The branch, v4-7-test has been updated via 603bc01 s3:smbd: fix interaction between chown and SD flags via b99d51f s4:torture/smb2: new test for interaction between chown and SD flags via 6a8939c nsswitch:tests: Add test for wbinfo --user-info via 0c8b0b0 selftest: Add a user with a different userPrincipalName via 67dc018 nsswitch: Lookup the domain in tests with the wb seperator via b3bdf4b nsswitch: Add a test looking up domain sid via 9fbdbe6 nsswitch: Add a test looking up the user using the upn via 0f2e271 winbindd: Name<->SID cache is not sequence number based anymore via a92c5dc winbindd: Move name<->sid cache to gencache via ea49628 winbindd: Factor out winbindd_domain_init_backend from get_cache() via 7626db2 net: Parse namemap_cache in "net cache list" via ccad9a3 lib: Add namemap_cache via afcffa9 lib: Pass blob instead of &blob to gencache_set_data_blob via 18664ed lib: Allow parsing a strv from a non-talloc const buf via 5c5c38b lib: Only call strlen if necessary in strv via 9d402a9 lib: Pass in "strv_len" to strv_valid_entry from 4dc19ac s3: VFS: Fix memory leak in vfs_ceph.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test - Log ----------------------------------------------------------------- commit 603bc0160f9cf3322f7958a530c14fb35262251c Author: Ralph Boehme <s...@samba.org> Date: Thu May 10 12:29:35 2018 +0200 s3:smbd: fix interaction between chown and SD flags A change ownership operation that doesn't set the NT ACLs must not touch the SD flags (type). Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Fri May 11 23:30:32 CEST 2018 on sn-devel-144 (cherry picked from commit ced55850034a3653525823bf9623912a4fcf18a0) Autobuild-User(v4-7-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-7-test): Thu May 24 17:22:35 CEST 2018 on sn-devel-144 commit b99d51f1b88b606f9b162b019ee28c707e1d59a6 Author: Ralph Boehme <s...@samba.org> Date: Thu May 10 12:28:43 2018 +0200 s4:torture/smb2: new test for interaction between chown and SD flags This passes against Windows, but fails against Samba. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 12f6d56c4814fca64e0e3c636018e70d71ad0be5) commit 6a8939ccd46ba02d775760a40b4c8441951eeaaf Author: Andreas Schneider <a...@samba.org> Date: Fri Apr 20 11:20:44 2018 +0200 nsswitch:tests: Add test for wbinfo --user-info BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 2715f52f54e66a73131a92d752a8c2447da1fd33) commit 0c8b0b00ec1675c371d135a53de27aad2ebdc6f9 Author: Andreas Schneider <a...@samba.org> Date: Fri Apr 20 09:38:24 2018 +0200 selftest: Add a user with a different userPrincipalName BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 5319cae00096dcecc29aa9fa675a983352ad64d8) commit 67dc018917b05b46b12b4cdf03fdd515edd539ec Author: Andreas Schneider <a...@samba.org> Date: Mon May 7 13:23:42 2018 +0200 nsswitch: Lookup the domain in tests with the wb seperator Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 4fa811ec7bc301e96f5e40ba281e8d4e8709b94f) commit b3bdf4b6c7af8e702ec26c7dd3d8e6f480b07e50 Author: Andreas Schneider <a...@samba.org> Date: Fri May 4 12:43:05 2018 +0200 nsswitch: Add a test looking up domain sid BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 0aceca6a94e868f9c01a66f79624ca10d80560ab) commit 9fbdbe6fc511ed1179a67c291b8f292b7e798ee3 Author: Andreas Schneider <a...@samba.org> Date: Fri Apr 20 11:24:30 2018 +0200 nsswitch: Add a test looking up the user using the upn BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 0d2f743d826b87b369e25fc6bb9ff61f2b0896aa) commit 0f2e2711e92a433abdc9436ecaf3ba9d773902c8 Author: Volker Lendecke <v...