if (tmp_ctx == NULL) {
DEBUG(0, ("talloc_new failed\n"));
- return False;
+ return false;
}
p = strchr_m(full_name, '\\');
name = talloc_strdup(tmp_ctx, full_name);
}
- DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n",
- full_name, domain, name));
-
if ((domain == NULL) || (name == NULL)) {
DEBUG(0, ("talloc failed\n"));
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
- if (strequal(domain, get_global_sam_name())) {
+ DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n",
+ full_name, domain, name));
+ DEBUG(10, ("lookup_name: flags = 0x0%x\n", flags));
+
+ if ((flags & LOOKUP_NAME_DOMAIN) &&
+ strequal(domain, get_global_sam_name()))
+ {
/* It's our own domain, lookup the name in passdb */
if (lookup_global_sam_name(name, flags, &rid, &type)) {
goto ok;
}
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
- if (strequal(domain, builtin_domain_name())) {
-
+ if ((flags & LOOKUP_NAME_BUILTIN) &&
+ strequal(domain, builtin_domain_name()))
+ {
/* Explicit request for a name in BUILTIN */
if (lookup_builtin_name(name, &rid)) {
sid_copy(&sid, &global_sid_Builtin);
goto ok;
}
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
/* Try the explicit winbind lookup first, don't let it guess the
* domain yet at this point yet. This comes later. */
if ((domain[0] != '\0') &&
+ (flags & ~(LOOKUP_NAME_DOMAIN|LOOKUP_NAME_ISOLATED)) &&
(winbind_lookup_name(domain, name, &sid, &type))) {
goto ok;
}
goto ok;
}
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
if (!(flags & LOOKUP_NAME_EXPLICIT) && strequal(domain, unix_groups_domain_name())) {
goto ok;
}
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
if ((domain[0] == '\0') && (!(flags & LOOKUP_NAME_ISOLATED))) {
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
/* Now the guesswork begins, we haven't been given an explicit
/* 1. well-known names */
- if (lookup_wellknown_name(tmp_ctx, name, &sid, &domain)) {
+ if ((flags & LOOKUP_NAME_WKN) &&
+ lookup_wellknown_name(tmp_ctx, name, &sid, &domain))
+ {
type = SID_NAME_WKN_GRP;
goto ok;
}
/* 2. Builtin domain as such */
- if (strequal(name, builtin_domain_name())) {
+ if ((flags & (LOOKUP_NAME_BUILTIN|LOOKUP_NAME_REMOTE)) &&
+ strequal(name, builtin_domain_name()))
+ {
/* Swap domain and name */
tmp = name; name = domain; domain = tmp;
sid_copy(&sid, &global_sid_Builtin);
/* 3. Account domain */
- if (strequal(name, get_global_sam_name())) {
+ if ((flags & LOOKUP_NAME_DOMAIN) &&
+ strequal(name, get_global_sam_name()))
+ {
if (!secrets_fetch_domain_sid(name, &sid)) {
DEBUG(3, ("Could not fetch my SID\n"));
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
/* Swap domain and name */
tmp = name; name = domain; domain = tmp;
/* 4. Primary domain */
- if (!IS_DC && strequal(name, lp_workgroup())) {
+ if ((flags & LOOKUP_NAME_DOMAIN) && !IS_DC &&
+ strequal(name, lp_workgroup()))
+ {
if (!secrets_fetch_domain_sid(name, &sid)) {
DEBUG(3, ("Could not fetch the domain SID\n"));
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
/* Swap domain and name */
tmp = name; name = domain; domain = tmp;
/* 5. Trusted domains as such, to me it looks as if members don't do
this, tested an XP workstation in a NT domain -- vl */
- if (IS_DC && (pdb_get_trusteddom_pw(name, NULL, &sid, NULL))) {
+ if ((flags & LOOKUP_NAME_REMOTE) && IS_DC &&
+ (pdb_get_trusteddom_pw(name, NULL, &sid, NULL)))
