The branch, master has been updated
via 4d5147119fc s4:kdc: let samba_kdc_trust_message2entry don't support
WITHIN_FOREST and PIM_TRUST
via 5f37749d815 winbindd: don't support PIM_TRUST and WITHIN_FOREST
via 81850c245fe s4:rpc_server/lsa: PIM trusts are not supported yet
via dcf38dd4e4d s4:rpc_server/lsa: a PIM trust requires
FOREST_TRANSITIVE
via 01d545fcea8 s4:rpc_server/lsa: WITHIN_FOREST together with
FOREST_TRANSITIVE is invalid
via 64da8aac460 s4:rpc_server/lsa: don't allow WITHIN_FOREST trusts
via 37402b98233 s4:rpc_server/lsa: don't allow WITHIN_FOREST together
with CROSS_ORGANIZATION
via 1cf85226552 s4:rpc_server: dcesrv_lsa_DeleteObject needs to close
the handles
via d7d339fd8e6 s4:rpc_server/lsa: let dcesrv_lsa_CreateTrustedDomain
check for valid netbios name length
via b3b789aba91 s4:dsdb/common: check for valid netbios name length for
trusts
via 04208c04ff8 python:tests: let lsa_utils.py use valid netbios names
via f90956af509 s4:rpc_server/lsa: no longer send
MSG_WINBIND_RELOAD_TRUSTED_DOMAINS
via a91718c40b4 s4:dsdb/ldb_modules: add trust_notify module
via 244367d0372 winbindd: introduce update_trusted_domains_dc()
via 137eb666b83 winbindd: use struct winbindd_domain_ref in struct
winbindd_domain_info_state
via bfe23fffca8 winbindd: use struct winbindd_domain_ref in struct
wb_lookupsids_domain
via bc30127f45f winbindd: use struct winbindd_domain_ref in struct
winbindd_list_groups_domstate
via c325b9ce6fb winbindd: use struct winbindd_domain_ref in struct
winbindd_list_users_domstate
via 6d3afb9df19 winbindd: use struct winbindd_domain_ref in struct
trustdom_state
via 88f163c2064 winbindd: use struct winbindd_domain_ref in struct
getgrent_state
via 88616875349 winbindd: use struct winbindd_domain_ref in struct
getpwent_state
via f261f922314 winbindd: use struct winbindd_domain_ref in struct
wb_query_user_list_state
via ddf3a523d40 winbindd: use struct winbindd_domain_ref in struct
wbint_bh_raw_call_state
via 5d9db5cccc0 winbindd: add struct winbindd_domain_ref infrastructure
via 89a5d0e3dfa winbindd: winbindd_child->domain is a talloc grant
parent if valid
via 84aa2c21213 winbindd: assert that wbint_binding_handle() gets a
valid memory context
via ffb5c2dacd8 winbindd: let setup_child() use a useful mem_ctx for
talloc memory
via e306f608650 winbindd: make wb_domain_request_* more robust
via 485204b4fad winbindd: wbint_bh_raw_call_child_done() doesn't have
state->domain
via b08b9f1d9f3 winbindd: let wb_lookupsid_send() use a stack variable
for struct winbindd_domain
via 60e2614a491 winbindd: remove unused free_domain_list()
via a07b5726050 winbindd: let add_trusted_domain() check sid and
dns_name are not changed
from c5511056708 libnet4: check return value of DC lookup
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4d5147119fcd2c3a4420a838c3b18b56cdfd4c0d
Author: Stefan Metzmacher <[email protected]>
Date: Fri Dec 20 19:50:53 2024 +0100
s4:kdc: let samba_kdc_trust_message2entry don't support WITHIN_FOREST and
PIM_TRUST
These are not supported yet.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Autobuild-User(master): Ralph Böhme <[email protected]>
Autobuild-Date(master): Sat Feb 8 16:23:30 UTC 2025 on atb-devel-224
commit 5f37749d81532fcda56a62176f5a9208e4cd9da2
Author: Stefan Metzmacher <[email protected]>
Date: Mon Dec 23 14:55:39 2024 +0100
winbindd: don't support PIM_TRUST and WITHIN_FOREST
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 81850c245fe4fb5980968831ff8c86bbfa79812b
Author: Stefan Metzmacher <[email protected]>
Date: Thu Dec 19 20:43:43 2024 +0100
s4:rpc_server/lsa: PIM trusts are not supported yet
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit dcf38dd4e4d81bec78c02e81fcaf339f19ed896e
Author: Stefan Metzmacher <[email protected]>
Date: Thu Dec 19 20:43:18 2024 +0100
s4:rpc_server/lsa: a PIM trust requires FOREST_TRANSITIVE
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 01d545fcea82bdf4637aa2ee1f71d3d4d6e3f37a
Author: Stefan Metzmacher <[email protected]>
Date: Thu Dec 19 19:34:59 2024 +0100
s4:rpc_server/lsa: WITHIN_FOREST together with FOREST_TRANSITIVE is invalid
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 64da8aac4605809696cdd08fe9c06d346a781e70
Author: Stefan Metzmacher <[email protected]>
Date: Thu Dec 19 19:26:10 2024 +0100
s4:rpc_server/lsa: don't allow WITHIN_FOREST trusts