@samba.org> Date: Tue Aug 8 14:24:27 2017 +0200 winbindd: Name<->SID cache is not sequence number based anymore BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit a92c5dc7800a32c4dc58051c111a43b4749d0854 Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 6 18:13:10 2017 +0200 winbindd: Move name<->sid cache to gencache The mapping from name to sid and vice versa has nothing to do with a specific domain. It is publically available. Thus put it into gencache without referring to the domain this was retrieved from BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit ea49628bdc94c960a60d466f963f5d97afa5953e Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 6 18:11:02 2017 +0200 winbindd: Factor out winbindd_domain_init_backend from get_cache() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 7626db2b28b97534afd01753f3da3da9ff5f7ace Author: Volker Lendecke <v...@samba.org> Date: Thu Aug 3 16:26:04 2017 +0200 net: Parse namemap_cache in "net cache list" namemap_cache.c saves these as strv lists: An array of 0-terminated strings. "net cache list" only printfs the values, so they would be cut off. We might want to do this with other gencache values too in the future. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit ccad9a3e03678de1181f4cd59b7160b4647fa240 Author: Volker Lendecke <v...@samba.org> Date: Wed Aug 2 18:11:49 2017 +0200 lib: Add namemap_cache A few functions to maintain lookupname and lookupsid cache in gencache. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit afcffa9e1b022e5e6b0aa74ddb5b76ed4d43ddae Author: Volker Lendecke <v...@samba.org> Date: Wed Aug 2 17:52:40 2017 +0200 lib: Pass blob instead of &blob to gencache_set_data_blob Passing a whole DATA_BLOB is cheap enough to simplify the callers: A caller does not have to create a separate variable. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 18664edf162e3a660e67934c515220c696c73774 Author: Volker Lendecke <v...@samba.org> Date: Wed Aug 2 17:34:25 2017 +0200 lib: Allow parsing a strv from a non-talloc const buf This will allow parsing a tdb record without having to talloc_memdup it BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 5c5c38be03e9c7aa1b04338bcef2bcca52119011 Author: Volker Lendecke <v...@samba.org> Date: Wed Aug 2 17:32:50 2017 +0200 lib: Only call strlen if necessary in strv BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 9d402a960966a51ba96458f401542ffa3801497f Author: Volker Lendecke <v...@samba.org> Date: Wed Aug 2 17:22:34 2017 +0200 lib: Pass in "strv_len" to strv_valid_entry Preparation for a later commit BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/util/strv.c | 50 +++-- lib/util/strv.h | 2 + nsswitch/tests/test_idmap_nss.sh | 4 +- nsswitch/tests/test_idmap_rid.sh | 2 +- nsswitch/tests/test_wbinfo_name_lookup.sh | 13 +- nsswitch/tests/test_wbinfo_user_info.sh | 83 +++++++ selftest/knownfail.d/upn_handling | 11 + selftest/target/Samba4.pm | 19 +- source3/lib/gencache.c | 12 +- source3/lib/gencache.h | 2 +- source3/lib/namemap_cache.c | 323 +++++++++++++++++++++++++++ source3/lib/namemap_cache.h | 45 ++++ source3/libsmb/dsgetdcname.c | 7 +- source3/modules/vfs_acl_common.c | 7 +- source3/selftest/tests.py | 16 +- source3/torture/torture.c | 4 +- source3/utils/net_cache.c | 19 ++ source3/winbindd/wb_dsgetdcname.c | 2 +- source3/winbindd/winbindd_cache.c | 352 +++++++++++++----------------- source3/wscript_build | 1 + source4/torture/smb2/acls.c | 278 +++++++++++++++++++++++ 21 files changed, 1012 insertions(+), 240 deletions(-) create mode 100755 nsswitch/tests/test_wbinfo_user_info.sh