+ {
/* Swap domain and name */
tmp = name; name = domain; domain = tmp;
type = SID_NAME_DOMAIN;
/* 6. Builtin aliases */
- if (lookup_builtin_name(name, &rid)) {
+ if ((flags & LOOKUP_NAME_BUILTIN) &&
+ lookup_builtin_name(name, &rid))
+ {
domain = talloc_strdup(tmp_ctx, builtin_domain_name());
sid_copy(&sid, &global_sid_Builtin);
sid_append_rid(&sid, rid);
/* Both cases are done by looking at our passdb */
- if (lookup_global_sam_name(name, flags, &rid, &type)) {
+ if ((flags & LOOKUP_NAME_DOMAIN) &&
+ lookup_global_sam_name(name, flags, &rid, &type))
+ {
domain = talloc_strdup(tmp_ctx, get_global_sam_name());
sid_copy(&sid, get_global_sam_sid());
sid_append_rid(&sid, rid);
if (!(flags & LOOKUP_NAME_REMOTE)) {
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
/* If we are not a DC, we have to ask in our primary domain. Let
DEBUG(2, ("winbind could not find the domain's name "
"it just looked up for us\n"));
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
goto ok;
}
*/
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
ok:
if ((domain == NULL) || (name == NULL)) {
DEBUG(0, ("talloc failed\n"));
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
/*
!(*ret_name = talloc_strdup(mem_ctx, name))) {
DEBUG(0, ("talloc failed\n"));
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
if (ret_domain != NULL) {
if (!(tmp_dom = talloc_strdup(mem_ctx, domain))) {
DEBUG(0, ("talloc failed\n"));
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
strupper_m(tmp_dom);
*ret_domain = tmp_dom;
}
TALLOC_FREE(tmp_ctx);
- return True;
+ return true;
}
/************************************************************************
tmp = talloc_strdup(mem_ctx, full_name);
if (!tmp) {
- return False;
+ return false;
}
tmp[p - full_name] = '\\';
full_name = tmp;
get_global_sam_name(),
full_name );
if (!qualified_name) {
- return False;
+ return false;
}
if (lookup_name(mem_ctx, qualified_name, flags,
ret_domain, ret_name,
ret_sid, ret_type)) {
- return True;
+ return true;
}
/* Finally try with "Unix Users" or "Unix Group" */
unix_users_domain_name(),
full_name );
if (!qualified_name) {
- return False;
+ return false;
}
return lookup_name(mem_ctx, qualified_name, flags,
TALLOC_CTX *tmp_ctx;
if (!(tmp_ctx = talloc_init("wb_lookup_rids"))) {
- return False;
+ return false;
}
if (!winbind_lookup_rids(tmp_ctx, domain_sid, num_rids, rids,
types[i] = SID_NAME_UNKNOWN;
}
TALLOC_FREE(tmp_ctx);
- return True;
+ return true;
}
if (!(*domain_name = talloc_strdup(mem_ctx, *domain_name))) {
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
/*
for (i=0; i<num_rids; i++) {
if (my_names[i] == NULL) {
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
if (!(names[i] = talloc_strdup(names, my_names[i]))) {
TALLOC_FREE(tmp_ctx);
- return False;
+ return false;
}
types[i] = my_types[i];
}
TALLOC_FREE(tmp_ctx);
- return True;
+ return true;
}
static bool lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
{
int i;
+ DEBUG(10, ("lookup_rids called for domain sid '%s'\n",
+ sid_string_dbg(domain_sid)));
+
if (num_rids) {
*names = TALLOC_ARRAY(mem_ctx, const char *, num_rids);
*types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids);
if ((*names == NULL) || (*types == NULL)) {
- return False;
+ return false;
}
} else {
*names = NULL;
}
if (*domain_name == NULL) {
- return False;
+ return false;
}
become_root();
}
if (*domain_name == NULL) {
- return False;
+ return false;
}
for (i=0; i<num_rids; i++) {
if (lookup_builtin_rid(*names, rids[i],
&(*names)[i])) {
if ((*names)[i] == NULL) {
- return False;
+ return false;
}
(*types)[i] = SID_NAME_ALIAS;
} else {
(*types)[i] = SID_NAME_UNKNOWN;
}
}
- return True;
+ return true;
}
if (sid_check_is_wellknown_domain(domain_sid, NULL)) {
if (lookup_wellknown_sid(mem_ctx, &sid,
domain_name, &(*names)[i])) {
if ((*names)[i] == NULL) {
- return False;
+ return false;
}
(*types)[i] = SID_NAME_WKN_GRP;
} else {
(*types)[i] = SID_NAME_UNKNOWN;
}
}
- return True;
+ return true;
}
if (sid_check_is_unix_users(domain_sid)) {
if (*domain_name == NULL) {
*domain_name = talloc_strdup(
mem_ctx, unix_users_domain_name());
+ if (*domain_name == NULL) {
+ return false;
+ }
}
for (i=0; i<num_rids; i++) {
(*names)[i] = talloc_strdup(
(*names), uidtoname(rids[i]));
+ if ((*names)[i] == NULL) {
+ return false;
+ }
(*types)[i] = SID_NAME_USER;
}
- return True;
+ return true;
}
if (sid_check_is_unix_groups(domain_sid)) {
if (*domain_name == NULL) {
*domain_name = talloc_strdup(
mem_ctx, unix_groups_domain_name());
+ if (*domain_name == NULL) {
+ return false;
+ }
}
for (i=0; i<num_rids; i++) {
(*names)[i] = talloc_strdup(
(*names), gidtoname(rids[i]));
+ if ((*names)[i] == NULL) {
+ return false;
+ }
(*types)[i] = SID_NAME_DOM_GRP;
}
- return True;
+ return true;
}
return wb_lookup_rids(mem_ctx, domain_sid, num_rids, rids,
if (sid_check_is_domain(sid)) {
*name = talloc_strdup(mem_ctx, get_global_sam_name());
- return True;
+ return true;
}
if (sid_check_is_builtin(sid)) {
*name = talloc_strdup(mem_ctx, builtin_domain_name());
- return True;
+ return true;
}
if (sid_check_is_wellknown_domain(sid, &tmp)) {
*name = talloc_strdup(mem_ctx, tmp);
- return True;
+ return true;
+ }
+
+ if (sid_check_is_unix_users(sid)) {
+ *name = talloc_strdup(mem_ctx, unix_users_domain_name());
+ return true;
+ }
+
+ if (sid_check_is_unix_groups(sid)) {
+ *name = talloc_strdup(mem_ctx, unix_groups_domain_name());
+ return true;
}
if (sid->num_auths != 4) {
/* This can't be a domain */
- return False;
+ return false;
}
if (IS_DC) {
if (!NT_STATUS_IS_OK(pdb_enum_trusteddoms(mem_ctx,
&num_domains,
&domains))) {
- return False;
+ return false;
}
for (i=0; i<num_domains; i++) {
if (sid_equal(sid, &domains[i]->sid)) {
*name = talloc_strdup(mem_ctx,
domains[i]->name);
- return True;
+ return true;
}
}
- return False;
+ return false;
}
if (winbind_lookup_sid(mem_ctx, sid, &tmp, NULL, &type) &&
(type == SID_NAME_DOMAIN)) {
*name = tmp;
- return True;
+ return true;
}
- return False;
+ return false;
}
/*
static bool check_dom_sid_to_level(const DOM_SID *sid, int level)
{
- int ret = False;
+ int ret = false;
switch(level) {
case 1:
- ret = True;
+ ret = true;
break;
case 2:
ret = (!sid_check_is_builtin(sid) &&
ret = sid_check_is_domain(sid);
break;
case 5:
- ret = False;
+ ret = false;
break;
}
DEBUG(10, ("%s SID %s in level %d\n",
ret ? "Accepting" : "Rejecting",
- sid_string_static(sid), level));
+ sid_string_dbg(sid), level));
return ret;
}
}
dom_infos = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_dom_info,
- MAX_REF_DOMAINS);
+ LSA_REF_DOMAIN_LIST_MULTIPLIER);
if (dom_infos == NULL) {
result = NT_STATUS_NO_MEMORY;
goto fail;
} else {
/* This is a normal SID with rid component */
