From: Samuel Cabrero Date: Wed, 9 Mar 2022 16:44:17 +0000 (+0100) Subject: s3:winbind: Convert wcache_opnum_cacheable() to a whitelist X-Git-Tag: tevent-0.12.0~258 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00ea654961a790acd17e445b1eb0aec3296a60cc;p=thirdparty%2Fsamba.git s3:winbind: Convert wcache_opnum_cacheable() to a whitelist It avoids having to explicitly blacklist new DCE/RPC calls. This is the current list of non cacheable calls: NDR_WBINT_PING NDR_WBINT_QUERYSEQUENCENUMBER NDR_WBINT_ALLOCATEUID NDR_WBINT_ALLOCATEGID NDR_WBINT_CHECKMACHINEACCOUNT NDR_WBINT_CHANGEMACHINEACCOUNT NDR_WBINT_PINGDC NDR_WBINT_LISTTRUSTEDDOMAINS It includes the ListTrustedDomains call recently converted to a local RPC call. Signed-off-by: Samuel Cabrero Reviewed-by: Stefan Metzmacher --- diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 631b3277164..9a3238a8002 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -4644,16 +4644,22 @@ static bool wcache_ndr_key(TALLOC_CTX *mem_ctx, const char *domain_name, static bool wcache_opnum_cacheable(uint32_t opnum) { switch (opnum) { - case NDR_WBINT_PING: - case NDR_WBINT_QUERYSEQUENCENUMBER: - case NDR_WBINT_ALLOCATEUID: - case NDR_WBINT_ALLOCATEGID: - case NDR_WBINT_CHECKMACHINEACCOUNT: - case NDR_WBINT_CHANGEMACHINEACCOUNT: - case NDR_WBINT_PINGDC: - return false; + case NDR_WBINT_LOOKUPSID: + case NDR_WBINT_LOOKUPSIDS: + case NDR_WBINT_LOOKUPNAME: + case NDR_WBINT_SIDS2UNIXIDS: + case NDR_WBINT_UNIXIDS2SIDS: + case NDR_WBINT_GETNSSINFO: + case NDR_WBINT_LOOKUPUSERALIASES: + case NDR_WBINT_LOOKUPUSERGROUPS: + case NDR_WBINT_LOOKUPGROUPMEMBERS: + case NDR_WBINT_QUERYGROUPLIST: + case NDR_WBINT_QUERYUSERRIDLIST: + case NDR_WBINT_DSGETDCNAME: + case NDR_WBINT_LOOKUPRIDS: + return true; } - return true; + return false; } bool wcache_fetch_ndr(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain,