From 4f147388c0512fc291cc53764c017d7117154afc Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 2 Aug 2009 10:43:05 +0200 Subject: Refactor 9b78af1f: Fix lookupname recursion Pass a "flags" argument instead of the original winbind command down the name_to_sid chain. This way we are independent of the winbind commands and can take the decision at a much higher level --- source3/winbindd/winbindd.h | 2 +- source3/winbindd/winbindd_ads.c | 6 +++--- source3/winbindd/winbindd_cache.c | 6 +++--- source3/winbindd/winbindd_passdb.c | 16 +++------------- source3/winbindd/winbindd_reconnect.c | 11 +++++------ source3/winbindd/winbindd_rpc.c | 2 +- source3/winbindd/winbindd_util.c | 11 ++++++++--- 7 files changed, 24 insertions(+), 30 deletions(-) diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h index 732b9a3614..64fb8851df 100644 --- a/source3/winbindd/winbindd.h +++ b/source3/winbindd/winbindd.h @@ -247,9 +247,9 @@ struct winbindd_methods { /* convert one user or group name to a sid */ NTSTATUS (*name_to_sid)(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - enum winbindd_cmd orig_cmd, const char *domain_name, const char *name, + uint32_t flags, DOM_SID *sid, enum lsa_SidType *type); diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 08afb46674..137a88505c 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -404,14 +404,14 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain, /* convert a single name to a sid in a domain - use rpc methods */ static NTSTATUS name_to_sid(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - enum winbindd_cmd orig_cmd, const char *domain_name, const char *name, + uint32_t flags, DOM_SID *sid, enum lsa_SidType *type) { - return reconnect_methods.name_to_sid(domain, mem_ctx, orig_cmd, - domain_name, name, + return reconnect_methods.name_to_sid(domain, mem_ctx, + domain_name, name, flags, sid, type); } diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 6c14f9d76a..b8872a18d4 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -1608,9 +1608,9 @@ skip_save: /* convert a single name to a sid in a domain */ static NTSTATUS name_to_sid(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - enum winbindd_cmd orig_cmd, const char *domain_name, const char *name, + uint32_t flags, DOM_SID *sid, enum lsa_SidType *type) { @@ -1657,8 +1657,8 @@ do_query: DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n", domain->name )); - status = domain->backend->name_to_sid(domain, mem_ctx, orig_cmd, - domain_name, name, sid, type); + status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, + name, flags, sid, type); /* and save it */ refresh_sequence_number(domain, false); diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c index b959bfc9ad..b6e572d197 100644 --- a/source3/winbindd/winbindd_passdb.c +++ b/source3/winbindd/winbindd_passdb.c @@ -88,25 +88,15 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain, /* convert a single name to a sid in a domain */ static NTSTATUS name_to_sid(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - enum winbindd_cmd original_cmd, const char *domain_name, const char *name, + uint32_t flags, DOM_SID *sid, enum lsa_SidType *type) { const char *fullname; - uint32 flags = LOOKUP_NAME_ALL; - - switch ( original_cmd ) { - case WINBINDD_LOOKUPNAME: - /* This call is ok */ - break; - default: - /* Avoid any NSS calls in the lookup_name by default */ - flags |= LOOKUP_NAME_NO_NSS; - DEBUG(10,("winbindd_passdb: limiting name_to_sid() to explicit mappings\n")); - break; - } + + flags |= LOOKUP_NAME_ALL; if (domain_name && domain_name[0] && strchr_m(name, '\\') == NULL) { fullname = talloc_asprintf(mem_ctx, "%s\\%s", diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c index 25debccc5a..1d71a75458 100644 --- a/source3/winbindd/winbindd_reconnect.c +++ b/source3/winbindd/winbindd_reconnect.c @@ -83,21 +83,20 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain, /* convert a single name to a sid in a domain */ static NTSTATUS name_to_sid(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - enum winbindd_cmd orig_cmd, const char *domain_name, const char *name, + uint32_t flags, DOM_SID *sid, enum lsa_SidType *type) { NTSTATUS result; - result = msrpc_methods.name_to_sid(domain, mem_ctx, orig_cmd, - domain_name, name, - sid, type); + result = msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name, + flags, sid, type); if (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)) - result = msrpc_methods.name_to_sid(domain, mem_ctx, orig_cmd, - domain_name, name, + result = msrpc_methods.name_to_sid(domain, mem_ctx, + domain_name, name, flags, sid, type); return result; diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 50ccbae6b2..17ffffe5da 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -267,9 +267,9 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain, /* convert a single name to a sid in a domain */ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - enum winbindd_cmd original_cmd, const char *domain_name, const char *name, + uint32_t flags, DOM_SID *sid, enum lsa_SidType *type) { diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 99b4542f0b..c564ef9f51 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -886,9 +886,14 @@ bool winbindd_lookup_sid_by_name(TALLOC_CTX *mem_ctx, { NTSTATUS result; - /* Lookup name */ - result = domain->methods->name_to_sid(domain, mem_ctx, orig_cmd, - domain_name, name, sid, type); + /* + * For all but LOOKUPNAME we have to avoid nss calls to avoid + * recursion + */ + result = domain->methods->name_to_sid( + domain, mem_ctx, domain_name, name, + orig_cmd == WINBINDD_LOOKUPNAME ? 0 : LOOKUP_NAME_NO_NSS, + sid, type); /* Return sid and type if lookup successful */ if (!NT_STATUS_IS_OK(result)) { -- cgit