The branch, master has been updated via 41c72ae9f95 examples: Update winbindd.stp and its generator script via 3e747891a04 s3:winbind: Convert Ping parent/child call to NDR via 0d668dfb751 s3:winbind: Return NTSTATUS from wbint_Ping() RPC function via 00ea654961a s3:winbind: Convert wcache_opnum_cacheable() to a whitelist from c788ed7b8b4 samba-gpupdate: Implement enhanced logging
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 41c72ae9f9530e04e249bbd73356bb44a7e945e4 Author: Samuel Cabrero <scabr...@samba.org> Date: Wed Mar 9 12:11:00 2022 +0100 examples: Update winbindd.stp and its generator script Signed-off-by: Samuel Cabrero <scabr...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Fri Mar 25 17:57:18 UTC 2022 on sn-devel-184 commit 3e747891a04a161b34e8be1aab03371632ede192 Author: Samuel Cabrero <scabr...@samba.org> Date: Wed Feb 16 13:41:05 2022 +0100 s3:winbind: Convert Ping parent/child call to NDR Signed-off-by: Samuel Cabrero <scabr...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 0d668dfb75145af654eb779bdbbc0261d8f5bb15 Author: Samuel Cabrero <scabr...@samba.org> Date: Wed Mar 9 11:56:33 2022 +0100 s3:winbind: Return NTSTATUS from wbint_Ping() RPC function There are no users of this function but the next commit will convert the struct-based WINBINDD_PING call to a local RPC wbint_Ping() call. Signed-off-by: Samuel Cabrero <scabr...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 00ea654961a790acd17e445b1eb0aec3296a60cc Author: Samuel Cabrero <scabr...@samba.org> Date: Wed Mar 9 17:44:17 2022 +0100 s3:winbind: Convert wcache_opnum_cacheable() to a whitelist It avoids having to explicitly blacklist new DCE/RPC calls. This is the current list of non cacheable calls: NDR_WBINT_PING NDR_WBINT_QUERYSEQUENCENUMBER NDR_WBINT_ALLOCATEUID NDR_WBINT_ALLOCATEGID NDR_WBINT_CHECKMACHINEACCOUNT NDR_WBINT_CHANGEMACHINEACCOUNT NDR_WBINT_PINGDC NDR_WBINT_LISTTRUSTEDDOMAINS It includes the ListTrustedDomains call recently converted to a local RPC call. Signed-off-by: Samuel Cabrero <scabr...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: examples/systemtap/generate-winbindd.stp.sh | 4 +-- examples/systemtap/winbindd.stp | 42 ++++++++++++++--------------- librpc/idl/winbind.idl | 2 +- source3/winbindd/winbindd_async.c | 34 ----------------------- source3/winbindd/winbindd_cache.c | 24 ++++++++++------- source3/winbindd/winbindd_domain.c | 4 --- source3/winbindd/winbindd_domain_info.c | 38 ++++++++++++++++---------- source3/winbindd/winbindd_dual_srv.c | 3 ++- source3/winbindd/winbindd_idmap.c | 4 --- source3/winbindd/winbindd_locator.c | 4 --- source3/winbindd/winbindd_proto.h | 3 --- source3/winbindd/wscript_build | 1 - 12 files changed, 65 insertions(+), 98 deletions(-) delete mode 100644 source3/winbindd/winbindd_async.c Changeset truncated at 500 lines: diff --git a/examples/systemtap/generate-winbindd.stp.sh b/examples/systemtap/generate-winbindd.stp.sh index ec8e3af2828..5a4507874e4 100755 --- a/examples/systemtap/generate-winbindd.stp.sh +++ b/examples/systemtap/generate-winbindd.stp.sh @@ -2,13 +2,13 @@ outfile="$(dirname $0)/winbindd.stp" -child_funcs="winbindd_dual_ping -winbindd_dual_init_connection +child_funcs="winbindd_dual_init_connection winbindd_dual_pam_auth winbindd_dual_pam_auth_crap winbindd_dual_pam_logoff winbindd_dual_pam_chng_pswd_auth_crap winbindd_dual_pam_chauthtok +_wbint_Ping _wbint_ListTrustedDomains _wbint_LookupSid _wbint_LookupSids diff --git a/examples/systemtap/winbindd.stp b/examples/systemtap/winbindd.stp index 60dd80a5c76..94f05596771 100644 --- a/examples/systemtap/winbindd.stp +++ b/examples/systemtap/winbindd.stp @@ -2,7 +2,7 @@ # # Systemtap script to instrument winbindd # -# Generated by examples/systemtap/generate-winbindd.stp.sh on mar 15 feb 2022 17:45:48 CET, do not edit +# Generated by examples/systemtap/generate-winbindd.stp.sh on mié 09 mar 2022 12:10:37 CET, do not edit # # Usage: # @@ -23,26 +23,6 @@ probe begin { printf("Collecting data, press ctrl-C to stop... ") } -# -# winbind domain child function winbindd_dual_ping -# - -probe process("winbindd").function("winbindd_dual_ping") { - dc_running[tid(), "winbindd_dual_ping"] = gettimeofday_us() -} - -probe process("winbindd").function("winbindd_dual_ping").return { - if (!