The branch, master has been updated
via 41c72ae9f95 examples: Update winbindd.stp and its generator script
via 3e747891a04 s3:winbind: Convert Ping parent/child call to NDR
via 0d668dfb751 s3:winbind: Return NTSTATUS from wbint_Ping() RPC
function
via 00ea654961a s3:winbind: Convert wcache_opnum_cacheable() to a
whitelist
from c788ed7b8b4 samba-gpupdate: Implement enhanced logging
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 41c72ae9f9530e04e249bbd73356bb44a7e945e4
Author: Samuel Cabrero <scabr...@samba.org>
Date: Wed Mar 9 12:11:00 2022 +0100
examples: Update winbindd.stp and its generator script
Signed-off-by: Samuel Cabrero <scabr...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Fri Mar 25 17:57:18 UTC 2022 on sn-devel-184
commit 3e747891a04a161b34e8be1aab03371632ede192
Author: Samuel Cabrero <scabr...@samba.org>
Date: Wed Feb 16 13:41:05 2022 +0100
s3:winbind: Convert Ping parent/child call to NDR
Signed-off-by: Samuel Cabrero <scabr...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 0d668dfb75145af654eb779bdbbc0261d8f5bb15
Author: Samuel Cabrero <scabr...@samba.org>
Date: Wed Mar 9 11:56:33 2022 +0100
s3:winbind: Return NTSTATUS from wbint_Ping() RPC function
There are no users of this function but the next commit will convert the
struct-based WINBINDD_PING call to a local RPC wbint_Ping() call.
Signed-off-by: Samuel Cabrero <scabr...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 00ea654961a790acd17e445b1eb0aec3296a60cc
Author: Samuel Cabrero <scabr...@samba.org>
Date: Wed Mar 9 17:44:17 2022 +0100
s3:winbind: Convert wcache_opnum_cacheable() to a whitelist
It avoids having to explicitly blacklist new DCE/RPC calls.
This is the current list of non cacheable calls:
NDR_WBINT_PING
NDR_WBINT_QUERYSEQUENCENUMBER
NDR_WBINT_ALLOCATEUID
NDR_WBINT_ALLOCATEGID
NDR_WBINT_CHECKMACHINEACCOUNT
NDR_WBINT_CHANGEMACHINEACCOUNT
NDR_WBINT_PINGDC
NDR_WBINT_LISTTRUSTEDDOMAINS
It includes the ListTrustedDomains call recently converted to a local
RPC call.
Signed-off-by: Samuel Cabrero <scabr...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
examples/systemtap/generate-winbindd.stp.sh | 4 +--
examples/systemtap/winbindd.stp | 42 ++++++++++++++---------------
librpc/idl/winbind.idl | 2 +-
source3/winbindd/winbindd_async.c | 34 -----------------------
source3/winbindd/winbindd_cache.c | 24 ++++++++++-------
source3/winbindd/winbindd_domain.c | 4 ---
source3/winbindd/winbindd_domain_info.c | 38 ++++++++++++++++----------
source3/winbindd/winbindd_dual_srv.c | 3 ++-
source3/winbindd/winbindd_idmap.c | 4 ---
source3/winbindd/winbindd_locator.c | 4 ---
source3/winbindd/winbindd_proto.h | 3 ---
source3/winbindd/wscript_build | 1 -
12 files changed, 65 insertions(+), 98 deletions(-)
delete mode 100644 source3/winbindd/winbindd_async.c
Changeset truncated at 500 lines:
diff --git a/examples/systemtap/generate-winbindd.stp.sh
b/examples/systemtap/generate-winbindd.stp.sh
index ec8e3af2828..5a4507874e4 100755
--- a/examples/systemtap/generate-winbindd.stp.sh
+++ b/examples/systemtap/generate-winbindd.stp.sh
@@ -2,13 +2,13 @@
outfile="$(dirname $0)/winbindd.stp"
-child_funcs="winbindd_dual_ping
-winbindd_dual_init_connection
+child_funcs="winbindd_dual_init_connection
