diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/nsswitch/winbindd_util.c | 220 |
1 files changed, 115 insertions, 105 deletions
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index a40efe7437..4f50c80c10 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -190,65 +190,66 @@ void free_domain_info(void) BOOL lookup_domain_sid(char *domain_name, struct winbindd_domain *domain) { - fstring level5_dom; - uint32 enum_ctx = 0, num_doms = 0; - char **domains = NULL; - DOM_SID *sids = NULL; - CLI_POLICY_HND *hnd; - NTSTATUS result; - BOOL rv = False; - TALLOC_CTX *mem_ctx; + fstring level5_dom; + uint32 enum_ctx = 0, num_doms = 0; + char **domains = NULL; + DOM_SID *sids = NULL; + CLI_POLICY_HND *hnd; + NTSTATUS result; + BOOL rv = False; + TALLOC_CTX *mem_ctx; - DEBUG(1, ("looking up sid for domain %s\n", domain_name)); + DEBUG(1, ("looking up sid for domain %s\n", domain_name)); - if (!(mem_ctx = talloc_init())) - return False; + if (!(mem_ctx = talloc_init())) + return False; - if (!(hnd = cm_get_lsa_handle(domain_name))) - goto done; + if (!(hnd = cm_get_lsa_handle(domain_name))) + goto done; - /* Do a level 5 query info policy if we are looking up the SID for - our own domain. */ + /* Do a level 5 query info policy if we are looking up the SID for + our own domain. */ - if (strequal(domain_name, lp_workgroup())) { + if (strequal(domain_name, lp_workgroup())) { - result = cli_lsa_query_info_policy(hnd->cli, mem_ctx, - &hnd->pol, 0x05, level5_dom, - &domain->sid); + result = cli_lsa_query_info_policy(hnd->cli, mem_ctx, + &hnd->pol, 0x05, level5_dom, + &domain->sid); - rv = NT_STATUS_IS_OK(result); - goto done; - } + rv = NT_STATUS_IS_OK(result); + goto done; + } - /* Use lsaenumdomains to get sid for this domain */ + /* Use lsaenumdomains to get sid for this domain */ - result = cli_lsa_enum_trust_dom(hnd->cli, mem_ctx, &hnd->pol, - &enum_ctx, &num_doms, &domains, &sids); + result = cli_lsa_enum_trust_dom(hnd->cli, mem_ctx, &hnd->pol, + &enum_ctx, &num_doms, &domains, &sids); - /* Look for domain name */ + /* Look for domain name */ - if (NT_STATUS_IS_OK(result) && domains && sids) { - BOOL found = False; - int i; + if (NT_STATUS_IS_OK(result) && domains && sids) { + BOOL found = False; + int i; - for(i = 0; i < num_doms; i++) { - if (strequal(domain_name, domains[i])) { - sid_copy(&domain->sid, &sids[i]); - found = True; - break; - } - } + for(i = 0; i < num_doms; i++) { + if (strequal(domain_name, domains[i])) { + sid_copy(&domain->sid, &sids[i]); + found = True; + break; + } + } - rv = found; - goto done; - } + rv = found; + goto done; + } - rv = False; /* An error occured with a trusted domain */ + rv = False; /* An error occured with a trusted domain */ done: - talloc_destroy(mem_ctx); - return rv; + talloc_destroy(mem_ctx); + + return rv; } /* Store a SID in a domain indexed by name in the cache. */ @@ -305,10 +306,64 @@ static BOOL winbindd_lookup_sid_by_name_in_cache(fstring name, DOM_SID *sid, enu return True; } +/* Store a name in a domain indexed by SID in the cache. */ + +static void store_name_by_sid_in_cache(DOM_SID *sid, fstring name, enum SID_NAME_USE type) +{ + fstring sid_str; + uint32 rid; + DOM_SID domain_sid; + struct winbindd_name name_val; + struct winbindd_domain *domain; + + /* Split sid into domain sid and user rid */ + sid_copy(&domain_sid, sid); + sid_split_rid(&domain_sid, &rid); + + if ((domain = find_domain_from_sid(&domain_sid)) == NULL) + return; + + sid_to_string(sid_str, sid); + fstrcpy( name_val.name, name ); + name_val.type = (int)type; + + winbindd_store_name_cache_entry(domain, sid_str, &name_val); +} + +/* Lookup a name in a domain indexed by SID in the cache. */ + +static BOOL winbindd_lookup_name_by_sid_in_cache(DOM_SID *sid, fstring name, enum SID_NAME_USE *type) +{ + fstring sid_str; + uint32 rid; + DOM_SID domain_sid; + struct winbindd_name name_ret; + struct winbindd_domain *domain; + + /* Split sid into domain sid and user rid */ + sid_copy(&domain_sid, sid); + sid_split_rid(&domain_sid, &rid); + + if ((domain = find_domain_from_sid(&domain_sid)) == NULL) + return False; + + sid_to_string(sid_str, sid); + + if (!winbindd_fetch_name_cache_entry(domain, sid_str, &name_ret)) + return False; + + fstrcpy( name, name_ret.name ); + *type = (enum SID_NAME_USE)name_ret.type; + + DEBUG(10,("winbindd_lookup_name_by_sid_in_cache: Cache hit for SID = %s, name %s\n", + sid_str, name )); + + return True; +} + /* Lookup a sid in a domain from a name */ -BOOL winbindd_lookup_sid_by_name(char *name, DOM_SID *sid, - enum SID_NAME_USE *type) +BOOL winbindd_lookup_sid_by_name(char *name, DOM_SID *sid, enum SID_NAME_USE *type) { int num_sids = 0, num_names = 1; DOM_SID *sids = NULL; @@ -356,10 +411,16 @@ BOOL winbindd_lookup_sid_by_name(char *name, DOM_SID *sid, if ((type != NULL) && (types != NULL)) *type = types[0]; + /* Store the forward and reverse map of this lookup in the cache. */ store_sid_by_name_in_cache(name, &sids[0], types[0]); + store_name_by_sid_in_cache(&sids[0], name, types[0]); + } else { + /* JRA. Here's where we add the -ve cache store with a name type of SID_NAME_USE_NONE. */ + DOM_SID nullsid; + + ZERO_STRUCT(nullsid); + store_sid_by_name_in_cache(name, &nullsid, SID_NAME_USE_NONE); } - /* JRA. Here's where we add the -ve cache store with a name type of SID_NAME_USE_NONE. */ - /* We need to know the error returns that W2K gives on "no such user". */ rv = NT_STATUS_IS_OK(result); @@ -369,65 +430,9 @@ BOOL winbindd_lookup_sid_by_name(char *name, DOM_SID *sid, return rv; } -/* Store a name in a domain indexed by SID in the cache. */ - -static void store_name_by_sid_in_cache(DOM_SID *sid, fstring name, enum SID_NAME_USE type) -{ - fstring sid_str; - uint32 rid; - DOM_SID domain_sid; - struct winbindd_name name_val; - struct winbindd_domain *domain; - - /* Split sid into domain sid and user rid */ - sid_copy(&domain_sid, sid); - sid_split_rid(&domain_sid, &rid); - - if ((domain = find_domain_from_sid(&domain_sid)) == NULL) - return; - - sid_to_string(sid_str, sid); - fstrcpy( name_val.name, name ); - name_val.type = (int)type; - - winbindd_store_name_cache_entry(domain, sid_str, &name_val); -} - -/* Lookup a name in a domain indexed by SID in the cache. */ - -static BOOL winbindd_lookup_name_by_sid_in_cache(DOM_SID *sid, fstring name, enum SID_NAME_USE *type) -{ - fstring sid_str; - uint32 rid; - DOM_SID domain_sid; - struct winbindd_name name_ret; - struct winbindd_domain *domain; - - /* Split sid into domain sid and user rid */ - sid_copy(&domain_sid, sid); - sid_split_rid(&domain_sid, &rid); - - if ((domain = find_domain_from_sid(&domain_sid)) == NULL) - return False; - - sid_to_string(sid_str, sid); - - if (!winbindd_fetch_name_cache_entry(domain, sid_str, &name_ret)) - return False; - - fstrcpy( name, name_ret.name ); - *type = (enum SID_NAME_USE)name_ret.type; - - DEBUG(10,("winbindd_lookup_name_by_sid_in_cache: Cache hit for SID = %s, name %s\n", - sid_str, name )); - - return True; -} - /* Lookup a name in a domain from a sid */ -BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, fstring name, - enum SID_NAME_USE *type) +BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, fstring name, enum SID_NAME_USE *type) { int num_sids = 1, num_names = 0; uint32 *types = NULL; @@ -470,10 +475,15 @@ BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, fstring name, if ((type != NULL) && (types != NULL)) *type = types[0]; + store_sid_by_name_in_cache(names[0], sid, types[0]); store_name_by_sid_in_cache(sid, names[0], types[0]); + } else { + /* JRA. Here's where we add the -ve cache store with a name type of SID_NAME_USE_NONE. */ + fstring sidstr; + + sid_to_string(sidstr, sid); + store_name_by_sid_in_cache(sidstr, "", SID_NAME_USE_NONE); } - /* JRA. Here's where we add the -ve cache store with a name type of SID_NAME_USE_NONE. */ - /* We need to know the error returns that W2K gives on "no such user". */ rv = NT_STATUS_IS_OK(result); |