From d2f223d83d6b96290fadefbe319c6bb0edf7a402 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 26 Aug 2008 14:52:11 -0700 Subject: Get smbd to look (read-only) into the winbindd cache for uid/gid <--> sid mappings. Jeremy. (This used to be commit 31ba955d6950420096b9141454aa95b2510a3d9a) --- source3/passdb/lookup_sid.c | 84 +++++++++++++++++++++++++++------------------ 1 file changed, 51 insertions(+), 33 deletions(-) (limited to 'source3/passdb/lookup_sid.c') diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index a7175b9647..333b0a7555 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1286,20 +1286,25 @@ static bool legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid) void uid_to_sid(DOM_SID *psid, uid_t uid) { + bool expired = true; ZERO_STRUCTP(psid); if (fetch_sid_from_uid_cache(psid, uid)) return; - if (!winbind_uid_to_sid(psid, uid)) { - if (!winbind_ping()) { - legacy_uid_to_sid(psid, uid); + /* Check the winbindd cache directly. */ + if (!idmap_cache_find_uid2sid(uid, psid, &expired) || expired) { + /* Not in cache. Ask winbindd. */ + if (!winbind_uid_to_sid(psid, uid)) { + if (!winbind_ping()) { + legacy_uid_to_sid(psid, uid); + return; + } + + DEBUG(5, ("uid_to_sid: winbind failed to find a sid for uid %u\n", + uid)); return; } - - DEBUG(5, ("uid_to_sid: winbind failed to find a sid for uid %u\n", - uid)); - return; } DEBUG(10,("uid %u -> sid %s\n", (unsigned int)uid, @@ -1315,25 +1320,30 @@ void uid_to_sid(DOM_SID *psid, uid_t uid) void gid_to_sid(DOM_SID *psid, gid_t gid) { + bool expired = true; ZERO_STRUCTP(psid); if (fetch_sid_from_gid_cache(psid, gid)) return; - if (!winbind_gid_to_sid(psid, gid)) { - if (!winbind_ping()) { - legacy_gid_to_sid(psid, gid); + /* Check the winbindd cache directly. */ + if (!idmap_cache_find_gid2sid(gid, psid, &expired) || expired) { + /* Not in cache. Ask winbindd. */ + if (!winbind_gid_to_sid(psid, gid)) { + if (!winbind_ping()) { + legacy_gid_to_sid(psid, gid); + return; + } + + DEBUG(5, ("gid_to_sid: winbind failed to find a sid for gid %u\n", + gid)); return; } - - DEBUG(5, ("gid_to_sid: winbind failed to find a sid for gid %u\n", - gid)); - return; } DEBUG(10,("gid %u -> sid %s\n", (unsigned int)gid, sid_string_dbg(psid))); - + store_gid_sid_cache(psid, gid); return; } @@ -1344,6 +1354,7 @@ void gid_to_sid(DOM_SID *psid, gid_t gid) bool sid_to_uid(const DOM_SID *psid, uid_t *puid) { + bool expired = true; uint32 rid; gid_t gid; @@ -1366,14 +1377,18 @@ bool sid_to_uid(const DOM_SID *psid, uid_t *puid) return true; } - if (!winbind_sid_to_uid(puid, psid)) { - if (!winbind_ping()) { - return legacy_sid_to_uid(psid, puid); - } + /* Check the winbindd cache directly. */ + if (!idmap_cache_find_sid2uid(psid, puid, &expired) || expired) { + /* Not in cache. Ask winbindd. */ + if (!winbind_sid_to_uid(puid, psid)) { + if (!winbind_ping()) { + return legacy_sid_to_uid(psid, puid); + } - DEBUG(5, ("winbind failed to find a uid for sid %s\n", - sid_string_dbg(psid))); - return false; + DEBUG(5, ("winbind failed to find a uid for sid %s\n", + sid_string_dbg(psid))); + return false; + } } /* TODO: Here would be the place to allocate both a gid and a uid for @@ -1393,6 +1408,7 @@ bool sid_to_uid(const DOM_SID *psid, uid_t *puid) bool sid_to_gid(const DOM_SID *psid, gid_t *pgid) { + bool expired = true; uint32 rid; uid_t uid; @@ -1414,24 +1430,26 @@ bool sid_to_gid(const DOM_SID *psid, gid_t *pgid) return true; } - /* Ask winbindd if it can map this sid to a gid. - * (Idmap will check it is a valid SID and of the right type) */ + /* Check the winbindd cache directly. */ + if (!idmap_cache_find_sid2gid(psid, pgid, &expired) || expired) { + /* Not