They are not supported yet.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 37402b9823374963d4d1e4f69bbec808070c4caa
Author: Stefan Metzmacher <[email protected]>
Date: Thu Dec 19 19:22:47 2024 +0100
s4:rpc_server/lsa: don't allow WITHIN_FOREST together with
CROSS_ORGANIZATION
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 1cf852265525e7e9eee38bb6c3057dcbc633ef20
Author: Stefan Metzmacher <[email protected]>
Date: Thu Jan 30 19:03:32 2025 +0100
s4:rpc_server: dcesrv_lsa_DeleteObject needs to close the handles
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit d7d339fd8e6923a2583c97fd2d8d798946994059
Author: Stefan Metzmacher <[email protected]>
Date: Thu Jan 30 19:07:08 2025 +0100
s4:rpc_server/lsa: let dcesrv_lsa_CreateTrustedDomain check for valid
netbios name length
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit b3b789aba91ebd90cb58e6c295ae589d3a5eb4af
Author: Stefan Metzmacher <[email protected]>
Date: Thu Jan 30 19:10:03 2025 +0100
s4:dsdb/common: check for valid netbios name length for trusts
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 04208c04ff816b29c2af79e4c72b2bdf290d85c4
Author: Stefan Metzmacher <[email protected]>
Date: Wed Feb 5 13:12:48 2025 +0100
python:tests: let lsa_utils.py use valid netbios names
createtrustrelax has 16 characters, but only 15 are allowed
and they are typically uppercase.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit f90956af50948689df906a96e5aaee67cc52afd4
Author: Stefan Metzmacher <[email protected]>
Date: Thu Jan 30 19:04:28 2025 +0100
s4:rpc_server/lsa: no longer send MSG_WINBIND_RELOAD_TRUSTED_DOMAINS
This is done by the "trust_notify" ldb module now.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit a91718c40b437393a48ab40813b01dcc8d55668a
Author: Stefan Metzmacher <[email protected]>
Date: Thu Feb 6 20:11:20 2025 +0100
s4:dsdb/ldb_modules: add trust_notify module
This will notify winbindd if critical aspects
of the trusted domain topology are changed.
It means it will also happen when the changes are
replicated from other DCs.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 244367d037290b750ef53add313351a15ddbdbb5
Author: Stefan Metzmacher <[email protected]>
Date: Tue Feb 4 18:32:59 2025 +0100
winbindd: introduce update_trusted_domains_dc()
Reloading trusts should reload every aspect of
the trust and also remove deleted trusts from
the winbindd _domain_list.
But pending requests still continue.
With this commit it is required that
async state structures use struct winbindd_domain_ref
instead of raw struct winbindd_domain pointers,
in order to usage of stale pointers.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 137eb666b8350347212940dd56b41c5892b27f51
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 13:57:45 2025 +0100
winbindd: use struct winbindd_domain_ref in struct
winbindd_domain_info_state
In the next commits it will be possible that
struct winbindd_domain instances become stale
because trusted domains were reloaded.
That means aync state structure should not use
pointers to 'struct winbindd_domain' as they
can become stale!
Instead they should use 'struct winbindd_domain_ref domain'
in the async state and use winbindd_domain_ref_set/get()
to manage the 'struct winbindd_domain' pointer.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit bfe23fffca814c4402bf885763297bff5ee50783
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 13:57:45 2025 +0100
winbindd: use struct winbindd_domain_ref in struct wb_lookupsids_domain
In the next commits it will be possible that
struct winbindd_domain instances become stale
because trusted domains were reloaded.
That means aync state structure should not use
pointers to 'struct winbindd_domain' as they
can become stale!
Instead they should use 'struct winbindd_domain_ref domain'
in the async state and use winbindd_domain_ref_set/get()
to manage the 'struct winbindd_domain' pointer.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit bc30127f45f34bb9e8c745b4d714475f9f1cc356
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 13:57:45 2025 +0100
winbindd: use struct winbindd_domain_ref in struct
winbindd_list_groups_domstate
In the next commits it will be possible that
struct winbindd_domain instances become stale
because trusted domains were reloaded.
