summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/Makefile.in6
-rw-r--r--source3/auth/auth_domain.c1
-rw-r--r--source3/libsmb/samlogon_cache.c247
-rw-r--r--source3/nsswitch/winbindd.c2
-rw-r--r--source3/nsswitch/winbindd_cache.c38
-rw-r--r--source3/nsswitch/winbindd_pam.c6
-rw-r--r--source3/nsswitch/winbindd_rpc.c52
7 files changed, 2 insertions, 350 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index aa6a526fbb..77ea71296e 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -350,8 +350,6 @@ VFS_CATIA_OBJ = modules/vfs_catia.o
PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
-SLCACHE_OBJ = libsmb/samlogon_cache.o
-
DCUTIL_OBJ = libsmb/namequery_dc.o libsmb/trustdom_cache.o libsmb/trusts_util.o
AUTH_BUILTIN_OBJ = auth/auth_builtin.o
@@ -364,7 +362,7 @@ AUTH_WINBIND_OBJ = auth/auth_winbind.o
AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/auth_compat.o \
auth/auth_ntlmssp.o \
- $(PLAINTEXT_AUTH_OBJ) $(SLCACHE_OBJ) $(DCUTIL_OBJ)
+ $(PLAINTEXT_AUTH_OBJ) $(DCUTIL_OBJ)
MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o
@@ -665,7 +663,7 @@ WINBINDD_OBJ = \
$(WINBINDD_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
$(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
- $(PROFILE_OBJ) $(SLCACHE_OBJ) $(SMBLDAP_OBJ) \
+ $(PROFILE_OBJ) $(SMBLDAP_OBJ) \
$(SECRETS_OBJ) $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \
$(DCUTIL_OBJ) $(IDMAP_OBJ) \
$(AFS_OBJ) $(AFS_SETTOKEN_OBJ)
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 6483dc143a..cdf87adebb 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -205,7 +205,6 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
} else {
nt_status = make_server_info_info3(mem_ctx, user_info->internal_username.str,
user_info->smb_name.str, domain, server_info, &info3);
- netsamlogon_cache_store( mem_ctx, user_info->smb_name.str, &info3 );
}
#if 0
diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c
index fdfc92a750..e69de29bb2 100644
--- a/source3/libsmb/samlogon_cache.c
+++ b/source3/libsmb/samlogon_cache.c
@@ -1,247 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Net_sam_logon info3 helpers
- Copyright (C) Alexander Bokovoy 2002.
- Copyright (C) Andrew Bartlett 2002.
- Copyright (C) Gerald Carter 2003.
- Copyright (C) Tim Potter 2003.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#define NETSAMLOGON_TDB "netsamlogon_cache.tdb"
-
-static TDB_CONTEXT *netsamlogon_tdb = NULL;
-
-/***********************************************************************
- open the tdb
- ***********************************************************************/
-
-BOOL netsamlogon_cache_init(void)
-{
- if (!netsamlogon_tdb) {
- netsamlogon_tdb = tdb_open_log(lock_path(NETSAMLOGON_TDB), 0,
- TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
- }
-
- return (netsamlogon_tdb != NULL);
-}
-
-
-/***********************************************************************
- Shutdown samlogon_cache database
-***********************************************************************/
-
-BOOL netsamlogon_cache_shutdown(void)
-{
- if(netsamlogon_tdb)
- return (tdb_close(netsamlogon_tdb) == 0);
-
- return True;
-}
-
-/***********************************************************************
- Clear cache getpwnam and getgroups entries from the winbindd cache
-***********************************************************************/
-void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, NET_USER_INFO_3 *user)
-{
- fstring domain;
- TDB_DATA key;
- BOOL got_tdb = False;
-
- /* We may need to call this function from smbd which will not have
- winbindd_cache.tdb open. Open the tdb if a NULL is passed. */
-
- if (!tdb) {
- tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
- TDB_DEFAULT, O_RDWR, 0600);
- if (!tdb) {
- DEBUG(5, ("netsamlogon_clear_cached_user: failed to open cache\n"));