create mode 100644 selftest/knownfail.d/upn_handling create mode 100644 source3/lib/namemap_cache.c create mode 100644 source3/lib/namemap_cache.h Changeset truncated at 500 lines: diff --git a/lib/util/strv.c b/lib/util/strv.c index 99ce76f..83d84d9 100644 --- a/lib/util/strv.c +++ b/lib/util/strv.c @@ -62,54 +62,61 @@ int strv_append(TALLOC_CTX *mem_ctx, char **strv, const char *src) return _strv_append(mem_ctx, strv, src, talloc_array_length(src)); } -static bool strv_valid_entry(const char *strv, const char *entry, - size_t *strv_len, size_t *entry_len) +static bool strv_valid_entry(const char *strv, size_t strv_len, + const char *entry, size_t *entry_len) { - size_t len; - - len = talloc_array_length(strv); - if (len == 0) { + if (strv_len == 0) { return false; } - if (strv[len-1] != '\0') { + if (strv[strv_len-1] != '\0') { return false; } if (entry < strv) { return false; } - if (entry >= (strv+len)) { + if (entry >= (strv+strv_len)) { return false; } - *strv_len = len; - *entry_len = strlen(entry); + if (entry_len != NULL) { + *entry_len = strlen(entry); + } return true; } -char *strv_next(char *strv, const char *entry) +const char *strv_len_next(const char *strv, size_t strv_len, + const char *entry) { - size_t len, entry_len; - char *result; + size_t entry_len; if (entry == NULL) { - if (strv_valid_entry(strv, strv, &len, &entry_len)) { + if (strv_valid_entry(strv, strv_len, strv, NULL)) { return strv; } return NULL; } - if (!strv_valid_entry(strv, entry, &len, &entry_len)) { + if (!strv_valid_entry(strv, strv_len, entry, &entry_len)) { return NULL; } - result = &strv[entry - strv]; /* avoid const problems with this stmt */ - result += entry_len + 1; - if (result >= (strv + len)) { + entry += entry_len+1; + + if (entry >= (strv + strv_len)) { return NULL; } - return result; + return entry; +} + +char *strv_next(char *strv, const char *entry) +{ + size_t len = talloc_array_length(strv); + const char *result; + + result = strv_len_next(strv, len, entry); + return discard_const_p(char, result); } size_t strv_count(char *strv) @@ -139,13 +146,14 @@ char *strv_find(char *strv, const char *entry) void strv_delete(char **strv, char *entry) { - size_t len, entry_len; + size_t len = talloc_array_length(*strv); + size_t entry_len; if (entry == NULL) { return; } - if (!strv_valid_entry(*strv, entry, &len, &entry_len)) { + if (!strv_valid_entry(*strv, len, entry, &entry_len)) { return; } entry_len += 1; diff --git a/lib/util/strv.h b/lib/util/strv.h index 398e8ea..89f0402 100644 --- a/lib/util/strv.h +++ b/lib/util/strv.h @@ -26,6 +26,8 @@ int strv_add(TALLOC_CTX *mem_ctx, char **strv, const char *string); int strv_addn(TALLOC_CTX *mem_ctx, char **strv, const char *src, size_t srclen); int strv_append(TALLOC_CTX *mem_ctx, char **strv, const char *src); char *strv_next(char *strv, const char *entry); +const char *strv_len_next(const char *strv, size_t strv_len, + const char *entry); char *strv_find(char *strv, const char *entry); size_t strv_count(char *strv); void strv_delete(char **strv, char *entry); diff --git a/nsswitch/tests/test_idmap_nss.sh b/nsswitch/tests/test_idmap_nss.sh index 5072a0d..1bbc177 100755 --- a/nsswitch/tests/test_idmap_nss.sh +++ b/nsswitch/tests/test_idmap_nss.sh @@ -13,8 +13,8 @@ failed=0 . `dirname $0`/../../testprogs/blackbox/subunit.sh -testit "wbinfo returns domain SID" $wbinfo -n "@$DOMAIN" || exit 1 -DOMAIN_SID=$($wbinfo -n "@$DOMAIN" | cut -f 1 -d " ") +testit "wbinfo returns domain SID" $wbinfo -n "$DOMAIN/" || exit 1 +DOMAIN_SID=$($wbinfo -n "$DOMAIN/" | cut -f 1 -d " ") echo "Domain $DOMAIN has SID $DOMAIN_SID" # Find an unused uid and SID diff --git a/nsswitch/tests/test_idmap_rid.sh b/nsswitch/tests/test_idmap_rid.sh index 7fb5985..8209a50 100755 --- a/nsswitch/tests/test_idmap_rid.sh +++ b/nsswitch/tests/test_idmap_rid.sh @@ -16,7 +16,7 @@ failed=0 . `dirname $0`/../../testprogs/blackbox/subunit.sh -DOMAIN_SID=$($wbinfo -n "@$DOMAIN" | cut -f 1 -d " ") +DOMAIN_SID=$($wbinfo -n "$DOMAIN/" | cut -f 1 -d " ") if [ $? -ne 0 ] ; then echo "Could not find domain SID" | subunit_fail_test "test_idmap_rid" exit 1 diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh index 696e25b..c1d39c1 100755 --- a/nsswitch/tests/test_wbinfo_name_lookup.sh +++ b/nsswitch/tests/test_wbinfo_name_lookup.sh @@ -8,8 +8,9 @@ exit 1; fi DOMAIN=$1 -DC_USERNAME=$2 -shift 2 +REALM=$2 +DC_USERNAME=$3 +shift 3 failed=0 sambabindir="$BINDIR" @@ -22,6 +23,14 @@ testit "name-to-sid.single-separator" \ $wbinfo -n $DOMAIN/$DC_USERNAME || \ failed=$(expr $failed + 1) +testit "name-to-sid.at_domain" \ + $wbinfo -n $DOMAIN/ || \ + failed=$(expr $failed + 1) + +testit "name-to-sid.upn" \ + $wbinfo -n $DC_USERNAME@$REALM || \ + failed=$(expr $failed + 1) + # Two separator characters should fail testit_expect_failure "name-to-sid.double-separator" \ $wbinfo -n $DOMAIN//$DC_USERNAME || \ diff --git a/nsswitch/tests/test_wbinfo_user_info.sh b/nsswitch/tests/test_wbinfo_user_info.sh new file mode 100755 index 0000000..2803ac1 --- /dev/null +++ b/nsswitch/tests/test_wbinfo_user_info.sh @@ -0,0 +1,83 @@ +#!/bin/sh +# Blackbox test for wbinfo lookup for account name and upn +# Copyright (c) 2018 Andreas Schneider <a...@samba.org> + +if [ $# -lt 5 ]; then +cat <<EOF +Usage: $(basename $0) DOMAIN REALM USERNAME1 UPN_NAME1 USERNAME2 UPN_NAME2 +EOF +exit 1; +fi + +DOMAIN=$1 +REALM=$2 +USERNAME1=$3 +UPN_NAME1=$4 +USERNAME2=$5 +UPN_NAME2=$6 +shift 6 + +failed=0 + +samba_bindir="$BINDIR" +wbinfo_tool="$VALGRIND $samba_bindir/wbinfo" + +UPN1="$UPN_NAME1@$REALM" +UPN2="$UPN_NAME2@$REALM" + +. $(dirname $0)/../../testprogs/blackbox/subunit.sh + +test_user_info() +{ + local cmd out ret user domain upn userinfo + + domain="$1" + user="$2" + upn="$3" + + if [ $# -lt 3 ]; then + userinfo="$domain/$user" + else + userinfo="$upn" + fi + + cmd='$wbinfo_tool --user-info $userinfo' + eval echo "$cmd" + out=$(eval $cmd) + ret=$? + if [ $ret -ne 0 ]; then + echo "failed to lookup $userinfo" + echo "$out" + return 1 + fi + + echo "$out" | grep "$domain/$user:.*:.*:.*::/home/$domain/Domain Users/$user" + ret=$? + if [ $ret != 0 ]; then + echo "failed to lookup $userinfo" + echo "$out" + return 1 + fi + + return 0 +} + +testit "name_to_sid.domain.$USERNAME1" $wbinfo_tool --name-to-sid $DOMAIN/$USERNAME1 || failed=$(expr $failed + 1) +testit "name_to_sid.upn.$UPN_NAME1" $wbinfo_tool --name-to-sid $UPN1 || failed=$(expr $failed + 1) + +testit "user_info.domain.$USERNAME1" test_user_info $DOMAIN $USERNAME1 || failed=$(expr $failed + 1) +testit "user_info.upn.$UPN_NAME1" test_user_info $DOMAIN $USERNAME1 $UPN1 || failed=$(expr $failed + 1) + +testit "name_to_sid.domain.$USERNAME2" $wbinfo_tool --name-to-sid $DOMAIN/$USERNAME2 || failed=$(expr $failed + 1) +testit "name_to_sid.upn.$UPN_NAME2" $wbinfo_tool --name-to-sid $UPN2 || failed=$(expr $failed + 1) + +testit "user_info.domain.$USERNAME2" test_user_info $DOMAIN $USERNAME2 || failed=$(expr $failed + 1) +testit "user_info.upn.$UPN_NAME2" test_user_info $DOMAIN $USERNAME2 $UPN2 || failed=$(expr $failed + 1) + +USERNAME3="testdenied" +UPN_NAME3="testdenied_upn" +UPN3="$UPN_NAME3@${REALM}.upn" +testit "name_to_sid.upn.