([tid(), "winbindd_dual_ping"] in dc_running)) - next - - end = gettimeofday_us() - begin = dc_running[tid(), "winbindd_dual_ping"] - delete dc_running[tid(), "winbindd_dual_ping"] - - duration = end - begin - dc_svctime["winbindd_dual_ping"] <<< duration -} - # # winbind domain child function winbindd_dual_init_connection # @@ -163,6 +143,26 @@ probe process("winbindd").function("winbindd_dual_pam_chauthtok").return { dc_svctime["winbindd_dual_pam_chauthtok"] <<< duration } +# +# winbind domain child function _wbint_Ping +# + +probe process("winbindd").function("_wbint_Ping") { + dc_running[tid(), "_wbint_Ping"] = gettimeofday_us() +} + +probe process("winbindd").function("_wbint_Ping").return { + if (!([tid(), "_wbint_Ping"] in dc_running)) + next + + end = gettimeofday_us() + begin = dc_running[tid(), "_wbint_Ping"] + delete dc_running[tid(), "_wbint_Ping"] + + duration = end - begin + dc_svctime["_wbint_Ping"] <<< duration +} + # # winbind domain child function _wbint_ListTrustedDomains # diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl index 4acad1b091f..c7ca95d1a69 100644 --- a/librpc/idl/winbind.idl +++ b/librpc/idl/winbind.idl @@ -13,7 +13,7 @@ interface winbind { /* Private methods */ - void wbint_Ping( + NTSTATUS wbint_Ping( [in] uint32 in_data, [out] uint32 *out_data ); diff --git a/source3/winbindd/winbindd_async.c b/source3/winbindd/winbindd_async.c deleted file mode 100644 index 75dfa0e54e3..00000000000 --- a/source3/winbindd/winbindd_async.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Async helpers for blocking functions - - Copyright (C) Volker Lendecke 2005 - Copyright (C) Gerald Carter 2006 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "winbindd.h" -#include "../libcli/security/security.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -enum winbindd_result winbindd_dual_ping(struct winbindd_domain *domain, - struct winbindd_cli_state *state) -{ - return WINBINDD_OK; -} diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 631b3277164..9a3238a8002 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -4644,16 +4644,22 @@ static bool wcache_ndr_key(TALLOC_CTX *mem_ctx, const char *domain_name, static bool wcache_opnum_cacheable(uint32_t opnum) { switch (opnum) { - case NDR_WBINT_PING: - case NDR_WBINT_QUERYSEQUENCENUMBER: - case NDR_WBINT_ALLOCATEUID: - case NDR_WBINT_ALLOCATEGID: - case NDR_WBINT_CHECKMACHINEACCOUNT: - case NDR_WBINT_CHANGEMACHINEACCOUNT: - case NDR_WBINT_PINGDC: - return false; + case NDR_WBINT_LOOKUPSID: + case NDR_WBINT_LOOKUPSIDS: + case NDR_WBINT_LOOKUPNAME: + case NDR_WBINT_SIDS2UNIXIDS: + case NDR_WBINT_UNIXIDS2SIDS: + case NDR_WBINT_GETNSSINFO: + case NDR_WBINT_LOOKUPUSERALIASES: + case NDR_WBINT_LOOKUPUSERGROUPS: + case NDR_WBINT_LOOKUPGROUPMEMBERS: + case NDR_WBINT_QUERYGROUPLIST: + case NDR_WBINT_QUERYUSERRIDLIST: + case NDR_WBINT_DSGETDCNAME: + case NDR_WBINT_LOOKUPRIDS: + return true; } - return true; + return false; } bool wcache_fetch_ndr(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, diff --git a/source3/winbindd/winbindd_domain.c b/source3/winbindd/winbindd_domain.c index fdf5768c526..0f395006883 100644 --- a/source3/winbindd/winbindd_domain.c +++ b/source3/winbindd/winbindd_domain.c @@ -27,10 +27,6 @@ static const struct winbindd_child_dispatch_table domain_dispatch_table[] = { { - .name = "PING", - .struct_cmd = WINBINDD_PING, - .struct_fn = winbindd_dual_ping, - },{ .name = "INIT_CONNECTION", .struct_cmd = WINBINDD_INIT_CONNECTION, .struct_fn = winbindd_dual_init_connection, diff --git a/source3/winbindd/winbindd_domain_info.c b/source3/winbindd/winbindd_domain_info.c index a9319849729..c4364d99ad3 100644 --- a/source3/winbindd/winbindd_domain_info.c +++ b/source3/winbindd/winbindd_domain_info.c @@ -21,10 +21,12 @@ #include "winbindd.h" #include "lib/util/string_wrappers.h" #include "lib/global_contexts.h" +#include "librpc/gen_ndr/ndr_winbind_c.h" struct winbindd_domain_info_state { struct winbindd_domain *domain; - struct winbindd_request ping_request; + uint32_t in; + uint32_t out; }; static void winbindd_domain_info_done(struct tevent_req *subreq); @@ -62,14 +64,17 @@ struct tevent_req *winbindd_domain_info_send( return tevent_req_post(req, ev); } - state->ping_request.cmd = WINBINDD_PING; - /* * Send