- return;
- }
- got_tdb = True;
- }
-
- unistr2_to_ascii(domain, &user->uni_logon_dom, sizeof(domain) - 1);
-
- /* Clear U/DOMAIN/RID cache entry */
-
- asprintf(&key.dptr, "U/%s/%d", domain, user->user_rid);
- key.dsize = strlen(key.dptr) - 1; /* keys are not NULL terminated */
-
- DEBUG(10, ("netsamlogon_clear_cached_user: clearing %s\n", key.dptr));
-
- tdb_delete(tdb, key);
-
- SAFE_FREE(key.dptr);
-
- /* Clear UG/DOMAIN/RID cache entry */
-
- asprintf(&key.dptr, "UG/%s/%d", domain, user->user_rid);
- key.dsize = strlen(key.dptr) - 1; /* keys are not NULL terminated */
-
- DEBUG(10, ("netsamlogon_clear_cached_user: clearing %s\n", key.dptr));
-
- tdb_delete(tdb, key);
-
- SAFE_FREE(key.dptr);
-
- if (got_tdb)
- tdb_close(tdb);
-}
-
-/***********************************************************************
- Store a NET_USER_INFO_3 structure in a tdb for later user
- username should be in UTF-8 format
-***********************************************************************/
-
-BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USER_INFO_3 *user)
-{
- TDB_DATA data;
- fstring keystr;
- prs_struct ps;
- BOOL result = False;
- DOM_SID user_sid;
- time_t t = time(NULL);
-
-
- if (!netsamlogon_cache_init()) {
- DEBUG(0,("netsamlogon_cache_store: cannot open %s for write!\n", NETSAMLOGON_TDB));
- return False;
- }
-
- sid_copy( &user_sid, &user->dom_sid.sid );
- sid_append_rid( &user_sid, user->user_rid );
-
- /* Prepare key as DOMAIN-SID/USER-RID string */
- slprintf(keystr, sizeof(keystr), "%s", sid_string_static(&user_sid));
-
- DEBUG(10,("netsamlogon_cache_store: SID [%s]\n", keystr));
-
- /* only Samba fills in the username, not sure why NT doesn't */
- /* so we fill it in since winbindd_getpwnam() makes use of it */
-
- if ( !user->uni_user_name.buffer ) {
- init_unistr2( &user->uni_user_name, username, UNI_STR_TERMINATE );
- init_uni_hdr( &user->hdr_user_name, &user->uni_user_name );
- }
-
- /* Prepare data */
-
- prs_init( &ps,MAX_PDU_FRAG_LEN , mem_ctx, MARSHALL);
-
- if ( !prs_uint32( "timestamp", &ps, 0, (uint32*)&t ) )
- return False;
-
- if ( net_io_user_info3("", user, &ps, 0, 3) )
- {
- data.dsize = prs_offset( &ps );
- data.dptr = prs_data_p( &ps );
-
- if (tdb_store_bystring(netsamlogon_tdb, keystr, data, TDB_REPLACE) != -1)
- result = True;
-
- prs_mem_free( &ps );
- }
-
- return result;
-}
-
-/***********************************************************************
- Retrieves a NET_USER_INFO_3 structure from a tdb. Caller must
- free the user_info struct (malloc()'d memory)
-***********************************************************************/
-
-NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, const DOM_SID *user_sid)
-{
- NET_USER_INFO_3 *user = NULL;
- TDB_DATA data, key;
- prs_struct ps;
- fstring keystr;
- uint32 t;
-
- if (!netsamlogon_cache_init()) {
- DEBUG(0,("netsamlogon_cache_store: cannot open %s for write!\n", NETSAMLOGON_TDB));
- return False;
- }
-
- /* Prepare key as DOMAIN-SID/USER-RID string */
- slprintf(keystr, sizeof(keystr), "%s", sid_string_static(user_sid));
- DEBUG(10,("netsamlogon_cache_get: SID [%s]\n", keystr));
- key.dptr = keystr;
- key.dsize = strlen(keystr)+1;
- data = tdb_fetch( netsamlogon_tdb, key );
-
- if ( data.dptr ) {
-
- if ( (user = SMB_MALLOC_P(NET_USER_INFO_3)) == NULL )
- return NULL;
-
- prs_init( &ps, 0, mem_ctx, UNMARSHALL );
- prs_give_memory( &ps, data.dptr, data.dsize, True );
-
- if ( !prs_uint32( "timestamp", &ps, 0, &t ) ) {
- prs_mem_free( &ps );
- return False;
- }
-
- if ( !net_io_user_info3("", user, &ps, 0, 3) ) {
- SAFE_FREE( user );
- }
-
- prs_mem_free( &ps );
-
-#if 0 /* The netsamlogon cache needs to hang around. Something about
- this feels wrong, but it is the only way we can get all of the
- groups. The old universal groups cache didn't expire either.