if (!sid_split_rid(&sid, &rid)) {
- result = NT_STATUS_INVALID_PARAMETER;
+ result = NT_STATUS_INVALID_SID;
goto fail;
}
}
continue;
}
- for (j=0; j<MAX_REF_DOMAINS; j++) {
+ for (j=0; j<LSA_REF_DOMAIN_LIST_MULTIPLIER; j++) {
if (!dom_infos[j].valid) {
break;
}
}
}
- if (j == MAX_REF_DOMAINS) {
+ if (j == LSA_REF_DOMAIN_LIST_MULTIPLIER) {
/* TODO: What's the right error message here? */
result = NT_STATUS_NONE_MAPPED;
goto fail;
if (!dom_infos[j].valid) {
/* We found a domain not yet referenced, create a new
* ref. */
- dom_infos[j].valid = True;
+ dom_infos[j].valid = true;
sid_copy(&dom_infos[j].sid, &sid);
if (domain_name != NULL) {
/* Iterate over the domains found */
- for (i=0; i<MAX_REF_DOMAINS; i++) {
+ for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) {
uint32_t *rids;
const char *domain_name = NULL;
const char **names;
struct lsa_dom_info *domain;
struct lsa_name_info *name;
TALLOC_CTX *tmp_ctx;
- bool ret = False;
+ bool ret = false;
+
+ DEBUG(10, ("lookup_sid called for SID '%s'\n", sid_string_dbg(sid)));
if (!(tmp_ctx = talloc_new(mem_ctx))) {
DEBUG(0, ("talloc_new failed\n"));
- return False;
+ return false;
}
if (!NT_STATUS_IS_OK(lookup_sids(tmp_ctx, 1, &sid, 1,
*ret_type = name->type;
}
- ret = True;
+ ret = true;
done:
if (ret) {
- DEBUG(10, ("Sid %s -> %s\\%s(%d)\n",
- sid_string_static(sid), domain->name,
- name->name, name->type));
+ DEBUG(10, ("Sid %s -> %s\\%s(%d)\n", sid_string_dbg(sid),
+ domain->name, name->name, name->type));
} else {
- DEBUG(10, ("failed to lookup sid %s\n",
- sid_string_static(sid)));
+ DEBUG(10, ("failed to lookup sid %s\n", sid_string_dbg(sid)));
}
TALLOC_FREE(tmp_ctx);
return ret;
modified to use linked lists by jra.
*****************************************************************/
-#define MAX_UID_SID_CACHE_SIZE 100
-#define TURNOVER_UID_SID_CACHE_SIZE 10
-#define MAX_GID_SID_CACHE_SIZE 100
-#define TURNOVER_GID_SID_CACHE_SIZE 10
-
-static size_t n_uid_sid_cache = 0;
-static size_t n_gid_sid_cache = 0;
-
-static struct uid_sid_cache {
- struct uid_sid_cache *next, *prev;
- uid_t uid;
- DOM_SID sid;
- enum lsa_SidType sidtype;
-} *uid_sid_cache_head;
-
-static struct gid_sid_cache {
- struct gid_sid_cache *next, *prev;
- gid_t gid;
- DOM_SID sid;
- enum lsa_SidType sidtype;
-} *gid_sid_cache_head;
-
/*****************************************************************
Find a SID given a uid.
-*****************************************************************/
+*****************************************************************/
static bool fetch_sid_from_uid_cache(DOM_SID *psid, uid_t uid)
{
- struct uid_sid_cache *pc;
-
- for (pc = uid_sid_cache_head; pc; pc = pc->next) {
- if (pc->uid == uid) {
- *psid = pc->sid;
- DEBUG(3,("fetch sid from uid cache %u -> %s\n",
- (unsigned int)uid, sid_string_static(psid)));
- DLIST_PROMOTE(uid_sid_cache_head, pc);
- return True;
- }
+ DATA_BLOB cache_value;
+
+ if (!memcache_lookup(NULL, UID_SID_CACHE,
+ data_blob_const(&uid, sizeof(uid)),
+ &cache_value)) {
+ return false;
}
- return False;
+
+ memcpy(psid, cache_value.data, MIN(sizeof(*psid), cache_value.length));
+ SMB_ASSERT(cache_value.length >= offsetof(struct dom_sid, id_auth));
+ SMB_ASSERT(cache_value.length == ndr_size_dom_sid(psid, NULL, 0));
+
+ return true;
}
/*****************************************************************
Find a uid given a SID.