$UPN_NAME3" $wbinfo_tool --name-to-sid $UPN3 || failed=$(expr $failed + 1) +testit "user_info.upn.$UPN_NAME3" test_user_info $DOMAIN $USERNAME3 $UPN3 || failed=$(expr $failed + 1) + +exit $failed diff --git a/selftest/knownfail.d/upn_handling b/selftest/knownfail.d/upn_handling new file mode 100644 index 0000000..308c294 --- /dev/null +++ b/selftest/knownfail.d/upn_handling @@ -0,0 +1,11 @@ +^samba3\.wbinfo_user_info\.name_to_sid\.upn\.jane\.doe.ad_member +^samba3\.wbinfo_user_info\.user_info\.upn\.jane\.doe.ad_member +^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.ad_member +^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.ad_member +^samba3\.wbinfo_user_info\.user_info\.domain\.alice.fl2008r2dc +^samba3\.wbinfo_user_info\.user_info\.upn\.alice.fl2008r2dc +^samba3\.wbinfo_user_info\.name_to_sid\.upn\.jane\.doe.fl2008r2dc +^samba3\.wbinfo_user_info\.user_info\.domain\.jane.fl2008r2dc +^samba3\.wbinfo_user_info\.user_info\.upn\.jane\.doe.fl2008r2dc +^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.fl2008r2dc +^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.fl2008r2dc diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 6a1856e..7da68c4 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -840,7 +840,7 @@ userPrincipalName: testdenied_upn\@$ctx->{realm}.upn } # Create to users alice and bob! - my $user_account_array = ["alice", "bob"]; + my $user_account_array = ["alice", "bob", "jane"]; foreach my $user_account (@{$user_account_array}) { my $samba_tool_cmd = ""; @@ -855,6 +855,23 @@ userPrincipalName: testdenied_upn\@$ctx->{realm}.upn } } + my $ldbmodify = ""; + $ldbmodify .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $ldbmodify .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" "; + $ldbmodify .= Samba::bindir_path($self, "ldbmodify"); + + my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm})); + my $user_dn = "cn=jane,cn=users,$base_dn"; + + open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb"); + print LDIF "dn: $user_dn +changetype: modify +replace: userPrincipalName +userPrincipalName: jane.doe\@$ctx->{realm} +- +"; + close(LDIF); + return $ret; } diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c index 1572825..83fa67c 100644 --- a/source3/lib/gencache.c +++ b/source3/lib/gencache.c @@ -275,7 +275,7 @@ static int last_stabilize_parser(TDB_DATA key, TDB_DATA data, * @retval false on failure **/ -bool gencache_set_data_blob(const char *keystr, const DATA_BLOB *blob, +bool gencache_set_data_blob(const char *keystr, DATA_BLOB blob, time_t timeout) { int ret; @@ -291,7 +291,7 @@ bool gencache_set_data_blob(const char *keystr, const DATA_BLOB *blob, return false; } - if ((keystr == NULL) || (blob == NULL)) { + if ((keystr == NULL) || (blob.data == NULL)) { return false; } @@ -299,7 +299,7 @@ bool gencache_set_data_blob(const char *keystr, const DATA_BLOB *blob, return false; } - if ((timeout != 0) && gencache_have_val(keystr, blob, timeout)) { + if ((timeout != 0) && gencache_have_val(keystr, &blob, timeout)) { DEBUG(10, ("Did not store value for %s, we already got it\n", keystr)); return true; @@ -310,12 +310,12 @@ bool gencache_set_data_blob(const char *keystr, const DATA_BLOB *blob, if (hdr_len == -1) { return false; } - if ((blob->length + (size_t)hdr_len) < blob->length) { + if ((blob.length + (size_t)hdr_len) < blob.length) { return false; } dbufs[0] = (TDB_DATA) { .dptr = (uint8_t *)hdr, .dsize = hdr_len }; - dbufs[1] = (TDB_DATA) { .dptr = blob->data, .dsize = blob->length }; + dbufs[1] = (TDB_DATA) { .dptr = blob.data, .dsize = blob.length }; DEBUG(10, ("Adding