From c60b06e02d377a7912d48406cfce0e81891d5784 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 25 Feb 2019 14:38:50 +0100 Subject: [PATCH 01/12] lib: Make idmap_cache return negative mappings Without this we'd query non-existent mappings over and over again. Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit d9303e8eb90d48f09f2e2e8bdf01f4a7c3c21d11) --- source3/lib/idmap_cache.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c index 1e8a1ebc607..0ec23df6a05 100644 --- a/source3/lib/idmap_cache.c +++ b/source3/lib/idmap_cache.c @@ -213,7 +213,12 @@ static void idmap_cache_xid2sid_parser(time_t timeout, DATA_BLOB blob, value = (char *)blob.data; - if (value[0] != '-') { + if ((value[0] == '-') && (value[1] == '\0')) { + /* + * Return NULL SID, see comment to uid2sid + */ + state->ret = true; + } else { state->ret = string_to_sid(state->sid, value); } if (state->ret) { -- 2.17.0 From 634f44bd833479936c0065c98a8cfb3ccb459ec2 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 12:46:39 +0100 Subject: [PATCH 02/12] idmap_cache: Only touch "sid" on success in find_xid_to_sid Why? This makes the negative mapping condition (is_null_sid) more explicit in the code. The callers in lookup_sid initialized "psid" anyway before, and the ones in wb_xids2sids now do as well. This is more in line with other APIs we have: Only touch output parameters if you have something to say. Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 4faf3e9f6da7515fc263d79f77226d105c2f8524) --- source3/lib/idmap_cache.c | 5 ++--- source3/winbindd/wb_xids2sids.c | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c index 0ec23df6a05..cf63a229da5 100644 --- a/source3/lib/idmap_cache.c +++ b/source3/lib/idmap_cache.c @@ -201,13 +201,11 @@ static void idmap_cache_xid2sid_parser(time_t timeout, DATA_BLOB blob, (struct idmap_cache_xid2sid_state *)private_data; char *value; - ZERO_STRUCTP(state->sid); - state->ret = false; - if ((blob.length == 0) || (blob.data[blob.length-1] != 0)) { /* * Not a string, can't be a valid mapping */ + state->ret = false; return; } @@ -217,6 +215,7 @@ static void idmap_cache_xid2sid_parser(time_t timeout, DATA_BLOB blob, /* * Return NULL SID, see comment to uid2sid */ + *state->sid = (struct dom_sid) {0}; state->ret = true; } else { state->ret = string_to_sid(state->sid, value); diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index 1e251d8cbeb..766092b2664 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -462,7 +462,7 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx, uint32_t i; for (i=0; i Date: Tue, 26 Feb 2019 12:52:28 +0100 Subject: [PATCH 03/12] winbind: Initialize "expired" parameter to idmap_cache_xid2sid The code in idmap_cache only touches its output parameters upon success Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 8c28c12702c0935a852c7fed6565987623f09fee) --- source3/winbindd/wb_xids2sids.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index 766092b2664..5be55d59b75 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -463,7 +463,7 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx, for (i=0; i Date: Mon, 25 Feb 2019 14:55:00 +0100 Subject: [PATCH 04/12] winbind: Now we explicitly track if we got ids from cache This now properly makes us use negative cache entries Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 95d33ca79cc315f1a2e41cd60859ef01d6548c77) --- source3/winbindd/wb_xids2sids.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index 5be55d59b75..55c24822925 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -243,6 +243,7 @@ static NTSTATUS wb_xids2sids_init_dom_maps_recv(struct tevent_req *req) struct wb_xids2sids_dom_state { struct tevent_context *ev; struct unixid *all_xids; + const bool *cached; size_t num_all_xids; struct dom_sid *all_sids; struct wb_xids2sids_dom_map *dom_map; @@ -259,7 +260,10 @@ static void wb_xids2sids_dom_gotdc(struct tevent_req *subreq); static struct tevent_req *wb_xids2sids_dom_send( TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct wb_xids2sids_dom_map *dom_map, - struct unixid *xids, size_t num_xids, struct dom_sid *sids) + struct unixid *xids, + const bool *cached, + size_t num_xids, + struct dom_sid *sids) { struct tevent_req *req, *subreq; struct wb_xids2sids_dom_state *state; @@ -273,6 +277,7 @@ static struct tevent_req *wb_xids2sids_dom_send( } state->ev = ev; state->all_xids = xids; + state->cached = cached; state->num_all_xids = num_xids; state->all_sids = sids; state->dom_map = dom_map; @@ -293,7 +298,7 @@ static struct tevent_req *wb_xids2sids_dom_send( /* out of range */ continue; } - if (!is_null_sid(&state->all_sids[i])) { + if (state->cached[i]) { /* already mapped */ continue; } @@ -360,7 +365,7 @@ static void wb_xids2sids_dom_done(struct tevent_req *subreq) /* out of range */ continue; } - if (!is_null_sid(&state->all_sids[i])) { + if (state->cached[i]) { /* already mapped */ continue; } @@ -517,7 +522,7 @@ static void wb_xids2sids_init_dom_maps_done(struct tevent_req *subreq) subreq = wb_xids2sids_dom_send( state, state->ev, &dom_maps[state->dom_idx], - state->xids, state->num_xids, state->sids); + state->xids, state->cached, state->num_xids, state->sids); if (tevent_req_nomem(subreq, req)) { return; } @@ -548,6 +553,7 @@ static void wb_xids2sids_done(struct tevent_req *subreq) state->ev, &dom_maps[state->dom_idx], state->xids, + state->cached, state->num_xids, state->sids); if (tevent_req_nomem(subreq, req)) { -- 2.17.0 From a7dc2cf38f6cc2913c0b8fe51be5e63510073a4b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 14:32:52 +0100 Subject: [PATCH 05/12] idmap_cache: Introduce idmap_cache_find_xid2sid Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit bb8122dd8c53bb307819a79b7888cc0940a7c13b) --- source3/lib/idmap_cache.c | 36 ++++++++++++++++++++++++++++++++++++ source3/lib/idmap_cache.h | 2 ++ 2 files changed, 38 insertions(+) diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c index