-*****************************************************************/
+*****************************************************************/
static bool fetch_uid_from_cache( uid_t *puid, const DOM_SID *psid )
{
- struct uid_sid_cache *pc;
-
- for (pc = uid_sid_cache_head; pc; pc = pc->next) {
- if (sid_compare(&pc->sid, psid) == 0) {
- *puid = pc->uid;
- DEBUG(3,("fetch uid from cache %u -> %s\n",
- (unsigned int)*puid, sid_string_static(psid)));
- DLIST_PROMOTE(uid_sid_cache_head, pc);
- return True;
- }
+ DATA_BLOB cache_value;
+
+ if (!memcache_lookup(NULL, SID_UID_CACHE,
+ data_blob_const(psid, ndr_size_dom_sid(psid, NULL, 0)),
+ &cache_value)) {
+ return false;
}
- return False;
+
+ SMB_ASSERT(cache_value.length == sizeof(*puid));
+ memcpy(puid, cache_value.data, sizeof(*puid));
+
+ return true;
}
/*****************************************************************
Store uid to SID mapping in cache.
-*****************************************************************/
+*****************************************************************/
void store_uid_sid_cache(const DOM_SID *psid, uid_t uid)
{
- struct uid_sid_cache *pc;
-
- /* do not store SIDs in the "Unix Group" domain */
-
- if ( sid_check_is_in_unix_users( psid ) )
- return;
-
- if (n_uid_sid_cache >= MAX_UID_SID_CACHE_SIZE && n_uid_sid_cache > TURNOVER_UID_SID_CACHE_SIZE) {
- /* Delete the last TURNOVER_UID_SID_CACHE_SIZE entries. */
- struct uid_sid_cache *pc_next;
- size_t i;
-
- for (i = 0, pc = uid_sid_cache_head; i < (n_uid_sid_cache - TURNOVER_UID_SID_CACHE_SIZE); i++, pc = pc->next)
- ;
- for(; pc; pc = pc_next) {
- pc_next = pc->next;
- DLIST_REMOVE(uid_sid_cache_head,pc);
- SAFE_FREE(pc);
- n_uid_sid_cache--;
- }
- }
-
- pc = SMB_MALLOC_P(struct uid_sid_cache);
- if (!pc)
- return;
- pc->uid = uid;
- sid_copy(&pc->sid, psid);
- DLIST_ADD(uid_sid_cache_head, pc);
- n_uid_sid_cache++;
+ memcache_add(NULL, SID_UID_CACHE,
+ data_blob_const(psid, ndr_size_dom_sid(psid, NULL, 0)),
+ data_blob_const(&uid, sizeof(uid)));
+ memcache_add(NULL, UID_SID_CACHE,
+ data_blob_const(&uid, sizeof(uid)),
+ data_blob_const(psid, ndr_size_dom_sid(psid, NULL, 0)));
}
/*****************************************************************
Find a SID given a gid.
-*****************************************************************/
+*****************************************************************/
static bool fetch_sid_from_gid_cache(DOM_SID *psid, gid_t gid)
{
- struct gid_sid_cache *pc;
-
- for (pc = gid_sid_cache_head; pc; pc = pc->next) {
- if (pc->gid == gid) {
- *psid = pc->sid;
- DEBUG(3,("fetch sid from gid cache %u -> %s\n",
- (unsigned int)gid, sid_string_static(psid)));
- DLIST_PROMOTE(gid_sid_cache_head, pc);
- return True;
- }
+ DATA_BLOB cache_value;
+
+ if (!memcache_lookup(NULL, GID_SID_CACHE,
+ data_blob_const(&gid, sizeof(gid)),
+ &cache_value)) {
+ return false;
}
- return False;
+
+ memcpy(psid, cache_value.data, MIN(sizeof(*psid), cache_value.length));
+ SMB_ASSERT(cache_value.length >= offsetof(struct dom_sid, id_auth));
+ SMB_ASSERT(cache_value.length == ndr_size_dom_sid(psid, NULL, 0));
+
+ return true;
}
/*****************************************************************
Find a gid given a SID.
-*****************************************************************/
+*****************************************************************/
static bool fetch_gid_from_cache(gid_t *pgid, const DOM_SID *psid)
{
- struct gid_sid_cache *pc;
-
- for (pc = gid_sid_cache_head; pc; pc = pc->next) {
- if (sid_compare(&pc->sid, psid) == 0) {
- *pgid = pc->gid;
- DEBUG(3,("fetch gid from cache %u -> %s\n",
- (unsigned int)*pgid, sid_string_static(psid)));
- DLIST_PROMOTE(gid_sid_cache_head, pc);
- return True;
- }
+ DATA_BLOB cache_value;
+
+ if (!memcache_lookup(NULL, SID_UID_CACHE,
+ data_blob_const(psid, ndr_size_dom_sid(psid, NULL, 0)),
+ &cache_value)) {
+ return false;
}
- return False;
+
+ SMB_ASSERT(cache_value.length == sizeof(*pgid));
+ memcpy(pgid, cache_value.data, sizeof(*pgid));
+
+ return true;
}
/*****************************************************************
Store gid to SID mapping in cache.