cache entry with key=[%s] and timeout=" "[%s] (%d seconds %s)\n", keystr, @@ -842,7 +842,7 @@ bool gencache_get(const char *keystr, TALLOC_CTX *mem_ctx, char **value, bool gencache_set(const char *keystr, const char *value, time_t timeout) { DATA_BLOB blob = data_blob_const(value, strlen(value)+1); - return gencache_set_data_blob(keystr, &blob, timeout); + return gencache_set_data_blob(keystr, blob, timeout); } struct gencache_iterate_blobs_state { diff --git a/source3/lib/gencache.h b/source3/lib/gencache.h index 4371835..fa72a4a 100644 --- a/source3/lib/gencache.h +++ b/source3/lib/gencache.h @@ -40,7 +40,7 @@ bool gencache_get_data_blob(const char *keystr, TALLOC_CTX *mem_ctx, DATA_BLOB *blob, time_t *timeout, bool *was_expired); bool gencache_stabilize(void); -bool gencache_set_data_blob(const char *keystr, const DATA_BLOB *blob, +bool gencache_set_data_blob(const char *keystr, DATA_BLOB blob, time_t timeout); void gencache_iterate_blobs(void (*fn)(const char *key, DATA_BLOB value, time_t timeout, void *private_data), diff --git a/source3/lib/namemap_cache.c b/source3/lib/namemap_cache.c new file mode 100644 index 0000000..0d6ed32 --- /dev/null +++ b/source3/lib/namemap_cache.c @@ -0,0 +1,323 @@ +/* + * Unix SMB/CIFS implementation. + * Utils for caching sid2name and name2sid + * Copyright (C) Volker Lendecke 2017 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include "replace.h" +#include "namemap_cache.h" +#include "source3/lib/gencache.h" +#include "lib/util/debug.h" +#include "lib/util/strv.h" +#include "lib/util/talloc_stack.h" +#include "lib/util/charset/charset.h" +#include "libcli/security/dom_sid.h" + +bool namemap_cache_set_sid2name(const struct dom_sid *sid, + const char *domain, const char *name, + enum lsa_SidType type, time_t timeout) +{ + char typebuf[16]; + char sidbuf[DOM_SID_STR_BUFLEN]; + char keybuf[DOM_SID_STR_BUFLEN+10]; + char *val = NULL; + DATA_BLOB data; + int ret; + bool ok = false; + + if ((sid == NULL) || is_null_sid(sid)) { + return true; + } + if (domain == NULL) { + domain = ""; + } + if (name == NULL) { + name = ""; + } + if (type == SID_NAME_UNKNOWN) { + domain = ""; + name = ""; + } + + snprintf(typebuf, sizeof(typebuf), "%d", (int)type); + snprintf(keybuf, sizeof(keybuf), "SID2NAME/%s", sidbuf); + + ret = strv_add(talloc_tos(), &val, domain); + if (ret != 0) { + DBG_DEBUG("strv_add failed: %s\n", strerror(ret)); + goto fail; + } + ret = strv_add(NULL, &val, name); + if (ret != 0) { + DBG_DEBUG("strv_add failed: %s\n", strerror(ret)); + goto fail; + } + ret = strv_add(NULL, &val, typebuf); + if (ret != 0) { + DBG_DEBUG("strv_add failed: %s\n", strerror(ret)); + goto fail; + } + + dom_sid_string_buf(sid, sidbuf, sizeof(sidbuf)); + snprintf(keybuf, sizeof(keybuf), "SID2NAME/%s", sidbuf); + + data = data_blob_const(val, talloc_get_size(val)); + + ok = gencache_set_data_blob(keybuf, data, timeout); + if (!ok) { + DBG_DEBUG("gencache_set_data_blob failed\n"); + } +fail: + TALLOC_FREE(val); + return ok; +} + +struct namemap_cache_find_sid_state { + void (*fn)(const char *domain, const char *name, + enum lsa_SidType type, time_t timeout, + void *private_data); + void *private_data; + bool ok; +}; + +static void namemap_cache_find_sid_parser(time_t timeout, DATA_BLOB blob, + void *private_data) +{ + struct namemap_cache_find_sid_state *state = private_data; + const char *strv = (const char *)blob.data; + size_t strv_len = blob.length; + const char *domain; + const char *name; + const char *typebuf; + char *endptr; + unsigned long type; + + state->ok = false; + -- Samba Shared Repository