "connection.\n", - WINBINDD_MAX_SIMULTANEOUS_CLIENTS)); - if (!remove_idle_client()) { - DEBUG(0,("winbindd: Exceeding %d " - "client connections, no idle " - "connection found\n", - WINBINDD_MAX_SIMULTANEOUS_CLIENTS)); - break; - } - } - /* new, non-privileged connection */ - new_connection(listen_sock, False); - } - - if (FD_ISSET(listen_priv_sock, &r_fds)) { - while (winbindd_num_clients() > - WINBINDD_MAX_SIMULTANEOUS_CLIENTS - 1) { - DEBUG(5,("winbindd: Exceeding %d client " - "connections, removing idle " - "connection.\n", - WINBINDD_MAX_SIMULTANEOUS_CLIENTS)); - if (!remove_idle_client()) { - DEBUG(0,("winbindd: Exceeding %d " - "client connections, no idle " - "connection found\n", - WINBINDD_MAX_SIMULTANEOUS_CLIENTS)); - break; - } - } - /* new, privileged connection */ - new_connection(listen_priv_sock, True); - } + return; no_fds_ready: @@ -1090,6 +1110,16 @@ static void process_loop(void) #endif } +bool winbindd_use_idmap_cache(void) +{ + return !opt_nocache; +} + +bool winbindd_use_cache(void) +{ + return !opt_nocache; +} + /* Main function */ int main(int argc, char **argv, char **envp) @@ -1356,12 +1386,39 @@ int main(int argc, char **argv, char **envp) smb_nscd_flush_user_cache(); smb_nscd_flush_group_cache(); - /* Loop waiting for requests */ + /* setup listen sockets */ + + if (!winbindd_setup_listeners()) { + DEBUG(0,("winbindd_setup_listeners() failed\n")); + exit(1); + } TALLOC_FREE(frame); + /* Loop waiting for requests */ while (1) { + struct winbindd_cli_state *state; + frame = talloc_stackframe(); + + /* refresh the trusted domain cache */ + + rescan_trusted_domains(); + + /* Dispose of client connection if it is marked as + finished */ + state = winbindd_client_list(); + while (state) { + struct winbindd_cli_state *next = state->next; + + if (state->finished) { + remove_client(state); + } + + state = next; + } + process_loop(); + TALLOC_FREE(frame); } diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h index 5ebbb72cf5..f3733dc131 100644 --- a/source3/winbindd/winbindd.h +++ b/source3/winbindd/winbindd.h @@ -119,10 +119,10 @@ struct winbindd_cm_conn { struct cli_state *cli; struct rpc_pipe_client *samr_pipe; - POLICY_HND sam_connect_handle, sam_domain_handle; + struct policy_handle sam_connect_handle, sam_domain_handle; struct rpc_pipe_client *lsa_pipe; - POLICY_HND lsa_policy; + struct policy_handle lsa_policy; struct rpc_pipe_client *netlogon_pipe; }; diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index a508682e5e..a76faa7a25 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -978,7 +978,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, size_t num_members = 0; ads_control args; struct rpc_pipe_client *cli; - POLICY_HND lsa_policy; + struct policy_handle lsa_policy; DOM_SID *sid_mem_nocache = NULL; char **names_nocache = NULL; enum lsa_SidType *name_types_nocache = NULL; diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 02d0b5bc4e..66166bf292 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -34,7 +34,6 @@ #define WINBINDD_CACHE_VERSION_KEYSTR "WINBINDD_CACHE_VERSION" extern struct winbindd_methods reconnect_methods; -extern bool opt_nocache; #ifdef HAVE_ADS extern struct winbindd_methods ads_methods; #endif @@ -632,7 +631,7 @@ static struct cache_entry *wcache_fetch(struct winbind_cache *cache, char *kstr; struct cache_entry *centry; - if (opt_nocache) { + if (!winbindd_use_cache()) { return NULL; } @@ -834,7 +833,7 @@ static void centry_end(struct cache_entry *centry, const char *format, ...) char *kstr; TDB_DATA key, data; - if (opt_nocache) { + if (!winbindd_use_cache()) { return; } @@ -2861,8 +2860,9 @@ void wcache_flush_cache(void) tdb_close(wcache->tdb); wcache->tdb = NULL; } - if (opt_nocache) + if (!winbindd_use_cache()) { return; + } /* when working offline we must not clear the cache on restart */ wcache->tdb = tdb_open_log(cache_path("winbindd_cache.tdb"), diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 35768fe7f2..ed0a33a5f2 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -821,8 +821,6 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, } } - cli_setup_signing_state(*cli, Undefined); - result = cli_negprot(*cli); if (!NT_STATUS_IS_OK(result)) { @@ -868,7 +866,10 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, result = ads_ntstatus(ads_status); if (NT_STATUS_IS_OK(result)) { /* Ensure creds are stored for NTLMSSP authenticated pipe access. */ - cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password); + result = cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } goto session_setup_done; } } @@ -893,7 +894,10 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, result = ads_ntstatus(ads_status); if (NT_STATUS_IS_OK(result)) { /* Ensure creds are stored for NTLMSSP authenticated pipe access. */ - cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password); + result = cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } goto session_setup_done; } } @@ -919,7 +923,10 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, ipc_password, strlen(ipc_password)+1, ipc_domain))) { /* Successful logon with given username. */ - cli_init_creds(*cli, ipc_username, ipc_domain, ipc_password); + result = cli_init_creds(*cli, ipc_username, ipc_domain, ipc_password); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } goto session_setup_done; } else { DEBUG(4, ("authenticated session setup with user %s\\%s failed.\n", @@ -937,7 +944,10 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, if (NT_STATUS_IS_OK(cli_session_setup(*cli, "", NULL, 0, NULL, 0, ""))) { DEBUG(5, ("Connected anonymously\n")); - cli_init_creds(*cli, "", "", ""); + result = cli_init_creds(*cli, "", "", ""); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } goto session_setup_done; } @@ -972,8 +982,11 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, *retry = False; /* set the domain if empty; needed for schannel connections */ - if ( !*(*cli)->domain ) { - fstrcpy( (*cli)->domain, domain->name ); + if ( !(*cli)->domain[0] ) { + result = cli_set_domain((*cli), domain->name); + if (!NT_STATUS_IS_OK(result)) { + return result; + } } result = NT_STATUS_OK; @@ -1759,8 +1772,8 @@ static void set_dc_type_and_flags_connect( struct winbindd_domain *domain ) NTSTATUS result; WERROR werr; TALLOC_CTX *mem_ctx = NULL; - struct rpc_pipe_client *cli; - POLICY_HND pol; + struct rpc_pipe_client *cli = NULL; + struct policy_handle pol; union dssetup_DsRoleInfo info; union lsa_PolicyInformation *lsa_info = NULL; @@ -1977,11 +1990,10 @@ static bool cm_get_schannel_dcinfo(struct winbindd_domain *domain, } NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - struct rpc_pipe_client **cli, POLICY_HND *sam_handle) + struct rpc_pipe_client **cli, struct policy_handle *sam_handle) { struct winbindd_cm_conn *conn; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - fstring conn_pwd; struct dcinfo *p_dcinfo; char *machine_password = NULL; char *machine_account = NULL; @@ -2006,10 +2018,9 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, * anonymous. */ - pwd_get_cleartext(&conn->cli->pwd, conn_pwd); if ((conn->cli->user_name[0] == '\0') || (conn->cli->domain[0] == '\0') || - (conn_pwd[0] == '\0')) + (conn->cli->password == NULL || conn->cli->password[0] == '\0')) { result = get_trust_creds(domain, &machine_password, &machine_account, NULL); @@ -2020,7 +2031,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, } domain_name = domain->name; } else { - machine_password = SMB_STRDUP(conn_pwd); + machine_password = SMB_STRDUP(conn->cli->password); machine_account = SMB_STRDUP(conn->cli->user_name); domain_name = conn->cli->domain; } @@ -2145,11 +2156,10 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, } NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - struct rpc_pipe_client **cli, POLICY_HND *lsa_policy) + struct rpc_pipe_client **cli, struct policy_handle *lsa_policy) { struct winbindd_cm_conn *conn; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - fstring conn_pwd; struct dcinfo *p_dcinfo; result = init_dc_connection(domain); @@ -2162,10 +2172,9 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, goto done; } - pwd_get_cleartext(&conn->cli->pwd, conn_pwd); if ((conn->cli->user_name[0] == '\0') || (conn->cli->domain[0] == '\0') || - (conn_pwd[0] == '\0')) { + (conn->cli->password == NULL || conn->cli->password[0] == '\0')) { DEBUG(10, ("cm_connect_lsa: No no user available for " "domain %s, trying schannel\n", conn->cli->domain)); goto schannel; @@ -2176,7 +2185,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, result = cli_rpc_pipe_open_spnego_ntlmssp (conn->cli, &ndr_table_lsarpc.syntax_id, PIPE_AUTH_LEVEL_PRIVACY, - conn->cli->domain, conn->cli->user_name, conn_pwd, + conn->cli->domain, conn->cli->user_name, conn->cli->password, &conn->lsa_pipe); if (!NT_STATUS_IS_OK(result)) { diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index 043f26e578..6ad93adf4a 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -25,8 +25,6 @@ #include "includes.h" #include "winbindd.h" -extern bool opt_nocache; - #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 597d48aad0..15d1b7e2bf 