From d585003d07f5868501ff10021fc64f5364041922 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 2 Mar 2012 05:08:17 +0100 Subject: [PATCH 1/3] s3:winbindd: discard the expired gid cache if we're online (bug #9002) This matches the uid case... metze --- source3/winbindd/winbindd_sids_to_xids.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/source3/winbindd/winbindd_sids_to_xids.c b/source3/winbindd/winbindd_sids_to_xids.c index 8201739..aa179b7 100644 --- a/source3/winbindd/winbindd_sids_to_xids.c +++ b/source3/winbindd/winbindd_sids_to_xids.c @@ -130,7 +130,7 @@ static bool winbindd_sids_to_xids_in_cache(struct dom_sid *sid, return false; } if (idmap_cache_find_sid2unixid(sid, &id, &expired)) { - if (expired && is_domain_offline(find_our_domain())) { + if (expired && is_domain_online(find_our_domain())) { return false; } map->sid = sid; -- 1.7.4.1 From b8e76a958f84cdacdc4740584732d34d076ce7e5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 24 May 2012 09:08:21 +0200 Subject: [PATCH 2/3] s3:winbindd: do not expose negative cache idmap entries as valid mappings (bug #9002) metze --- source3/winbindd/winbindd_sids_to_xids.c | 25 +++++++++++++++++++------ 1 files changed, 19 insertions(+), 6 deletions(-) diff --git a/source3/winbindd/winbindd_sids_to_xids.c b/source3/winbindd/winbindd_sids_to_xids.c index aa179b7..09d9a9b 100644 --- a/source3/winbindd/winbindd_sids_to_xids.c +++ b/source3/winbindd/winbindd_sids_to_xids.c @@ -240,22 +240,30 @@ NTSTATUS winbindd_sids_to_xids_recv(struct tevent_req *req, for (i=0; inum_sids; i++) { char type; - uint64_t unix_id = (uint64_t)-1; + uint32_t unix_id = UINT32_MAX; bool found = true; if (state->cached[i].sid != NULL) { unix_id = state->cached[i].xid.id; - if (state->cached[i].xid.type == ID_TYPE_UID) { + + switch (state->cached[i].xid.type) { + case ID_TYPE_UID: type = 'U'; - } else { + break; + case ID_TYPE_GID: type = 'G'; + break; + case ID_TYPE_BOTH: + type = 'B'; + break; + default: + found = false; + break; } } else { struct unixid id; + unix_id = state->ids.ids[num_non_cached].unix_id; - if (unix_id == -1) { - found = false; - } id.id = unix_id; id.type = state->ids.ids[num_non_cached].type; @@ -275,10 +283,15 @@ NTSTATUS winbindd_sids_to_xids_recv(struct tevent_req *req, break; default: found = false; + break; } num_non_cached += 1; } + if (unix_id == UINT32_MAX) { + found = false; + } + if (found) { result = talloc_asprintf_append_buffer( result, "%c%lu\n", type, -- 1.7.4.1 From 677c816d199902e9ffba73d2451cda93991797e4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 20 Jun 2012 14:07:51 +0200 Subject: [PATCH 3/3] s3:idmap_cache: also store negative entries for unknown sids metze --- source3/lib/idmap_cache.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c index 011a017..edf37a8 100644 --- a/source3/lib/idmap_cache.c +++ b/source3/lib/idmap_cache.c @@ -89,6 +89,10 @@ bool idmap_cache_find_sid2unixid(const struct dom_sid *sid, struct unixid *id, tmp_id.type = ID_TYPE_BOTH; break; + case 'N': + tmp_id.type = ID_TYPE_NOT_SPECIFIED; + break; + case '\0': DEBUG(0, ("FAILED to parse value for key [%s] " "(id=[%llu], endptr=[%s]): " @@ -289,6 +293,9 @@ void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_i case ID_TYPE_BOTH: fstr_sprintf(value, "%d:B", (int)unix_id->id); break; + case ID_TYPE_NOT_SPECIFIED: + fstr_sprintf(value, "%d:N", (int)unix_id->id); + break; default: return; } -- 1.7.4.1