From 7ce26a3212c50dfd84cba17f9dd6803b3cfb117e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 25 Feb 2019 14:38:50 +0100 Subject: [PATCH 01/12] lib: Make idmap_cache return negative mappings Without this we'd query non-existent mappings over and over again. Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit d9303e8eb90d48f09f2e2e8bdf01f4a7c3c21d11) --- source3/lib/idmap_cache.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c index 77618dd5aa1..244a727e01b 100644 --- a/source3/lib/idmap_cache.c +++ b/source3/lib/idmap_cache.c @@ -215,7 +215,12 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout, value = (char *)blob.data; - if (value[0] != '-') { + if ((value[0] == '-') && (value[1] == '\0')) { + /* + * Return NULL SID, see comment to uid2sid + */ + state->ret = true; + } else { state->ret = string_to_sid(state->sid, value); } if (state->ret) { -- 2.17.0 From 81db5f45a5d27770a4979878964054fb7c97bfbf Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 12:46:39 +0100 Subject: [PATCH 02/12] idmap_cache: Only touch "sid" on success in find_xid_to_sid Why? This makes the negative mapping condition (is_null_sid) more explicit in the code. The callers in lookup_sid initialized "psid" anyway before, and the ones in wb_xids2sids now do as well. This is more in line with other APIs we have: Only touch output parameters if you have something to say. Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 4faf3e9f6da7515fc263d79f77226d105c2f8524) --- source3/lib/idmap_cache.c | 5 ++--- source3/winbindd/wb_xids2sids.c | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c index 244a727e01b..10c1e8b1e7a 100644 --- a/source3/lib/idmap_cache.c +++ b/source3/lib/idmap_cache.c @@ -203,13 +203,11 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout, (struct idmap_cache_xid2sid_state *)private_data; char *value; - ZERO_STRUCTP(state->sid); - state->ret = false; - if ((blob.length == 0) || (blob.data[blob.length-1] != 0)) { /* * Not a string, can't be a valid mapping */ + state->ret = false; return; } @@ -219,6 +217,7 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout, /* * Return NULL SID, see comment to uid2sid */ + *state->sid = (struct dom_sid) {0}; state->ret = true; } else { state->ret = string_to_sid(state->sid, value); diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index fdd98a3d9bf..4aaabc1c15b 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -465,7 +465,7 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx, uint32_t i; for (i=0; i Date: Tue, 26 Feb 2019 12:52:28 +0100 Subject: [PATCH 03/12] winbind: Initialize "expired" parameter to idmap_cache_xid2sid The code in idmap_cache only touches its output parameters upon success Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 8c28c12702c0935a852c7fed6565987623f09fee) --- source3/winbindd/wb_xids2sids.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index 4aaabc1c15b..3267dfa0e81 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -466,7 +466,7 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx, for (i=0; i Date: Mon, 25 Feb 2019 14:55:00 +0100 Subject: [PATCH 04/12] winbind: Now we explicitly track if we got ids from cache This now properly makes us use negative cache entries Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 95d33ca79cc315f1a2e41cd60859ef01d6548c77) --- source3/winbindd/wb_xids2sids.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index 3267dfa0e81..2ba574664bf 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -246,6 +246,7 @@ static NTSTATUS wb_xids2sids_init_dom_maps_recv(struct tevent_req *req) struct wb_xids2sids_dom_state { struct tevent_context *ev; struct unixid *all_xids; + const bool *cached; size_t num_all_xids; struct dom_sid *all_sids; struct wb_xids2sids_dom_map *dom_map; @@ -262,7 +263,10 @@ static void wb_xids2sids_dom_gotdc(struct tevent_req *subreq); static struct tevent_req *wb_xids2sids_dom_send( TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct wb_xids2sids_dom_map *dom_map, - struct unixid *xids, size_t num_xids, struct dom_sid *sids) + struct unixid *xids, + const bool *cached, + size_t num_xids, + struct dom_sid *sids) { struct tevent_req *req, *subreq; struct wb_xids2sids_dom_state *state; @@ -276,6 +280,7 @@ static struct tevent_req *wb_xids2sids_dom_send( } state->ev = ev; state->all_xids = xids; + state->cached = cached; state->num_all_xids = num_xids; state->all_sids = sids; state->dom_map = dom_map; @@ -296,7 +301,7 @@ static struct tevent_req *wb_xids2sids_dom_send( /* out of range */ continue; } - if (!is_null_sid(&state->all_sids[i])) { + if (state->cached[i]) { /* already mapped */ continue; } @@ -363,7 +368,7 @@ static void wb_xids2sids_dom_done(struct tevent_req *subreq) /* out of range */ continue; } - if (!is_null_sid(&state->all_sids[i])) { + if (state->cached[i]) { /* already mapped */ continue; } @@ -520,7 +525,7 @@ static void wb_xids2sids_init_dom_maps_done(struct tevent_req *subreq) subreq = wb_xids2sids_dom_send( state, state->ev, &dom_maps[state->dom_idx], - state->xids, state->num_xids, state->sids); + state->xids, state->cached, state->num_xids, state->sids); if (tevent_req_nomem(subreq, req)) { return; } @@ -551,6 +556,7 @@ static void wb_xids2sids_done(struct tevent_req *subreq) state->ev, &dom_maps[state->dom_idx], state->xids, + state->cached, state->num_xids, state->sids); if (tevent_req_nomem(subreq, req)) { -- 2.17.0 From 35f4712f5bfa91951e1b30835127a4c2c63b5f76 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 14:32:52 +0100 Subject: [PATCH 05/12] idmap_cache: Introduce idmap_cache_find_xid2sid Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit bb8122dd8c53bb307819a79b7888cc0940a7c13b) --- source3/lib/idmap_cache.c | 36 ++++++++++++++++++++++++++++++++++++ source3/lib/idmap_cache.h | 2 ++ 2 files changed, 38 insertions(+) diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c index 10c1e8b1e7a..9d2149844ed 100644 --- a/source3/lib/idmap_cache.c +++ b/source3/lib/idmap_cache.c @@ -277,6 +277,42 @@ bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired) return state.ret; } +/** + * Find a xid2sid mapping + * @param[in] id the unix id to map + * @param[out] sid where to put the result + * @param[out] expired is the cache entry expired? + * @retval Was anything in the cache at all? + * + * If "is_null_sid(sid)", this was a negative mapping. + */ +bool idmap_cache_find_xid2sid( + const struct unixid *id, struct dom_sid *sid, bool *expired) +{ + struct idmap_cache_xid2sid_state state = { + .sid = sid, .expired = expired + }; + fstring key; + char c; + + switch (id->type) { + case ID_TYPE_UID: + c = 