summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/idmap_util.c70
-rw-r--r--source3/winbindd/winbindd.c12
-rw-r--r--source3/winbindd/winbindd_cache.c8
-rw-r--r--source3/winbindd/winbindd_cm.c39
-rw-r--r--source3/winbindd/winbindd_group.c2
-rw-r--r--source3/winbindd/winbindd_proto.h2
6 files changed, 92 insertions, 41 deletions
diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c
index 9abf425f3e..ad4a7ddd99 100644
--- a/source3/winbindd/idmap_util.c
+++ b/source3/winbindd/idmap_util.c
@@ -18,6 +18,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.*/
#include "includes.h"
+#include "winbindd.h"
+#include "winbindd_proto.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_IDMAP
@@ -36,7 +38,8 @@ NTSTATUS idmap_uid_to_sid(const char *domname, DOM_SID *sid, uid_t uid)
DEBUG(10,("idmap_uid_to_sid: uid = [%lu], domain = '%s'\n",
(unsigned long)uid, domname?domname:"NULL"));
- if (idmap_cache_find_uid2sid(uid, sid, &expired)) {
+ if (winbindd_use_idmap_cache()
+ && idmap_cache_find_uid2sid(uid, sid, &expired)) {
DEBUG(10, ("idmap_cache_find_uid2sid found %d%s\n", uid,
expired ? " (expired)": ""));
if (expired && idmap_is_online()) {
@@ -63,14 +66,18 @@ backend:
}
if (map.status != ID_MAPPED) {
- struct dom_sid null_sid;
- ZERO_STRUCT(null_sid);
- idmap_cache_set_sid2uid(&null_sid, uid);
+ if (winbindd_use_idmap_cache()) {
+ struct dom_sid null_sid;
+ ZERO_STRUCT(null_sid);
+ idmap_cache_set_sid2uid(&null_sid, uid);
+ }
DEBUG(10, ("uid [%lu] not mapped\n", (unsigned long)uid));
return NT_STATUS_NONE_MAPPED;
}
- idmap_cache_set_sid2uid(sid, uid);
+ if (winbindd_use_idmap_cache()) {
+ idmap_cache_set_sid2uid(sid, uid);
+ }
return NT_STATUS_OK;
}
@@ -89,7 +96,8 @@ NTSTATUS idmap_gid_to_sid(const char *domname, DOM_SID *sid, gid_t gid)
DEBUG(10,("idmap_gid_to_si: gid = [%lu], domain = '%s'\n",
(unsigned long)gid, domname?domname:"NULL"));
- if (idmap_cache_find_gid2sid(gid, sid, &expired)) {
+ if (winbindd_use_idmap_cache()
+ && idmap_cache_find_gid2sid(gid, sid, &expired)) {
DEBUG(10, ("idmap_cache_find_gid2sid found %d%s\n", gid,
expired ? " (expired)": ""));
if (expired && idmap_is_online()) {
@@ -116,14 +124,18 @@ backend:
}
if (map.status != ID_MAPPED) {
- struct dom_sid null_sid;
- ZERO_STRUCT(null_sid);
- idmap_cache_set_sid2uid(&null_sid, gid);
+ if (winbindd_use_idmap_cache()) {
+ struct dom_sid null_sid;
+ ZERO_STRUCT(null_sid);
+ idmap_cache_set_sid2uid(&null_sid, gid);
+ }
DEBUG(10, ("gid [%lu] not mapped\n", (unsigned long)gid));
return NT_STATUS_NONE_MAPPED;
}
- idmap_cache_set_sid2gid(sid, gid);
+ if (winbindd_use_idmap_cache()) {
+ idmap_cache_set_sid2gid(sid, gid);
+ }
return NT_STATUS_OK;
}
@@ -142,7 +154,8 @@ NTSTATUS idmap_sid_to_uid(const char *dom_name, DOM_SID *sid, uid_t *uid)
DEBUG(10,("idmap_sid_to_uid: sid = [%s], domain = '%s'\n",
sid_string_dbg(sid), dom_name));
- if (idmap_cache_find_sid2uid(sid, uid, &expired)) {
+ if (winbindd_use_idmap_cache()
+ && idmap_cache_find_sid2uid(sid, uid, &expired)) {
DEBUG(10, ("idmap_cache_find_sid2uid found %d%s\n",
(int)(*uid), expired ? " (expired)": ""));
if (expired && idmap_is_online()) {
@@ -171,7 +184,9 @@ backend:
map.status,
map.xid.type,
map.xid.id));
- idmap_cache_set_sid2uid(sid, -1);
+ if (winbindd_use_idmap_cache()) {
+ idmap_cache_set_sid2uid(sid, -1);
+ }
return NT_STATUS_NONE_MAPPED;
}
goto done;
@@ -182,7 +197,9 @@ backend:
* We had the task to go to a specific domain which
* could not answer our request. Fail.