That means aync state structure should not use
pointers to 'struct winbindd_domain' as they
can become stale!
Instead they should use 'struct winbindd_domain_ref domain'
in the async state and use winbindd_domain_ref_set/get()
to manage the 'struct winbindd_domain' pointer.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit c325b9ce6fb6d46fa41c19c9cf0b5ce627f21c4b
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 13:57:45 2025 +0100
winbindd: use struct winbindd_domain_ref in struct
winbindd_list_users_domstate
In the next commits it will be possible that
struct winbindd_domain instances become stale
because trusted domains were reloaded.
That means aync state structure should not use
pointers to 'struct winbindd_domain' as they
can become stale!
Instead they should use 'struct winbindd_domain_ref domain'
in the async state and use winbindd_domain_ref_set/get()
to manage the 'struct winbindd_domain' pointer.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 6d3afb9df197bc01d536e0bc770f77848b46563d
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 13:57:45 2025 +0100
winbindd: use struct winbindd_domain_ref in struct trustdom_state
In the next commits it will be possible that
struct winbindd_domain instances become stale
because trusted domains were reloaded.
That means aync state structure should not use
pointers to 'struct winbindd_domain' as they
can become stale!
Instead they should use 'struct winbindd_domain_ref domain'
in the async state and use winbindd_domain_ref_set/get()
to manage the 'struct winbindd_domain' pointer.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 88f163c20647eef1df6a1499948dffbcfe415a26
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 13:57:45 2025 +0100
winbindd: use struct winbindd_domain_ref in struct getgrent_state
In the next commits it will be possible that
struct winbindd_domain instances become stale
because trusted domains were reloaded.
That means aync state structure should not use
pointers to 'struct winbindd_domain' as they
can become stale!
Instead they should use 'struct winbindd_domain_ref domain'
in the async state and use winbindd_domain_ref_set/get()
to manage the 'struct winbindd_domain' pointer.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 886168753498cc5a16c9800f7b206d49000d3830
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 13:57:45 2025 +0100
winbindd: use struct winbindd_domain_ref in struct getpwent_state
In the next commits it will be possible that
struct winbindd_domain instances become stale
because trusted domains were reloaded.
That means aync state structure should not use
pointers to 'struct winbindd_domain' as they
can become stale!
Instead they should use 'struct winbindd_domain_ref domain'
in the async state and use winbindd_domain_ref_set/get()
to manage the 'struct winbindd_domain' pointer.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit f261f92231498e74a0b41bd0fff49dae9e52840f
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 13:57:45 2025 +0100
winbindd: use struct winbindd_domain_ref in struct wb_query_user_list_state
In the next commits it will be possible that
struct winbindd_domain instances become stale
because trusted domains were reloaded.
That means aync state structure should not use
pointers to 'struct winbindd_domain' as they
can become stale!
Instead they should use 'struct winbindd_domain_ref domain'
in the async state and use winbindd_domain_ref_set/get()
to manage the 'struct winbindd_domain' pointer.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit ddf3a523d406efeb33e9e0ed1953d7dd16d01e7a
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 13:57:45 2025 +0100
winbindd: use struct winbindd_domain_ref in struct wbint_bh_raw_call_state
In the next commits it will be possible that
struct winbindd_domain instances become stale
because trusted domains were reloaded.
That means aync state structure should not use
pointers to 'struct winbindd_domain' as they
can become stale!
Instead they should use 'struct winbindd_domain_ref domain'
in the async state and use winbindd_domain_ref_set/get()
to manage the 'struct winbindd_domain' pointer.
Note this is most likely not really needed because
the requests are in the domain or child tevent queue,
before the domain will be free'ed.
But we better use the winbindd_domain_ref in
all async state!
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 5d9db5cccc086bfcefa33daa7c03443d0614e982
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 13:43:10 2025 +0100
winbindd: add struct winbindd_domain_ref infrastructure
In the next commits it will be possible that
struct winbindd_domain instances become stale
because trusted domains were reloaded.
That means aync state structure should not use
pointers to 'struct winbindd_domain' as they
can become stale!
Instead they should use 'struct winbindd_domain_ref domain'
in the async state and use winbindd_domain_ref_set/get()
to manage the 'struct winbindd_domain' pointer.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 89a5d0e3dfac0feffc4d7a53dfb8c938ecd684ed
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 16:16:25 2025 +0100
winbindd: winbindd_child->domain is a talloc grant parent if valid
This comment makes it easier to spot if we still have
'struct winbindd_domain' pointers in state structures,
which should be replaced by struct winbindd_domain_ref,
in order to handle stale domains after reloading trusts.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 84aa2c21213eb1e61807214968389ae6abefd6f0
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 16:10:59 2025 +0100
winbindd: assert that wbint_binding_handle() gets a valid memory context
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit ffb5c2dacd895c84a9b989a5771fbfbce8254856
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 16:09:39 2025 +0100
winbindd: let setup_child() use a useful mem_ctx for talloc memory
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit e306f60865089b4908a20017ed95b1a71b462b4f
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 15:46:33 2025 +0100
winbindd: make wb_domain_request_* more robust
We don't need struct winbindd_domain_ref, but
we should clear the pointers before removing
the queue entry.
And we should start the queue every time
before remove ourself.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 485204b4fadb3f70d0f3835a572c1e53fa6a8268
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 15:24:50 2025 +0100
winbindd: wbint_bh_raw_call_child_done() doesn't have state->domain
Only child or domain binding handles are possible!
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit b08b9f1d9f30d149e20c5396eb98c295896e4fc2
Author: Stefan Metzmacher <[email protected]>
Date: Fri Feb 7 15:10:20 2025 +0100
winbindd: let wb_lookupsid_send() use a stack variable for struct
winbindd_domain
It's not needed to be on struct wb_lookupsid_state.
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 60e2614a491193149411b5ed7ee5541c04f5b81a
Author: Stefan Metzmacher <[email protected]>
Date: Tue Feb 4 11:40:36 2025 +0100
winbindd: remove unused free_domain_list()
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit a07b5726050f3cb2a032793ce5dc5dc9ec4dbe31
Author: Stefan Metzmacher <[email protected]>
Date: Tue Feb 4 10:16:15 2025 +0100
winbindd: let add_trusted_domain() check sid and dns_name are not changed
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
python/samba/tests/dcerpc/lsa_utils.py | 4 +-
source3/winbindd/wb_lookupsid.c | 10 +-
source3/winbindd/wb_lookupsids.c | 54 ++-
source3/winbindd/wb_next_grent.c | 36 +-
source3/winbindd/wb_next_pwent.c | 45 ++-
source3/winbindd/wb_query_user_list.c | 20 +-
source3/winbindd/winbindd.h | 37 +-
source3/winbindd/winbindd_domain_info.c | 40 +-
source3/winbindd/winbindd_dual.c | 41 ++-
source3/winbindd/winbindd_dual_ndr.c | 36 +-
source3/winbindd/winbindd_list_groups.c | 66 +++-
source3/winbindd/winbindd_list_users.c | 20 +-
source3/winbindd/winbindd_proto.h | 2 +-
source3/winbindd/winbindd_util.c | 406 +++++++++++++++++++--
source4/dsdb/common/util_trusts.c | 8 +
source4/dsdb/samdb/ldb_modules/samba_dsdb.c | 13 +-
source4/dsdb/samdb/ldb_modules/trust_notify.c | 287 +++++++++++++++
.../dsdb/samdb/ldb_modules/wscript_build_server | 9 +
source4/kdc/db-glue.c | 18 +
source4/rpc_server/lsa/dcesrv_lsa.c | 85 +++--
20 files changed, 1076 insertions(+), 161 deletions(-)
create mode 100644 source4/dsdb/samdb/ldb_modules/trust_notify.c
Changeset truncated at 500 lines:
diff --git a/python/samba/tests/dcerpc/lsa_utils.py
b/python/samba/tests/dcerpc/lsa_utils.py
index 229f57ec546..d5db0723772 100644
--- a/python/samba/tests/dcerpc/lsa_utils.py
+++ b/python/samba/tests/dcerpc/lsa_utils.py
@@ -98,7 +98,7 @@ class CreateTrustedDomain(TestCase):
info = lsa.TrustDomainInfoInfoEx()
info.domain_name.string = name.string
- info.netbios_name.string = "createtrustrelax"
+ info.netbios_name.string = "TESTTRUSTRELAXX"
info.sid = security.dom_sid("S-1-5-21-538490383-3740119673-95748416")
info.trust_direction = (
lsa.LSA_TRUST_DIRECTION_INBOUND
@@ -187,7 +187,7 @@ class CreateTrustedDomain(TestCase):
info = lsa.TrustDomainInfoInfoEx()
info.domain_name.string = name.string
- info.netbios_name.string = "createtrustrelax"
+ info.netbios_name.string = "TESTTRUSTRELAXX"
info.sid = security.dom_sid("S-1-5-21-538490383-3740119673-95748416")
info.trust_direction = (
lsa.LSA_TRUST_DIRECTION_INBOUND
diff --git a/source3/winbindd/wb_lookupsid.c b/source3/winbindd/wb_lookupsid.c
index 31820f91e15..f084c7fdadf 100644
--- a/source3/winbindd/wb_lookupsid.c
+++ b/source3/winbindd/wb_lookupsid.c
@@ -24,7 +24,6 @@
struct wb_lookupsid_state {
struct tevent_context *ev;
- struct winbindd_domain *lookup_domain;
struct dom_sid sid;
enum lsa_SidType type;
const char *domname;
@@ -39,6 +38,7 @@ struct tevent_req *wb_lookupsid_send(TALLOC_CTX *mem_ctx,
{
struct tevent_req *req, *subreq;
struct wb_lookupsid_state *state;
+ struct winbindd_domain *lookup_domain = NULL;
struct dom_sid_buf buf;
req = tevent_req_create(mem_ctx, &state, struct wb_lookupsid_state);
@@ -50,8 +50,8 @@ struct tevent_req *wb_lookupsid_send(TALLOC_CTX *mem_ctx,
sid_copy(&state->sid, sid);
state->ev = ev;
- state->lookup_domain = find_lookup_domain_from_sid(sid);
- if (state->lookup_domain == NULL) {
+ lookup_domain = find_lookup_domain_from_sid(sid);
+ if (lookup_domain == NULL) {
D_WARNING("Could not find domain for sid %s\n",
dom_sid_str_buf(sid, &buf));
tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);
@@ -60,9 +60,9 @@ struct tevent_req *wb_lookupsid_send(TALLOC_CTX *mem_ctx,
D_DEBUG("Looking up SID %s in domain %s.\n",
dom_sid_str_buf(&state->sid, &buf),
- state->lookup_domain->name);
+ lookup_domain->name);
subreq = dcerpc_wbint_LookupSid_send(
- state, ev, dom_child_handle(state->lookup_domain),
+ state, ev, dom_child_handle(lookup_domain),
&state->sid, &state->type, &state->domname, &state->name);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c
index 828e79ee3c8..d63d91caed3 100644
--- a/source3/winbindd/wb_lookupsids.c
+++ b/source3/winbindd/wb_lookupsids.c
@@ -26,7 +26,7 @@
#include "lsa.h"
struct wb_lookupsids_domain {
- struct winbindd_domain *domain;
+ struct winbindd_domain_ref domain;
/*
* Array of sids to be passed into wbint_LookupSids. Preallocated with
@@ -192,12 +192,25 @@ static bool wb_lookupsids_next(struct tevent_req *req,
struct tevent_req *subreq;
if (state->domains_done < talloc_array_length(state->domains)) {
- struct wb_lookupsids_domain *d;
+ struct wb_lookupsids_domain *d =
+ &state->domains[state->domains_done];
uint32_t i;
+ struct winbindd_domain *d_domain = NULL;
+ bool valid;
- d = &state->domains[state->domains_done];
+ valid = winbindd_domain_ref_get(&d->domain, &d_domain);
+ if (!valid) {
+ /*
+ * winbindd_domain_ref_get() already generated
+ * a debug message for the stale domain!
+ *
+ * Just ignore the domain
+ */
+ state->domains_done += 1;
+ return wb_lookupsids_next(req, state);
+ }
- if (d->domain->internal) {
+ if (d_domain->internal) {
/*
* This is only our local SAM,
* see wb_lookupsids_bulk() and
@@ -214,8 +227,8 @@ static bool wb_lookupsids_next(struct tevent_req *req,
&state->rids.rids[i]);
}
subreq = dcerpc_wbint_LookupRids_send(
- state, state->ev, dom_child_handle(d->domain),
- &d->domain->sid, &state->rids,
&state->domain_name,
+ state, state->ev, dom_child_handle(d_domain),
+ &d_domain->sid, &state->rids,
&state->domain_name,
&state->rid_names);
if (tevent_req_nomem(subreq, req)) {
return false;
@@ -226,7 +239,7 @@ static bool wb_lookupsids_next(struct tevent_req *req,
}
subreq = dcerpc_wbint_LookupSids_send(
- state, state->ev, dom_child_handle(d->domain),
+ state, state->ev, dom_child_handle(d_domain),
&d->sids, &state->tmp_domains, &state->tmp_names);
if (tevent_req_nomem(subreq, req)) {
return false;
@@ -347,11 +360,26 @@ static struct wb_lookupsids_domain
*wb_lookupsids_get_domain(
D_DEBUG("Searching %"PRIu32" domain(s) for domain '%s'\n",
num_domains, wb_domain->name);
for (i=0; i<num_domains; i++) {
- if (domains[i].domain != wb_domain) {
+ struct wb_lookupsids_domain *d = &domains[i];
+ struct winbindd_domain *d_domain = NULL;
+ bool valid;
+
+ valid = winbindd_domain_ref_get(&d->domain, &d_domain);
+ if (!valid) {
+ /*
+ * winbindd_domain_ref_get() already generated
+ * a debug message for the stale domain!