-*****************************************************************/
+*****************************************************************/
void store_gid_sid_cache(const DOM_SID *psid, gid_t gid)
{
- struct gid_sid_cache *pc;
-
- /* do not store SIDs in the "Unix Group" domain */
-
- if ( sid_check_is_in_unix_groups( psid ) )
- return;
-
- if (n_gid_sid_cache >= MAX_GID_SID_CACHE_SIZE && n_gid_sid_cache > TURNOVER_GID_SID_CACHE_SIZE) {
- /* Delete the last TURNOVER_GID_SID_CACHE_SIZE entries. */
- struct gid_sid_cache *pc_next;
- size_t i;
-
- for (i = 0, pc = gid_sid_cache_head; i < (n_gid_sid_cache - TURNOVER_GID_SID_CACHE_SIZE); i++, pc = pc->next)
- ;
- for(; pc; pc = pc_next) {
- pc_next = pc->next;
- DLIST_REMOVE(gid_sid_cache_head,pc);
- SAFE_FREE(pc);
- n_gid_sid_cache--;
- }
- }
-
- pc = SMB_MALLOC_P(struct gid_sid_cache);
- if (!pc)
- return;
- pc->gid = gid;
- sid_copy(&pc->sid, psid);
- DLIST_ADD(gid_sid_cache_head, pc);
-
- DEBUG(3,("store_gid_sid_cache: gid %u in cache -> %s\n", (unsigned int)gid,
- sid_string_static(psid)));
-
- n_gid_sid_cache++;
+ memcache_add(NULL, SID_GID_CACHE,
+ data_blob_const(psid, ndr_size_dom_sid(psid, NULL, 0)),
+ data_blob_const(&gid, sizeof(gid)));
+ memcache_add(NULL, GID_SID_CACHE,
+ data_blob_const(&gid, sizeof(gid)),
+ data_blob_const(psid, ndr_size_dom_sid(psid, NULL, 0)));
}
/*****************************************************************
done:
DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
- sid_string_static(psid)));
+ sid_string_dbg(psid)));
store_uid_sid_cache(psid, uid);
return;
done:
DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
- sid_string_static(psid)));
+ sid_string_dbg(psid)));
store_gid_sid_cache(psid, gid);
return;
if (ret) {
if (type != SID_NAME_USER) {
DEBUG(5, ("sid %s is a %s, expected a user\n",
- sid_string_static(psid),
+ sid_string_dbg(psid),
sid_type_lookup(type)));
- return False;
+ return false;
}
*puid = id.uid;
goto done;
/* This was ours, but it was not mapped. Fail */
}
- DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid)));
- return False;
+ DEBUG(10,("LEGACY: mapping failed for sid %s\n",
+ sid_string_dbg(psid)));
+ return false;
done:
- DEBUG(10,("LEGACY: sid %s -> uid %u\n", sid_string_static(psid),
- (unsigned int)*puid ));
+ DEBUG(10,("LEGACY: sid %s -> uid %u\n", sid_string_dbg(psid),
+ (unsigned int)*puid ));
store_uid_sid_cache(psid, *puid);
- return True;
+ return true;
}
/*****************************************************************
*pgid = map.gid;
goto done;
}
- DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid)));
- return False;
+ DEBUG(10,("LEGACY: mapping failed for sid %s\n",
+ sid_string_dbg(psid)));
+ return false;
}
if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
if (ret) {
if ((type != SID_NAME_DOM_GRP) &&
(type != SID_NAME_ALIAS)) {
- DEBUG(5, ("LEGACY: sid %s is a %s, expected a group\n",
- sid_string_static(psid),
+ DEBUG(5, ("LEGACY: sid %s is a %s, expected "
+ "a group\n", sid_string_dbg(psid),
sid_type_lookup(type)));
- return False;
+ return false;
}
*pgid = id.gid;
goto done;
/* This was ours, but it was not mapped. Fail */
}
- DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid)));
- return False;
+ DEBUG(10,("LEGACY: mapping failed for sid %s\n",
+ sid_string_dbg(psid)));
+ return false;
done:
- DEBUG(10,("LEGACY: sid %s -> gid %u\n", sid_string_static(psid),
+ DEBUG(10,("LEGACY: sid %s -> gid %u\n", sid_string_dbg(psid),
(unsigned int)*pgid ));
store_gid_sid_cache(psid, *pgid);
- return True;
+ return true;
}
/*****************************************************************
void uid_to_sid(DOM_SID *psid, uid_t uid)
{
+ bool expired = true;
+ bool ret;
ZERO_STRUCTP(psid);
if (fetch_sid_from_uid_cache(psid, uid))
return;
- if (!winbind_uid_to_sid(psid, uid)) {
- if (!winbind_ping()) {
+ /* Check the winbindd cache directly. */
+ ret = idmap_cache_find_uid2sid(uid, psid, &expired);
+
+ if (ret && !expired && is_null_sid(psid)) {
+ /*
+ * Negative cache entry, we already asked.