*/
- idmap_cache_set_sid2uid(sid, -1);
+ if (winbindd_use_idmap_cache()) {
+ idmap_cache_set_sid2uid(sid, -1);
+ }
return NT_STATUS_NONE_MAPPED;
}
@@ -191,13 +208,17 @@ backend:
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(10, ("idmap_new_mapping failed: %s\n",
nt_errstr(ret)));
- idmap_cache_set_sid2uid(sid, -1);
+ if (winbindd_use_idmap_cache()) {
+ idmap_cache_set_sid2uid(sid, -1);
+ }
return ret;
}
done:
*uid = (uid_t)map.xid.id;
- idmap_cache_set_sid2uid(sid, *uid);
+ if (winbindd_use_idmap_cache()) {
+ idmap_cache_set_sid2uid(sid, *uid);
+ }
return NT_STATUS_OK;
}
@@ -215,7 +236,8 @@ NTSTATUS idmap_sid_to_gid(const char *domname, DOM_SID *sid, gid_t *gid)
DEBUG(10,("idmap_sid_to_gid: sid = [%s], domain = '%s'\n",
sid_string_dbg(sid), domname));
- if (idmap_cache_find_sid2gid(sid, gid, &expired)) {
+ if (winbindd_use_idmap_cache()
+ && idmap_cache_find_sid2gid(sid, gid, &expired)) {
DEBUG(10, ("idmap_cache_find_sid2gid found %d%s\n",
(int)(*gid), expired ? " (expired)": ""));
if (expired && idmap_is_online()) {
@@ -243,7 +265,9 @@ backend:
map.status,
map.xid.type,
map.xid.id));
- idmap_cache_set_sid2gid(sid, -1);
+ if (winbindd_use_idmap_cache()) {
+ idmap_cache_set_sid2gid(sid, -1);
+ }
return NT_STATUS_NONE_MAPPED;
}
goto done;
@@ -254,7 +278,9 @@ backend:
* We had the task to go to a specific domain which
* could not answer our request. Fail.
*/
- idmap_cache_set_sid2uid(sid, -1);
+ if (winbindd_use_idmap_cache()) {
+ idmap_cache_set_sid2uid(sid, -1);
+ }
return NT_STATUS_NONE_MAPPED;
}
@@ -263,12 +289,16 @@ backend:
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(10, ("idmap_new_mapping failed: %s\n",
nt_errstr(ret)));
- idmap_cache_set_sid2gid(sid, -1);
+ if (winbindd_use_idmap_cache()) {
+ idmap_cache_set_sid2gid(sid, -1);
+ }
return ret;
}
done:
*gid = map.xid.id;
- idmap_cache_set_sid2gid(sid, *gid);
+ if (winbindd_use_idmap_cache()) {
+ idmap_cache_set_sid2gid(sid, *gid);
+ }
return NT_STATUS_OK;
}
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index e455d936e0..f5812f9e65 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -28,7 +28,7 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
-bool opt_nocache = False;
+static bool opt_nocache = False;
static bool interactive = False;
extern bool override_logfile;
@@ -1090,6 +1090,16 @@ static void process_loop(void)
#endif
}
+bool winbindd_use_idmap_cache(void)
+{
+ return !opt_nocache;
+}
+
+bool winbindd_use_cache(void)
+{
+ return !opt_nocache;
+}
+
/* Main function */
int main(int argc, char **argv, char **envp)
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 02d0b5bc4e..66166bf292 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -34,7 +34,6 @@
#define WINBINDD_CACHE_VERSION_KEYSTR "WINBINDD_CACHE_VERSION"
extern struct winbindd_methods reconnect_methods;
-extern bool opt_nocache;
#ifdef HAVE_ADS
extern struct winbindd_methods ads_methods;
#endif
@@ -632,7 +631,7 @@ static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
char *kstr;
struct cache_entry *centry;
- if (opt_nocache) {
+ if (!winbindd_use_cache()) {
return NULL;
}
@@ -834,7 +833,7 @@ static void centry_end(struct cache_entry *centry, const char *format, ...)
char *kstr;
TDB_DATA key, data;
- if (opt_nocache) {
+ if (!winbindd_use_cache()) {
return;
}
@@ -2861,8 +2860,9 @@ void wcache_flush_cache(void)
tdb_close(wcache->tdb);
wcache->tdb = NULL;
}
- if (opt_nocache)
+ if (!winbindd_use_cache()) {
return;
+ }
/* when working offline we must not clear the cache on restart */
wcache->tdb = tdb_open_log(cache_path("winbindd_cache.tdb"),
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 7a53f19ffd..e06e30e0a8 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -866,7 +866,10 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
result = ads_ntstatus(ads_status);
if (NT_STATUS_IS_OK(result)) {
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
- cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
+ result = cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
goto session_setup_done;
}
}
@@ -891,7 +894,10 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
result = ads_ntstatus(ads_status);
if (NT_STATUS_IS_OK(result)) {
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
- cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
+ result = cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
goto session_setup_done;
}
}
@@ -917,7 +923,10 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
ipc_password, strlen(ipc_password)+1,
ipc_domain))) {
/* Successful logon with given username. */
- cli_init_creds(*cli, ipc_username, ipc_domain, ipc_password);
+ result = cli_init_creds(*cli, ipc_username, ipc_domain, ipc_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
goto session_setup_done;
} else {
DEBUG(4, ("authenticated session setup with user %s\\%s failed.\n",
@@ -935,7 +944,10 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
if (NT_STATUS_IS_OK(cli_session_setup(*cli, "", NULL, 0,
NULL, 0, ""))) {
DEBUG(5, ("Connected anonymously\n"));
- cli_init_creds(*cli, "", "", "");
+ result = cli_init_creds(*cli, "", "", "");
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
goto session_setup_done;
}
@@ -970,8 +982,11 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
*retry = False;
/* set the domain if empty; needed for schannel connections */
- if ( !*(*cli)->domain ) {
- fstrcpy( (*cli)->domain, domain->name );
+ if ( !(*cli)->domain[0] ) {
+ result = cli_set_domain((*cli), domain->name);
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
}
result = NT_STATUS_OK;
@@ -1979,7 +1994,6 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
{
struct winbindd_cm_conn *conn;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- fstring conn_pwd;
struct dcinfo *p_dcinfo;
char *machine_password = NULL;
char *machine_account = NULL;
@@ -2004,10 +2018,9 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
* anonymous.
*/
- pwd_get_cleartext(&conn->cli->pwd, conn_pwd);
if ((conn->cli->user_name[0] == '\0') ||
(conn->cli->domain[0] == '\0') ||
- (conn_pwd[0] == '\0'))
+ (conn->cli->password == NULL || conn->cli->password[0] == '\0'))
{
result = get_trust_creds(domain, &machine_password,
&machine_account, NULL);
@@ -2018,7 +2031,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
}
domain_name = domain->name;
} else {
- machine_password = SMB_STRDUP(conn_pwd);
+ machine_password = SMB_STRDUP(conn->cli->password);
machine_account = SMB_STRDUP(conn->cli->user_name);
domain_name = conn->cli->domain;
}
@@ -2147,7 +2160,6 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
{
struct winbindd_cm_conn *conn;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- fstring conn_pwd;
struct dcinfo *p_dcinfo;
result = init_dc_connection(domain);
@@ -2160,10 +2172,9 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
goto done;
}
- pwd_get_cleartext(&conn->cli->pwd, conn_pwd);
if ((conn->cli->user_name[0] == '\0') ||
(conn->cli->domain[0] == '\0') ||
- (conn_pwd[0] == '\0')) {
+ (conn->cli->password == NULL || conn->cli->password[0] == '\0')) {
DEBUG(10, ("cm_connect_lsa: No no user available for "
"domain %s, trying schannel\n", conn->cli->domain));
goto schannel;
@@ -2174,7 +2185,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
result = cli_rpc_pipe_open_spnego_ntlmssp
(conn->cli, &ndr_table_lsarpc.syntax_id,
PIPE_AUTH_LEVEL_PRIVACY,
- conn->cli->domain, conn->cli->user_name, conn_pwd,
+ conn->cli->domain, conn->cli->user_name, conn->cli->password,
&conn->lsa_pipe);
if (!NT_STATUS_IS_OK(result)) {
diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c
index 043f26e578..6ad93adf4a 100644
--- a/source3/winbindd/winbindd_group.c
+++ b/source3/winbindd/winbindd_group.c
@@ -25,8 +25,6 @@
#include "includes.h"
#include "winbindd.h"
-extern bool opt_nocache;
-
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index c6e8803ce8..4fc96e8a4b 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -65,6 +65,8 @@ void request_error(struct winbindd_cli_state *state);
void request_ok(struct winbindd_cli_state *state);
bool winbindd_setup_sig_term_handler(bool parent);
bool winbindd_setup_sig_hup_handler(const char *lfile);
+bool winbindd_use_idmap_cache(void);
+bool winbindd_use_cache(void);
int main(int argc, char **argv, char **envp);
/* The following definitions come from winbindd/winbindd_ads.c */
generated by cgit (git 2.34.1) at 2024-12-17 00:24:32 +0000