+ *
+ * Just ignore the domain
+ */
+ continue;
+ }
+
+ if (d_domain != wb_domain) {
continue;
}
- if (!domains[i].domain->internal) {
+ if (!d_domain->internal) {
/*
* If it's not our local sam,
* we can re-use the domain without
@@ -361,14 +389,14 @@ static struct wb_lookupsids_domain
*wb_lookupsids_get_domain(
* already caught special SIDs,
* e.g. the unix and builtin domains.
*/
- return &domains[i];
+ return d;
}
- if (dom_sid_compare_domain(sid, &domains[i].domain->sid) == 0) {
+ if (dom_sid_compare_domain(sid, &d_domain->sid) == 0) {
/*
* If it's out local sam we can also use it.
*/
- return &domains[i];
+ return d;
}
/*
@@ -388,7 +416,7 @@ static struct wb_lookupsids_domain
*wb_lookupsids_get_domain(
*pdomains = domains;
domain = &domains[num_domains];
- domain->domain = wb_domain;
+ winbindd_domain_ref_set(&domain->domain, wb_domain);
domain->sids.sids = talloc_zero_array(domains, struct lsa_SidPtr,
num_sids);
if (domains->sids.sids == NULL) {
diff --git a/source3/winbindd/wb_next_grent.c b/source3/winbindd/wb_next_grent.c
index 5c2d447f46f..99586ac2641 100644
--- a/source3/winbindd/wb_next_grent.c
+++ b/source3/winbindd/wb_next_grent.c
@@ -37,18 +37,32 @@ static void wb_next_grent_send_do(struct tevent_req *req,
struct wb_next_grent_state *state)
{
struct tevent_req *subreq;
+ struct winbindd_domain *domain = NULL;
+ bool valid;
+
+ valid = winbindd_domain_ref_get(&state->gstate->domain,
+ &domain);
+ if (!valid) {
+ /*
+ * winbindd_domain_ref_get() already generated
+ * a debug message for the stale domain!
+ */
+ tevent_req_nterror(req, NT_STATUS_NO_MORE_ENTRIES);
+ return;
+ }
if (state->gstate->next_group >= state->gstate->num_groups) {
TALLOC_FREE(state->gstate->groups);
- state->gstate->domain = wb_next_domain(state->gstate->domain);
- if (state->gstate->domain == NULL) {
+ domain = wb_next_domain(domain);
+ winbindd_domain_ref_set(&state->gstate->domain, domain);
+ if (domain == NULL) {
tevent_req_nterror(req, NT_STATUS_NO_MORE_ENTRIES);
return;
}
subreq = wb_query_group_list_send(state, state->ev,
- state->gstate->domain);
+ domain);
if (tevent_req_nomem(subreq, req)) {
return;
}
@@ -108,9 +122,23 @@ static void wb_next_grent_fetch_done(struct tevent_req
*subreq)
&state->gstate->groups);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
+ struct winbindd_domain *domain = NULL;
+ bool valid;
+
+ valid = winbindd_domain_ref_get(&state->gstate->domain,
+ &domain);
+ if (!valid) {
+ /*
+ * winbindd_domain_ref_get() already generated
+ * a debug message for the stale domain!
+ */
+ tevent_req_nterror(req, NT_STATUS_NO_MORE_ENTRIES);
+ return;
+ }
+
/* Ignore errors here, just log it */
D_DEBUG("query_group_list for domain %s returned %s\n",
- state->gstate->domain->name, nt_errstr(status));
+ domain->name, nt_errstr(status));
state->gstate->num_groups = 0;
}
diff --git a/source3/winbindd/wb_next_pwent.c b/source3/winbindd/wb_next_pwent.c
index f000c64a17e..334ee9bec71 100644
--- a/source3/winbindd/wb_next_pwent.c
+++ b/source3/winbindd/wb_next_pwent.c
@@ -38,22 +38,37 @@ static void wb_next_pwent_send_do(struct tevent_req *req,
{
struct tevent_req *subreq;
struct dom_sid_buf buf, buf1;
+ struct winbindd_domain *domain = NULL;
+ bool valid;
+
+ valid = winbindd_domain_ref_get(&state->gstate->domain,
+ &domain);
+ if (!valid) {
+ /*
+ * winbindd_domain_ref_get() already generated
+ * a debug message for the stale domain!