winbindd_dual_pam_auth
winbindd_dual_pam_auth_crap
winbindd_dual_pam_logoff
winbindd_dual_pam_chng_pswd_auth_crap
winbindd_dual_pam_chauthtok
+_wbint_Ping
_wbint_ListTrustedDomains
_wbint_LookupSid
_wbint_LookupSids
diff --git a/examples/systemtap/winbindd.stp b/examples/systemtap/winbindd.stp
index 60dd80a5c76..94f05596771 100644
--- a/examples/systemtap/winbindd.stp
+++ b/examples/systemtap/winbindd.stp
@@ -2,7 +2,7 @@
#
# Systemtap script to instrument winbindd
#
-# Generated by examples/systemtap/generate-winbindd.stp.sh on mar 15 feb 2022
17:45:48 CET, do not edit
+# Generated by examples/systemtap/generate-winbindd.stp.sh on mié 09 mar 2022
12:10:37 CET, do not edit
#
# Usage:
#
@@ -23,26 +23,6 @@ probe begin {
printf("Collecting data, press ctrl-C to stop... ")
}
-#
-# winbind domain child function winbindd_dual_ping
-#
-
-probe process("winbindd").function("winbindd_dual_ping") {
- dc_running[tid(), "winbindd_dual_ping"] = gettimeofday_us()
-}
-
-probe process("winbindd").function("winbindd_dual_ping").return {
- if (!([tid(), "winbindd_dual_ping"] in dc_running))
- next
-
- end = gettimeofday_us()
- begin = dc_running[tid(), "winbindd_dual_ping"]
- delete dc_running[tid(), "winbindd_dual_ping"]
-
- duration = end - begin
- dc_svctime["winbindd_dual_ping"] <<< duration
-}
-
#
# winbind domain child function winbindd_dual_init_connection
#
@@ -163,6 +143,26 @@ probe
process("winbindd").function("winbindd_dual_pam_chauthtok").return {
dc_svctime["winbindd_dual_pam_chauthtok"] <<< duration
}
+#
+# winbind domain child function _wbint_Ping
+#
+
+probe process("winbindd").function("_wbint_Ping") {
+ dc_running[tid(), "_wbint_Ping"] = gettimeofday_us()
+}
+
+probe process("winbindd").function("_wbint_Ping").return {
+ if (!([tid(), "_wbint_Ping"] in dc_running))
+ next
+
+ end = gettimeofday_us()
+ begin = dc_running[tid(), "_wbint_Ping"]
+ delete dc_running[tid(), "_wbint_Ping"]
+
+ duration = end - begin
+ dc_svctime["_wbint_Ping"] <<< duration
+}
+
#
# winbind domain child function _wbint_ListTrustedDomains
#
diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl
index 4acad1b091f..c7ca95d1a69 100644
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -13,7 +13,7 @@ interface winbind
{
/* Private methods */
- void wbint_Ping(
+ NTSTATUS wbint_Ping(
[in] uint32 in_data,
[out] uint32 *out_data
);
diff --git a/source3/winbindd/winbindd_async.c
b/source3/winbindd/winbindd_async.c
deleted file mode 100644
index 75dfa0e54e3..00000000000
--- a/source3/winbindd/winbindd_async.c
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Async helpers for blocking functions
-
- Copyright (C) Volker Lendecke 2005
- Copyright (C) Gerald Carter 2006
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "winbindd.h"
-#include "../libcli/security/security.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_WINBIND
-
-enum winbindd_result winbindd_dual_ping(struct winbindd_domain *domain,
- struct winbindd_cli_state *state)
-{
- return WINBINDD_OK;
-}
diff --git a/source3/winbindd/winbindd_cache.c
b/source3/winbindd/winbindd_cache.c
index 631b3277164..9a3238a8002 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -4644,16 +4644,22 @@ static bool wcache_ndr_key(TALLOC_CTX *mem_ctx, const