a ping down. This implicitly initializes the domain. */ - subreq = wb_domain_request_send(state, global_event_context(), - state->domain, &state->ping_request); + state->in = cli->pid; + state->out = 0; + subreq = dcerpc_wbint_Ping_send(state, + global_event_context(), + dom_child_handle(state->domain), + state->in, + &state->out); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } @@ -84,19 +89,24 @@ static void winbindd_domain_info_done(struct tevent_req *subreq) subreq, struct tevent_req); struct winbindd_domain_info_state *state = tevent_req_data( req, struct winbindd_domain_info_state); - struct winbindd_response *response; - int ret, err; + NTSTATUS status, result; - ret = wb_domain_request_recv(subreq, state, &response, &err); + status = dcerpc_wbint_Ping_recv(subreq, state, &result); TALLOC_FREE(subreq); - if (ret == -1) { - DBG_DEBUG("wb_domain_request failed: %s\n", strerror(err)); - tevent_req_nterror(req, map_nt_error_from_unix(err)); + if (tevent_req_nterror(req, status)) { + DBG_NOTICE("dcerpc_wbint_Ping call failed: %s\n", + nt_errstr(status)); + return; + } + + if (tevent_req_nterror(req, result)) { + DBG_NOTICE("dcerpc_wbint_Ping failed: %s\n", + nt_errstr(result)); return; } if (!state->domain->initialized) { - DBG_INFO("wb_domain_request did not initialize domain %s\n", + DBG_INFO("dcerpc_wbint_Ping did not initialize domain %s\n", state->domain->name); tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); return; @@ -114,8 +124,8 @@ NTSTATUS winbindd_domain_info_recv(struct tevent_req *req, NTSTATUS status; if (tevent_req_is_nterror(req, &status)) { - DBG_DEBUG("winbindd_domain_info failed: %s\n", - nt_errstr(status)); + DBG_NOTICE("winbindd_domain_info failed: %s\n", + nt_errstr(status)); return status; } diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index 3daa8468ddc..a59ecafe695 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -40,9 +40,10 @@ #include "libsmb/dsgetdcname.h" #include "lib/global_contexts.h" -void _wbint_Ping(struct pipes_struct *p, struct wbint_Ping *r) +NTSTATUS _wbint_Ping(struct pipes_struct *p, struct wbint_Ping *r) { *r->out.out_data = r->in.in_data; + return NT_STATUS_OK; } bool reset_cm_connection_on_error(struct winbindd_domain *domain, diff --git a/source3/winbindd/winbindd_idmap.c b/source3/winbindd/winbindd_idmap.c index 41be6f14479..79775a03c8b 100644 --- a/source3/winbindd/winbindd_idmap.c +++ b/source3/winbindd/winbindd_idmap.c @@ -70,10 +70,6 @@ struct dcerpc_binding_handle *idmap_child_handle(void) static const struct winbindd_child_dispatch_table idmap_dispatch_table[] = { { - .name = "PING", - .struct_cmd = WINBINDD_PING, - .struct_fn = winbindd_dual_ping, - },{ .name = "NDRCMD", .struct_cmd = WINBINDD_DUAL_NDRCMD, .struct_fn = winbindd_dual_ndrcmd, diff --git a/source3/winbindd/winbindd_locator.c b/source3/winbindd/winbindd_locator.c index 55b64555376..e31d1031bb9 100644 --- a/source3/winbindd/winbindd_locator.c +++ b/source3/winbindd/winbindd_locator.c @@ -41,10 +41,6 @@ struct dcerpc_binding_handle *locator_child_handle(void) static const struct winbindd_child_dispatch_table locator_dispatch_table[] = { { - .name = "PING", - .struct_cmd = WINBINDD_PING, - .struct_fn = winbindd_dual_ping, - },{ .name = "NDRCMD", .struct_cmd = WINBINDD_DUAL_NDRCMD, .struct_fn = winbindd_dual_ndrcmd, diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index b9b7be40245..d61915241d3 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -552,9 +552,6 @@ bool parse_xidlist(TALLOC_CTX *mem_ctx, const char *xidstr, void winbindd_wins_byname(struct winbindd_cli_state *state); -enum winbindd_result winbindd_dual_ping(struct winbindd_domain *domain, - struct winbindd_cli_state *state); - struct dcerpc_binding_handle *wbint_binding_handle(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, struct winbindd_child *child); diff --git a/source3/winbindd/wscript_build b/source3/winbindd/wscript_build index 2ee46903abc..c1439572cad 100644 --- a/source3/winbindd/wscript_build +++ b/source3/winbindd/wscript_build @@ -190,7 +190,6 @@ bld.SAMBA3_SUBSYSTEM('winbindd-lib', winbindd_dual.c winbindd_dual_ndr.c winbindd_dual_srv.c - winbindd_async.c winbindd_creds.c winbindd_cred_cache.c winbindd_ccache_access.c -- Samba Shared Repository