'U'; + break; + case ID_TYPE_GID: + c = 'G'; + break; + default: + return false; + } + + fstr_sprintf(key, "IDMAP/%cID2SID/%d", c, (int)id->id); + + gencache_parse(key, idmap_cache_xid2sid_parser, &state); + return state.ret; +} + + /** * Store a mapping in the idmap cache * @param[in] sid the sid to map diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h index dc497022e3b..d5afa170e1a 100644 --- a/source3/lib/idmap_cache.h +++ b/source3/lib/idmap_cache.h @@ -31,6 +31,8 @@ bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid, bool *expired); bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired); bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired); +bool idmap_cache_find_xid2sid( + const struct unixid *id, struct dom_sid *sid, bool *expired); void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id); bool idmap_cache_del_uid(uid_t uid); -- 2.17.0 From a98d00106ab55b4dbc9862275b18d949300acd80 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 27 Feb 2019 14:54:12 +0100 Subject: [PATCH 06/12] torture: Add tests for idmap cache Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit e5a903bab6eda8f7ff2a7c8149d51022d9d8aede) --- source3/selftest/tests.py | 1 + source3/torture/proto.h | 1 + source3/torture/test_idmap_cache.c | 122 +++++++++++++++++++++++++++++ source3/torture/torture.c | 1 + source3/wscript_build | 1 + 5 files changed, 126 insertions(+) create mode 100644 source3/torture/test_idmap_cache.c diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 30a93a2ee42..c5ecae8b63d 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -200,6 +200,7 @@ local_tests = [ "LOCAL-G-LOCK5", "LOCAL-G-LOCK6", "LOCAL-NAMEMAP-CACHE1", + "LOCAL-IDMAP-CACHE1", "LOCAL-hex_encode_buf", "LOCAL-remove_duplicate_addrs2"] diff --git a/source3/torture/proto.h b/source3/torture/proto.h index 669e077051e..b4a2007fa77 100644 --- a/source3/torture/proto.h +++ b/source3/torture/proto.h @@ -137,6 +137,7 @@ bool run_g_lock5(int dummy); bool run_g_lock6(int dummy); bool run_g_lock_ping_pong(int dummy); bool run_local_namemap_cache1(int dummy); +bool run_local_idmap_cache1(int dummy); bool run_hidenewfiles(int dummy); #endif /* __TORTURE_H__ */ diff --git a/source3/torture/test_idmap_cache.c b/source3/torture/test_idmap_cache.c new file mode 100644 index 00000000000..b9cba3b4a53 --- /dev/null +++ b/source3/torture/test_idmap_cache.c @@ -0,0 +1,122 @@ +/* + * Unix SMB/CIFS implementation. + * Test dbwrap_watch API + * Copyright (C) Volker Lendecke 2017 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include "includes.h" +#include "torture/proto.h" +#include "lib/idmap_cache.h" +#include "librpc/gen_ndr/idmap.h" +#include "libcli/security/dom_sid.h" + +bool run_local_idmap_cache1(int dummy) +{ + struct dom_sid sid, found_sid; + struct unixid xid, found_xid; + bool ret = false; + bool expired = false; + + xid = (struct unixid) { .id = 1234, .type = ID_TYPE_UID }; + dom_sid_parse("S-1-5-21-2864185242-3846410404-2398417794-1235", &sid); + idmap_cache_set_sid2unixid(&sid, &xid); + + ret = idmap_cache_find_sid2unixid(&sid, &found_xid, &expired); + if (!ret) { + fprintf(stderr, "idmap_cache_find_sid2unixid failed\n"); + goto done; + } + if (expired) { + fprintf(stderr, + "idmap_cache_find_sid2unixid returned an expired " + "value\n"); + goto done; + } + if ((xid.type != found_xid.type) || (xid.id != found_xid.id)) { + fprintf(stderr, + "idmap_cache_find_sid2unixid returned wrong " + "values\n"); + goto done; + } + + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired); + if (!ret) { + fprintf(stderr, "idmap_cache_find_xid2sid failed\n"); + goto done; + } + if (expired) { + fprintf(stderr, + "idmap_cache_find_xid2sid returned an expired " + "value\n"); + goto done; + } + if (!dom_sid_equal(&sid, &found_sid)) { + fprintf(stderr, + "idmap_cache_find_xid2sid returned wrong sid\n"); + goto done; + } + + xid.type = ID_TYPE_GID; + + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired); + if (ret) { + fprintf(stderr, + "idmap_cache_find_xid2sid found a GID where it " + "should not\n"); + goto done; + } + + idmap_cache_del_sid(&sid); + + xid.type = ID_TYPE_UID; + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired); + if (ret) { + fprintf(stderr, + "idmap_cache_find_xid2sid found a UID where it " + "should not\n"); + goto done; + } + + /* + * Test that negative mappings can also be cached + */ + sid = (struct dom_sid) {0}; + xid = (struct unixid) { .id = 1234, .type = ID_TYPE_UID }; + idmap_cache_set_sid2unixid(&sid, &xid); + + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired); + if (!ret) { + fprintf(stderr, + "idmap_cache_find_xid2sid failed to find " + "negative mapping\n"); + goto done; + } + if (expired) { + fprintf(stderr, + "idmap_cache_find_xid2sid returned an expired " + "value\n"); + goto done; + } + if (!dom_sid_equal(&sid, &found_sid)) { + fprintf(stderr, + "idmap_cache_find_xid2sid returned wrong sid\n"); + goto done; + } + + ret = true; +done: + return ret; +} diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 1849a8da0f8..d529087b37c 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -11879,6 +11879,7 @@ static struct { { "LOCAL-G-LOCK-PING-PONG", run_g_lock_ping_pong, 0 }, { "LOCAL-CANONICALIZE-PATH", run_local_canonicalize_path, 0 }, { "LOCAL-NAMEMAP-CACHE1", run_local_namemap_cache1, 0 }, + { "LOCAL-IDMAP-CACHE1", run_local_idmap_cache1, 0 }, { "qpathinfo-bufsize", run_qpathinfo_bufsize, 0 }, { "hide-new-files-timeout", run_hidenewfiles, 0 }, {NULL, NULL, 0}}; diff --git a/source3/wscript_build b/source3/wscript_build index 1ae91057f24..8d29db51f77 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -1198,6 +1198,7 @@ bld.SAMBA3_BINARY('smbtorture' + bld.env.suffix3, torture/wbc_async.c torture/test_g_lock.c torture/test_namemap_cache.c + torture/test_idmap_cache.c torture/test_hidenewfiles.c ''', deps=''' -- 2.17.0 From b01e2dcae6883d8ad71553b5f1f266c81953d8af Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 14:34:56 +0100 Subject: [PATCH 07/12] winbind: Use idmap_cache_find_xid2sid Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit bc9824bd42d9370279819ea0d927e236f6041324) --- source3/winbindd/wb_xids2sids.c | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index 2ba574664bf..c5a35275d53 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -473,19 +473,8 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx, struct dom_sid sid = {0}; bool ok, expired = true; - switch (xids[i].type) { - case ID_TYPE_UID: - ok = idmap_cache_find_uid2sid( - xids[i].id, &sid, &expired); - break; - case ID_TYPE_GID: - ok = idmap_cache_find_gid2sid( - xids[i].id, &sid, &expired); - break; - default: - ok = false; - } - + ok = idmap_cache_find_xid2sid( + &xids[i], &sid, &expired); if (ok && !expired) { sid_copy(&state->sids[i], &sid); state->cached[i] = true; -- 2.17.0 From e0d34fdd1abaed36a3853edd5b72383c2118723b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 14:45:32 +0100 Subject: [PATCH 08/12] lib: Introduce winbind_xid_to_sid This does not merge a winbind communication error into "global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not go along with is_null_sid(). Instead, this just touches the output sid when winbind returned success. This success might well be a negative mapping indicated by S-0-0, which *is* is_null_sid()... Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit ef706a3e63b3e25edd27e0f99c3e2d8ff7209cb6) --- source3/lib/winbind_util.c | 30 ++++++++++++++++++++++++++++++ source3/lib/winbind_util.h | 2 ++ 2 files changed, 32 insertions(+) diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c index a072166ce18..46c95ca3a28 100644 --- a/source3/lib/winbind_util.c +++ b/source3/lib/winbind_util.c @@ -198,6 +198,36 @@ bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid) return (result == WBC_ERR_SUCCESS); } +bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid) +{ + struct wbcUnixId wbc_xid; + struct wbcDomainSid dom_sid; + wbcErr result; + + switch (xid->type) { + case ID_TYPE_UID: + wbc_xid = (struct wbcUnixId) { + .type = WBC_ID_TYPE_UID, .id.uid = xid->id + }; + break; + case ID_TYPE_GID: + wbc_xid = (struct wbcUnixId) { + .type = WBC_ID_TYPE_GID, .id.gid = xid->id + }; + break; + default: + return false; + } + + result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid); + if (result != WBC_ERR_SUCCESS) { + return false; + } + + memcpy(sid, &dom_sid, sizeof(struct dom_sid)); + return true; +} + /* Check for a trusted domain */ wbcErr wb_is_trusted_domain(const char *domain) diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h index c2bf0e02d76..5ecda5a7b09 100644 --- a/source3/lib/winbind_util.h +++ b/source3/lib/winbind_util.h @@ -22,6 +22,7 @@ #define __LIB__WINBIND_UTIL_H__ #include "../librpc/gen_ndr/lsa.h" +#include "librpc/gen_ndr/idmap.h" /* needed for wbcErr below */ #include "nsswitch/libwbclient/wbclient.h" @@ -38,6 +39,7 @@ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid); bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid); bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid); bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid); +bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid); struct passwd * winbind_getpwnam(const char * sname); struct passwd * winbind_getpwsid(const struct dom_sid *sid); wbcErr wb_is_trusted_domain(const char *domain); -- 2.17.0 From b9a3e44b109e9dd25c1431f8228aaf93e306015b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 15:10:21 +0100 Subject: [PATCH 09/12] passdb: Introduce xid_to_sid This explicitly avoids the legacy_[ug]id_to_sid calls, which create long-term cache entries to S-1-22-x-y if anthing fails. We can't do this, because this will turn temporary winbind communication failures into long-term problems: A short hickup in winbind_uid_to_sid will create a mapping to S-1-22-1-uid for a week. It should be up to the lower layers to do the caching. Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 92f27ebb14c0c18b1d0fd49544ad851aeb14781c) --- source3/passdb/lookup_sid.c | 74 +++++++++++++++++++++++++++++++++++++ source3/passdb/lookup_sid.h | 1 + 2 files changed, 75 insertions(+) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 6bda783fa03..fe0ba51b413 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1349,6 +1349,80 @@ void gid_to_sid(struct dom_sid *psid, gid_t gid) return; } +void xid_to_sid(struct dom_sid *psid, const struct unixid *xid) +{ + bool expired = true; + bool ret; + struct dom_sid_buf buf; + + SMB_ASSERT(xid->type == ID_TYPE_UID || xid->type == ID_TYPE_GID); + + *psid = (struct dom_sid) {0}; + + ret = idmap_cache_find_xid2sid(xid, psid, &expired); + if (ret && !expired) { + DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n", + xid->type == ID_TYPE_UID ? 'U' : 'G', + xid->id, + dom_sid_str_buf(psid, &buf)); + goto done; + } + + ret = winbind_xid_to_sid(psid, xid); + if (ret) { + /* + * winbind can return an explicit negative mapping + * here. It's up to winbind to prime the cache either + * positively or negatively, don't mess with the cache + * here. + */ + DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n", + xid->type == ID_TYPE_UID ? 'U' : 'G', + xid->id, + dom_sid_str_buf(psid, &buf)); + goto done; + } + + { + /* + * Make a copy, pdb_id_to_sid might want to turn + * xid->type into ID_TYPE_BOTH, which we ignore here. + */ + struct unixid rw_xid = *xid; + + become_root(); + ret = pdb_id_to_sid(&rw_xid, psid); + unbecome_root(); + } + + if (ret) { + DBG_DEBUG("%cID %"PRIu32" -> %s from passdb\n", + xid->type == ID_TYPE_UID ? 'U' : 'G', + xid->id, + dom_sid_str_buf(psid, &buf)); + goto done; + } + +done: + if (is_null_sid(psid)) { + /* + * Nobody found anything: Return S-1-22-xx-yy. Don't + * store that in caches, this is up to the layers + * beneath us. + */ + if (xid->type == ID_TYPE_UID) { + uid_to_unix_users_sid(xid->id, psid); + } else { + gid_to_unix_groups_sid(xid->id, psid); + } + + DBG_DEBUG("%cID %"PRIu32" -> %s fallback\n", + xid->type == ID_TYPE_UID ? 'U' : 'G', + xid->id, + dom_sid_str_buf(psid, &buf)); + } +} + bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, struct unixid *ids) { diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h index 8b5edf6bcb8..8a21cca2a4d 100644 --- a/source3/passdb/lookup_sid.h +++ b/source3/passdb/lookup_sid.h @@ -83,6 +83,7 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, enum lsa_SidType *ret_type); void uid_to_sid(struct dom_sid *psid, uid_t uid); void gid_to_sid(struct dom_sid *psid, gid_t gid); +void xid_to_sid(struct dom_sid *psid, const struct unixid *xid); bool sid_to_uid(const struct dom_sid *psid, uid_t *puid); bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid); bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, -- 2.17.0 From 30ce0bc414ee851bf2aa72c1b94757623f8cb03f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 15:17:36 +0100 Subject: [PATCH 10/12] passdb: Make [ug]id_to_sid use xid_to_sid Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 40de67f1fcc46b7a64a7364c91dcedb474826d51) --- source3/passdb/lookup_sid.c | 205 +++--------------------------------- 1 file changed, 12 insertions(+), 193 deletions(-) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index fe0ba51b413..2281bd0b64d 