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1396,7 +1396,7 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain, NT_STATUS_IS_OK(result) && (my_info3->base.acct_flags == 0)) { struct rpc_pipe_client *samr_pipe; - POLICY_HND samr_domain_handle, user_pol; + struct policy_handle samr_domain_handle, user_pol; union samr_UserInfo *info = NULL; NTSTATUS status_tmp; uint32 acct_flags; @@ -2066,7 +2066,7 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact { char *oldpass; char *newpass = NULL; - POLICY_HND dom_pol; + struct policy_handle dom_pol; struct rpc_pipe_client *cli; bool got_info = false; struct samr_DomInfo1 *info = NULL; @@ -2394,7 +2394,7 @@ enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domai DATA_BLOB new_lm_password; DATA_BLOB old_lm_hash_enc; fstring domain,user; - POLICY_HND dom_pol; + struct policy_handle dom_pol; struct winbindd_domain *contact_domain = domainSt; struct rpc_pipe_client *cli; diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c index d704ca0fd3..1a358b2b44 100644 --- a/source3/winbindd/winbindd_passdb.c +++ b/source3/winbindd/winbindd_passdb.c @@ -40,9 +40,9 @@ static NTSTATUS enum_groups_internal(struct winbindd_domain *domain, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; if (sidtype == SID_NAME_ALIAS) { - search = pdb_search_aliases(&domain->sid); + search = pdb_search_aliases(talloc_tos(), &domain->sid); } else { - search = pdb_search_groups(); + search = pdb_search_groups(talloc_tos()); } if (search == NULL) goto done; @@ -68,7 +68,7 @@ static NTSTATUS enum_groups_internal(struct winbindd_domain *domain, result = NT_STATUS_OK; done: - pdb_search_destroy(search); + TALLOC_FREE(search); return result; } @@ -456,7 +456,7 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain, uint32 *num_entries, WINBIND_USERINFO **info) { - struct pdb_search *ps = pdb_search_users(ACB_NORMAL); + struct pdb_search *ps = pdb_search_users(talloc_tos(), ACB_NORMAL); struct samr_displayentry *entries = NULL; uint32 i; @@ -473,7 +473,7 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain, *info = TALLOC_ZERO_ARRAY(mem_ctx, WINBIND_USERINFO, *num_entries); if (!(*info)) { - pdb_search_destroy(ps); + TALLOC_FREE(ps); return NT_STATUS_NO_MEMORY; } @@ -498,7 +498,7 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain, DOMAIN_GROUP_RID_USERS); } - pdb_search_destroy(ps); + TALLOC_FREE(ps); return NT_STATUS_OK; } diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index c6e8803ce8..384395f896 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -65,6 +65,8 @@ void request_error(struct winbindd_cli_state *state); void request_ok(struct winbindd_cli_state *state); bool winbindd_setup_sig_term_handler(bool parent); bool winbindd_setup_sig_hup_handler(const char *lfile); +bool winbindd_use_idmap_cache(void); +bool winbindd_use_cache(void); int main(int argc, char **argv, char **envp); /* The following definitions come from winbindd/winbindd_ads.c */ @@ -206,9 +208,9 @@ void invalidate_cm_connection(struct winbindd_cm_conn *conn); void close_conns_after_fork(void); NTSTATUS init_dc_connection(struct winbindd_domain *domain); NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - struct rpc_pipe_client **cli, POLICY_HND *sam_handle); + struct rpc_pipe_client **cli, struct policy_handle *sam_handle); NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - struct rpc_pipe_client **cli, POLICY_HND *lsa_policy); + struct rpc_pipe_client **cli, struct policy_handle *lsa_policy); NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, struct rpc_pipe_client **cli); @@ -547,7 +549,6 @@ const char *get_winbind_pipe_dir(void) ; char *get_winbind_priv_pipe_dir(void) ; int open_winbindd_socket(void); int open_winbindd_priv_socket(void); -void close_winbindd_socket(void); struct winbindd_cli_state *winbindd_client_list(void); void winbindd_add_client(struct winbindd_cli_state *cli); void winbindd_remove_client(struct winbindd_cli_state *cli); diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 0070bde2cc..5edb0d98b0 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -38,7 +38,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, WINBIND_USERINFO **info) { NTSTATUS result; - POLICY_HND dom_pol; + struct policy_handle dom_pol; unsigned int i, start_idx; uint32 loop_count; struct rpc_pipe_client *cli; @@ -130,7 +130,7 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, uint32 *num_entries, struct acct_info **info) { - POLICY_HND dom_pol; + struct policy_handle dom_pol; NTSTATUS status; uint32 start = 0; struct rpc_pipe_client *cli; @@ -201,7 +201,7 