From 9789ca6359c85489a524c2affd3a9790ff028000 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 25 Feb 2019 14:38:50 +0100 Subject: [PATCH 01/13] lib: Make idmap_cache return negative mappings Without this we'd query non-existent mappings over and over again. Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit d9303e8eb90d48f09f2e2e8bdf01f4a7c3c21d11) --- source3/lib/idmap_cache.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c index 77618dd5aa1..244a727e01b 100644 --- a/source3/lib/idmap_cache.c +++ b/source3/lib/idmap_cache.c @@ -215,7 +215,12 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout, value = (char *)blob.data; - if (value[0] != '-') { + if ((value[0] == '-') && (value[1] == '\0')) { + /* + * Return NULL SID, see comment to uid2sid + */ + state->ret = true; + } else { state->ret = string_to_sid(state->sid, value); } if (state->ret) { -- 2.21.0.352.gf09ad66450-goog From 40320cc7c6d3ed7a5c208945e76404b54e795dbe Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 12:46:39 +0100 Subject: [PATCH 02/13] idmap_cache: Only touch "sid" on success in find_xid_to_sid Why? This makes the negative mapping condition (is_null_sid) more explicit in the code. The callers in lookup_sid initialized "psid" anyway before, and the ones in wb_xids2sids now do as well. This is more in line with other APIs we have: Only touch output parameters if you have something to say. Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 4faf3e9f6da7515fc263d79f77226d105c2f8524) --- source3/lib/idmap_cache.c | 5 ++--- source3/winbindd/wb_xids2sids.c | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c index 244a727e01b..10c1e8b1e7a 100644 --- a/source3/lib/idmap_cache.c +++ b/source3/lib/idmap_cache.c @@ -203,13 +203,11 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout, (struct idmap_cache_xid2sid_state *)private_data; char *value; - ZERO_STRUCTP(state->sid); - state->ret = false; - if ((blob.length == 0) || (blob.data[blob.length-1] != 0)) { /* * Not a string, can't be a valid mapping */ + state->ret = false; return; } @@ -219,6 +217,7 @@ static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout, /* * Return NULL SID, see comment to uid2sid */ + *state->sid = (struct dom_sid) {0}; state->ret = true; } else { state->ret = string_to_sid(state->sid, value); diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index fdd98a3d9bf..4aaabc1c15b 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -465,7 +465,7 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx, uint32_t i; for (i=0; i Date: Tue, 26 Feb 2019 12:52:28 +0100 Subject: [PATCH 03/13] winbind: Initialize "expired" parameter to idmap_cache_xid2sid The code in idmap_cache only touches its output parameters upon success Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 8c28c12702c0935a852c7fed6565987623f09fee) --- source3/winbindd/wb_xids2sids.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index 4aaabc1c15b..3267dfa0e81 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -466,7 +466,7 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx, for (i=0; i Date: Mon, 25 Feb 2019 14:55:00 +0100 Subject: [PATCH 04/13] winbind: Now we explicitly track if we got ids from cache This now properly makes us use negative cache entries Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 95d33ca79cc315f1a2e41cd60859ef01d6548c77) --- source3/winbindd/wb_xids2sids.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index 3267dfa0e81..2ba574664bf 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -246,6 +246,7 @@ static NTSTATUS wb_xids2sids_init_dom_maps_recv(struct tevent_req *req) struct wb_xids2sids_dom_state { struct tevent_context *ev; struct unixid *all_xids; + const bool *cached; size_t num_all_xids; struct dom_sid *all_sids; struct wb_xids2sids_dom_map *dom_map; @@ -262,7 +263,10 @@ static void wb_xids2sids_dom_gotdc(struct tevent_req *subreq); static struct tevent_req *wb_xids2sids_dom_send( TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct wb_xids2sids_dom_map *dom_map, - struct unixid *xids, size_t num_xids, struct dom_sid *sids) + struct unixid *xids, + const bool *cached, + size_t num_xids, + struct dom_sid *sids) { struct tevent_req *req, *subreq; struct wb_xids2sids_dom_state *state; @@ -276,6 +280,7 @@ static struct tevent_req *wb_xids2sids_dom_send( } state->ev = ev; state->all_xids = xids; + state->cached = cached; state->num_all_xids = num_xids; state->all_sids = sids; state->dom_map = dom_map; @@ -296,7 +301,7 @@ static struct tevent_req *wb_xids2sids_dom_send( /* out of range */ continue; } - if (!is_null_sid(&state->all_sids[i])) { + if (state->cached[i]) { /* already mapped */ continue; } @@ -363,7 +368,7 @@ static void wb_xids2sids_dom_done(struct tevent_req *subreq) /* out of range */ continue; } - if (!is_null_sid(&state->all_sids[i])) { + if (state->cached[i]) { /* already mapped */ continue; } @@ -520,7 +525,7 @@ static void wb_xids2sids_init_dom_maps_done(struct tevent_req *subreq) subreq = wb_xids2sids_dom_send( state, state->ev, &dom_maps[state->dom_idx], - state->xids, state->num_xids, state->sids); + state->xids, state->cached, state->num_xids, state->sids); if (tevent_req_nomem(subreq, req)) { return; } @@ -551,6 +556,7 @@ static void wb_xids2sids_done(struct tevent_req *subreq) state->ev, &dom_maps[state->dom_idx], state->xids, + state->cached, state->num_xids, state->sids); if (tevent_req_nomem(subreq, req)) { -- 2.21.0.352.gf09ad66450-goog From fbcb6cd1dabaac887b31e6d4c604e7e9c63b9a7a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 14:32:52 +0100 Subject: [PATCH 05/13] idmap_cache: Introduce idmap_cache_find_xid2sid Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit bb8122dd8c53bb307819a79b7888cc0940a7c13b) --- source3/lib/idmap_cache.c | 36 ++++++++++++++++++++++++++++++++++++ source3/lib/idmap_cache.h | 2 ++ 2 files changed, 38 insertions(+) diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c index 10c1e8b1e7a..9d2149844ed 100644 --- a/source3/lib/idmap_cache.c +++ b/source3/lib/idmap_cache.c @@ -277,6 +277,42 @@ bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired) return state.ret; } +/** + * Find a xid2sid mapping + * @param[in] id the unix id to map + * @param[out] sid where to put the result + * @param[out] expired is the cache entry expired? + * @retval Was anything in the cache at all? + * + * If "is_null_sid(sid)", this was a negative mapping. + */ +bool idmap_cache_find_xid2sid( + const struct unixid *id, struct dom_sid *sid, bool *expired) +{ + struct idmap_cache_xid2sid_state state = { + .sid = sid, .expired = expired + }; + fstring key; + char c; + + switch (id->type) { + case ID_TYPE_UID: + c = 'U'; + break; + case ID_TYPE_GID: + c = 'G'; + break; + default: + return false; + } + + fstr_sprintf(key, "IDMAP/%cID2SID/%d", c, (int)id->id); + + gencache_parse(key, idmap_cache_xid2sid_parser, &state); + return state.ret; +} + + /** * Store a mapping in the idmap cache * @param[in] sid the sid to map diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h index dc497022e3b..d5afa170e1a 100644 --- a/source3/lib/idmap_cache.h +++ b/source3/lib/idmap_cache.h @@ -31,6 +31,8 @@ bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid, bool *expired); bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired); bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired); +bool idmap_cache_find_xid2sid( + const struct unixid *id, struct dom_sid *sid, bool *expired); void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id); bool idmap_cache_del_uid(uid_t uid); -- 2.21.0.352.gf09ad66450-goog From 364b3cb00c22596b2c848e0f1f3cb68204c4d8df Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 27 Feb 2019 14:54:12 +0100 Subject: [PATCH 06/13] torture: Add tests for idmap cache Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit e5a903bab6eda8f7ff2a7c8149d51022d9d8aede) --- source3/selftest/tests.py | 1 + source3/torture/proto.h | 1 + source3/torture/test_idmap_cache.c | 122 +++++++++++++++++++++++++++++ source3/torture/torture.c | 1 + source3/wscript_build | 1 + 5 files changed, 126 insertions(+) create mode 100644 source3/torture/test_idmap_cache.c diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 5d7e4969e59..e8d516573dd 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -200,6 +200,7 @@ local_tests = [ "LOCAL-G-LOCK5", "LOCAL-G-LOCK6", "LOCAL-NAMEMAP-CACHE1", + "LOCAL-IDMAP-CACHE1", "LOCAL-hex_encode_buf", "LOCAL-remove_duplicate_addrs2"] diff --git a/source3/torture/proto.h b/source3/torture/proto.h index 669e077051e..b4a2007fa77 100644 --- a/source3/torture/proto.h +++ b/source3/torture/proto.h @@ -137,6 +137,7 @@ bool run_g_lock5(int dummy); bool run_g_lock6(int dummy); bool run_g_lock_ping_pong(int dummy); bool run_local_namemap_cache1(int dummy); +bool run_local_idmap_cache1(int dummy); bool run_hidenewfiles(int dummy); #endif /* __TORTURE_H__ */ diff --git a/source3/torture/test_idmap_cache.c b/source3/torture/test_idmap_cache.c new file mode 100644 index 00000000000..b9cba3b4a53 --- /dev/null +++ b/source3/torture/test_idmap_cache.c @@ -0,0 +1,122 @@ +/* + * Unix SMB/CIFS implementation. + * Test dbwrap_watch API + * Copyright (C) Volker Lendecke 2017 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include "includes.h" +#include "torture/proto.h" +#include "lib/idmap_cache.h" +#include "librpc/gen_ndr/idmap.h" +#include "libcli/security/dom_sid.h" + +bool run_local_idmap_cache1(int dummy) +{ + struct dom_sid sid, found_sid; + struct unixid xid, found_xid; + bool ret = false; + bool expired = false; + + xid = (struct unixid) { .id = 1234, .type = ID_TYPE_UID }; + dom_sid_parse("S-1-5-21-2864185242-3846410404-2398417794-1235", &sid); + idmap_cache_set_sid2unixid(&sid, &xid); + + ret = idmap_cache_find_sid2unixid(&sid, &found_xid, &expired); + if (!ret) { + fprintf(stderr, "idmap_cache_find_sid2unixid failed\n"); + goto done; + } + if (expired) { + fprintf(stderr, + "idmap_cache_find_sid2unixid returned an expired " + "value\n"); + goto done; + } + if ((xid.type != found_xid.type) || (xid.id != found_xid.id)) { + fprintf(stderr, + "idmap_cache_find_sid2unixid returned wrong " + "values\n"); + goto done; + } + + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired); + if (!ret) { + fprintf(stderr, "idmap_cache_find_xid2sid failed\n"); + goto done; + } + if (expired) { + fprintf(stderr, + "idmap_cache_find_xid2sid returned an expired " + "value\n"); + goto done; + } + if (!dom_sid_equal(&sid, &found_sid)) { + fprintf(stderr, + "idmap_cache_find_xid2sid returned wrong sid\n"); + goto done; + } + + xid.type = ID_TYPE_GID; + + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired); + if (ret) { + fprintf(stderr, + "idmap_cache_find_xid2sid found a GID where it " + "should not\n"); + goto done; + } + + idmap_cache_del_sid(&sid); + + xid.type = ID_TYPE_UID; + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired); + if (ret) { + fprintf(stderr, + "idmap_cache_find_xid2sid found a UID where it " + "should not\n"); + goto done; + } + + /* + * Test that negative mappings can also be cached + */ + sid = (struct dom_sid) {0}; + xid = (struct unixid) { .id = 1234, .type = ID_TYPE_UID }; + idmap_cache_set_sid2unixid(&sid, &xid); + + ret = idmap_cache_find_xid2sid(&xid, &found_sid, &expired); + if (!ret) { + fprintf(stderr, + "idmap_cache_find_xid2sid failed to find " + "negative mapping\n"); + goto done; + } + if (expired) { + fprintf(stderr, + "idmap_cache_find_xid2sid returned an expired " + "value\n"); + goto done; + } + if (!dom_sid_equal(&sid, &found_sid)) { + fprintf(stderr, + "idmap_cache_find_xid2sid returned wrong sid\n"); + goto done; + } + + ret = true; +done: + return ret; +} diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 0d00f1f84d2..018ebba6c52 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -12081,6 +12081,7 @@ static struct { { "LOCAL-G-LOCK-PING-PONG", run_g_lock_ping_pong, 0 }, { "LOCAL-CANONICALIZE-PATH", run_local_canonicalize_path, 