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1108,99 +1108,6 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, return ret; } -/***************************************************************** - Id mapping cache. This is to avoid Winbind mappings already - seen by smbd to be queried too frequently, keeping winbindd - busy, and blocking smbd while winbindd is busy with other - stuff. Written by Michael Steffens , - modified to use linked lists by jra. -*****************************************************************/ - - -/***************************************************************** - *THE LEGACY* convert uid_t to SID function. -*****************************************************************/ - -static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid) -{ - bool ret; - struct unixid id; - struct dom_sid_buf buf; - - ZERO_STRUCTP(psid); - - id.id = uid; - id.type = ID_TYPE_UID; - - become_root(); - ret = pdb_id_to_sid(&id, psid); - unbecome_root(); - - if (ret) { - /* This is a mapped user */ - goto done; - } - - /* This is an unmapped user */ - - uid_to_unix_users_sid(uid, psid); - - { - struct unixid xid = { - .id = uid, .type = ID_TYPE_UID - }; - idmap_cache_set_sid2unixid(psid, &xid); - } - - done: - DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid, - dom_sid_str_buf(psid, &buf))); - - return; -} - -/***************************************************************** - *THE LEGACY* convert gid_t to SID function. -*****************************************************************/ - -static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid) -{ - bool ret; - struct unixid id; - struct dom_sid_buf buf; - - ZERO_STRUCTP(psid); - - id.id = gid; - id.type = ID_TYPE_GID; - - become_root(); - ret = pdb_id_to_sid(&id, psid); - unbecome_root(); - - if (ret) { - /* This is a mapped group */ - goto done; - } - - /* This is an unmapped group */ - - gid_to_unix_groups_sid(gid, psid); - - { - struct unixid xid = { - .id = gid, .type = ID_TYPE_GID - }; - idmap_cache_set_sid2unixid(psid, &xid); - } - - done: - DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid, - dom_sid_str_buf(psid, &buf))); - - return; -} - /***************************************************************** *THE LEGACY* convert SID to id function. *****************************************************************/ @@ -1249,106 +1156,6 @@ static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid) return false; } -/***************************************************************** - *THE CANONICAL* convert uid_t to SID function. -*****************************************************************/ - -void uid_to_sid(struct dom_sid *psid, uid_t uid) -{ - bool expired = true; - bool ret; - struct dom_sid_buf buf; - ZERO_STRUCTP(psid); - - /* Check the winbindd cache directly. */ - ret = idmap_cache_find_uid2sid(uid, psid, &expired); - - if (ret && !expired && is_null_sid(psid)) { - /* - * Negative cache entry, we already asked. - * do legacy. - */ - legacy_uid_to_sid(psid, uid); - return; - } - - if (!ret || expired) { - /* Not in cache. Ask winbindd. */ - if (!winbind_uid_to_sid(psid, uid)) { - /* - * We shouldn't return the NULL SID - * here if winbind was running and - * couldn't map, as winbind will have - * added a negative entry that will - * cause us to go though the - * legacy_uid_to_sid() - * function anyway in the case above - * the next time we ask. - */ - DEBUG(5, ("uid_to_sid: winbind failed to find a sid " - "for uid %u\n", (unsigned int)uid)); - - legacy_uid_to_sid(psid, uid); - return; - } - } - - DEBUG(10,("uid %u -> sid %s\n", (unsigned int)uid, - dom_sid_str_buf(psid, &buf))); - - return; -} - -/***************************************************************** - *THE CANONICAL* convert gid_t to SID function. -*****************************************************************/ - -void gid_to_sid(struct dom_sid *psid, gid_t gid) -{ - bool expired = true; - bool ret; - struct dom_sid_buf buf; - ZERO_STRUCTP(psid); - - /* Check the winbindd cache directly. */ - ret = idmap_cache_find_gid2sid(gid, psid, &expired); - - if (ret && !expired && is_null_sid(psid)) { - /* - * Negative cache entry, we already asked. - * do legacy. - */ - legacy_gid_to_sid(psid, gid); - return; - } - - if (!ret || expired) { - /* Not in cache. Ask winbindd. */ - if (!winbind_gid_to_sid(psid, gid)) { - /* - * We shouldn't return the NULL SID - * here if winbind was running and - * couldn't map, as winbind will have - * added a negative entry that will - * cause us to go though the - * legacy_gid_to_sid() - * function anyway in the case above - * the next time we ask. - */ - DEBUG(5, ("gid_to_sid: winbind failed to find a sid " - "for gid %u\n", (unsigned int)gid)); - - legacy_gid_to_sid(psid, gid); - return; - } - } - - DEBUG(10,("gid %u -> sid %s\n", (unsigned int)gid, - dom_sid_str_buf(psid, &buf))); - - return; -} - void xid_to_sid(struct dom_sid *psid, const struct unixid *xid) { bool expired = true; @@ -1423,6 +1230,18 @@ done: } } +void uid_to_sid(struct dom_sid *psid, uid_t uid) +{ + struct unixid xid = { .type = ID_TYPE_UID, .id = uid}; + xid_to_sid(psid, &xid); +} + +void gid_to_sid(struct dom_sid *psid, gid_t gid) +{ + struct unixid xid = { .type = ID_TYPE_GID, .id = gid}; + xid_to_sid(psid, &xid); +} + bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, struct unixid *ids) { -- 2.17.0 From ce75e0380200c938c56666f99339b50d0bf1fdc3 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 15:23:17 +0100 Subject: [PATCH 11/12] lib: Remove some unused code Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Thu Feb 28 13:53:41 UTC 2019 on sn-devel-144 (cherry picked from commit c906153cc7af21abe508ddd30c447642327d6a5d) --- source3/include/passdb.h | 5 - source3/lib/idmap_cache.c | 50 ---- source3/lib/idmap_cache.h | 2 - source3/lib/winbind_util.c | 34 --- source3/lib/winbind_util.h | 2 - source3/passdb/ABI/samba-passdb-0.27.2.sigs | 306 ++++++++++++++++++++ source3/passdb/pdb_unixid.c | 47 --- source3/wscript_build | 5 +- 8 files changed, 308 insertions(+), 143 deletions(-) create mode 100644 source3/passdb/ABI/samba-passdb-0.27.2.sigs delete mode 100644 source3/passdb/pdb_unixid.c diff --git a/source3/include/passdb.h b/source3/include/passdb.h index 950c439e7a1..57f1b504941 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -976,11 +976,6 @@ NTSTATUS create_builtin_guests(const struct dom_sid *dom_sid); #include "passdb/machine_sid.h" #include "passdb/lookup_sid.h" -/* The following definitions come from passdb/pdb_unixid.c */ -void unixid_from_uid(struct unixid *id, uint32_t some_uid); -void