From a3bb188df65ba1cdd179bc8481f923db6ddf8ed0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 2 Mar 2012 05:08:17 +0100 Subject: [PATCH 1/3] s3:winbindd: discard the expired gid cache if we're online (bug #8952) This matches the uid case... metze --- source3/winbindd/winbindd_sids_to_xids.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/source3/winbindd/winbindd_sids_to_xids.c b/source3/winbindd/winbindd_sids_to_xids.c index 9c38b5a..b3699d0 100644 --- a/source3/winbindd/winbindd_sids_to_xids.c +++ b/source3/winbindd/winbindd_sids_to_xids.c @@ -135,7 +135,7 @@ static bool winbindd_sids_to_xids_in_cache(struct dom_sid *sid, * sids. So we check groups before users. */ if (idmap_cache_find_sid2gid(sid, &gid, &expired)) { - if (expired && is_domain_offline(find_our_domain())) { + if (expired && is_domain_online(find_our_domain())) { return false; } map->sid = sid; -- 1.7.4.1 From 7a64da3189a1e901aff66aa5e2e46e4a9c03750f Mon Sep 17 00:00:00 2001 From: Ira Cooper Date: Wed, 23 May 2012 21:39:03 -0400 Subject: [PATCH 2/3] s3-passdb: Fix negative SID->uid/gid cache handling. (bug #8952) -1 uid/gid signals a non existent uid/gid. Signed-off-by: Stefan Metzmacher --- source3/passdb/lookup_sid.c | 17 +++++++++++++++++ 1 files changed, 17 insertions(+), 0 deletions(-) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 5cf391f..2afa86e 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1490,7 +1490,24 @@ bool sids_to_unix_ids(const struct dom_sid *sids, uint32_t num_sids, continue; } } + done: + for (i=0; i Date: Thu, 24 May 2012 09:08:21 +0200 Subject: [PATCH 3/3] s3:winbindd: do not expose negative cache idmap entries as valid mappings (bug #8952) metze --- source3/winbindd/winbindd_sids_to_xids.c | 24 +++++++++++++----------- 1 files changed, 13 insertions(+), 11 deletions(-) diff --git a/source3/winbindd/winbindd_sids_to_xids.c b/source3/winbindd/winbindd_sids_to_xids.c index b3699d0..a4a0552 100644 --- a/source3/winbindd/winbindd_sids_to_xids.c +++ b/source3/winbindd/winbindd_sids_to_xids.c @@ -255,11 +255,13 @@ NTSTATUS winbindd_sids_to_xids_recv(struct tevent_req *req, num_non_cached = 0; for (i=0; inum_sids; i++) { - char type; + char type = 'x'; uint64_t unix_id = (uint64_t)-1; bool found = true; + struct dom_sid *sid; if (state->cached[i].sid != NULL) { + sid = state->cached[i].sid; unix_id = state->cached[i].xid.id; if (state->cached[i].xid.type == ID_TYPE_UID) { type = 'U'; @@ -267,28 +269,28 @@ NTSTATUS winbindd_sids_to_xids_recv(struct tevent_req *req, type = 'G'; } } else { + sid = &state->non_cached[num_non_cached]; unix_id = state->ids.ids[num_non_cached].unix_id; - if (unix_id == -1) { - found = false; - } switch(state->ids.ids[num_non_cached].type) { case WBC_ID_TYPE_UID: type = 'U'; - idmap_cache_set_sid2uid( - &state->non_cached[num_non_cached], - unix_id); + idmap_cache_set_sid2uid(sid, unix_id); break; case WBC_ID_TYPE_GID: type = 'G'; - idmap_cache_set_sid2gid( - &state->non_cached[num_non_cached], - unix_id); + idmap_cache_set_sid2gid(sid, unix_id); break; default: - found = false; + unix_id = (uint64_t)-1; + break; } num_non_cached += 1; } + if (unix_id == -1) { + found = false; + DEBUG(1,("winbindd_sids_to_xids_recv: sid[%u/%c] %s is unmapped\n", + i, type, sid_string_dbg(sid))); + } if (found) { result = talloc_asprintf_append_buffer( -- 1.7.4.1