r20207: Fix a couple more places where extra_data was

[ira/wip.git] / source3 / nsswitch / winbindd_group.c

diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index c838db923c2b1e0cae60ca41cb9eba8804936c9d..1b21352c860d6c807e63a2e97698e5275de34c9c 100644 (file)
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -124,9 +124,7 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain,
                        if (sys_getpeereid(state->sock, &ret_uid)==0) {
                                /* We know who's asking - look up their SID if
                                   it's one we've mapped before. */
-                               status = idmap_uid_to_sid(&querying_user_sid,
-                                                       ret_uid,
-                                                       IDMAP_FLAG_QUERY_ONLY|IDMAP_FLAG_CACHE_ONLY);
+                               status = idmap_uid_to_sid(&querying_user_sid, ret_uid);
                                if (NT_STATUS_IS_OK(status)) {
                                        pquerying_user_sid = &querying_user_sid;
                                        DEBUG(10,("fill_grent_mem: querying uid %u -> %s\n",
@@ -399,7 +397,7 @@ void winbindd_getgrnam(struct winbindd_cli_state *state)
 
        /* Try to get the GID */
 
-       status = idmap_sid_to_gid(&group_sid, &gid, 0);
+       status = idmap_sid_to_gid(&group_sid, &gid);
 
        if (NT_STATUS_IS_OK(status)) {
                goto got_gid;
@@ -444,18 +442,20 @@ static void getgrgid_got_sid(struct winbindd_cli_state *state, DOM_SID group_sid
 {
        struct winbindd_domain *domain;
        enum lsa_SidType name_type;
-       fstring dom_name;
-       fstring group_name;
+       char *dom_name;
+       char *group_name;
        size_t gr_mem_len;
        size_t num_gr_mem;
        char *gr_mem;
 
        /* Get name from sid */
 
-       if (!winbindd_lookup_name_by_sid(state->mem_ctx, &group_sid, dom_name,
-                                        group_name, &name_type)) {
+       if (!winbindd_lookup_name_by_sid(state->mem_ctx, &group_sid, &dom_name,
+                                        &group_name, &name_type)) {
                DEBUG(1, ("could not lookup sid\n"));
                request_error(state);
+               TALLOC_FREE(group_name);
+               TALLOC_FREE(dom_name);
                return;
        }
 
@@ -466,6 +466,8 @@ static void getgrgid_got_sid(struct winbindd_cli_state *state, DOM_SID group_sid
        if (!domain) {
                DEBUG(1,("Can't find domain from sid\n"));
                request_error(state);
+               TALLOC_FREE(group_name);
+               TALLOC_FREE(dom_name);
                return;
        }
 
@@ -476,6 +478,8 @@ static void getgrgid_got_sid(struct winbindd_cli_state *state, DOM_SID group_sid
                DEBUG(1, ("name '%s' is not a local or domain group: %d\n", 
                          group_name, name_type));
                request_error(state);
+               TALLOC_FREE(group_name);
+               TALLOC_FREE(dom_name);
                return;
        }
 
@@ -485,6 +489,8 @@ static void getgrgid_got_sid(struct winbindd_cli_state *state, DOM_SID group_sid
                            &num_gr_mem,
                            &gr_mem, &gr_mem_len)) {
                request_error(state);
+               TALLOC_FREE(group_name);
+               TALLOC_FREE(dom_name);
                return;
        }
 
@@ -497,6 +503,9 @@ static void getgrgid_got_sid(struct winbindd_cli_state *state, DOM_SID group_sid
        state->response.length += gr_mem_len;
        state->response.extra_data.data = gr_mem;
 
+       TALLOC_FREE(group_name);
+       TALLOC_FREE(dom_name);
+
        request_ok(state);
 }
 
@@ -534,32 +543,10 @@ static void getgrgid_recv(void *private_data, BOOL success, const char *sid)
 /* Return a group structure from a gid number */
 void winbindd_getgrgid(struct winbindd_cli_state *state)
 {
-       DOM_SID group_sid;
-       NTSTATUS status;
-
        DEBUG(3, ("[%5lu]: getgrgid %lu\n", (unsigned long)state->pid, 
                  (unsigned long)state->request.data.gid));
 