- --jerry */
- {
- time_t now = time(NULL);
- uint32 time_diff;
-
- /* is the entry expired? */
- time_diff = now - t;
-
- if ( (time_diff < 0 ) || (time_diff > lp_winbind_cache_time()) ) {
- DEBUG(10,("netsamlogon_cache_get: cache entry expired \n"));
- tdb_delete( netsamlogon_tdb, key );
- SAFE_FREE( user );
- }
-#endif
- }
-
- return user;
-}
-
-BOOL netsamlogon_cache_have(const DOM_SID *user_sid)
-{
- TALLOC_CTX *mem_ctx = talloc_init("netsamlogon_cache_have");
- NET_USER_INFO_3 *user = NULL;
- BOOL result;
-
- if (!mem_ctx)
- return False;
-
- user = netsamlogon_cache_get(mem_ctx, user_sid);
-
- result = (user != NULL);
-
- talloc_destroy(mem_ctx);
- SAFE_FREE(user);
-
- return result;
-}
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index 43bd5ed450..dffaad5ef0 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -1020,8 +1020,6 @@ int main(int argc, char **argv)
poptFreeContext(pc);
- netsamlogon_cache_init(); /* Non-critical */
-
init_domain_list();
init_idmap_child();
diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c
index 27fe6192da..ce291a6c25 100644
--- a/source3/nsswitch/winbindd_cache.c
+++ b/source3/nsswitch/winbindd_cache.c
@@ -1064,18 +1064,6 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
centry = wcache_fetch(cache, domain, "U/%s", sid_string_static(user_sid));
- /* If we have an access denied cache entry and a cached info3 in the
- samlogon cache then do a query. This will force the rpc back end
- to return the info3 data. */
-
- if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
- netsamlogon_cache_have(user_sid)) {
- DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
- domain->last_status = NT_STATUS_OK;
- centry_free(centry);
- goto do_query;
- }
-
if (!centry)
goto do_query;
@@ -1131,18 +1119,6 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid));
- /* If we have an access denied cache entry and a cached info3 in the
- samlogon cache then do a query. This will force the rpc back end
- to return the info3 data. */
-
- if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
- netsamlogon_cache_have(user_sid)) {
- DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
- domain->last_status = NT_STATUS_OK;
- centry_free(centry);
- goto do_query;
- }
-
if (!centry)
goto do_query;
@@ -1416,20 +1392,6 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
return 0;
}
-/* Invalidate the getpwnam and getgroups entries for a winbindd domain */
-
-void wcache_invalidate_samlogon(struct winbindd_domain *domain,
- NET_USER_INFO_3 *info3)
-{
- struct winbind_cache *cache;
-
- if (!domain)
- return;
-
- cache = get_cache(domain);
- netsamlogon_clear_cached_user(cache->tdb, info3);
-}
-
void wcache_invalidate_cache(void)
{
struct winbindd_domain *domain;
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index 4797ba79f4..64969a6cf4 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -413,9 +413,6 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
}
if (NT_STATUS_IS_OK(result)) {
- netsamlogon_cache_store(state->mem_ctx, name_user, &info3);
- wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
-
/* Check if the user is in the right group */
if (!NT_STATUS_IS_OK(result = check_info3_in_group(state->mem_ctx, &info3, state->request.data.auth.require_membership_of_sid))) {
@@ -721,9 +718,6 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
}
if (NT_STATUS_IS_OK(result)) {
- netsamlogon_cache_store( state->mem_ctx, name_user, &info3 );
- wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
-
if (!NT_STATUS_IS_OK(result = check_info3_in_group(state->mem_ctx, &info3, state->request.data.auth_crap.require_membership_of_sid))) {
DEBUG(3, ("User %s is not in the required group (%s), so plaintext authentication is rejected\n",
state->request.data.auth_crap.user,
diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
index 63e2487700..b3bed2e0be 100644
--- a/source3/nsswitch/winbindd_rpc.c
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -329,7 +329,6 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
SAM_USERINFO_CTR *ctr;
fstring sid_string;
uint32 user_rid;
- NET_USER_INFO_3 *user;
struct rpc_pipe_client *cli;
DEBUG(3,("rpc: query_user rid=%s\n",
@@ -338,33 +337,6 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid))
return NT_STATUS_UNSUCCESSFUL;
- /* try netsamlogon cache first */
-
- if ( (user = netsamlogon_cache_get( mem_ctx, user_sid )) != NULL )
- {
-
- DEBUG(5,("query_user: Cache lookup succeeded for %s\n",
- sid_string_static(user_sid)));
-
- sid_compose(&user_info->user_sid, &domain->sid, user_rid);
- sid_compose(&user_info->group_sid, &domain->sid,
- user->group_rid);
-
- user_info->acct_name = unistr2_tdup(mem_ctx,
- &user->uni_user_name);
- user_info->full_name = unistr2_tdup(mem_ctx,
- &user->uni_full_name);
-
- user_info->homedir = NULL;
- user_info->shell = NULL;
-
- SAFE_FREE(user);
-
- return NT_STATUS_OK;
- }
-
- /* no cache; hit the wire */
-
result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -412,7 +384,6 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
unsigned int i;
fstring sid_string;
uint32 user_rid;
- NET_USER_INFO_3 *user;
struct rpc_pipe_client *cli;
DEBUG(3,("rpc: lookup_usergroups sid=%s\n",
@@ -423,29 +394,6 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
*num_groups = 0;
*user_grpsids = NULL;
-
- /* so lets see if we have a cached user_info_3 */
-
- if ( (user = netsamlogon_cache_get( mem_ctx, user_sid )) != NULL )
- {
- DEBUG(5,("query_user: Cache lookup succeeded for %s\n",
- sid_string_static(user_sid)));
-
- *num_groups = user->num_groups;
-
- (*user_grpsids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_groups);
- for (i=0;i<(*num_groups);i++) {
- sid_copy(&((*user_grpsids)[i]), &domain->sid);
- sid_append_rid(&((*user_grpsids)[i]),
- user->gids[i].g_rid);
- }
-
- SAFE_FREE(user);
-
- return NT_STATUS_OK;
- }
-
- /* no cache; hit the wire */
result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol);
if (!NT_STATUS_IS_OK(result))