unixid_from_gid(struct unixid *id, uint32_t some_gid); -void unixid_from_both(struct unixid *id, uint32_t some_id); - /* The following definitions come from passdb/pdb_secrets.c * and should be used by PDB modules if they need to store * sid/guid information for the domain in secrets database diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c index 9d2149844ed..d5a60e73403 100644 --- a/source3/lib/idmap_cache.c +++ b/source3/lib/idmap_cache.c @@ -227,56 +227,6 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout, } } -/** - * Find a uid2sid mapping - * @param[in] uid the uid to map - * @param[out] sid where to put the result - * @param[out] expired is the cache entry expired? - * @retval Was anything in the cache at all? - * - * If "is_null_sid(sid)", this was a negative mapping. - */ - -bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired) -{ - fstring key; - struct idmap_cache_xid2sid_state state; - - fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)uid); - - state.sid = sid; - state.expired = expired; - state.ret = false; - - gencache_parse(key, idmap_cache_xid2sid_parser, &state); - return state.ret; -} - -/** - * Find a gid2sid mapping - * @param[in] gid the gid to map - * @param[out] sid where to put the result - * @param[out] expired is the cache entry expired? - * @retval Was anything in the cache at all? - * - * If "is_null_sid(sid)", this was a negative mapping. - */ - -bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired) -{ - fstring key; - struct idmap_cache_xid2sid_state state; - - fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)gid); - - state.sid = sid; - state.expired = expired; - state.ret = false; - - gencache_parse(key, idmap_cache_xid2sid_parser, &state); - return state.ret; -} - /** * Find a xid2sid mapping * @param[in] id the unix id to map diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h index d5afa170e1a..5a90902e720 100644 --- a/source3/lib/idmap_cache.h +++ b/source3/lib/idmap_cache.h @@ -29,8 +29,6 @@ bool idmap_cache_find_sid2uid(const struct dom_sid *sid, uid_t *puid, bool *expired); bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid, bool *expired); -bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired); -bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired); bool idmap_cache_find_xid2sid( const struct unixid *id, struct dom_sid *sid, bool *expired); void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id); diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c index 46c95ca3a28..fe35a6f78d1 100644 --- a/source3/lib/winbind_util.c +++ b/source3/lib/winbind_util.c @@ -150,23 +150,6 @@ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid) return (result == WBC_ERR_SUCCESS); } -/* Call winbindd to convert uid to sid */ - -bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid) -{ - struct wbcDomainSid dom_sid; - wbcErr result; - - result = wbcUidToSid(uid, &dom_sid); - if (result == WBC_ERR_SUCCESS) { - memcpy(sid, &dom_sid, sizeof(struct dom_sid)); - } else { - sid_copy(sid, &global_sid_NULL); - } - - return (result == WBC_ERR_SUCCESS); -} - /* Call winbindd to convert SID to gid */ bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid) @@ -181,23 +164,6 @@ bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid) return (result == WBC_ERR_SUCCESS); } -/* Call winbindd to convert gid to sid */ - -bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid) -{ - struct wbcDomainSid dom_sid; - wbcErr result; - - result = wbcGidToSid(gid, &dom_sid); - if (result == WBC_ERR_SUCCESS) { - memcpy(sid, &dom_sid, sizeof(struct dom_sid)); - } else { - sid_copy(sid, &global_sid_NULL); - } - - return (result == WBC_ERR_SUCCESS); -} - bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid) { struct wbcUnixId wbc_xid; diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h index 5ecda5a7b09..6056190d7a4 100644 --- a/source3/lib/winbind_util.h +++ b/source3/lib/winbind_util.h @@ -36,9 +36,7 @@ bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, enum lsa_SidType *name_type); bool winbind_ping(void); bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid); -bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid); bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid); -bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid); bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid); struct passwd * winbind_getpwnam(const char * sname); struct passwd * winbind_getpwsid(const struct dom_sid *sid); diff --git a/source3/passdb/ABI/samba-passdb-0.27.2.sigs b/source3/passdb/ABI/samba-passdb-0.27.2.sigs new file mode 100644 index 00000000000..06fc3b76974 --- /dev/null +++ b/source3/passdb/ABI/samba-passdb-0.27.2.sigs @@ -0,0 +1,306 @@ +PDB_secrets_clear_domain_protection: bool (const char *) +PDB_secrets_fetch_domain_guid: bool (const char *, struct GUID *) +PDB_secrets_fetch_domain_sid: bool (const char *, struct dom_sid *) +PDB_secrets_mark_domain_protected: bool (const char *) +PDB_secrets_store_domain_guid: bool (const char *, struct GUID *) +PDB_secrets_store_domain_sid: bool (const char *, const struct dom_sid *) +account_policy_get: bool (enum pdb_policy_type, uint32_t *) +account_policy_get_default: bool (enum pdb_policy_type, uint32_t *) +account_policy_get_desc: const char *(enum pdb_policy_type) +account_policy_name_to_typenum: enum pdb_policy_type (const char *) +account_policy_names_list: void (TALLOC_CTX *, const char ***, int *) +account_policy_set: bool (enum pdb_policy_type, uint32_t) +add_initial_entry: NTSTATUS (gid_t, const char *, enum lsa_SidType, const char *, const char *) +algorithmic_pdb_gid_to_group_rid: uint32_t (gid_t) +algorithmic_pdb_rid_is_user: bool (uint32_t) +algorithmic_pdb_uid_to_user_rid: uint32_t (uid_t) +algorithmic_pdb_user_rid_to_uid: uid_t (uint32_t) +algorithmic_rid_base: int (void) +builtin_domain_name: const char *(void) +cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *) +cache_account_policy_set: bool (enum pdb_policy_type, uint32_t) +create_builtin_administrators: NTSTATUS (const struct dom_sid *) +create_builtin_guests: NTSTATUS (const struct dom_sid *) +create_builtin_users: NTSTATUS (const struct dom_sid *) +decode_account_policy_name: const char *(enum pdb_policy_type) +get_account_pol_db: struct db_context *(void) +get_account_policy_attr: const char *(enum pdb_policy_type) +get_domain_group_from_sid: bool (struct dom_sid, GROUP_MAP *) +get_primary_group_sid: NTSTATUS (TALLOC_CTX *, const char *, struct passwd **, struct dom_sid **) +get_privileges_for_sid_as_set: NTSTATUS (TALLOC_CTX *, PRIVILEGE_SET **, struct dom_sid *) +get_privileges_for_sids: bool (uint64_t *, struct dom_sid *, int) +get_trust_pw_clear: bool (const char *, char **, const char **, enum netr_SchannelType *) +get_trust_pw_hash: bool (const char *, uint8_t *, const char **, enum netr_SchannelType *) +gid_to_sid: void (struct dom_sid *, gid_t) +gid_to_unix_groups_sid: void (gid_t, struct dom_sid *) +grab_named_mutex: struct named_mutex *(TALLOC_CTX *, const char *, int) +grant_all_privileges: bool (const struct dom_sid *) +grant_privilege_by_name: bool (const struct dom_sid *, const char *) +grant_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *) +groupdb_tdb_init: const struct mapping_backend *(void) +init_account_policy: bool (void) +init_buffer_from_samu: uint32_t (uint8_t **, struct samu *, bool) +init_samu_from_buffer: bool (struct samu *, uint32_t, uint8_t *, uint32_t) +initialize_password_db: bool (bool, struct tevent_context *) +is_dc_trusted_domain_situation: bool (const char *) +is_privileged_sid: bool (const struct dom_sid *) +local_password_change: NTSTATUS (const char *, int, const char *, char **, char **) +login_cache_delentry: bool (const struct samu *) +login_cache_init: bool (void) +login_cache_read: bool (struct samu *, struct login_cache *) +login_cache_shutdown: bool (void) +login_cache_write: bool (const struct samu *, const struct login_cache *) +lookup_builtin_name: bool (const char *, uint32_t *) +lookup_builtin_rid: bool (TALLOC_CTX *, uint32_t, const char **) +lookup_global_sam_name: bool (const char *, int, uint32_t *, enum lsa_SidType *) +lookup_name: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *) +lookup_name_smbconf: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *) +lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *) +lookup_sids: NTSTATUS (TALLOC_CTX *, int, const struct dom_sid **, int, struct lsa_dom_info **, struct lsa_name_info **) +lookup_wellknown_name: bool (TALLOC_CTX *, const char *, struct dom_sid *, const char **) +lookup_wellknown_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **) +make_pdb_method: NTSTATUS (struct pdb_methods **) +make_pdb_method_name: NTSTATUS (struct pdb_methods **, const char *) +max_algorithmic_gid: gid_t (void) +max_algorithmic_uid: uid_t (void) +pdb_add_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *) +pdb_add_group_mapping_entry: NTSTATUS (GROUP_MAP *) +pdb_add_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) +pdb_add_sam_account: NTSTATUS (struct samu *) +pdb_build_fields_present: uint32_t (struct samu *) +pdb_capabilities: uint32_t (void) +pdb_copy_sam_account: bool (struct samu *, struct samu *) +pdb_create_alias: NTSTATUS (const char *, uint32_t *) +pdb_create_builtin: NTSTATUS (uint32_t) +pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t) +pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *) +pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *) +pdb_decode_acct_ctrl: uint32_t (const char *) +pdb_default_add_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *) +pdb_default_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) +pdb_default_alias_memberships: NTSTATUS (struct pdb_methods *, TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) +pdb_default_create_alias: NTSTATUS (struct pdb_methods *, const char *, uint32_t *) +pdb_default_del_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *) +pdb_default_delete_alias: NTSTATUS (struct pdb_methods *, const struct dom_sid *) +pdb_default_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid) +pdb_default_enum_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) +pdb_default_enum_group_mapping: NTSTATUS (struct pdb_methods *, const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) +pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *) +pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t) +pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *) +pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid) +pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *) +pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) +pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *) +pdb_del_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) +pdb_del_trusted_domain: NTSTATUS (const char *) +pdb_del_trusteddom_pw: bool (const char *) +pdb_delete_alias: NTSTATUS (const struct dom_sid *) +pdb_delete_dom_group: NTSTATUS (TALLOC_CTX *, uint32_t) +pdb_delete_group_mapping_entry: NTSTATUS (struct dom_sid) +pdb_delete_sam_account: NTSTATUS (struct samu *) +pdb_delete_secret: NTSTATUS (const char *) +pdb_delete_user: NTSTATUS (TALLOC_CTX *, struct samu *) +pdb_element_is_changed: bool (const struct samu *, enum pdb_elements) +pdb_element_is_set_or_changed: bool (const struct samu *, enum pdb_elements) +pdb_encode_acct_ctrl: char *(uint32_t, size_t) +pdb_enum_alias_memberships: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) +pdb_enum_aliasmem: NTSTATUS (const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) +pdb_enum_group_mapping: bool (const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) +pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, uint32_t **, size_t *) +pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, struct dom_sid **, gid_t **, uint32_t *) +pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct pdb_trusted_domain ***) +pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***) +pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***) +pdb_find_backend_entry: struct pdb_init_function_entry *(const char *) +pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *) +pdb_get_acct_ctrl: uint32_t (const struct samu *) +pdb_get_acct_desc: const char *(const struct samu *) +pdb_get_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *) +pdb_get_backend_private_data: void *(const struct samu *, const struct pdb_methods *) +pdb_get_backends: const struct pdb_init_function_entry *(void) +pdb_get_bad_password_count: uint16_t (const struct samu *) +pdb_get_bad_password_time: time_t (const struct samu *) +pdb_get_code_page: uint16_t (const struct samu *) +pdb_get_comment: const char *(const struct samu *) +pdb_get_country_code: uint16_t (const struct samu *) +pdb_get_dir_drive: const char *(const struct samu *) +pdb_get_domain: const char *(const struct samu *) +pdb_get_domain_info: struct pdb_domain_info *(TALLOC_CTX *) +pdb_get_fullname: const char *(const struct samu *) +pdb_get_group_rid: uint32_t (struct samu *) +pdb_get_group_sid: const struct dom_sid *(struct samu *) +pdb_get_homedir: const char *(const struct samu *) +pdb_get_hours: const uint8_t *(const struct samu *) +pdb_get_hours_len: uint32_t (const struct samu *) +pdb_get_init_flags: enum pdb_value_state (const struct samu *, enum pdb_elements) +pdb_get_kickoff_time: time_t (const struct samu *) +pdb_get_lanman_passwd: const uint8_t *(const struct samu *) +pdb_get_logoff_time: time_t (const struct samu *) +pdb_get_logon_count: uint16_t (const struct samu *) +pdb_get_logon_divs: uint16_t (const struct samu *) +pdb_get_logon_script: const char *(const struct samu *) +pdb_get_logon_time: time_t (const struct samu *) +pdb_get_munged_dial: const char *(const struct samu *) +pdb_get_nt_passwd: const uint8_t *(const struct samu *) +pdb_get_nt_username: const char *(const struct samu *) +pdb_get_pass_can_change: bool (const struct samu *) +pdb_get_pass_can_change_time: time_t (const struct samu *) +pdb_get_pass_can_change_time_noncalc: time_t (const struct samu *) +pdb_get_pass_last_set_time: time_t (const struct samu *) +pdb_get_pass_must_change_time: time_t (const struct samu *) +pdb_get_plaintext_passwd: const char *(const struct samu *) +pdb_get_profile_path: const char *(const struct samu *) +pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *) +pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **) +pdb_get_seq_num: bool (time_t *) +pdb_get_tevent_context: struct tevent_context *(void) +pdb_get_trust_credentials: NTSTATUS (const char *, const char *, TALLOC_CTX *, struct cli_credentials **) +pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **) +pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **) +pdb_get_trusteddom_creds: NTSTATUS (const char *, TALLOC_CTX *, struct cli_credentials **) +pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *) +pdb_get_unknown_6: uint32_t (const struct samu *) +pdb_get_user_rid: uint32_t (const struct samu *) +pdb_get_user_sid: const struct dom_sid *(const struct samu *) +pdb_get_username: const char *(const struct samu *) +pdb_get_workstations: const char *(const struct samu *) +pdb_getgrgid: bool (GROUP_MAP *, gid_t) +pdb_getgrnam: bool (GROUP_MAP *, const char *) +pdb_getgrsid: bool (GROUP_MAP *, struct dom_sid) +pdb_gethexhours: bool (const char *, unsigned char *) +pdb_gethexpwd: bool (const char *, unsigned char *) +pdb_getsampwnam: bool (struct samu *, const char *) +pdb_getsampwsid: bool (struct samu *, const struct dom_sid *) +pdb_group_rid_to_gid: gid_t (uint32_t) +pdb_id_to_sid: bool (struct unixid *, struct dom_sid *) +pdb_increment_bad_password_count: bool (struct samu *) +pdb_is_password_change_time_max: bool (time_t) +pdb_is_responsible_for_builtin: bool (void) +pdb_is_responsible_for_everything_else: bool (void) +pdb_is_responsible_for_our_sam: bool (void) +pdb_is_responsible_for_unix_groups: bool (void) +pdb_is_responsible_for_unix_users: bool (void) +pdb_is_responsible_for_wellknown: bool (void) +pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *, const char **, enum lsa_SidType *) +pdb_new_rid: bool (uint32_t *) +pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) +pdb_nop_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid) +pdb_nop_enum_group_mapping: NTSTATUS (struct pdb_methods *, enum lsa_SidType, GROUP_MAP **, size_t *, bool) +pdb_nop_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t) +pdb_nop_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *) +pdb_nop_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid) +pdb_nop_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) +pdb_rename_sam_account: NTSTATUS (struct samu *, const char *) +pdb_search_aliases: struct pdb_search *(TALLOC_CTX *, const struct dom_sid *) +pdb_search_entries: uint32_t (struct pdb_search *, uint32_t, uint32_t, struct samr_displayentry **) +pdb_search_groups: struct pdb_search *(TALLOC_CTX *) +pdb_search_users: struct pdb_search *(TALLOC_CTX *, uint32_t) +pdb_set_account_policy: bool (enum pdb_policy_type, uint32_t) +pdb_set_acct_ctrl: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_acct_desc: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *) +pdb_set_backend_private_data: bool (struct samu *, void *, void (*)(void **), const struct pdb_methods *, enum pdb_value_state) +pdb_set_bad_password_count: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_bad_password_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_code_page: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_comment: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_country_code: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_dir_drive: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_domain: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_fullname: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_group_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state) +pdb_set_group_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_homedir: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_hours: bool (struct samu *, const uint8_t *, int, enum pdb_value_state) +pdb_set_hours_len: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_init_flags: bool (struct samu *, enum pdb_elements, enum pdb_value_state) +pdb_set_kickoff_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_lanman_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state) +pdb_set_logoff_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_logon_count: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_logon_divs: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_logon_script: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_logon_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_munged_dial: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_nt_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state) +pdb_set_nt_username: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_pass_can_change: bool (struct samu *, bool) +pdb_set_pass_can_change_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_pass_last_set_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_plaintext_passwd: bool (struct samu *, const char *) +pdb_set_plaintext_pw_only: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_profile_path: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_pw_history: bool (struct samu *, const uint8_t *, uint32_t, enum pdb_value_state) +pdb_set_secret: NTSTATUS (const char *, DATA_BLOB *, DATA_BLOB *, struct security_descriptor *) +pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_trusted_domain *) +pdb_set_trusteddom_pw: bool (const char *, const char *, const struct dom_sid *) +pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *) +pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **) +pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state) +pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_user_sid_from_string: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_username: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_workstations: bool (struct samu *, const char *, enum pdb_value_state) +pdb_sethexhours: void (char *, const unsigned char *) +pdb_sethexpwd: void (char *, const unsigned char *, uint32_t) +pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *) +pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, struct unixid *) +pdb_update_autolock_flag: bool (struct samu *, bool *) +pdb_update_bad_password_count: bool (struct samu *, bool *) +pdb_update_group_mapping_entry: NTSTATUS (GROUP_MAP *) +pdb_update_history: bool (struct samu *, const uint8_t *) +pdb_update_login_attempts: NTSTATUS (struct samu *, bool) +pdb_update_sam_account: NTSTATUS (struct samu *) +privilege_create_account: NTSTATUS (const struct dom_sid *) +privilege_delete_account: NTSTATUS (const struct dom_sid *) +privilege_enum_sids: NTSTATUS (enum sec_privilege, TALLOC_CTX *, struct dom_sid **, int *) +privilege_enumerate_accounts: NTSTATUS (struct dom_sid **, int *) +revoke_all_privileges: bool (const struct dom_sid *) +revoke_privilege_by_name: bool (const struct dom_sid *, const char *) +revoke_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *) +samu_alloc_rid_unix: NTSTATUS (struct pdb_methods *, struct samu *, const struct passwd *) +samu_new: struct samu *(TALLOC_CTX *) +samu_set_unix: NTSTATUS (struct samu *, const struct passwd *) +secrets_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***) +sid_check_is_builtin: bool (const struct dom_sid *) +sid_check_is_for_passdb: bool (const struct dom_sid *) +sid_check_is_in_builtin: bool (const struct dom_sid *) +sid_check_is_in_unix_groups: bool (const struct dom_sid *) +sid_check_is_in_unix_users: bool (const struct dom_sid *) +sid_check_is_in_wellknown_domain: bool (const struct dom_sid *) +sid_check_is_unix_groups: bool (const struct dom_sid *) +sid_check_is_unix_users: bool (const struct dom_sid *) +sid_check_is_wellknown_builtin: bool (const struct dom_sid *) +sid_check_is_wellknown_domain: bool (const struct dom_sid *, const char **) +sid_check_object_is_for_passdb: bool (const struct dom_sid *) +sid_to_gid: bool (const struct dom_sid *, gid_t *) +sid_to_uid: bool (const struct dom_sid *, uid_t *) +sids_to_unixids: bool (const struct dom_sid *, uint32_t, struct unixid *) +smb_add_user_group: int (const char *, const char *) +smb_create_group: int (const char *, gid_t *) +smb_delete_group: int (const char *) +smb_delete_user_group: int (const char *, const char *) +smb_nscd_flush_group_cache: void (void) +smb_nscd_flush_user_cache: void (void) +smb_register_passdb: NTSTATUS (int, const char *, pdb_init_function) +smb_set_primary_group: int (const char *, const char *) +uid_to_sid: void (struct dom_sid *, uid_t) +uid_to_unix_users_sid: void (uid_t, struct dom_sid *) +unix_groups_domain_name: const char *(void) +unix_users_domain_name: const char *(void) +wb_is_trusted_domain: wbcErr (const char *) +winbind_allocate_gid: bool (gid_t *) +winbind_allocate_uid: bool (uid_t *) +winbind_getpwnam: struct passwd *(const char *) +winbind_getpwsid: struct passwd *(const struct dom_sid *) +winbind_lookup_name: bool (const char *, const char *, struct dom_sid *, enum lsa_SidType *) +winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, int, uint32_t *, const char **, const char ***, enum lsa_SidType **) +winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *) +winbind_lookup_usersids: bool (TALLOC_CTX *, const struct dom_sid *, uint32_t *, struct dom_sid **) +winbind_ping: bool (void) +winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *) +winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *) +winbind_xid_to_sid: bool (struct dom_sid *, const struct unixid *) +xid_to_sid: void (struct dom_sid *, const struct unixid *) diff --git a/source3/passdb/pdb_unixid.c b/source3/passdb/pdb_unixid.c deleted file mode 100644 index 59b157668a2..00000000000 --- a/source3/passdb/pdb_unixid.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * IDMAP unixid utility functions - * Copyright (C) Alexander Bokovoy 2012 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#include "includes.h" -#include "passdb.h" -#include "../librpc/gen_ndr/idmap.h" - -void unixid_from_uid(struct unixid *id, uint32_t some_uid) -{ - if(id) { - id->id = some_uid; - id->type = ID_TYPE_UID; - } -} - -void unixid_from_gid(struct unixid *id, uint32_t some_gid) -{ - if(id) { - id->id = some_gid; - id->type = ID_TYPE_GID; - } -} - -void unixid_from_both(struct unixid *id, uint32_t some_id) -{ - if(id) { - id->id = some_id; - id->type = ID_TYPE_BOTH; - } -} - diff --git a/source3/wscript_build b/source3/wscript_build index 8d29db51f77..e64c7cc45c0 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -149,7 +149,7 @@ bld.SAMBA3_LIBRARY('samba-passdb', ''', abi_match=private_pdb_match, abi_directory='passdb/ABI', - vnum='0.27.1') + vnum='0.27.2') bld.SAMBA3_SUBSYSTEM('pdb', source=''' @@ -168,8 +168,7 @@ bld.SAMBA3_SUBSYSTEM('pdb', lib/winbind_util.c passdb/pdb_util.c passdb/pdb_interface.c - passdb/pdb_secrets.c - passdb/pdb_unixid.c''', + passdb/pdb_secrets.c''', deps=''' secrets3 GROUPDB -- 2.17.0 From f0783d80515919e587dc036c80417d8ce3a20426 Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Mon, 4 Mar 2019 14:13:22 -0700 Subject: [PATCH 12/12] passdb: Increase ABI version to 0.28.0 The change from c906153cc lib: Remove some unused code removed functions, but only updated the minor version of the ABI. Update the passdb version to 0.28.0 to reflect this change and also remove the 0.27.2 file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13813 Signed-off-by: Christof Schmitt (cherry picked from commit 600c19fd31b9a596e4de1e56dd10f25cd1bf8780) --- .../ABI/{samba-passdb-0.27.2.sigs => samba-passdb-0.28.0.sigs} | 0 source3/wscript_build | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename source3/passdb/ABI/{samba-passdb-0.27.2.sigs => samba-passdb-0.28.0.sigs} (100%) diff --git a/source3/passdb/ABI/samba-passdb-0.27.2.sigs b/source3/passdb/ABI/samba-passdb-0.28.0.sigs similarity index 100% rename from source3/passdb/ABI/samba-passdb-0.27.2.sigs rename to source3/passdb/ABI/samba-passdb-0.28.0.sigs diff --git a/source3/wscript_build b/source3/wscript_build index e64c7cc45c0..375cfa1af9e 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -149,7 +149,7 @@ bld.SAMBA3_LIBRARY('samba-passdb', ''', abi_match=private_pdb_match, abi_directory='passdb/ABI', - vnum='0.27.2') + vnum='0.28.0') bld.SAMBA3_SUBSYSTEM('pdb', source=''' -- 2.17.0