cf63a229da5..9fc32215001 100644 --- a/source3/lib/idmap_cache.c +++ b/source3/lib/idmap_cache.c @@ -275,6 +275,42 @@ bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired) return state.ret; } +/** + * Find a xid2sid mapping + * @param[in] id the unix id to map + * @param[out] sid where to put the result + * @param[out] expired is the cache entry expired? + * @retval Was anything in the cache at all? + * + * If "is_null_sid(sid)", this was a negative mapping. + */ +bool idmap_cache_find_xid2sid( + const struct unixid *id, struct dom_sid *sid, bool *expired) +{ + struct idmap_cache_xid2sid_state state = { + .sid = sid, .expired = expired + }; + fstring key; + char c; + + switch (id->type) { + case ID_TYPE_UID: + c = 'U'; + break; + case ID_TYPE_GID: + c = 'G'; + break; + default: + return false; + } + + fstr_sprintf(key, "IDMAP/%cID2SID/%d", c, (int)id->id); + + gencache_parse(key, idmap_cache_xid2sid_parser, &state); + return state.ret; +} + + /** * Store a mapping in the idmap cache * @param[in] sid the sid to map diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h index dc497022e3b..d5afa170e1a 100644 --- a/source3/lib/idmap_cache.h +++ b/source3/lib/idmap_cache.h @@ -31,6 +31,8 @@ bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid, bool *expired); bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired); bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired); +bool idmap_cache_find_xid2sid( + const struct unixid *id, struct dom_sid *sid, bool *expired); void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id); bool idmap_cache_del_uid(uid_t uid); -- 2.17.0 From 14d9d9c109090497193923826c20e2484b00d6e5 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 27 Feb 2019 14:54:12 +0100 Subject: [PATCH 06/12] torture: Add tests for idmap cache Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit e5a903bab6eda8f7ff2a7c8149d51022d9d8aede) --- source3/selftest/tests.py | 1 + source3/torture/proto.h | 1 + source3/torture/test_idmap_cache.c | 122 +++++++++++++++++++++++++++++ source3/torture/torture.c | 1 + source3/wscript_build | 1 + 5 files changed, 126 insertions(+) create mode 100644 source3/torture/test_idmap_cache.c diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index e3187ca80c3..8b99407ba8a 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -164,6 +164,7 @@ local_tests = [ "LOCAL-G-LOCK5", "LOCAL-G-LOCK6", "LOCAL-NAMEMAP-CACHE1", + "LOCAL-IDMAP-CACHE1", "LOCAL-hex_encode_buf", "LOCAL-remove_duplicate_addrs2"] diff --git a/source3/torture/proto.h b/source3/torture/proto.h index 1634da49315..eb98aba49dd 100644 --- a/source3/torture/proto.h +++ b/source3/torture/proto.h @@ -137,5 +137,6 @@ bool run_g_lock5(int dummy); bool run_g_lock6(int dummy); bool run_g_lock_ping_pong(int dummy); bool run_local_namemap_cache1(int dummy); +bool run_local_idmap_cache1(int dummy); #endif /* __TORTURE_H__ */ diff --git a/source3/torture/test_idmap_cache.c b/source3/torture/test_idmap_cache.c new file mode 100644 index 00000000000..b9cba3b4a53 --- /dev/null +++ b/source3/torture/test_idmap_cache.c @@ -0,0 +1,122 @@ +/* + * Unix SMB/CIFS implementation. + * Test dbwrap_watch API + * Copyright (C) Volker Lendecke 2017 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include "includes.h" +#include "torture/proto.h" +#include "lib/idmap_cache.h" +#include "librpc/gen_ndr/idmap.h" +#include "libcli/security/dom_sid.h" + +bool run_local_idmap_cache1(int dummy) +{ + struct dom_sid sid, found_sid; + struct unixid xid, found_xid; + bool ret = false; + bool expired = false; + + xid = (struct unixid) { .id = 1234, .type = ID_TYPE_UID }; + dom_sid_parse("S-1-5-21-2864185242-3846410404-2398417794-1235", &sid); + idmap_cache_set_sid2unixid(&sid, &xid); + + ret = idmap_cache_find_sid2unixid(&sid, &found_xid, &expired); + if (!ret) { + fprintf(stderr, "idmap_cache_find_sid2unixid failed\n"); + goto done; + } + if (expired) { + fprintf(stderr, + "idmap_cache_find_sid2unixid returned an expired " + "value\n"); + goto done; + } + if ((xid.type != found_xid.type) || (xid.id != found_xid.id)) { + fprintf(stderr, + "idmap_cache_find_sid2unixid returned wrong " + "values\n"); + goto done; + } + + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired); + if (!ret) { + fprintf(stderr, "idmap_cache_find_xid2sid failed\n"); + goto done; + } + if (expired) { + fprintf(stderr, + "idmap_cache_find_xid2sid returned an expired " + "value\n"); + goto done; + } + if (!dom_sid_equal(&sid, &found_sid)) { + fprintf(stderr, + "idmap_cache_find_xid2sid returned wrong sid\n"); + goto done; + } + + xid.type = ID_TYPE_GID; + + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired); + if (ret) { + fprintf(stderr, + "idmap_cache_find_xid2sid found a GID where it " + "should not\n"); + goto done; + } + + idmap_cache_del_sid(&sid); + + xid.type = ID_TYPE_UID; + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired); + if (ret) { + fprintf(stderr, + "idmap_cache_find_xid2sid found a UID where it " + "should not\n"); + goto done; + } + + /* + * Test that negative mappings can also be cached + */ + sid = (struct dom_sid) {0}; + xid = (struct unixid) { .id = 1234, .type = ID_TYPE_UID }; + idmap_cache_set_sid2unixid(&sid, &xid); + + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired); + if (!ret) { + fprintf(stderr, + "idmap_cache_find_xid2sid failed to find " + "negative mapping\n"); + goto done; + } + if (expired) { + fprintf(stderr, + "idmap_cache_find_xid2sid returned an expired " + "value\n"); + goto done; + } + if (!dom_sid_equal(&sid, &found_sid)) { + fprintf(stderr, + "idmap_cache_find_xid2sid returned wrong sid\n"); + goto done; + } + + ret = true; +done: + return ret; +} diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 4e4f3760ddf..f92cc4b3f04 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -11920,6 +11920,7 @@ static struct { { "LOCAL-G-LOCK-PING-PONG", run_g_lock_ping_pong, 0 }, { "LOCAL-CANONICALIZE-PATH", run_local_canonicalize_path, 0 }, { "LOCAL-NAMEMAP-CACHE1", run_local_namemap_cache1, 0 }, + { "LOCAL-IDMAP-CACHE1", run_local_idmap_cache1, 0 }, { "qpathinfo-bufsize", run_qpathinfo_bufsize, 0 }, {NULL, NULL, 0}}; diff --git a/source3/wscript_build b/source3/wscript_build index 40d93cbcae5..3108de5dc35 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -1201,6 +1201,7 @@ bld.SAMBA3_BINARY('smbtorture' + bld.env.suffix3, torture/wbc_async.c torture/test_g_lock.c torture/test_namemap_cache.c + torture/test_idmap_cache.c ''', deps=''' talloc -- 2.17.0 From dc9f38b30620859c1b89d7707662c10d54cf1ec2 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 14:34:56 +0100 Subject: [PATCH 07/12] winbind: Use idmap_cache_find_xid2sid Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit bc9824bd42d9370279819ea0d927e236f6041324) --- source3/winbindd/wb_xids2sids.c | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index 55c24822925..03690278856 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -470,19 +470,8 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx, struct dom_sid sid = {0}; bool ok, expired = true; - switch (xids[i].type) { - case ID_TYPE_UID: - ok = idmap_cache_find_uid2sid( - xids[i].id, &sid, &expired); - break; - case ID_TYPE_GID: - ok = idmap_cache_find_gid2sid( - xids[i].id, &sid, &expired); - break; - default: - ok = false; - } - + ok = idmap_cache_find_xid2sid( + &xids[i], &sid, &expired); if (ok && !expired) { sid_copy(&state->sids[i], &sid); state->cached[i] = true; -- 2.17.0 From 40dab06d2d69d880a7e7d1b4fa5bb7c6b499b38d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 14:45:32 +0100 Subject: [PATCH 08/12] lib: Introduce winbind_xid_to_sid This does not merge a winbind communication error into "global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not go along with is_null_sid(). Instead, this just touches the output sid when winbind returned success. This success might well be a negative mapping indicated by S-0-0, which *is* is_null_sid()... Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit ef706a3e63b3e25edd27e0f99c3e2d8ff7209cb6) --- source3/lib/winbind_util.c | 30 ++++++++++++++++++++++++++++++ source3/lib/winbind_util.h | 2 ++ 2 files changed, 32 insertions(+) diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c index 427831f04c8..5f10cb68725 100644 --- a/source3/lib/winbind_util.c +++ b/source3/lib/winbind_util.c @@ -197,6 +197,36 @@ bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid) return (result == WBC_ERR_SUCCESS); } +bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid) +{ + struct wbcUnixId wbc_xid; + struct wbcDomainSid dom_sid; + wbcErr result; + + switch (xid->type) { + case ID_TYPE_UID: + wbc_xid = (struct wbcUnixId) { + .type = WBC_ID_TYPE_UID, .id.uid = xid->id + }; + break; + case ID_TYPE_GID: + wbc_xid = (struct wbcUnixId) { + .type = WBC_ID_TYPE_GID, .id.gid = xid->id + }; + break; + default: + return false; + } + + result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid); + if (result != WBC_ERR_SUCCESS) { + return false; + } + + memcpy(sid, &dom_sid, sizeof(struct dom_sid)); + return true; +} + /* Check for a trusted domain */ wbcErr wb_is_trusted_domain(const char *domain) diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h index c2bf0e02d76..5ecda5a7b09 100644 --- a/source3/lib/winbind_util.h +++ b/source3/lib/winbind_util.h @@ -22,6 +22,7 @@ #define __LIB__WINBIND_UTIL_H__ #include "../librpc/gen_ndr/lsa.h" +#include "librpc/gen_ndr/idmap.h" /* needed for wbcErr below */ #include "nsswitch/libwbclient/wbclient.h" @@ -38,6 +39,7 @@ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid); bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid); bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid); bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid); +bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid); struct passwd * winbind_getpwnam(const char * sname); struct passwd * winbind_getpwsid(const struct dom_sid *sid); wbcErr wb_is_trusted_domain(const char *domain); -- 2.17.0 From 9a5f435e3bda4cfe237274b22234847d74e61bdb Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 18 Oct 2018 05:46:37 +0200 Subject: [PATCH 09/12] lib: Add dom_sid_str_buf This is modeled after server_id_str_buf, which as an API to me is easier to use: I can rely on the compiler to get the buffer size right. It is designed to violate README.Coding's "Make use of helper variables", but as this API is simple enough and the output should never be a surprise at all, I think that's worth it. Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri Nov 2 20:11:11 CET 2018 on sn-devel-144 (cherry picked from commit 8b9d36221930a487ca5c51bf2e38ed04de9d50f7) --- libcli/security/dom_sid.c | 10 ++++++++++ libcli/security/dom_sid.h | 2 ++ 2 files changed, 12 insertions(+) diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c index 17ac0560d83..9d9f466e080 100644 --- a/libcli/security/dom_sid.c +++ b/libcli/security/dom_sid.c @@ -488,3 +488,13 @@ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) talloc_set_name_const(result, result); return result; } + +char *dom_sid_str_buf(const struct dom_sid *sid, struct dom_sid_buf *dst) +{ + int ret; + ret = dom_sid_string_buf(sid, dst->buf, sizeof(dst->buf)); + if ((ret < 0) || (ret >= sizeof(dst->buf))) { + strlcpy(dst->buf, "(INVALID SID)", sizeof(dst->buf)); + } + return dst->buf; +} diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h index 491fc0699f4..0010fd2c3af 100644 --- a/libcli/security/dom_sid.h +++ b/libcli/security/dom_sid.h @@ -103,6 +103,8 @@ bool dom_sid_is_valid_account_domain(const struct dom_sid *sid); int dom_sid_string_buf(const struct dom_sid *sid, char *buf, int buflen); char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); +struct dom_sid_buf { char buf[DOM_SID_STR_BUFLEN]; }; +char *dom_sid_str_buf(const struct dom_sid *sid, struct dom_sid_buf *dst); const char *sid_type_lookup(uint32_t sid_type); const struct security_token *get_system_token(void); -- 2.17.0 From 9a83d00096ddfcc1068d15d8d7d7be3d3eb028ae Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 15:10:21 +0100 Subject: [PATCH 10/12] passdb: Introduce xid_to_sid This explicitly avoids the legacy_[ug]id_to_sid calls, which create long-term cache entries to S-1-22-x-y if anthing fails. We can't do this, because this will turn temporary winbind communication failures into long-term problems: A short hickup in winbind_uid_to_sid will create a mapping to S-1-22-1-uid for a week. It should be up to the lower layers to do the caching. Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 92f27ebb14c0c18b1d0fd49544ad851aeb14781c) --- source3/passdb/lookup_sid.c | 74 +++++++++++++++++++++++++++++++++++++ source3/passdb/lookup_sid.h | 1 + 2 files changed, 75 insertions(+) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index eeaf2b720a7..1cf3a7ddb87 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1337,6 +1337,80 @@ void gid_to_sid(struct dom_sid *psid, gid_t gid) return; } +void xid_to_sid(struct dom_sid *psid, const struct unixid *xid) +{ + bool expired = true; + bool ret; + struct dom_sid_buf buf; + + SMB_ASSERT(xid->type == ID_TYPE_UID || xid->type == ID_TYPE_GID); + + *psid = (struct dom_sid) {0}; + + ret = idmap_cache_find_xid2sid(xid, psid, &expired); + if (ret && !expired) { + DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n", + xid->type == ID_TYPE_UID ? 'U' : 'G', + xid->id, + dom_sid_str_buf(psid, &buf)); + goto done; + } + + ret = winbind_xid_to_sid(psid, xid); + if (ret) { + /* + * winbind can return an explicit negative mapping + * here. It's up to winbind to prime the cache either + * positively or negatively, don't mess with the cache + * here. + */ + DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n", + xid->type == ID_TYPE_UID ? 'U' : 'G', + xid->id, + dom_sid_str_buf(psid, &buf)); + goto done; + } + + { + /* + * Make a copy, pdb_id_to_sid might want to turn + * xid->type into ID_TYPE_BOTH, which we ignore here. + */ + struct unixid rw_xid = *xid; + + become_root(); + ret = pdb_id_to_sid(&rw_xid, psid); + unbecome_root(); + } + + if (ret) { + DBG_DEBUG("%cID %"PRIu32" -> %s from passdb\n", + xid->type == ID_TYPE_UID ? 'U' : 'G', + xid->id, + dom_sid_str_buf(psid, &buf)); + goto done; + } + +done: + if (is_null_sid(psid)) { + /* + * Nobody found anything: Return S-1-22-xx-yy. Don't + * store that in caches, this is up to the layers + * beneath us. + */ + if (xid->type == ID_TYPE_UID) { + uid_to_unix_users_sid(xid->id, psid); + } else { + gid_to_unix_groups_sid(xid->id, psid); + } + + DBG_DEBUG("%cID %"PRIu32" -> %s fallback\n", + xid->type == ID_TYPE_UID ? 'U' : 'G', + xid->id, + dom_sid_str_buf(psid, &buf)); + } +} + bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, struct unixid *ids) { diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h index 8b5edf6bcb8..8a21cca2a4d 100644 --- a/source3/passdb/lookup_sid.h +++ b/source3/passdb/lookup_sid.h @@ -83,6 +83,7 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, enum lsa_SidType *ret_type); void uid_to_sid(struct dom_sid *psid, uid_t uid); void gid_to_sid(struct dom_sid *psid, gid_t gid); +void xid_to_sid(struct dom_sid *psid, const struct unixid *xid); bool sid_to_uid(const struct dom_sid *psid, uid_t *puid); bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid); bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, -- 2.17.0 From 2133db2a6abb0269c49e69a8e8f34ea5101713d5 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 15:17:36 +0100 Subject: [PATCH 11/12] passdb: Make [ug]id_to_sid use xid_to_sid Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 40de67f1fcc46b7a64a7364c91dcedb474826d51) --- source3/passdb/lookup_sid.c | 201 +++--------------------------------- 1 file changed, 12 insertions(+), 189 deletions(-) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 1cf3a7ddb87..caa3442c6f1 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1101,97 +1101,6 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, return ret; } -/***************************************************************** - Id mapping cache. This is to avoid Winbind mappings already - seen by smbd to be queried too frequently, keeping winbindd - busy, and blocking smbd while winbindd is busy with other - stuff. Written by Michael Steffens , - modified to use linked lists by jra. -*****************************************************************/ - - -/***************************************************************** - *THE LEGACY* convert uid_t to SID function. -*****************************************************************/ - -static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid) -{ - bool ret; - struct unixid id; - - ZERO_STRUCTP(psid); - - id.id = uid; - id.type = ID_TYPE_UID; - - become_root(); - ret = pdb_id_to_sid(&id, psid); - unbecome_root(); - - if (ret) { - /* This is a mapped user */ - goto done; - } - - /* This is an unmapped user */ - - uid_to_unix_users_sid(uid, psid); - - { - struct unixid xid = { - .id = uid, .type = ID_TYPE_UID - }; - idmap_cache_set_sid2unixid(psid, &xid); - } - - done: - DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid, - sid_string_dbg(psid))); - - return; -} - -/***************************************************************** - *THE LEGACY* convert gid_t to SID function. -*****************************************************************/ - -static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid) -{ - bool ret; - struct unixid id; - - ZERO_STRUCTP(psid); - - id.id = gid; - id.type = ID_TYPE_GID; - - become_root(); - ret = pdb_id_to_sid(&id, psid); - unbecome_root(); - - if (ret) { - /* This is a mapped group */ - goto done; - } - - /* This is an unmapped group */ - - gid_to_unix_groups_sid(gid, psid); - - { - struct unixid xid = { - .id = gid, .type = ID_TYPE_GID - }; - idmap_cache_set_sid2unixid(psid, &xid); - } - - done: - DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid, - sid_string_dbg(psid))); - - return; -} - /***************************************************************** *THE LEGACY* convert SID to id function. *****************************************************************/ @@ -1239,104 +1148,6 @@ static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid) return false; } -/***************************************************************** - *THE CANONICAL* convert uid_t to SID function. -*****************************************************************/ - -void uid_to_sid(struct dom_sid *psid, uid_t uid) -{ - bool expired = true; - bool ret; - ZERO_STRUCTP(psid); - - /* Check the winbindd cache directly. */ - ret = idmap_cache_find_uid2sid(uid, psid, &expired); - - if (ret && !expired && is_null_sid(psid)) { - /* - * Negative cache entry, we already asked. - * do legacy. - */ - legacy_uid_to_sid(psid, uid); - return; - } - - if (!ret || expired) { - /* Not in cache. Ask winbindd. */ - if (!winbind_uid_to_sid(psid, uid)) { - /* - * We shouldn't return the NULL SID - * here if winbind was running and - * couldn't map, as winbind will have - * added a negative entry that will - * cause us to go though the - * legacy_uid_to_sid() - * function anyway in the case above - * the next time we ask. - */ - DEBUG(5, ("uid_to_sid: winbind failed to find a sid " - "for uid %u\n", (unsigned int)uid)); - - legacy_uid_to_sid(psid, uid); - return; - } - } - - DEBUG(10,("uid %u -> sid %s\n", (unsigned int)uid, - sid_string_dbg(psid))); - - return; -} - -/***************************************************************** - *THE CANONICAL* convert gid_t to SID function. -*****************************************************************/ - -void gid_to_sid(struct dom_sid *psid, gid_t gid) -{ - bool expired = true; - bool ret; - ZERO_STRUCTP(psid); - - /* Check the winbindd cache directly. */ - ret = idmap_cache_find_gid2sid(gid, psid, &expired); - - if (ret && !expired && is_null_sid(psid)) { - /* - * Negative cache entry, we already asked. - * do legacy. - */ - legacy_gid_to_sid(psid, gid); - return; - } - - if (!ret || expired) { - /* Not in cache. Ask winbindd. */ - if (!winbind_gid_to_sid(psid, gid)) { - /* - * We shouldn't return the NULL SID - * here if winbind was running and - * couldn't map, as winbind will have - * added a negative entry that will - * cause us to go though the - * legacy_gid_to_sid() - * function anyway in the case above - * the next time we ask. - */ - DEBUG(5, ("gid_to_sid: winbind failed to find a sid " - "for gid %u\n", (unsigned int)gid)); - - legacy_gid_to_sid(psid, gid); - return; - } - } - - DEBUG(10,("gid %u -> sid %s\n", (unsigned int)gid, - sid_string_dbg(psid))); - - return; -} - void xid_to_sid(struct dom_sid *psid, const struct unixid *xid) { bool expired = true; @@ -1411,6 +1222,18 @@ done: } } +void uid_to_sid(struct dom_sid *psid, uid_t uid) +{ + struct unixid xid = { .type = ID_TYPE_UID, .id = uid}; + xid_to_sid(psid, &xid); +} + +void gid_to_sid(struct dom_sid *psid, gid_t gid) +{ + struct unixid xid = { .type = ID_TYPE_GID, .id = gid}; + xid_to_sid(psid, &xid); +} + bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, struct unixid *ids) { -- 2.17.0 From 5b36b41b589c09755d2fd99c88241f167daa3d92 Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Mon, 4 Mar 2019 13:38:48 -0700 Subject: [PATCH 12/12] passdb: Update ABI to 0.27.2 This change is for the backport only. The change in master increased the ABI version to 0.28.0 and removed some functions; this should not happen in a backport. Signed-off-by: Christof Schmitt --- source3/passdb/ABI/samba-passdb-0.27.2.sigs | 311 ++++++++++++++++++++ source3/wscript_build | 2 +- 2 files changed, 312 insertions(+), 1 deletion(-) create mode 100644 source3/passdb/ABI/samba-passdb-0.27.2.sigs diff --git a/source3/passdb/ABI/samba-passdb-0.27.2.sigs b/source3/passdb/ABI/samba-passdb-0.27.2.sigs new file mode 100644 index 00000000000..17876abac16 --- /dev/null +++ b/source3/passdb/ABI/samba-passdb-0.27.2.sigs @@ -0,0 +1,311 @@ +PDB_secrets_clear_domain_protection: bool (const char *) +PDB_secrets_fetch_domain_guid: bool (const char *, struct GUID *) +PDB_secrets_fetch_domain_sid: bool (const char *, struct dom_sid *) +PDB_secrets_mark_domain_protected: bool (const char *) +PDB_secrets_store_domain_guid: bool (const char *, struct GUID *) +PDB_secrets_store_domain_sid: bool (const char *, const struct dom_sid *) +account_policy_get: bool (enum pdb_policy_type, uint32_t *) +account_policy_get_default: bool (enum pdb_policy_type, uint32_t *) +account_policy_get_desc: const char *(enum pdb_policy_type) +account_policy_name_to_typenum: enum pdb_policy_type (const char *) +account_policy_names_list: void (TALLOC_CTX *, const char ***, int *) +account_policy_set: bool (enum pdb_policy_type, uint32_t) +add_initial_entry: NTSTATUS (gid_t, const char *, enum lsa_SidType, const char *, const char *) +algorithmic_pdb_gid_to_group_rid: uint32_t (gid_t) +algorithmic_pdb_rid_is_user: bool (uint32_t) +algorithmic_pdb_uid_to_user_rid: uint32_t (uid_t) +algorithmic_pdb_user_rid_to_uid: uid_t (uint32_t) +algorithmic_rid_base: int (void) +builtin_domain_name: const char *(void) +cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *) +cache_account_policy_set: bool (enum pdb_policy_type, uint32_t) +create_builtin_administrators: NTSTATUS (const struct dom_sid *) +create_builtin_guests: NTSTATUS (const struct dom_sid *) +create_builtin_users: NTSTATUS (const struct dom_sid *) +decode_account_policy_name: const char *(enum pdb_policy_type) +get_account_pol_db: struct db_context *(void) +get_account_policy_attr: const char *(enum pdb_policy_type) +get_domain_group_from_sid: bool (struct dom_sid, GROUP_MAP *) +get_primary_group_sid: NTSTATUS (TALLOC_CTX *, const char *, struct passwd **, struct dom_sid **) +get_privileges_for_sid_as_set: NTSTATUS (TALLOC_CTX *, PRIVILEGE_SET **, struct dom_sid *) +get_privileges_for_sids: bool (uint64_t *, struct dom_sid *, int) +get_trust_pw_clear: bool (const char *, char **, const char **, enum netr_SchannelType *) +get_trust_pw_hash: bool (const char *, uint8_t *, const char **, enum netr_SchannelType *) +gid_to_sid: void (struct dom_sid *, gid_t) +gid_to_unix_groups_sid: void (gid_t, struct dom_sid *) +grab_named_mutex: struct named_mutex *(TALLOC_CTX *, const char *, int) +grant_all_privileges: bool (const struct dom_sid *) +grant_privilege_by_name: bool (const struct dom_sid *, const char *) +grant_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *) +groupdb_tdb_init: const struct mapping_backend *(void) +init_account_policy: bool (void) +init_buffer_from_samu: uint32_t (uint8_t **, struct samu *, bool) +init_samu_from_buffer: bool (struct samu *, uint32_t, uint8_t *, uint32_t) +initialize_password_db: bool (bool, struct tevent_context *) +is_dc_trusted_domain_situation: bool (const char *) +is_privileged_sid: bool (const struct dom_sid *) +local_password_change: NTSTATUS (const char *, int, const char *, char **, char **) +login_cache_delentry: bool (const struct samu *) +login_cache_init: bool (void) +login_cache_read: bool (struct samu *, struct login_cache *) +login_cache_shutdown: bool (void) +login_cache_write: bool (const struct samu *, const struct login_cache *) +lookup_builtin_name: bool (const char *, uint32_t *) +lookup_builtin_rid: bool (TALLOC_CTX *, uint32_t, const char **) +lookup_global_sam_name: bool (const char *, int, uint32_t *, enum lsa_SidType *) +lookup_name: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *) +lookup_name_smbconf: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *) +lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *) +lookup_sids: NTSTATUS (TALLOC_CTX *, int, const struct dom_sid **, int, struct lsa_dom_info **, struct lsa_name_info **) +lookup_wellknown_name: bool (TALLOC_CTX *, const char *, struct dom_sid *, const char **) +lookup_wellknown_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **) +make_pdb_method: NTSTATUS (struct pdb_methods **) +make_pdb_method_name: NTSTATUS (struct pdb_methods **, const char *) +max_algorithmic_gid: gid_t (void) +max_algorithmic_uid: uid_t (void) +pdb_add_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *) +pdb_add_group_mapping_entry: NTSTATUS (GROUP_MAP *) +pdb_add_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) +pdb_add_sam_account: NTSTATUS (struct samu *) +pdb_build_fields_present: uint32_t (struct samu *) +pdb_capabilities: uint32_t (void) +pdb_copy_sam_account: bool (struct samu *, struct samu *) +pdb_create_alias: NTSTATUS (const char *, uint32_t *) +pdb_create_builtin: NTSTATUS (uint32_t) +pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t) +pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *) +pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *) +pdb_decode_acct_ctrl: uint32_t (const char *) +pdb_default_add_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *) +pdb_default_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) +pdb_default_alias_memberships: NTSTATUS (struct pdb_methods *, TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) +pdb_default_create_alias: NTSTATUS (struct pdb_methods *, const char *, uint32_t *) +pdb_default_del_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *) +pdb_default_delete_alias: NTSTATUS (struct pdb_methods *, const struct dom_sid *) +pdb_default_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid) +pdb_default_enum_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) +pdb_default_enum_group_mapping: NTSTATUS (struct pdb_methods *, const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) +pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *) +pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t) +pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *) +pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid) +pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *) +pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) +pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *) +pdb_del_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) +pdb_del_trusted_domain: NTSTATUS (const char *) +pdb_del_trusteddom_pw: bool (const char *) +pdb_delete_alias: NTSTATUS (const struct dom_sid *) +pdb_delete_dom_group: NTSTATUS (TALLOC_CTX *, uint32_t) +pdb_delete_group_mapping_entry: NTSTATUS (struct dom_sid) +pdb_delete_sam_account: NTSTATUS (struct samu *) +pdb_delete_secret: NTSTATUS (const char *) +pdb_delete_user: NTSTATUS (TALLOC_CTX *, struct samu *) +pdb_element_is_changed: bool (const struct samu *, enum pdb_elements) +pdb_element_is_set_or_changed: bool (const struct samu *, enum pdb_elements) +pdb_encode_acct_ctrl: char *(uint32_t, size_t) +pdb_enum_alias_memberships: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) +pdb_enum_aliasmem: NTSTATUS (const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) +pdb_enum_group_mapping: bool (const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) +pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, uint32_t **, size_t *) +pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, struct dom_sid **, gid_t **, uint32_t *) +pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct pdb_trusted_domain ***) +pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***) +pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***) +pdb_find_backend_entry: struct pdb_init_function_entry *(const char *) +pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *) +pdb_get_acct_ctrl: uint32_t (const struct samu *) +pdb_get_acct_desc: const char *(const struct samu *) +pdb_get_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *) +pdb_get_backend_private_data: void *(const struct samu *, const struct pdb_methods *) +pdb_get_backends: const struct pdb_init_function_entry *(void) +pdb_get_bad_password_count: uint16_t (const struct samu *) +pdb_get_bad_password_time: time_t (const struct samu *) +pdb_get_code_page: uint16_t (const struct samu *) +pdb_get_comment: const char *(const struct samu *) +pdb_get_country_code: uint16_t (const struct samu *) +pdb_get_dir_drive: const char *(const struct samu *) +pdb_get_domain: const char *(const struct samu *) +pdb_get_domain_info: struct pdb_domain_info *(TALLOC_CTX *) +pdb_get_fullname: const char *(const struct samu *) +pdb_get_group_rid: uint32_t (struct samu *) +pdb_get_group_sid: const struct dom_sid *(struct samu *) +pdb_get_homedir: const char *(const struct samu *) +pdb_get_hours: const uint8_t *(const struct samu *) +pdb_get_hours_len: uint32_t (const struct samu *) +pdb_get_init_flags: enum pdb_value_state (const struct samu *, enum pdb_elements) +pdb_get_kickoff_time: time_t (const struct samu *) +pdb_get_lanman_passwd: const uint8_t *(const struct samu *) +pdb_get_logoff_time: time_t (const struct samu *) +pdb_get_logon_count: uint16_t (const struct samu *) +pdb_get_logon_divs: uint16_t (const struct samu *) +pdb_get_logon_script: const char *(const struct samu *) +pdb_get_logon_time: time_t (const struct samu *) +pdb_get_munged_dial: const char *(const struct samu *) +pdb_get_nt_passwd: const uint8_t *(const struct samu *) +pdb_get_nt_username: const char *(const struct samu *) +pdb_get_pass_can_change: bool (const struct samu *) +pdb_get_pass_can_change_time: time_t (const struct samu *) +pdb_get_pass_can_change_time_noncalc: time_t (const struct samu *) +pdb_get_pass_last_set_time: time_t (const struct samu *) +pdb_get_pass_must_change_time: time_t (const struct samu *) +pdb_get_plaintext_passwd: const char *(const struct samu *) +pdb_get_profile_path: const char *(const struct samu *) +pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *) +pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **) +pdb_get_seq_num: bool (time_t *) +pdb_get_tevent_context: struct tevent_context *(void) +pdb_get_trust_credentials: NTSTATUS (const char *, const char *, TALLOC_CTX *, struct cli_credentials **) +pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **) +pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **) +pdb_get_trusteddom_creds: NTSTATUS (const char *, TALLOC_CTX *, struct cli_credentials **) +pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *) +pdb_get_unknown_6: uint32_t (const struct samu *) +pdb_get_user_rid: uint32_t (const struct samu *) +pdb_get_user_sid: const struct dom_sid *(const struct samu *) +pdb_get_username: const char *(const struct samu *) +pdb_get_workstations: const char *(const struct samu *) +pdb_getgrgid: bool (GROUP_MAP *, gid_t) +pdb_getgrnam: bool (GROUP_MAP *, const char *) +pdb_getgrsid: bool (GROUP_MAP *, struct dom_sid) +pdb_gethexhours: bool (const char *, unsigned char *) +pdb_gethexpwd: bool (const char *, unsigned char *) +pdb_getsampwnam: bool (struct samu *, const char *) +pdb_getsampwsid: bool (struct samu *, const struct dom_sid *) +pdb_group_rid_to_gid: gid_t (uint32_t) +pdb_id_to_sid: bool (struct unixid *, struct dom_sid *) +pdb_increment_bad_password_count: bool (struct samu *) +pdb_is_password_change_time_max: bool (time_t) +pdb_is_responsible_for_builtin: bool (void) +pdb_is_responsible_for_everything_else: bool (void) +pdb_is_responsible_for_our_sam: bool (void) +pdb_is_responsible_for_unix_groups: bool (void) +pdb_is_responsible_for_unix_users: bool (void) +pdb_is_responsible_for_wellknown: bool (void) +pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *, const char **, enum lsa_SidType *) +pdb_new_rid: bool (uint32_t *) +pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) +pdb_nop_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid) +pdb_nop_enum_group_mapping: NTSTATUS (struct pdb_methods *, enum lsa_SidType, GROUP_MAP **, size_t *, bool) +pdb_nop_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t) +pdb_nop_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *) +pdb_nop_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid) +pdb_nop_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) +pdb_rename_sam_account: NTSTATUS (struct samu *, const char *) +pdb_search_aliases: struct pdb_search *(TALLOC_CTX *, const struct dom_sid *) +pdb_search_entries: uint32_t (struct pdb_search *, uint32_t, uint32_t, struct samr_displayentry **) +pdb_search_groups: struct pdb_search *(TALLOC_CTX *) +pdb_search_users: struct pdb_search *(TALLOC_CTX *, uint32_t) +pdb_set_account_policy: bool (enum pdb_policy_type, uint32_t) +pdb_set_acct_ctrl: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_acct_desc: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *) +pdb_set_backend_private_data: bool (struct samu *, void *, void (*)(void **), const struct pdb_methods *, enum pdb_value_state) +pdb_set_bad_password_count: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_bad_password_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_code_page: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_comment: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_country_code: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_dir_drive: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_domain: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_fullname: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_group_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state) +pdb_set_group_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_homedir: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_hours: bool (struct samu *, const uint8_t *, int, enum pdb_value_state) +pdb_set_hours_len: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_init_flags: bool (struct samu *, enum pdb_elements, enum