The branch, master has been updated via 9b9565c3e69 winbindd: set idmap cache entries as the last step in async wb_xids2sids via 62f54229fce winbindd: track whether a result from xid2sid was coming from the cache via 8e9c2a1f6ce winbindd: switch send-next/done order via 7f23ef7b2cf winbindd: update xid in wb_xids2sids_state->xids with what we got via f8bf4fc6086 winbindd: convert id to a pointer in wb_xids2sids_dom_done() via 5d277ea7ea2 winbindd: make xids a const argument to wb_xids2sids_send() via f5a8bc2f945 winbindd: make a copy of xid's in wb_xids2sids_send() from 0a1d1a57092 s3:winbindd: Remove unused arcfour.h from PAM handling
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 9b9565c3e69b92c298c7168e516387bb249c9e36 Author: Ralph Boehme <s...@samba.org> Date: Thu Feb 21 16:55:09 2019 +0100 winbindd: set idmap cache entries as the last step in async wb_xids2sids Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Autobuild-User(master): Volker Lendecke <v...@samba.org> Autobuild-Date(master): Sat Feb 23 09:23:22 CET 2019 on sn-devel-144 commit 62f54229fced20102e11ad1da02faef45c2a7c2e Author: Ralph Boehme <s...@samba.org> Date: Fri Feb 22 11:00:00 2019 +0100 winbindd: track whether a result from xid2sid was coming from the cache This is needed in preparation of moving the step to update the idmap cache from the per-idmap-domain callback wb_xids2sids_dom_done() to the top-level callback wb_xids2sids_done(). Currently the sequence of action is: * check cache, if not found: * ask backends * cache result from backend * return results Iow, if we got something from the cache, we don't write the cache. The next commit defers updating the cache to the top-level callback, so the sequence becomes * check cache, if not found: * ask backends * cache results * return results This has two problems: * it needlessly writes to the cache what we just got from it * it possibly overwrites the ID_TYPE_BOTH for a SID-to-xid mapping in the following case: - existing ID_TYPE_BOTH mapping in the cache, eg: IDMAP/SID2XID/S-1-5-21-2180672342-2513613279-2566592647-512 -> Value: 3000000:B - someone calls wb_xids2sids_send() with xid.id=3000000,xid.type=ID_TYPE_GID - cache lookup with idmap_cache_find_gid2sid() succeeds - when caching results we'd call idmap_cache_set_sid2unixid() with the callers xid.type=ID_TYPE_GID, so idmap_cache_set_sid2unixid() will overwrite the SID-to-xid mapping with ID_TYPE_GID Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> commit 8e9c2a1f6ceb06d695a6572701b96a3e3821ac42 Author: Ralph Boehme <s...@samba.org> Date: Thu Feb 21 16:52:21 2019 +0100 winbindd: switch send-next/done order In preparation of adding more logic to the done step. No change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> commit 7f23ef7b2cf7bd6e8dc087aa15137292b421a689 Author: Ralph Boehme <s...@samba.org> Date: Thu Feb 21 18:40:20 2019 +0100 winbindd: update xid in wb_xids2sids_state->xids with what we got In preparation of priming the idmap cache in the top-level wb_xids2sids_done(), not in the per-idmap-domain callback wb_xids2sids_dom_done(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> commit f8bf4fc608639695651f75c52b31f95e796a5a26 Author: Ralph Boehme <s...@samba.org> Date: Thu Feb 21 18:39:46 2019 +0100 winbindd: convert id to a pointer in wb_xids2sids_dom_done() No change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> commit 5d277ea7ea258676b9ea5081a451a5874af115f6 Author: Ralph Boehme <s...@samba.org> Date: Fri Feb 22 16:29:07 2019 +0100 winbindd: make xids a const argument to wb_xids2sids_send() The previous commit made an internal copy of xids, this commit makes it more obvious that we must not mess with the xids argument but treat it as an in-parameter and don't write to it. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> commit f5a8bc2f945be45cdade5f70d4f975bae8337f67 Author: Ralph Boehme <s...@samba.org> Date: Thu Feb 21 18:34:51 2019 +0100 winbindd: make a copy of xid's in wb_xids2sids_send() This is in preparation of setting the result of the mapping in the top- level callback wb_xids2sids_done(), not in the per-idmap-domain callback wb_xids2sids_dom_done(). When caching the mapping we need the id-type from the backend, so we need a way to pass up that information from wb_xids2sids_dom_done() up to wb_xids2sids_done() The xids array copy gets passed from wb_xids2sids_send() to wb_xids2sids_dom_send(), so wb_xids2sids_dom_done() can then directly update the top-level copy. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/winbindd/wb_xids2sids.c | 74 +++++++++++++++++++++++++++------------ source3/winbindd/winbindd_proto.h | 2 +- 2 files changed, 52 insertions(+), 24 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index 310a645cdff..95dda89e40f 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -357,9 +357,9 @@ static void wb_xids2sids_dom_done(struct tevent_req *subreq) dom_sid_idx = 0; for (i=0; i<state->num_all_xids; i++) { - struct unixid id = state->all_xids[i]; + struct unixid *id = &state->all_xids[i]; - if ((id.id < dom_map->low_id) || (id.id > dom_map->high_id)) { + if ((id->id < dom_map->low_id) || (id->id > dom_map->high_id)) { /* out of range */ continue; } @@ -369,17 +369,7 @@ static void wb_xids2sids_dom_done(struct tevent_req *subreq) } sid_copy(&state->all_sids[i], &state->dom_sids[dom_sid_idx]); - - /* - * Prime the cache after an xid2sid call. It's - * important that we use state->dom_xids for the xid - * value, not state->all_xids: state->all_xids carries - * what we asked for, e.g. a - * ID_TYPE_UID. state->dom_xids holds something the - * idmap child possibly changed to ID_TYPE_BOTH. - */ - idmap_cache_set_sid2unixid( - &state->all_sids[i], &state->dom_xids[dom_sid_idx]); + *id = state->dom_xids[dom_sid_idx]; dom_sid_idx += 1; } @@ -431,6 +421,7 @@ struct wb_xids2sids_state { struct unixid *xids; size_t num_xids; struct dom_sid *sids; + bool *cached; size_t dom_idx; }; @@ -440,7 +431,7 @@ static void wb_xids2sids_init_dom_maps_done(struct tevent_req *subreq); struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct unixid *xids, + const struct unixid *xids, uint32_t num_xids) { struct tevent_req *req, *subreq; @@ -452,14 +443,24 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx, return NULL; } state->ev = ev; - state->xids = xids; state->num_xids = num_xids; + state->xids = talloc_array(state, struct unixid, num_xids); + if (tevent_req_nomem(state->xids, req)) { + return tevent_req_post(req, ev); + } + memcpy(state->xids, xids, num_xids * sizeof(struct unixid)); + state->sids = talloc_zero_array(state, struct dom_sid, num_xids); if (tevent_req_nomem(state->sids, req)) { return tevent_req_post(req, ev); } + state->cached = talloc_zero_array(state, bool, num_xids); + if (tevent_req_nomem(state->cached, req)) { + return tevent_req_post(req, ev); + } + if (winbindd_use_idmap_cache()) { uint32_t i; @@ -487,6 +488,7 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx, dom_sid_str_buf(&sid, &buf)); sid_copy(&state->sids[i], &sid); + state->cached[i] = true; } } } @@ -538,6 +540,7 @@ static void wb_xids2sids_done(struct tevent_req *subreq) struct wb_xids2sids_state *state = tevent_req_data( req, struct wb_xids2sids_state); size_t num_domains = talloc_array_length(dom_maps); + size_t i; NTSTATUS status; status = wb_xids2sids_dom_recv(subreq); @@ -548,18 +551,43 @@ static void wb_xids2sids_done(struct tevent_req *subreq) state->dom_idx += 1; - if (state->dom_idx >= num_domains) { - tevent_req_done(req); + if (state->dom_idx < num_domains) { + subreq = wb_xids2sids_dom_send(state, + state->ev, + &dom_maps[state->dom_idx], + state->xids, + state->num_xids, + state->sids); + if (tevent_req_nomem(subreq, req)) { + return; + } + tevent_req_set_callback(subreq, wb_xids2sids_done, req); return; } - subreq = wb_xids2sids_dom_send( - state, state->ev, &dom_maps[state->dom_idx], - state->xids, state->num_xids, state->sids); - if (tevent_req_nomem(subreq, req)) { - return; + + for (i = 0; i < state->num_xids; i++) { + /* + * Prime the cache after an xid2sid call. It's important that we + * use the xid value returned from the backend for the xid value + * passed to idmap_cache_set_sid2unixid(), not the input to + * wb_xids2sids_send: the input carries what was asked for, + * e.g. a ID_TYPE_UID. The result from the backend something the + * idmap child possibly changed to ID_TYPE_BOTH. + * + * And of course If the value was from the cache don't update + * the cache. + */ + + if (state->cached[i]) { + continue; + } + + idmap_cache_set_sid2unixid(&state->sids[i], &state->xids[i]); } - tevent_req_set_callback(subreq, wb_xids2sids_done, req); + + tevent_req_done(req); + return; } NTSTATUS wb_xids2sids_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index c524d2050df..2a829b0171a 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -919,7 +919,7 @@ NTSTATUS winbindd_sids_to_xids_recv(struct tevent_req *req, struct winbindd_response *response); struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct unixid *xids, + const struct unixid *xids, uint32_t num_xids); NTSTATUS wb_xids2sids_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, struct dom_sid **sids); -- Samba Shared Repository