summaryrefslogtreecommitdiffstats
path: root/source/nsswitch
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-01-12 23:57:10 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-01-12 23:57:10 +0000
commit80c2aefbe7c1aa363dd286a47d50c5d8b4595f43 (patch)
treecc17f774213266d9e6f04ba050afde3e24e2ca3c /source/nsswitch
parent398b4ff0d40d89b3e96d481807f85f15b7a7966a (diff)
downloadsamba-80c2aefbe7c1aa363dd286a47d50c5d8b4595f43.tar.gz
samba-80c2aefbe7c1aa363dd286a47d50c5d8b4595f43.tar.xz
samba-80c2aefbe7c1aa363dd286a47d50c5d8b4595f43.zip
Many thanks to Alexander Bokovoy <a.bokovoy@sam-solutions.net>.
This work was sponsored by Optifacio Software Services, Inc. Andrew Bartlett (various e-mails announcements merged into some form of commit message below:) This patch which adds basics of universal groups support into Samba 3. Currently, only Winbind with RPC calls supports this, ADS support requires additional (possibly huge) work on KRB5 PAC. However, basic infrastructure is here. This patch adds: 1. Storing of universal groups for particular user logged into Samba software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb. 2. Fetching of unversal groups for given user rid and domain sid from netlogon_unigrp.tdb. Since this is used in both smbd and winbindd, main code is in source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ. This patch has had a few versions, the final version in particular: Many thanks to Andrew Bartlett for critics and comments, and partly rewritten code. New: - updated fetching code to changed byte order macros - moved functions to proper namespace - optimized memory usage by reusing caller's memory context - enhanced code to more follow Samba coding rules Todo: - proper universal group expiration after timeout
Diffstat (limited to 'source/nsswitch')
-rw-r--r--source/nsswitch/winbindd.c1
-rw-r--r--source/nsswitch/winbindd_pam.c2
-rw-r--r--source/nsswitch/winbindd_rpc.c9
3 files changed, 12 insertions, 0 deletions
diff --git a/source/nsswitch/winbindd.c b/source/nsswitch/winbindd.c
index bd995611cd6..1a9eae7afa5 100644
--- a/source/nsswitch/winbindd.c
+++ b/source/nsswitch/winbindd.c
@@ -881,5 +881,6 @@ int main(int argc, char **argv)
process_loop(accept_sock);
+ uni_group_cache_shutdown();
return 0;
}
diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c
index 87086586ec7..aab1302a942 100644
--- a/source/nsswitch/winbindd_pam.c
+++ b/source/nsswitch/winbindd_pam.c
@@ -107,6 +107,7 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
lm_resp, nt_resp,
&info3);
+ uni_group_cache_store_netlogon(mem_ctx, &info3);
done:
cli_shutdown(cli);
@@ -168,6 +169,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
lm_resp, nt_resp,
&info3);
+ uni_group_cache_store_netlogon(mem_ctx, &info3);
done:
talloc_destroy(mem_ctx);
diff --git a/source/nsswitch/winbindd_rpc.c b/source/nsswitch/winbindd_rpc.c
index 18186b629a3..badbd459a7a 100644
--- a/source/nsswitch/winbindd_rpc.c
+++ b/source/nsswitch/winbindd_rpc.c
@@ -301,6 +301,15 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
*num_groups = 0;
+ /* First try cached universal groups from logon */
+ *user_gids = uni_group_cache_fetch(&domain->sid, user_rid, mem_ctx, num_groups);
+ if((*num_groups > 0) && *user_gids) {
+ return NT_STATUS_OK;
+ } else {
+ *user_gids = NULL;
+ *num_groups = 0;
+ }
+
/* Get sam handle */
if (!(hnd = cm_get_sam_handle(domain->name)))
goto done;