char *domain_name,
static bool wcache_opnum_cacheable(uint32_t opnum)
{
switch (opnum) {
- case NDR_WBINT_PING:
- case NDR_WBINT_QUERYSEQUENCENUMBER:
- case NDR_WBINT_ALLOCATEUID:
- case NDR_WBINT_ALLOCATEGID:
- case NDR_WBINT_CHECKMACHINEACCOUNT:
- case NDR_WBINT_CHANGEMACHINEACCOUNT:
- case NDR_WBINT_PINGDC:
- return false;
+ case NDR_WBINT_LOOKUPSID:
+ case NDR_WBINT_LOOKUPSIDS:
+ case NDR_WBINT_LOOKUPNAME:
+ case NDR_WBINT_SIDS2UNIXIDS:
+ case NDR_WBINT_UNIXIDS2SIDS:
+ case NDR_WBINT_GETNSSINFO:
+ case NDR_WBINT_LOOKUPUSERALIASES:
+ case NDR_WBINT_LOOKUPUSERGROUPS:
+ case NDR_WBINT_LOOKUPGROUPMEMBERS:
+ case NDR_WBINT_QUERYGROUPLIST:
+ case NDR_WBINT_QUERYUSERRIDLIST:
+ case NDR_WBINT_DSGETDCNAME:
+ case NDR_WBINT_LOOKUPRIDS:
+ return true;
}
- return true;
+ return false;
}
bool wcache_fetch_ndr(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain,
diff --git a/source3/winbindd/winbindd_domain.c
b/source3/winbindd/winbindd_domain.c
index fdf5768c526..0f395006883 100644
--- a/source3/winbindd/winbindd_domain.c
+++ b/source3/winbindd/winbindd_domain.c
@@ -27,10 +27,6 @@
static const struct winbindd_child_dispatch_table domain_dispatch_table[] = {
{
- .name = "PING",
- .struct_cmd = WINBINDD_PING,
- .struct_fn = winbindd_dual_ping,
- },{
.name = "INIT_CONNECTION",
.struct_cmd = WINBINDD_INIT_CONNECTION,
.struct_fn = winbindd_dual_init_connection,
diff --git a/source3/winbindd/winbindd_domain_info.c
b/source3/winbindd/winbindd_domain_info.c
index a9319849729..c4364d99ad3 100644
--- a/source3/winbindd/winbindd_domain_info.c
+++ b/source3/winbindd/winbindd_domain_info.c
@@ -21,10 +21,12 @@
#include "winbindd.h"
#include "lib/util/string_wrappers.h"
#include "lib/global_contexts.h"
+#include "librpc/gen_ndr/ndr_winbind_c.h"
struct winbindd_domain_info_state {
struct winbindd_domain *domain;
- struct winbindd_request ping_request;
+ uint32_t in;
+ uint32_t out;
};
static void winbindd_domain_info_done(struct tevent_req *subreq);
@@ -62,14 +64,17 @@ struct tevent_req *winbindd_domain_info_send(
return tevent_req_post(req, ev);
}
- state->ping_request.cmd = WINBINDD_PING;
-
/*
* Send a ping down. This implicitly initializes the domain.
*/
- subreq = wb_domain_request_send(state, global_event_context(),
- state->domain, &state->ping_request);
+ state->in = cli->pid;
+ state->out = 0;
+ subreq = dcerpc_wbint_Ping_send(state,
+ global_event_context(),
+ dom_child_handle(state->domain),
+ state->in,
+ &state->out);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
@@ -84,19 +89,24 @@ static void winbindd_domain_info_done(struct tevent_req
*subreq)
subreq, struct tevent_req);
struct winbindd_domain_info_state *state = tevent_req_data(
req, struct winbindd_domain_info_state);
- struct winbindd_response *response;
- int ret, err;
+ NTSTATUS status, result;
- ret = wb_domain_request_recv(subreq, state, &response, &err);
+ status = dcerpc_wbint_Ping_recv(subreq, state, &result);
TALLOC_FREE(subreq);
- if (ret == -1) {
- DBG_DEBUG("wb_domain_request failed: %s\n", strerror(err));
- tevent_req_nterror(req, map_nt_error_from_unix(err));
+ if (tevent_req_nterror(req, status)) {
+ DBG_NOTICE("dcerpc_wbint_Ping call failed: %s\n",
+ nt_errstr(status));
+ return;