pdb_value_state) +pdb_set_kickoff_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_lanman_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state) +pdb_set_logoff_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_logon_count: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_logon_divs: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_logon_script: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_logon_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_munged_dial: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_nt_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state) +pdb_set_nt_username: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_pass_can_change: bool (struct samu *, bool) +pdb_set_pass_can_change_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_pass_last_set_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_plaintext_passwd: bool (struct samu *, const char *) +pdb_set_plaintext_pw_only: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_profile_path: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_pw_history: bool (struct samu *, const uint8_t *, uint32_t, enum pdb_value_state) +pdb_set_secret: NTSTATUS (const char *, DATA_BLOB *, DATA_BLOB *, struct security_descriptor *) +pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_trusted_domain *) +pdb_set_trusteddom_pw: bool (const char *, const char *, const struct dom_sid *) +pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *) +pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **) +pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state) +pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_user_sid_from_string: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_username: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_workstations: bool (struct samu *, const char *, enum pdb_value_state) +pdb_sethexhours: void (char *, const unsigned char *) +pdb_sethexpwd: void (char *, const unsigned char *, uint32_t) +pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *) +pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, struct unixid *) +pdb_update_autolock_flag: bool (struct samu *, bool *) +pdb_update_bad_password_count: bool (struct samu *, bool *) +pdb_update_group_mapping_entry: NTSTATUS (GROUP_MAP *) +pdb_update_history: bool (struct samu *, const uint8_t *) +pdb_update_login_attempts: NTSTATUS (struct samu *, bool) +pdb_update_sam_account: NTSTATUS (struct samu *) +privilege_create_account: NTSTATUS (const struct dom_sid *) +privilege_delete_account: NTSTATUS (const struct dom_sid *) +privilege_enum_sids: NTSTATUS (enum sec_privilege, TALLOC_CTX *, struct dom_sid **, int *) +privilege_enumerate_accounts: NTSTATUS (struct dom_sid **, int *) +revoke_all_privileges: bool (const struct dom_sid *) +revoke_privilege_by_name: bool (const struct dom_sid *, const char *) +revoke_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *) +samu_alloc_rid_unix: NTSTATUS (struct pdb_methods *, struct samu *, const struct passwd *) +samu_new: struct samu *(TALLOC_CTX *) +samu_set_unix: NTSTATUS (struct samu *, const struct passwd *) +secrets_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***) +sid_check_is_builtin: bool (const struct dom_sid *) +sid_check_is_for_passdb: bool (const struct dom_sid *) +sid_check_is_in_builtin: bool (const struct dom_sid *) +sid_check_is_in_unix_groups: bool (const struct dom_sid *) +sid_check_is_in_unix_users: bool (const struct dom_sid *) +sid_check_is_in_wellknown_domain: bool (const struct dom_sid *) +sid_check_is_unix_groups: bool (const struct dom_sid *) +sid_check_is_unix_users: bool (const struct dom_sid *) +sid_check_is_wellknown_builtin: bool (const struct dom_sid *) +sid_check_is_wellknown_domain: bool (const struct dom_sid *, const char **) +sid_check_object_is_for_passdb: bool (const struct dom_sid *) +sid_to_gid: bool (const struct dom_sid *, gid_t *) +sid_to_uid: bool (const struct dom_sid *, uid_t *) +sids_to_unixids: bool (const struct dom_sid *, uint32_t, struct unixid *) +smb_add_user_group: int (const char *, const char *) +smb_create_group: int (const char *, gid_t *) +smb_delete_group: int (const char *) +smb_delete_user_group: int (const char *, const char *) +smb_nscd_flush_group_cache: void (void) +smb_nscd_flush_user_cache: void (void) +smb_register_passdb: NTSTATUS (int, const char *, pdb_init_function) +smb_set_primary_group: int (const char *, const char *) +uid_to_sid: void (struct dom_sid *, uid_t) +uid_to_unix_users_sid: void (uid_t, struct dom_sid *) +unix_groups_domain_name: const char *(void) +unix_users_domain_name: const char *(void) +unixid_from_both: void (struct unixid *, uint32_t) +unixid_from_gid: void (struct unixid *, uint32_t) +unixid_from_uid: void (struct unixid *, uint32_t) +wb_is_trusted_domain: wbcErr (const char *) +winbind_allocate_gid: bool (gid_t *) +winbind_allocate_uid: bool (uid_t *) +winbind_getpwnam: struct passwd *(const char *) +winbind_getpwsid: struct passwd *(const struct dom_sid *) +winbind_gid_to_sid: bool (struct dom_sid *, gid_t) +winbind_lookup_name: bool (const char *, const char *, struct dom_sid *, enum lsa_SidType *) +winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, int, uint32_t *, const char **, const char ***, enum lsa_SidType **) +winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *) +winbind_lookup_usersids: bool (TALLOC_CTX *, const struct dom_sid *, uint32_t *, struct dom_sid **) +winbind_ping: bool (void) +winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *) +winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *) +winbind_uid_to_sid: bool (struct dom_sid *, uid_t) +winbind_xid_to_sid: bool (struct dom_sid *, const struct unixid *) +xid_to_sid: void (struct dom_sid *, const struct unixid *) diff --git a/source3/wscript_build b/source3/wscript_build index 3108de5dc35..1f478661565 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -152,7 +152,7 @@ bld.SAMBA3_LIBRARY('samba-passdb', ''', abi_match=private_pdb_match, abi_directory='passdb/ABI', - vnum='0.27.1') + vnum='0.27.2') bld.SAMBA3_SUBSYSTEM('pdb', source=''' -- 2.17.0