+ */
+ tevent_req_nterror(req, NT_STATUS_NO_MORE_ENTRIES);
+ return;
+ }
if (state->gstate->next_user >= state->gstate->rids.num_rids) {
+
TALLOC_FREE(state->gstate->rids.rids);
state->gstate->rids.num_rids = 0;
- state->gstate->domain = wb_next_domain(state->gstate->domain);
- if (state->gstate->domain == NULL) {
+ domain = wb_next_domain(domain);
+ winbindd_domain_ref_set(&state->gstate->domain, domain);
+ if (domain == NULL) {
tevent_req_nterror(req, NT_STATUS_NO_MORE_ENTRIES);
return;
}
D_DEBUG("Query user RID list for domain %s.\n",
- state->gstate->domain->name);
+ domain->name);
subreq = dcerpc_wbint_QueryUserRidList_send(
state, state->ev,
- dom_child_handle(state->gstate->domain),
+ dom_child_handle(domain),
&state->gstate->rids);
if (tevent_req_nomem(subreq, req)) {
return;
@@ -63,12 +78,12 @@ static void wb_next_pwent_send_do(struct tevent_req *req,
return;
}
- sid_compose(&state->next_sid, &state->gstate->domain->sid,
+ sid_compose(&state->next_sid, &domain->sid,
state->gstate->rids.rids[state->gstate->next_user]);
D_DEBUG("Get pw for SID %s composed from domain SID %s and RID
%"PRIu32".\n",
dom_sid_str_buf(&state->next_sid, &buf),
- dom_sid_str_buf(&state->gstate->domain->sid, &buf1),
+ dom_sid_str_buf(&domain->sid, &buf1),
state->gstate->rids.rids[state->gstate->next_user]);
subreq = wb_getpwsid_send(state, state->ev, &state->next_sid,
state->pw);
@@ -116,10 +131,24 @@ static void wb_next_pwent_fetch_done(struct tevent_req
*subreq)
&result);
TALLOC_FREE(subreq);
if (any_nt_status_not_ok(status, result, &status)) {
+ struct winbindd_domain *domain = NULL;
+ bool valid;
+
+ valid = winbindd_domain_ref_get(&state->gstate->domain,
+ &domain);
+ if (!valid) {
+ /*
+ * winbindd_domain_ref_get() already generated
+ * a debug message for the stale domain!
+ */
+ tevent_req_nterror(req, NT_STATUS_NO_MORE_ENTRIES);
+ return;
+ }
+
/* Ignore errors here, just log it */
D_DEBUG("query_user_list for domain %s returned %s\n",
- state->gstate->domain->name,
- nt_errstr(status));
+ domain->name,
+ nt_errstr(status));
state->gstate->rids.num_rids = 0;
}
diff --git a/source3/winbindd/wb_query_user_list.c
b/source3/winbindd/wb_query_user_list.c
index c3f52e5881f..6813dc1214e 100644
--- a/source3/winbindd/wb_query_user_list.c
+++ b/source3/winbindd/wb_query_user_list.c
@@ -24,7 +24,7 @@
struct wb_query_user_list_state {
struct tevent_context *ev;
- struct winbindd_domain *domain;
+ struct winbindd_domain_ref domain;
struct wbint_RidArray rids;
const char *domain_name;
struct wbint_Principals names;
@@ -50,7 +50,7 @@ struct tevent_req *wb_query_user_list_send(TALLOC_CTX
*mem_ctx,
D_INFO("WB command user_list start.\nQuery users in domain %s.\n",
domain->name);
state->ev = ev;
- state->domain = domain;
+ winbindd_domain_ref_set(&state->domain, domain);
subreq = dcerpc_wbint_QueryUserRidList_send(
state, ev, dom_child_handle(domain), &state->rids);
@@ -67,7 +67,9 @@ static void wb_query_user_list_gotrids(struct tevent_req
*subreq)
subreq, struct tevent_req);
struct wb_query_user_list_state *state = tevent_req_data(
req, struct wb_query_user_list_state);
+ struct winbindd_domain *domain = NULL;
NTSTATUS status, result;
+ bool valid;
status = dcerpc_wbint_QueryUserRidList_recv(subreq, state, &result);
TALLOC_FREE(subreq);
@@ -76,12 +78,22 @@ static void wb_query_user_list_gotrids(struct tevent_req
*subreq)
return;
}
+ valid = winbindd_domain_ref_get(&state->domain, &domain);
+ if (!valid) {
+ /*
+ * winbindd_domain_ref_get() already generated
+ * a debug message for the stale domain!