+ * do legacy.
+ */
+ legacy_uid_to_sid(psid, uid);
+ return;
+ }
+
+ if (!ret || expired) {
+ /* Not in cache. Ask winbindd. */
+ if (!winbind_uid_to_sid(psid, uid)) {
+ /*
+ * We shouldn't return the NULL SID
+ * here if winbind was running and
+ * couldn't map, as winbind will have
+ * added a negative entry that will
+ * cause us to go though the
+ * legacy_uid_to_sid()
+ * function anyway in the case above
+ * the next time we ask.
+ */
+ DEBUG(5, ("uid_to_sid: winbind failed to find a sid "
+ "for uid %u\n", (unsigned int)uid));
+
legacy_uid_to_sid(psid, uid);
return;
}
-
- DEBUG(5, ("uid_to_sid: winbind failed to find a sid for uid %u\n",
- uid));
- return;
}
- DEBUG(10,("uid %u -> sid %s\n",
- (unsigned int)uid, sid_string_static(psid)));
+ DEBUG(10,("uid %u -> sid %s\n", (unsigned int)uid,
+ sid_string_dbg(psid)));
store_uid_sid_cache(psid, uid);
return;
void gid_to_sid(DOM_SID *psid, gid_t gid)
{
+ bool expired = true;
+ bool ret;
ZERO_STRUCTP(psid);
if (fetch_sid_from_gid_cache(psid, gid))
return;
- if (!winbind_gid_to_sid(psid, gid)) {
- if (!winbind_ping()) {
+ /* Check the winbindd cache directly. */
+ ret = idmap_cache_find_gid2sid(gid, psid, &expired);
+
+ if (ret && !expired && is_null_sid(psid)) {
+ /*
+ * Negative cache entry, we already asked.
+ * do legacy.
+ */
+ legacy_gid_to_sid(psid, gid);
+ return;
+ }
+
+ if (!ret || expired) {
+ /* Not in cache. Ask winbindd. */
+ if (!winbind_gid_to_sid(psid, gid)) {
+ /*
+ * We shouldn't return the NULL SID
+ * here if winbind was running and
+ * couldn't map, as winbind will have
+ * added a negative entry that will
+ * cause us to go though the
+ * legacy_gid_to_sid()
+ * function anyway in the case above
+ * the next time we ask.