0 }, { "LOCAL-NAMEMAP-CACHE1", run_local_namemap_cache1, 0 }, + { "LOCAL-IDMAP-CACHE1", run_local_idmap_cache1, 0 }, { "qpathinfo-bufsize", run_qpathinfo_bufsize, 0 }, { "hide-new-files-timeout", run_hidenewfiles, 0 }, {NULL, NULL, 0}}; diff --git a/source3/wscript_build b/source3/wscript_build index 1ae91057f24..8d29db51f77 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -1198,6 +1198,7 @@ bld.SAMBA3_BINARY('smbtorture' + bld.env.suffix3, torture/wbc_async.c torture/test_g_lock.c torture/test_namemap_cache.c + torture/test_idmap_cache.c torture/test_hidenewfiles.c ''', deps=''' -- 2.21.0.352.gf09ad66450-goog From f692ff098e5d12b843cd5e2f552e70c2bbb596f6 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 14:34:56 +0100 Subject: [PATCH 07/13] winbind: Use idmap_cache_find_xid2sid Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit bc9824bd42d9370279819ea0d927e236f6041324) --- source3/winbindd/wb_xids2sids.c | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index 2ba574664bf..c5a35275d53 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -473,19 +473,8 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx, struct dom_sid sid = {0}; bool ok, expired = true; - switch (xids[i].type) { - case ID_TYPE_UID: - ok = idmap_cache_find_uid2sid( - xids[i].id, &sid, &expired); - break; - case ID_TYPE_GID: - ok = idmap_cache_find_gid2sid( - xids[i].id, &sid, &expired); - break; - default: - ok = false; - } - + ok = idmap_cache_find_xid2sid( + &xids[i], &sid, &expired); if (ok && !expired) { sid_copy(&state->sids[i], &sid); state->cached[i] = true; -- 2.21.0.352.gf09ad66450-goog From 68f0a667f53f423d5588415836dff337af5d5ec2 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 14:45:32 +0100 Subject: [PATCH 08/13] lib: Introduce winbind_xid_to_sid This does not merge a winbind communication error into "global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not go along with is_null_sid(). Instead, this just touches the output sid when winbind returned success. This success might well be a negative mapping indicated by S-0-0, which *is* is_null_sid()... Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit ef706a3e63b3e25edd27e0f99c3e2d8ff7209cb6) --- source3/lib/winbind_util.c | 30 ++++++++++++++++++++++++++++++ source3/lib/winbind_util.h | 2 ++ 2 files changed, 32 insertions(+) diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c index a072166ce18..46c95ca3a28 100644 --- a/source3/lib/winbind_util.c +++ b/source3/lib/winbind_util.c @@ -198,6 +198,36 @@ bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid) return (result == WBC_ERR_SUCCESS); } +bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid) +{ + struct wbcUnixId wbc_xid; + struct wbcDomainSid dom_sid; + wbcErr result; + + switch (xid->type) { + case ID_TYPE_UID: + wbc_xid = (struct wbcUnixId) { + .type = WBC_ID_TYPE_UID, .id.uid = xid->id + }; + break; + case ID_TYPE_GID: + wbc_xid = (struct wbcUnixId) { + .type = WBC_ID_TYPE_GID, .id.gid = xid->id + }; + break; + default: + return false; + } + + result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid); + if (result != WBC_ERR_SUCCESS) { + return false; + } + + memcpy(sid, &dom_sid, sizeof(struct dom_sid)); + return true; +} + /* Check for a trusted domain */ wbcErr wb_is_trusted_domain(const char *domain) diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h index c2bf0e02d76..5ecda5a7b09 100644 --- a/source3/lib/winbind_util.h +++ b/source3/lib/winbind_util.h @@ -22,6 +22,7 @@ #define __LIB__WINBIND_UTIL_H__ #include "../librpc/gen_ndr/lsa.h" +#include "librpc/gen_ndr/idmap.h" /* needed for wbcErr below */ #include "nsswitch/libwbclient/wbclient.h" @@ -38,6 +39,7 @@ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid); bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid); bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid); bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid); +bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid); struct passwd * winbind_getpwnam(const char * sname); struct passwd * winbind_getpwsid(const struct dom_sid *sid); wbcErr wb_is_trusted_domain(const char *domain); -- 2.21.0.352.gf09ad66450-goog From 681c613c5f88403ccc476c8cd9ebfeaa7252439b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 15:10:21 +0100 Subject: [PATCH 09/13] passdb: Introduce xid_to_sid This explicitly avoids the legacy_[ug]id_to_sid calls, which create long-term cache entries to S-1-22-x-y if anthing fails. We can't do this, because this will turn temporary winbind communication failures into long-term problems: A short hickup in winbind_uid_to_sid will create a mapping to S-1-22-1-uid for a week. It should be up to the lower layers to do the caching. Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 92f27ebb14c0c18b1d0fd49544ad851aeb14781c) --- source3/passdb/lookup_sid.c | 74 +++++++++++++++++++++++++++++++++++++ source3/passdb/lookup_sid.h | 1 + 2 files changed, 75 insertions(+) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 6bda783fa03..fe0ba51b413 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1349,6 +1349,80 @@ void gid_to_sid(struct dom_sid *psid, gid_t gid) return; } +void xid_to_sid(struct dom_sid *psid, const struct unixid *xid) +{ + bool expired = true; + bool ret; + struct dom_sid_buf buf; + + SMB_ASSERT(xid->type == ID_TYPE_UID || xid->type == ID_TYPE_GID); + + *psid = (struct dom_sid) {0}; + + ret = idmap_cache_find_xid2sid(xid, psid, &expired); + if (ret && !expired) { + DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n", + xid->type == ID_TYPE_UID ? 'U' : 'G', + xid->id, + dom_sid_str_buf(psid, &buf)); + goto done; + } + + ret = winbind_xid_to_sid(psid, xid); + if (ret) { + /* + * winbind can return an explicit negative mapping + * here. It's up to winbind to prime the cache either + * positively or negatively, don't mess with the cache + * here. + */ + DBG_DEBUG("%cID %"PRIu32" -> %s from cache\n", + xid->type == ID_TYPE_UID ? 