in cache. Ask winbindd. */ + /* Ask winbindd if it can map this sid to a gid. + * (Idmap will check it is a valid SID and of the right type) */ - if ( !winbind_sid_to_gid(pgid, psid) ) { - if (!winbind_ping()) { - return legacy_sid_to_gid(psid, pgid); - } + if ( !winbind_sid_to_gid(pgid, psid) ) { + if (!winbind_ping()) { + return legacy_sid_to_gid(psid, pgid); + } - DEBUG(10,("winbind failed to find a gid for sid %s\n", - sid_string_dbg(psid))); - return false; + DEBUG(10,("winbind failed to find a gid for sid %s\n", + sid_string_dbg(psid))); + return false; + } } DEBUG(10,("sid %s -> gid %u\n", sid_string_dbg(psid), (unsigned int)*pgid )); store_gid_sid_cache(psid, *pgid); - return true; } - -- cgit From 95cc5ee395ab9d7f6f79d341ad20bc486c292a8d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 26 Aug 2008 15:51:56 -0700 Subject: Fix the build :-(. Ask winbindd if we find a negative cache entry (or should we just call the legacy function ?). Jeremy. (This used to be commit 566d3b6e76afeca8e862cb36202a5283b86920e4) --- source3/passdb/lookup_sid.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) (limited to 'source3/passdb/lookup_sid.c') diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 333b0a7555..4b2edd5d59 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1287,13 +1287,16 @@ static bool legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid) void uid_to_sid(DOM_SID *psid, uid_t uid) { bool expired = true; + bool ret; ZERO_STRUCTP(psid); if (fetch_sid_from_uid_cache(psid, uid)) return; /* Check the winbindd cache directly. */ - if (!idmap_cache_find_uid2sid(uid, psid, &expired) || expired) { + ret = idmap_cache_find_uid2sid(uid, psid, &expired); + + if (!ret || expired || (ret && is_null_sid(psid))) { /* Not in cache. Ask winbindd. */ if (!winbind_uid_to_sid(psid, uid)) { if (!winbind_ping()) { @@ -1321,13 +1324,16 @@ void uid_to_sid(DOM_SID *psid, uid_t uid) void gid_to_sid(DOM_SID *psid, gid_t gid) { bool expired = true; + bool ret; ZERO_STRUCTP(psid); if (fetch_sid_from_gid_cache(psid, gid)) return; /* Check the winbindd cache directly. */ - if (!idmap_cache_find_gid2sid(gid, psid, &expired) || expired) { + ret = idmap_cache_find_gid2sid(gid, psid, &expired); + + if (!ret || expired || (ret && is_null_sid(psid))) { /* Not in cache. Ask winbindd. */ if (!winbind_gid_to_sid(psid, gid)) { if (!winbind_ping()) { @@ -1355,6 +1361,7 @@ void gid_to_sid(DOM_SID *psid, gid_t gid) bool sid_to_uid(const DOM_SID *psid, uid_t *puid) { bool expired = true; + bool ret; uint32 rid; gid_t gid; @@ -1378,7 +1385,9 @@ bool sid_to_uid(const DOM_SID *psid, uid_t *puid) } /* Check the winbindd cache directly. */ - if (!idmap_cache_find_sid2uid(psid, puid, &expired) || expired) { + ret = idmap_cache_find_sid2uid(psid, puid, &expired); + + if (!ret || expired || (ret && (*puid == (uid_t)-1))) { /* Not in cache. Ask winbindd. */ if (!winbind_sid_to_uid(puid, psid)) { if (!winbind_ping()) { @@ -1409,6 +1418,7 @@ bool sid_to_uid(const DOM_SID *psid, uid_t *puid) bool sid_to_gid(const DOM_SID *psid, gid_t *pgid) { bool expired = true; + bool ret; uint32 rid; uid_t uid; @@ -1431,8 +1441,10 @@ bool sid_to_gid(const DOM_SID *psid, gid_t *pgid) } /* Check the winbindd cache directly. */ - if (!idmap_cache_find_sid2gid(psid, pgid, &expired) || expired) { - /* Not in cache. Ask winbindd. */ + ret = idmap_cache_find_sid2gid(psid, pgid, &expired); + + if (!ret || expired || (ret && (*pgid == (gid_t)-1))) { + /* Not in cache or negative. Ask winbindd. */ /* Ask winbindd if it can map this sid to a gid. * (Idmap will check it is a valid SID and of the right type) */ -- cgit