+ */
+ DEBUG(5, ("gid_to_sid: winbind failed to find a sid "
+ "for gid %u\n", (unsigned int)gid));
+
legacy_gid_to_sid(psid, gid);
return;
}
-
- DEBUG(5, ("gid_to_sid: winbind failed to find a sid for gid %u\n",
- gid));
- return;
}
- DEBUG(10,("gid %u -> sid %s\n",
- (unsigned int)gid, sid_string_static(psid)));
-
+ DEBUG(10,("gid %u -> sid %s\n", (unsigned int)gid,
+ sid_string_dbg(psid)));
+
store_gid_sid_cache(psid, gid);
return;
}
bool sid_to_uid(const DOM_SID *psid, uid_t *puid)
{
+ bool expired = true;
+ bool ret;
uint32 rid;
gid_t gid;
if (fetch_uid_from_cache(puid, psid))
- return True;
+ return true;
if (fetch_gid_from_cache(&gid, psid)) {
- return False;
+ return false;
}
/* Optimize for the Unix Users Domain
*puid = uid;
/* return here, don't cache */
- DEBUG(10,("sid %s -> uid %u\n", sid_string_static(psid),
+ DEBUG(10,("sid %s -> uid %u\n", sid_string_dbg(psid),
(unsigned int)*puid ));
- return True;
+ return true;
}
- if (!winbind_sid_to_uid(puid, psid)) {
- if (!winbind_ping()) {
- return legacy_sid_to_uid(psid, puid);
- }
+ /* Check the winbindd cache directly. */
+ ret = idmap_cache_find_sid2uid(psid, puid, &expired);
- DEBUG(5, ("winbind failed to find a uid for sid %s\n",
- sid_string_static(psid)));
- return False;
+ if (ret && !expired && (*puid == (uid_t)-1)) {
+ /*
+ * Negative cache entry, we already asked.
+ * do legacy.
+ */
+ return legacy_sid_to_uid(psid, puid);
+ }
+
+ if (!ret || expired) {
+ /* Not in cache. Ask winbindd. */
+ if (!winbind_sid_to_uid(puid, psid)) {
+ if (!winbind_ping()) {
+ return legacy_sid_to_uid(psid, puid);
+ }
+
+ DEBUG(5, ("winbind failed to find a uid for sid %s\n",
+ sid_string_dbg(psid)));
+ return false;
+ }
}
/* TODO: Here would be the place to allocate both a gid and a uid for
* the SID in question */
- DEBUG(10,("sid %s -> uid %u\n", sid_string_static(psid),
+ DEBUG(10,("sid %s -> uid %u\n", sid_string_dbg(psid),
(unsigned int)*puid ));
store_uid_sid_cache(psid, *puid);
- return True;
+ return true;
}
/*****************************************************************
bool sid_to_gid(const DOM_SID *psid, gid_t *pgid)
{
+ bool expired = true;
+ bool ret;
uint32 rid;
uid_t uid;
if (fetch_gid_from_cache(pgid, psid))
- return True;
+ return true;
if (fetch_uid_from_cache(&uid, psid))
- return False;
+ return false;
/* Optimize for the Unix Groups Domain
* as the conversion is straightforward */
*pgid = gid;
/* return here, don't cache */
- DEBUG(10,("sid %s -> gid %u\n", sid_string_static(psid),
+ DEBUG(10,("sid %s -> gid %u\n", sid_string_dbg(psid),
(unsigned int)*pgid ));
- return True;
+ return true;
}
- /* Ask winbindd if it can map this sid to a gid.
- * (Idmap will check it is a valid SID and of the right type) */
+ /* Check the winbindd cache directly. */
+ ret = idmap_cache_find_sid2gid(psid, pgid, &expired);
- if ( !winbind_sid_to_gid(pgid, psid) ) {
- if (!winbind_ping()) {
- return legacy_sid_to_gid(psid, pgid);
- }
+ if (ret && !expired && (*pgid == (gid_t)-1)) {
+ /*
+ * Negative cache entry, we already asked.
+ * do legacy.
+ */
+ return legacy_sid_to_gid(psid, pgid);
+ }
- DEBUG(10,("winbind failed to find a gid for sid %s\n",
- sid_string_static(psid)));
- return False;
+ if (!ret || expired) {
+ /* Not in cache or negative. Ask winbindd. */
+ /* Ask winbindd if it can map this sid to a gid.
+ * (Idmap will check it is a valid SID and of the right type) */
+
+ if ( !winbind_sid_to_gid(pgid, psid) ) {
+ if (!winbind_ping()) {
+ return legacy_sid_to_gid(psid, pgid);
+ }
+
+ DEBUG(10,("winbind failed to find a gid for sid %s\n",
+ sid_string_dbg(psid)));
+ return false;
+ }
}
- DEBUG(10,("sid %s -> gid %u\n", sid_string_static(psid),
+ DEBUG(10,("sid %s -> gid %u\n", sid_string_dbg(psid),
(unsigned int)*pgid ));
store_gid_sid_cache(psid, *pgid);
-
- return True;
+ return true;
}
-