'U' : 'G', + xid->id, + dom_sid_str_buf(psid, &buf)); + goto done; + } + + { + /* + * Make a copy, pdb_id_to_sid might want to turn + * xid->type into ID_TYPE_BOTH, which we ignore here. + */ + struct unixid rw_xid = *xid; + + become_root(); + ret = pdb_id_to_sid(&rw_xid, psid); + unbecome_root(); + } + + if (ret) { + DBG_DEBUG("%cID %"PRIu32" -> %s from passdb\n", + xid->type == ID_TYPE_UID ? 'U' : 'G', + xid->id, + dom_sid_str_buf(psid, &buf)); + goto done; + } + +done: + if (is_null_sid(psid)) { + /* + * Nobody found anything: Return S-1-22-xx-yy. Don't + * store that in caches, this is up to the layers + * beneath us. + */ + if (xid->type == ID_TYPE_UID) { + uid_to_unix_users_sid(xid->id, psid); + } else { + gid_to_unix_groups_sid(xid->id, psid); + } + + DBG_DEBUG("%cID %"PRIu32" -> %s fallback\n", + xid->type == ID_TYPE_UID ? 'U' : 'G', + xid->id, + dom_sid_str_buf(psid, &buf)); + } +} + bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, struct unixid *ids) { diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h index 8b5edf6bcb8..8a21cca2a4d 100644 --- a/source3/passdb/lookup_sid.h +++ b/source3/passdb/lookup_sid.h @@ -83,6 +83,7 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, enum lsa_SidType *ret_type); void uid_to_sid(struct dom_sid *psid, uid_t uid); void gid_to_sid(struct dom_sid *psid, gid_t gid); +void xid_to_sid(struct dom_sid *psid, const struct unixid *xid); bool sid_to_uid(const struct dom_sid *psid, uid_t *puid); bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid); bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, -- 2.21.0.352.gf09ad66450-goog From 156985696064b2b317d5932414e380d26c640b0a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 26 Feb 2019 15:17:36 +0100 Subject: [PATCH 10/13] passdb: Make [ug]id_to_sid use xid_to_sid Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 40de67f1fcc46b7a64a7364c91dcedb474826d51) --- source3/passdb/lookup_sid.c | 205 +++--------------------------------- 1 file changed, 12 insertions(+), 193 deletions(-) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index fe0ba51b413..2281bd0b64d 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1108,99 +1108,6 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, return ret; } -/***************************************************************** - Id mapping cache. This is to avoid Winbind mappings already - seen by smbd to be queried too frequently, keeping winbindd - busy, and blocking smbd while winbindd is busy with other - stuff. Written by Michael Steffens , - modified to use linked lists by jra. -*****************************************************************/ - - -/***************************************************************** - *THE LEGACY* convert uid_t to SID function. -*****************************************************************/ - -static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid) -{ - bool ret; - struct unixid id; - struct dom_sid_buf buf; - - ZERO_STRUCTP(psid); - - id.id = uid; - id.type = ID_TYPE_UID; - - become_root(); - ret = pdb_id_to_sid(&id, psid); - unbecome_root(); - - if (ret) { - /* This is a mapped user */ - goto done; - } - - /* This is an unmapped user */ - - uid_to_unix_users_sid(uid, psid); - - { - struct unixid xid = { - .id = uid, .type = ID_TYPE_UID - }; - idmap_cache_set_sid2unixid(psid, &xid); - } - - done: - DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid, - dom_sid_str_buf(psid, &buf))); - - return; -} - -/***************************************************************** - *THE LEGACY* convert gid_t to SID function. -*****************************************************************/ - -static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid) -{ - bool ret; - struct unixid id; - struct dom_sid_buf buf; - - ZERO_STRUCTP(psid); - - id.id = gid; - id.type = ID_TYPE_GID; - - become_root(); - ret = pdb_id_to_sid(&id, psid); - unbecome_root(); - - if (ret) { - /* This is a mapped group */ - goto done; - } - - /* This is an unmapped group */ - - gid_to_unix_groups_sid(gid, psid); - - { - struct unixid xid = { - .id = gid, .type = ID_TYPE_GID - }; - idmap_cache_set_sid2unixid(psid, &xid); - } - - done: - DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid, - dom_sid_str_buf(psid, &buf))); - - return; -} - /***************************************************************** *THE LEGACY* convert SID to id function. *****************************************************************/ @@ -1249,106 +1156,6 @@ static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid) return false; } -/***************************************************************** - *THE CANONICAL* convert uid_t to SID function. -*****************************************************************/ - -void uid_to_sid(struct dom_sid *psid, uid_t uid) -{ - bool expired = true; - bool ret; - struct dom_sid_buf buf; - ZERO_STRUCTP(psid); - - /* Check the winbindd cache directly. */ - ret = idmap_cache_find_uid2sid(uid, psid, &expired); - - if (ret && !expired && is_null_sid(psid)) { - /* - * Negative cache entry, we already asked. - * do legacy. - */ - legacy_uid_to_sid(psid, uid); - return; - } - - if (!ret || expired) { - /* Not in cache. Ask winbindd. */ - if (!winbind_uid_to_sid(psid, uid)) { - /* - * We shouldn't return the NULL SID - * here if winbind was running and - * couldn't map, as winbind will have - * added a negative entry that will - * cause us to go though the - * legacy_uid_to_sid() - * function anyway in the case above - * the next time we ask. - */ - DEBUG(5, ("uid_to_sid: winbind failed to find a sid " - "for uid %u\n", (unsigned int)uid)); - - legacy_uid_to_sid(psid, uid); - return; - } - } - - DEBUG(10,("uid %u -> sid %s\n", (unsigned int)uid, - dom_sid_str_buf(psid, &buf))); - - return; -} - -/***************************************************************** - *THE CANONICAL* convert gid_t to SID function. -*****************************************************************/ - -void gid_to_sid(struct dom_sid *psid, gid_t gid) -{ - bool expired = true; - bool ret; - struct dom_sid_buf buf; - ZERO_STRUCTP(psid); - - /* Check the winbindd cache directly. */ - ret = idmap_cache_find_gid2sid(gid, psid, &expired); - - if (ret && !expired && is_null_sid(psid)) { - /* - * Negative cache entry, we already asked. - * do legacy. - */ - legacy_gid_to_sid(psid, gid); - return; - } - - if (!ret || expired) { - /* Not in cache. Ask winbindd. */ - if (!winbind_gid_to_sid(psid, gid)) { - /* - * We shouldn't return the NULL SID - * here if winbind was running and - * couldn't map, as winbind will have - * added a negative entry that will - * cause us to go though the - * legacy_gid_to_sid() - * function anyway in the case above - * the next time we ask. - */ - DEBUG(5, ("gid_to_sid: winbind failed to find a sid " - "for gid %u\n", (unsigned int)gid)); - - legacy_gid_to_sid(psid, gid); - return; - } - } - - DEBUG(10,("gid %u -> sid %s\n", (unsigned int)gid, - dom_sid_str_buf(psid, &buf))); - - return; -} - void xid_to_sid(struct dom_sid *psid, const struct unixid *xid) { bool expired = true; @@ -1423,6 +1230,18 @@ done: } } +void uid_to_sid(struct dom_sid *psid, uid_t uid) +{ + struct unixid xid = { .type = ID_TYPE_UID, .id = uid}; + xid_to_sid(psid, &xid); +} + +void gid_to_sid(struct dom_sid *psid, gid_t gid) +{ + struct unixid xid = { .type = ID_TYPE_GID, .id = gid}; + xid_to_sid(psid, &xid); +} + bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, struct unixid *ids) { -- 2.21.0.352.gf09ad66450-goog From bf5db4bebfa9e58673b4f53a80d3098ddf1a3f74 Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Wed, 6 Mar 2019 11:55:32 -0800 Subject: [PATCH 11/13] passdb: Update ABI to 0.27.2 This change is for the backport only. The change in master increased the ABI version to 0.28.0 and removed some functions; this should not happen in a backport. Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison --- source3/passdb/ABI/samba-passdb-0.27.2.sigs | 311 ++++++++++++++++++++ source3/wscript_build | 2 +- 2 files changed, 312 insertions(+), 1 deletion(-) create mode 100644 source3/passdb/ABI/samba-passdb-0.27.2.sigs diff --git a/source3/passdb/ABI/samba-passdb-0.27.2.sigs b/source3/passdb/ABI/samba-passdb-0.27.2.sigs new file mode 100644 index 00000000000..17876abac16 --- /dev/null +++ b/source3/passdb/ABI/samba-passdb-0.27.2.sigs @@ -0,0 +1,311 @@ +PDB_secrets_clear_domain_protection: bool (const char *) +PDB_secrets_fetch_domain_guid: bool (const char *, struct GUID *) +PDB_secrets_fetch_domain_sid: bool (const char *, struct dom_sid *) +PDB_secrets_mark_domain_protected: bool (const char *) +PDB_secrets_store_domain_guid: bool (const char *, struct GUID *) +PDB_secrets_store_domain_sid: bool (const char *, const struct dom_sid *) +account_policy_get: bool (enum pdb_policy_type, uint32_t *) +account_policy_get_default: bool (enum pdb_policy_type, uint32_t *) +account_policy_get_desc: const char *(enum pdb_policy_type) +account_policy_name_to_typenum: enum pdb_policy_type (const char *) +account_policy_names_list: void (TALLOC_CTX *, const char ***, int *) +account_policy_set: bool (enum pdb_policy_type, uint32_t) +add_initial_entry: NTSTATUS (gid_t, const char *, enum lsa_SidType, const char *, const char *) +algorithmic_pdb_gid_to_group_rid: uint32_t (gid_t) +algorithmic_pdb_rid_is_user: bool (uint32_t) +algorithmic_pdb_uid_to_user_rid: uint32_t (uid_t) +algorithmic_pdb_user_rid_to_uid: uid_t (uint32_t) +algorithmic_rid_base: int (void) +builtin_domain_name: const char *(void) +cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *) +cache_account_policy_set: bool (enum pdb_policy_type, uint32_t) +create_builtin_administrators: NTSTATUS (const struct dom_sid *) +create_builtin_guests: NTSTATUS (const struct dom_sid *) +create_builtin_users: NTSTATUS (const struct dom_sid *) +decode_account_policy_name: const char *(enum pdb_policy_type) +get_account_pol_db: struct db_context *(void) +get_account_policy_attr: const char *(enum pdb_policy_type) +get_domain_group_from_sid: bool (struct dom_sid, GROUP_MAP *) +get_primary_group_sid: NTSTATUS (TALLOC_CTX *, const char *, struct passwd **, struct dom_sid **) +get_privileges_for_sid_as_set: NTSTATUS (TALLOC_CTX *, PRIVILEGE_SET **, struct dom_sid *) +get_privileges_for_sids: bool (uint64_t *, struct dom_sid *, int) +get_trust_pw_clear: bool (const char *, char **, const char **, enum netr_SchannelType *) +get_trust_pw_hash: bool (const char *, uint8_t *, const char **, enum netr_SchannelType *) +gid_to_sid: void (struct dom_sid *, gid_t) +gid_to_unix_groups_sid: void (gid_t, struct dom_sid *) +grab_named_mutex: struct named_mutex *(TALLOC_CTX *, const char *, int) +grant_all_privileges: bool (const struct dom_sid *) +grant_privilege_by_name: bool (const struct dom_sid *, const char *) +grant_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *) +groupdb_tdb_init: const struct mapping_backend *(void) +init_account_policy: bool (void) +init_buffer_from_samu: uint32_t (uint8_t **, struct samu *, bool) +init_samu_from_buffer: bool (struct samu *, uint32_t, uint8_t *, uint32_t) +initialize_password_db: bool (bool, struct tevent_context *) +is_dc_trusted_domain_situation: bool (const char *) +is_privileged_sid: bool (const struct dom_sid *) +local_password_change: NTSTATUS (const char *, int, const char *, char **, char **) +login_cache_delentry: bool (const struct samu *) +login_cache_init: bool (void) +login_cache_read: bool (struct samu *, struct login_cache *) +login_cache_shutdown: bool (void) +login_cache_write: bool (const struct samu *, const struct login_cache *) +lookup_builtin_name: bool (const char *, uint32_t *) +lookup_builtin_rid: bool (TALLOC_CTX *, uint32_t, const char **) +lookup_global_sam_name: bool (const char *, int, uint32_t *, enum lsa_SidType *) +lookup_name: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *) +lookup_name_smbconf: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *) +lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *) +lookup_sids: NTSTATUS (TALLOC_CTX *, int, const struct dom_sid **, int, struct lsa_dom_info **, struct lsa_name_info **) +lookup_wellknown_name: bool (TALLOC_CTX *, const char *, struct dom_sid *, const char **) +lookup_wellknown_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **) +make_pdb_method: NTSTATUS (struct pdb_methods **) +make_pdb_method_name: NTSTATUS (struct pdb_methods **, const char *) +max_algorithmic_gid: gid_t (void) +max_algorithmic_uid: uid_t (void) +pdb_add_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *) +pdb_add_group_mapping_entry: NTSTATUS (GROUP_MAP *) +pdb_add_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) +pdb_add_sam_account: NTSTATUS (struct samu *) +pdb_build_fields_present: uint32_t (struct samu *) +pdb_capabilities: uint32_t (void) +pdb_copy_sam_account: bool (struct samu *, struct samu *) +pdb_create_alias: NTSTATUS (const char *, uint32_t *) +pdb_create_builtin: NTSTATUS (uint32_t) +pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t) +pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *) +pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *) +pdb_decode_acct_ctrl: uint32_t (const char *) +pdb_default_add_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *) +pdb_default_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) +pdb_default_alias_memberships: NTSTATUS (struct pdb_methods *, TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) +pdb_default_create_alias: NTSTATUS (struct pdb_methods *, const char *, uint32_t *) +pdb_default_del_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *) +pdb_default_delete_alias: NTSTATUS (struct pdb_methods *, const struct dom_sid *) +pdb_default_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid) +pdb_default_enum_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) +pdb_default_enum_group_mapping: NTSTATUS (struct pdb_methods *, const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) +pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *) +pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t) +pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *) +pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid) +pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *) +pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) +pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *) +pdb_del_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) +pdb_del_trusted_domain: NTSTATUS (const char *) +pdb_del_trusteddom_pw: bool (const char *) +pdb_delete_alias: NTSTATUS (const struct dom_sid *) +pdb_delete_dom_group: NTSTATUS (TALLOC_CTX *, uint32_t) +pdb_delete_group_mapping_entry: NTSTATUS (struct dom_sid) +pdb_delete_sam_account: NTSTATUS (struct samu *) +pdb_delete_secret: NTSTATUS (const char *) +pdb_delete_user: NTSTATUS (TALLOC_CTX *, struct samu *) +pdb_element_is_changed: bool (const struct samu *, enum pdb_elements) +pdb_element_is_set_or_changed: bool (const struct samu *, enum pdb_elements) +pdb_encode_acct_ctrl: char *(uint32_t, size_t) +pdb_enum_alias_memberships: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) +pdb_enum_aliasmem: NTSTATUS (const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) +pdb_enum_group_mapping: bool (const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) +pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, uint32_t **, size_t *) +pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, struct dom_sid **, gid_t **, uint32_t *) +pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct pdb_trusted_domain ***) +pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***) +pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***) +pdb_find_backend_entry: struct pdb_init_function_entry *(const char *) +pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *) +pdb_get_acct_ctrl: uint32_t (const struct samu *) +pdb_get_acct_desc: const char *(const struct samu *) +pdb_get_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *) +pdb_get_backend_private_data: void *(const struct samu *, const struct pdb_methods *) +pdb_get_backends: const struct pdb_init_function_entry *(void) +pdb_get_bad_password_count: uint16_t (const struct samu *) +pdb_get_bad_password_time: time_t (const struct samu *) +pdb_get_code_page: uint16_t (const struct samu *) +pdb_get_comment: const char *(const struct samu *) +pdb_get_country_code: uint16_t (const struct samu *) +pdb_get_dir_drive: const char *(const struct samu *) +pdb_get_domain: const char *(const struct samu *) +pdb_get_domain_info: struct pdb_domain_info *(TALLOC_CTX *) +pdb_get_fullname: const char *(const struct samu *) +pdb_get_group_rid: uint32_t (struct samu *) +pdb_get_group_sid: const struct dom_sid *(struct samu *) +pdb_get_homedir: const char *(const struct samu *) +pdb_get_hours: const uint8_t *(const struct samu *) +pdb_get_hours_len: uint32_t (const struct samu *) +pdb_get_init_flags: enum pdb_value_state (const struct samu *, enum pdb_elements) +pdb_get_kickoff_time: time_t (const struct samu *) +pdb_get_lanman_passwd: const uint8_t *(const struct samu *) +pdb_get_logoff_time: time_t (const struct samu *) +pdb_get_logon_count: uint16_t (const struct samu *) +pdb_get_logon_divs: uint16_t (const struct samu *) +pdb_get_logon_script: const char *(const struct samu *) +pdb_get_logon_time: time_t (const struct samu *) +pdb_get_munged_dial: const char *(const struct samu *) +pdb_get_nt_passwd: const uint8_t *(const struct samu *) +pdb_get_nt_username: const char *(const struct samu *) +pdb_get_pass_can_change: bool (const struct samu *) +pdb_get_pass_can_change_time: time_t (const struct samu *) +pdb_get_pass_can_change_time_noncalc: time_t (const struct samu *) +pdb_get_pass_last_set_time: time_t (const struct samu *) +pdb_get_pass_must_change_time: time_t (const struct samu *) +pdb_get_plaintext_passwd: const char *(const struct samu *) +pdb_get_profile_path: const char *(const struct samu *) +pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *) +pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **) +pdb_get_seq_num: bool (time_t *) +pdb_get_tevent_context: struct tevent_context *(void) +pdb_get_trust_credentials: NTSTATUS (const char *, const char *, TALLOC_CTX *, struct cli_credentials **) +pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **) +pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **) +pdb_get_trusteddom_creds: NTSTATUS (const char *, TALLOC_CTX *, struct cli_credentials **) +pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *) +pdb_get_unknown_6: uint32_t (const struct samu *) +pdb_get_user_rid: uint32_t (const struct samu *) +pdb_get_user_sid: const struct dom_sid *(const struct samu *) +pdb_get_username: const char *(const struct samu *) +pdb_get_workstations: const char *(const struct samu *) +pdb_getgrgid: bool (GROUP_MAP *, gid_t) +pdb_getgrnam: bool (GROUP_MAP *, const char *) +pdb_getgrsid: bool (GROUP_MAP *, struct dom_sid) +pdb_gethexhours: bool (const char *, unsigned char *) +pdb_gethexpwd: bool (const char *, unsigned char *) +pdb_getsampwnam: bool (struct samu *, const char *) +pdb_getsampwsid: bool (struct samu *, const struct dom_sid *) +pdb_group_rid_to_gid: gid_t (uint32_t) +pdb_id_to_sid: bool (struct unixid *, struct dom_sid *) +pdb_increment_bad_password_count: bool (struct samu *) +pdb_is_password_change_time_max: bool (time_t) +pdb_is_responsible_for_builtin: bool (void) +pdb_is_responsible_for_everything_else: bool (void) +pdb_is_responsible_for_our_sam: bool (void) +pdb_is_responsible_for_unix_groups: bool (void) +pdb_is_responsible_for_unix_users: bool (void) +pdb_is_responsible_for_wellknown: bool (void) +pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *, const char **, enum lsa_SidType *) +pdb_new_rid: bool (uint32_t *) +pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) +pdb_nop_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid) +pdb_nop_enum_group_mapping: NTSTATUS (struct pdb_methods *, enum lsa_SidType, GROUP_MAP **, size_t *, bool) +pdb_nop_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t) +pdb_nop_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *) +pdb_nop_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid) +pdb_nop_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) +pdb_rename_sam_account: NTSTATUS (struct samu *, const char *) +pdb_search_aliases: struct pdb_search *(TALLOC_CTX *, const struct dom_sid *) +pdb_search_entries: uint32_t (struct pdb_search *, uint32_t, uint32_t, struct samr_displayentry **) +pdb_search_groups: struct pdb_search *(TALLOC_CTX *) +pdb_search_users: struct pdb_search *(TALLOC_CTX *, uint32_t) +pdb_set_account_policy: bool (enum pdb_policy_type, uint32_t) +pdb_set_acct_ctrl: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_acct_desc: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *) +pdb_set_backend_private_data: bool (struct samu *, void *, void (*)(void **), const struct pdb_methods *, enum pdb_value_state) +pdb_set_bad_password_count: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_bad_password_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_code_page: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_comment: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_country_code: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_dir_drive: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_domain: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_fullname: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_group_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state) +pdb_set_group_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_homedir: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_hours: bool (struct samu *, const uint8_t *, int, enum pdb_value_state) +pdb_set_hours_len: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_init_flags: bool (struct samu *, enum pdb_elements, enum pdb_value_state) +pdb_set_kickoff_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_lanman_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state) +pdb_set_logoff_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_logon_count: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_logon_divs: bool (struct samu *, uint16_t, enum pdb_value_state) +pdb_set_logon_script: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_logon_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_munged_dial: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_nt_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state) +pdb_set_nt_username: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_pass_can_change: bool (struct samu *, bool) +pdb_set_pass_can_change_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_pass_last_set_time: bool (struct samu *, time_t, enum pdb_value_state) +pdb_set_plaintext_passwd: bool (struct samu *, const char *) +pdb_set_plaintext_pw_only: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_profile_path: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_pw_history: bool (struct samu *, const uint8_t *, uint32_t, enum pdb_value_state) +pdb_set_secret: NTSTATUS (const char *, DATA_BLOB *, DATA_BLOB *, struct security_descriptor *) +pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_trusted_domain *) +pdb_set_trusteddom_pw: bool (const char *, const char *, const struct dom_sid *) +pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *) +pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **) +pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state) +pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state) +pdb_set_user_sid_from_string: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_username: bool (struct samu *, const char *, enum pdb_value_state) +pdb_set_workstations: bool (struct samu *, const char *, enum pdb_value_state) +pdb_sethexhours: void (char *, const unsigned char *) +pdb_sethexpwd: void (char *, const unsigned char *, uint32_t) +pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *) +pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, struct unixid *) +pdb_update_autolock_flag: bool (struct samu *, bool *) +pdb_update_bad_password_count: bool (struct samu *, bool *) +pdb_update_group_mapping_entry: NTSTATUS (GROUP_MAP *) +pdb_update_history: bool (struct samu *, const uint8_t *) +pdb_update_login_attempts: NTSTATUS (struct samu *, bool) +pdb_update_sam_account: NTSTATUS (struct samu *) +privilege_create_account: NTSTATUS (const struct dom_sid *) +privilege_delete_account: NTSTATUS (const struct dom_sid *) +privilege_enum_sids: NTSTATUS (enum sec_privilege, TALLOC_CTX *, struct dom_sid **, int *) +privilege_enumerate_accounts: NTSTATUS (struct dom_sid **, int *) +revoke_all_privileges: bool (const struct dom_sid *) +revoke_privilege_by_name: bool (const struct dom_sid *, const char *) +revoke_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *) +samu_alloc_rid_unix: NTSTATUS (struct pdb_methods *, struct samu *, const struct passwd *) +samu_new: struct samu *(TALLOC_CTX *) +samu_set_unix: NTSTATUS (struct samu *, const struct passwd *) +secrets_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***) +sid_check_is_builtin: bool (const struct dom_sid *) +sid_check_is_for_passdb: bool (const struct dom_sid *) +sid_check_is_in_builtin: bool (const struct dom_sid *) +sid_check_is_in_unix_groups: bool (const struct dom_sid *) +sid_check_is_in_unix_users: bool (const struct dom_sid *) +sid_check_is_in_wellknown_domain: bool (const struct dom_sid *) +sid_check_is_unix_groups: bool (const struct dom_sid *) +sid_check_is_unix_users: bool (const struct dom_sid *) +sid_check_is_wellknown_builtin: bool (const struct dom_sid *) +sid_check_is_wellknown_domain: bool (const struct dom_sid *, const char **) +sid_check_object_is_for_passdb: bool (const struct dom_sid *) +sid_to_gid: bool (const struct dom_sid *, gid_t *) +sid_to_uid: bool (const struct dom_sid *, uid_t *) +sids_to_unixids: bool (const struct dom_sid *, uint32_t, struct unixid *) +smb_add_user_group: int (const char *, const char *) +smb_create_group: int (const char *, gid_t *) +smb_delete_group: int (const char *) +smb_delete_user_group: int (const char *, const char *) +smb_nscd_flush_group_cache: void (void) +smb_nscd_flush_user_cache: void (void) +smb_register_passdb: NTSTATUS (int, const char *, pdb_init_function) +smb_set_primary_group: int (const char *, const char *) +uid_to_sid: void (struct dom_sid *, uid_t) +uid_to_unix_users_sid: void (uid_t, struct dom_sid *) +unix_groups_domain_name: const char *(void) +unix_users_domain_name: const char *(void) +unixid_from_both: void (struct unixid *, uint32_t) +unixid_from_gid: void (struct unixid *, uint32_t) +unixid_from_uid: void (struct unixid *, uint32_t) +wb_is_trusted_domain: wbcErr (const char *) +winbind_allocate_gid: bool (gid_t *) +winbind_allocate_uid: bool (uid_t *) +winbind_getpwnam: struct passwd *(const char *) +winbind_getpwsid: struct passwd *(const struct dom_sid *) +winbind_gid_to_sid: bool (struct dom_sid *, gid_t) +winbind_lookup_name: bool (const char *, const char *, struct dom_sid *, enum lsa_SidType *) +winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, int, uint32_t *, const char **, const char ***, enum lsa_SidType **) +winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *) +winbind_lookup_usersids: bool (TALLOC_CTX *, const struct dom_sid *, uint32_t *, struct dom_sid **) +winbind_ping: bool (void) +winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *) +winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *) +winbind_uid_to_sid: bool (struct dom_sid *, uid_t) +winbind_xid_to_sid: bool (struct dom_sid *, const struct unixid *) +xid_to_sid: void (struct dom_sid *, const struct unixid *) diff --git a/source3/wscript_build b/source3/wscript_build index 8d29db51f77..f0d85969692 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -149,7 +149,7 @@ bld.SAMBA3_LIBRARY('samba-passdb', ''', abi_match=private_pdb_match, abi_directory='passdb/ABI', - vnum='0.27.1') + vnum='0.27.2') bld.SAMBA3_SUBSYSTEM('pdb', source=''' -- 2.21.0.352.gf09ad66450-goog From cbd91b9a82674bf807b338d24551991ebf0269c4 Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Tue, 5 Mar 2019 11:50:48 -0700 Subject: [PATCH 12/13] lib/winbind_util: Move include out of ifdef This fixes compile errors about missing prototypes with --picky-developer and --without-winbind Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison (cherry picked from commit 4b1e4c22128bdefe549a58b181e9b755854f4c3e) --- source3/lib/winbind_util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c index 46c95ca3a28..de72042cfa4 100644 --- a/source3/lib/winbind_util.c +++ b/source3/lib/winbind_util.c @@ -23,10 +23,10 @@ #include "../lib/util/util_pw.h" #include "nsswitch/libwbclient/wbclient.h" -#if defined(WITH_WINBIND) - #include "lib/winbind_util.h" +#if defined(WITH_WINBIND) + struct passwd * winbind_getpwnam(const char * name) { wbcErr result; -- 2.21.0.352.gf09ad66450-goog From e99b7f0d8d14f2981335c05916841ae6e88493f9 Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Tue, 5 Mar 2019 11:56:49 -0700 Subject: [PATCH 13/13] lib/winbind_util: Add winbind_xid_to_sid for --without-winbind BUG: https://bugzilla.samba.org/show_bug.cgi?id=13813 Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Mar 6 01:53:16 UTC 2019 on sn-devel-144 (cherry picked from commit 4125ff89e44a3e98882cfc38c06e559a6e1e56a5) --- source3/lib/winbind_util.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c index de72042cfa4..0c1f2c2552a 100644 --- a/source3/lib/winbind_util.c +++ b/source3/lib/winbind_util.c @@ -401,6 +401,13 @@ bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid) return false; } +/* Call winbindd to convert uid or gid to SID */ + +bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid) +{ + return false; +} + /* Check for a trusted domain */ wbcErr wb_is_trusted_domain(const char *domain) -- 2.21.0.352.gf09ad66450-goog