+ */
+ tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN);
+ return;
+ }
+
D_DEBUG("dcerpc_wbint_QueryUserRidList returned %"PRIu32" users\n",
state->rids.num_rids);
subreq = dcerpc_wbint_LookupRids_send(
- state, state->ev, dom_child_handle(state->domain),
- &state->domain->sid, &state->rids,
+ state, state->ev, dom_child_handle(domain),
+ &domain->sid, &state->rids,
&state->domain_name, &state->names);
if (tevent_req_nomem(subreq, req)) {
return;
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index 24139b46ce9..8af4246c4d3 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -67,14 +67,43 @@ struct winbindd_cli_state {
struct getgrent_state *grent_state; /* State for getgrent() */
};
+struct winbindd_domain;
+
+struct winbindd_domain_ref_internals {
+ const char *location;
+ const char *func;
+ bool stale;
+ struct dom_sid sid;
+ uint64_t generation;
+ struct winbindd_domain *domain; /* might be stale */
+};
+
+struct winbindd_domain_ref {
+ struct winbindd_domain_ref_internals internals;
+};
+
+void _winbindd_domain_ref_set(struct winbindd_domain_ref *ref,
+ struct winbindd_domain *domain,
+ const char *location,
+ const char *func);
+#define winbindd_domain_ref_set(__ref, __domain) \
+ _winbindd_domain_ref_set(__ref, __domain, __location__, __func__)
+
+bool _winbindd_domain_ref_get(struct winbindd_domain_ref *ref,
+ struct winbindd_domain **_domain,
+ const char *location,
+ const char *func);
+#define winbindd_domain_ref_get(__ref, __domain) \
+ _winbindd_domain_ref_get(__ref, __domain, __location__, __func__)
+
struct getpwent_state {
- struct winbindd_domain *domain;
+ struct winbindd_domain_ref domain;
uint32_t next_user;
struct wbint_RidArray rids;
};
struct getgrent_state {
- struct winbindd_domain *domain;
+ struct winbindd_domain_ref domain;
uint32_t next_group;
uint32_t num_groups;
struct wbint_Principal *groups;
@@ -101,11 +130,9 @@ struct winbindd_cm_conn {
/* Async child */
-struct winbindd_domain;
-
struct winbindd_child {
pid_t pid;
- struct winbindd_domain *domain;
+ struct winbindd_domain *domain; /* if valid also talloc (grant) parent
*/
char *logfilename;
int sock;
diff --git a/source3/winbindd/winbindd_domain_info.c
b/source3/winbindd/winbindd_domain_info.c
index 5b3c46a9de5..78dc180124b 100644
--- a/source3/winbindd/winbindd_domain_info.c
+++ b/source3/winbindd/winbindd_domain_info.c
@@ -24,7 +24,7 @@
#include "librpc/gen_ndr/ndr_winbind_c.h"
struct winbindd_domain_info_state {
- struct winbindd_domain *domain;
+ struct winbindd_domain_ref domain;
uint32_t in;
uint32_t out;
};
@@ -39,6 +39,7 @@ struct tevent_req *winbindd_domain_info_send(
{
struct tevent_req *req, *subreq;
struct winbindd_domain_info_state *state;
+ struct winbindd_domain *domain = NULL;
req = tevent_req_create(mem_ctx, &state,
struct winbindd_domain_info_state);
@@ -49,17 +50,18 @@ struct tevent_req *winbindd_domain_info_send(
DEBUG(3, ("[%5lu]: domain_info [%s]\n", (unsigned long)cli->pid,
cli->request->domain_name));
- state->domain = find_domain_from_name_noinit(
+ domain = find_domain_from_name_noinit(
cli->request->domain_name);
- if (state->domain == NULL) {
+ if (domain == NULL) {
DEBUG(3, ("Did not find domain [%s]\n",
cli->request->domain_name));
tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN);
return tevent_req_post(req, ev);
}
+ winbindd_domain_ref_set(&state->domain, domain);
- if (state->domain->initialized) {
+ if (domain->initialized) {
tevent_req_done(req);
return tevent_req_post(req, ev);
}
@@ -72,7 +74,7 @@ struct tevent_req *winbindd_domain_info_send(
--
Samba Shared Repository