-       /* Bug out if the gid isn't in the winbind range */
-
-       if ((state->request.data.gid < server_state.gid_low) ||
-           (state->request.data.gid > server_state.gid_high)) {
-               request_error(state);
-               return;
-       }
-
-       /* Get sid from gid */
-
-       status = idmap_gid_to_sid(&group_sid, state->request.data.gid, IDMAP_FLAG_NONE);
-       if (NT_STATUS_IS_OK(status)) {
-               /* This is a remote one */
-               getgrgid_got_sid(state, group_sid);
-               return;
-       }
-
-       DEBUG(10,("winbindd_getgrgid: gid %lu not found in cache, try with the async interface\n",
-                 (unsigned long)state->request.data.gid));
-
+       /* always use the async interface */
        winbindd_gid2sid_async(state->mem_ctx, state->request.data.gid, getgrgid_recv, state);
 }
 
@@ -855,8 +842,7 @@ void winbindd_getgrent(struct winbindd_cli_state *state)
                sid_copy(&group_sid, &domain->sid);
                sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid);
 
-               if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&group_sid,
-                                                    &group_gid, 0))) {
+               if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&group_sid, &group_gid))) {
                        union unid_t id;
                        enum lsa_SidType type;
 
@@ -1130,30 +1116,6 @@ void winbindd_getgroups(struct winbindd_cli_state *state)
        DEBUG(3, ("[%5lu]: getgroups %s\n", (unsigned long)state->pid,
                  state->request.data.username));
 
-       /* when using "winbind use default domain" we need to avoid that
-        * initgroups() requests from NSS hit our DC too badly for accounts
-        * that will never be on the remote DC */
-
-       if (lp_winbind_use_default_domain()) {
-               
-               const char **list = lp_winbind_initgroups_blacklist();
-               int i;
-
-               if (!list || !list[0]) {
-                       goto parse;
-               }
-
-               for (i=0; list[i] != NULL; i++) {
-       
-                       if (strequal(state->request.data.username, list[i])) {
-                               DEBUG(3,("ignoring blacklisted user [%s] for getgroups\n", 
-                                       state->request.data.username));
-                               request_ok(state);
-                               return;
-                       }
-               }
-       }
- parse:
        /* Parse domain and username */
 
        s = TALLOC_P(state->mem_ctx, struct getgroups_state);
@@ -1254,10 +1216,13 @@ static void getgroups_sid2gid_recv(void *private_data, BOOL success, gid_t gid)
        struct getgroups_state *s =
                (struct getgroups_state *)private_data;
 
-       if (success)
-               add_gid_to_array_unique(NULL, gid,
+       if (success) {
+               if (!add_gid_to_array_unique(s->state->mem_ctx, gid,
                                        &s->token_gids,
-                                       &s->num_token_gids);
+                                       &s->num_token_gids)) {
+                       return;
+               }
+       }
 
        if (s->i < s->num_token_sids) {
                const DOM_SID *sid = &s->token_sids[s->i];
@@ -1274,7 +1239,8 @@ static void getgroups_sid2gid_recv(void *private_data, BOOL success, gid_t gid)
        }
 
        s->state->response.data.num_entries = s->num_token_gids;
-       s->state->response.extra_data.data = s->token_gids;
+       /* s->token_gids are talloced */
+       s->state->response.extra_data.data = smb_xmemdup(s->token_gids, s->num_token_gids * sizeof(gid_t));
        s->state->response.length += s->num_token_gids * sizeof(gid_t);
        request_ok(s->state);
 }
@@ -1418,12 +1384,15 @@ enum winbindd_result winbindd_dual_getuserdomgroups(struct winbindd_domain *doma
                return WINBINDD_OK;
        }
 
-       if (!print_sidlist(NULL, groups, num_groups, &sidstring, &len)) {
-               DEBUG(0, ("malloc failed\n"));
+       if (!print_sidlist(state->mem_ctx, groups, num_groups, &sidstring, &len)) {
+               DEBUG(0, ("talloc failed\n"));
                return WINBINDD_ERROR;
        }
 
-       state->response.extra_data.data = sidstring;
+       state->response.extra_data.data = SMB_STRDUP(sidstring);
+       if (!state->response.extra_data.data) {
+               return WINBINDD_ERROR;
+       }
        state->response.length += len+1;
        state->response.data.num_entries = num_groups;