+ }
+
+ if (tevent_req_nterror(req, result)) {
+ DBG_NOTICE("dcerpc_wbint_Ping failed: %s\n",
+ nt_errstr(result));
return;
}
if (!state->domain->initialized) {
- DBG_INFO("wb_domain_request did not initialize domain %s\n",
+ DBG_INFO("dcerpc_wbint_Ping did not initialize domain %s\n",
state->domain->name);
tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
return;
@@ -114,8 +124,8 @@ NTSTATUS winbindd_domain_info_recv(struct tevent_req *req,
NTSTATUS status;
if (tevent_req_is_nterror(req, &status)) {
- DBG_DEBUG("winbindd_domain_info failed: %s\n",
- nt_errstr(status));
+ DBG_NOTICE("winbindd_domain_info failed: %s\n",
+ nt_errstr(status));
return status;
}
diff --git a/source3/winbindd/winbindd_dual_srv.c
b/source3/winbindd/winbindd_dual_srv.c
index 3daa8468ddc..a59ecafe695 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -40,9 +40,10 @@
#include "libsmb/dsgetdcname.h"
#include "lib/global_contexts.h"
-void _wbint_Ping(struct pipes_struct *p, struct wbint_Ping *r)
+NTSTATUS _wbint_Ping(struct pipes_struct *p, struct wbint_Ping *r)
{
*r->out.out_data = r->in.in_data;
+ return NT_STATUS_OK;
}
bool reset_cm_connection_on_error(struct winbindd_domain *domain,
diff --git a/source3/winbindd/winbindd_idmap.c
b/source3/winbindd/winbindd_idmap.c
index 41be6f14479..79775a03c8b 100644
--- a/source3/winbindd/winbindd_idmap.c
+++ b/source3/winbindd/winbindd_idmap.c
@@ -70,10 +70,6 @@ struct dcerpc_binding_handle *idmap_child_handle(void)
static const struct winbindd_child_dispatch_table idmap_dispatch_table[] = {
{
- .name = "PING",
- .struct_cmd = WINBINDD_PING,
- .struct_fn = winbindd_dual_ping,
- },{
.name = "NDRCMD",
.struct_cmd = WINBINDD_DUAL_NDRCMD,
.struct_fn = winbindd_dual_ndrcmd,
diff --git a/source3/winbindd/winbindd_locator.c
b/source3/winbindd/winbindd_locator.c
index 55b64555376..e31d1031bb9 100644
--- a/source3/winbindd/winbindd_locator.c
+++ b/source3/winbindd/winbindd_locator.c
@@ -41,10 +41,6 @@ struct dcerpc_binding_handle *locator_child_handle(void)
static const struct winbindd_child_dispatch_table locator_dispatch_table[] = {
{
- .name = "PING",
- .struct_cmd = WINBINDD_PING,
- .struct_fn = winbindd_dual_ping,
- },{
.name = "NDRCMD",
.struct_cmd = WINBINDD_DUAL_NDRCMD,
.struct_fn = winbindd_dual_ndrcmd,
diff --git a/source3/winbindd/winbindd_proto.h
b/source3/winbindd/winbindd_proto.h
index b9b7be40245..d61915241d3 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -552,9 +552,6 @@ bool parse_xidlist(TALLOC_CTX *mem_ctx, const char *xidstr,
void winbindd_wins_byname(struct winbindd_cli_state *state);
-enum winbindd_result winbindd_dual_ping(struct winbindd_domain *domain,
- struct winbindd_cli_state *state);
-
struct dcerpc_binding_handle *wbint_binding_handle(TALLOC_CTX *mem_ctx,
struct winbindd_domain *domain,
struct winbindd_child *child);
diff --git a/source3/winbindd/wscript_build b/source3/winbindd/wscript_build
index 2ee46903abc..c1439572cad 100644
--- a/source3/winbindd/wscript_build
+++ b/source3/winbindd/wscript_build
@@ -190,7 +190,6 @@ bld.SAMBA3_SUBSYSTEM('winbindd-lib',
winbindd_dual.c
winbindd_dual_ndr.c
winbindd_dual_srv.c
- winbindd_async.c
winbindd_creds.c
winbindd_cred_cache.c
winbindd_ccache_access.c
--
Samba Shared Repository