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain, uint32 *num_entries, struct acct_info **info) { - POLICY_HND dom_pol; + struct policy_handle dom_pol; NTSTATUS result; struct rpc_pipe_client *cli; @@ -278,7 +278,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, enum lsa_SidType *types = NULL; char *full_name = NULL; struct rpc_pipe_client *cli; - POLICY_HND lsa_policy; + struct policy_handle lsa_policy; NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL; char *mapped_name = NULL; @@ -343,7 +343,7 @@ static NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, enum lsa_SidType *types = NULL; NTSTATUS result; struct rpc_pipe_client *cli; - POLICY_HND lsa_policy; + struct policy_handle lsa_policy; NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL; char *mapped_name = NULL; @@ -396,7 +396,7 @@ static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, char **domains; NTSTATUS result; struct rpc_pipe_client *cli; - POLICY_HND lsa_policy; + struct policy_handle lsa_policy; DOM_SID *sids; size_t i; char **ret_names; @@ -461,7 +461,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, WINBIND_USERINFO *user_info) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - POLICY_HND dom_pol, user_pol; + struct policy_handle dom_pol, user_pol; union samr_UserInfo *info = NULL; uint32 user_rid; struct netr_SamInfo3 *user; @@ -564,7 +564,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, uint32 *num_groups, DOM_SID **user_grpsids) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - POLICY_HND dom_pol, user_pol; + struct policy_handle dom_pol, user_pol; uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; struct samr_RidWithAttributeArray *rid_array = NULL; unsigned int i; @@ -645,7 +645,7 @@ static NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, uint32 **alias_rids) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - POLICY_HND dom_pol; + struct policy_handle dom_pol; uint32 num_query_sids = 0; int i; struct rpc_pipe_client *cli; @@ -745,7 +745,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 i, total_names = 0; - POLICY_HND dom_pol, group_pol; + struct policy_handle dom_pol, group_pol; uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; uint32 *rid_mem = NULL; uint32 group_rid; @@ -857,14 +857,15 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, } for (r=0; r<tmp_names.count; r++) { - (*names)[i+r] = fill_domain_username_talloc(mem_ctx, - domain->name, - tmp_names.names[r].string, - true); - (*name_types)[i+r] = tmp_types.ids[r]; + if (tmp_types.ids[r] == SID_NAME_UNKNOWN) { + continue; + } + (*names)[total_names] = fill_domain_username_talloc( + mem_ctx, domain->name, + tmp_names.names[r].string, true); + (*name_types)[total_names] = tmp_types.ids[r]; + total_names += 1; } - - total_names += tmp_names.count; } *num_names = total_names; @@ -952,7 +953,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) TALLOC_CTX *mem_ctx; union samr_DomainInfo *info = NULL; NTSTATUS result; - POLICY_HND dom_pol; + struct policy_handle dom_pol; bool got_seq_num = False; struct rpc_pipe_client *cli; @@ -1053,7 +1054,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 enum_ctx = 0; struct rpc_pipe_client *cli; - POLICY_HND lsa_policy; + struct policy_handle lsa_policy; DEBUG(3,("rpc: trusted_domains\n")); @@ -1111,7 +1112,7 @@ static NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, { NTSTATUS result; struct rpc_pipe_client *cli; - POLICY_HND dom_pol; + struct policy_handle dom_pol; union samr_DomainInfo *info = NULL; DEBUG(10,("rpc: fetch lockout policy for %s\n", domain->name)); @@ -1152,7 +1153,7 @@ static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, { NTSTATUS result; struct rpc_pipe_client *cli; - POLICY_HND dom_pol; + struct policy_handle dom_pol; union samr_DomainInfo *info = NULL; DEBUG(10,("rpc: fetch password policy for %s\n", domain->name)); diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 2d87015fec..a2c1c85e0b 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -1316,24 +1316,6 @@ int open_winbindd_priv_socket(void) return _winbindd_priv_socket; } -/* Close the winbindd socket */ - -void close_winbindd_socket(void) -{ - if (_winbindd_socket != -1) { - DEBUG(10, ("close_winbindd_socket: closing socket fd %d\n", - _winbindd_socket)); - close(_winbindd_socket); - _winbindd_socket = -1; - } - if (_winbindd_priv_socket != -1) { - DEBUG(10, ("close_winbindd_socket: closing socket fd %d\n", - _winbindd_priv_socket)); - close(_winbindd_priv_socket); - _winbindd_priv_socket = -1; - } -} - /* * Client list accessor functions */ |