From: Volker Lendecke Date: Mon, 2 Jan 2017 15:56:48 +0000 (+0000) Subject: winbind: Remove "query_user" backend function X-Git-Tag: samba-4.6.0rc1~21 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=241c81b2763392439043261cf179cd2c8793faed;p=thirdparty%2Fsamba.git winbind: Remove "query_user" backend function Signed-off-by: Volker Lendecke Reviewed-by: Uri Simchoni Reviewed-by: Andreas Schneider --- diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h index 535252b890f..155369f760c 100644 --- a/source3/winbindd/winbindd.h +++ b/source3/winbindd/winbindd.h @@ -263,12 +263,6 @@ struct winbindd_methods { char ***names, enum lsa_SidType **types); - /* lookup user info for a given SID */ - NTSTATUS (*query_user)(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const struct dom_sid *user_sid, - struct wbint_userinfo *user_info); - /* lookup all groups that a user is a member of. The backend can also choose to lookup by username or rid for this function */ diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index a4339f1a4ef..7b8603c9092 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -601,171 +601,6 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain, domain_name, names, types); } -/* If you are looking for "dn_lookup": Yes, it used to be here! - * It has gone now since it was a major speed bottleneck in - * lookup_groupmem (its only use). It has been replaced by - * an rpc lookup sids call... R.I.P. */ - -/* Lookup user information from a rid */ -static NTSTATUS query_user(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const struct dom_sid *sid, - struct wbint_userinfo *info) -{ - ADS_STRUCT *ads = NULL; - const char *attrs[] = { "*", NULL }; - ADS_STATUS rc; - int count; - LDAPMessage *msg = NULL; - char *ldap_exp; - char *sidstr; - uint32_t group_rid; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - struct netr_SamInfo3 *user = NULL; - gid_t gid = -1; - int ret; - char *full_name; - - DEBUG(3,("ads: query_user\n")); - - info->homedir = NULL; - info->shell = NULL; - - /* try netsamlogon cache first */ - - if ( (user = netsamlogon_cache_get( mem_ctx, sid )) != NULL ) - { - DEBUG(5,("query_user: Cache lookup succeeded for %s\n", - sid_string_dbg(sid))); - - sid_compose(&info->user_sid, &domain->sid, user->base.rid); - sid_compose(&info->group_sid, &domain->sid, user->base.primary_gid); - - info->acct_name = talloc_strdup(mem_ctx, user->base.account_name.string); - info->full_name = talloc_strdup(mem_ctx, user->base.full_name.string); - - nss_get_info_cached( domain, sid, mem_ctx, - &info->homedir, &info->shell, &info->full_name, - &gid ); - info->primary_gid = gid; - - TALLOC_FREE(user); - - if (info->full_name == NULL) { - /* this might fail so we don't check the return code */ - wcache_query_user_fullname(domain, - mem_ctx, - sid, - &info->full_name); - } - - return NT_STATUS_OK; - } - - if ( !winbindd_can_contact_domain(domain)) { - DEBUG(8,("query_user: No incoming trust from domain %s\n", - domain->name)); - - /* We still need to generate some basic information - about the user even if we cannot contact the - domain. Most of this stuff we can deduce. */ - - sid_copy( &info->user_sid, sid ); - - /* Assume "Domain Users" for the primary group */ - - sid_compose(&info->group_sid, &domain->sid, DOMAIN_RID_USERS ); - - /* Try to fill in what the nss_info backend can do */ - - nss_get_info_cached( domain, sid, mem_ctx, - &info->homedir, &info->shell, &info->full_name, - &gid); - info->primary_gid = gid; - - return NT_STATUS_OK; - } - - /* no cache...do the query */ - - if ( (ads = ads_cached_connection(domain)) == NULL ) { - domain->last_status = NT_STATUS_SERVER_DISABLED; - return NT_STATUS_SERVER_DISABLED; - } - - sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid); - - ret = asprintf(&ldap_exp, "(objectSid=%s)", sidstr); - TALLOC_FREE(sidstr); - if (ret == -1) { - return NT_STATUS_NO_MEMORY; - } - rc = ads_search_retry(ads, &msg, ldap_exp, attrs); - SAFE_FREE(ldap_exp); - if (!ADS_ERR_OK(rc)) { - DEBUG(1,("query_user(sid=%s) ads_search: %s\n", - sid_string_dbg(sid), ads_errstr(rc))); - return ads_ntstatus(rc); - } else if (!msg) { - DEBUG(1,("query_user(sid=%s) ads_search returned NULL res\n", - sid_string_dbg(sid))); - return NT_STATUS_INTERNAL_ERROR; - } - - count = ads_count_replies(ads, msg); - if (count != 1) { - DEBUG(1,("query_user(sid=%s): Not found\n", - sid_string_dbg(sid))); - ads_msgfree(ads, msg); - return NT_STATUS_NO_SUCH_USER; - } - - info->acct_name = ads_pull_username(ads, mem_ctx, msg); - - if (!ads_pull_uint32(ads, msg, "primaryGroupID", &group_rid)) { - DEBUG(1,("No primary group for %s !?\n", - sid_string_dbg(sid))); - ads_msgfree(ads, msg); - return NT_STATUS_NO_SUCH_USER; - } - sid_copy(&info->user_sid, sid); - sid_compose(&info->group_sid, &domain->sid, group_rid); - - /* - * We have to fetch the "name" attribute before doing the - * nss_get_info_cached call. nss_get_info_cached might destroy - * the ads struct, potentially invalidating the ldap message. - */ - full_name = ads_pull_string(ads, mem_ctx, msg, "displayName"); - if (full_name == NULL) { - full_name = ads_pull_string(ads, mem_ctx, msg, "name"); - } - - ads_msgfree(ads, msg); - msg = NULL; - - status = nss_get_info_cached( domain, sid, mem_ctx, - &info->homedir, &info->shell, &info->full_name, - &gid); - info->primary_gid = gid; - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("nss_get_info_cached failed: %s\n", - nt_errstr(status))); - return status; - } - - if (info->full_name == NULL) { - info->full_name = full_name; - } else { - TALLOC_FREE(full_name); - } - - status = NT_STATUS_OK; - - DEBUG(3,("ads query_user gave %s\n", info->acct_name)); - return NT_STATUS_OK; -} - /* Lookup groups a user is a member of - alternate method, for when tokenGroups are not available. */ static NTSTATUS lookup_usergroups_member(struct winbindd_domain *domain, @@ -1717,7 +1552,6 @@ struct winbindd_methods ads_methods = { name_to_sid, sid_to_name, rids_to_names, - query_user, lookup_usergroups, lookup_useraliases, lookup_groupmem, diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index 42ca142360a..1aa162c5a10 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -403,84 +403,6 @@ static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, return result; } -/* Lookup user information from a rid or username. */ -static NTSTATUS msrpc_query_user(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const struct dom_sid *user_sid, - struct wbint_userinfo *user_info) -{ - struct rpc_pipe_client *samr_pipe; - struct policy_handle dom_pol; - struct netr_SamInfo3 *user; - TALLOC_CTX *tmp_ctx; - NTSTATUS status; - - DEBUG(3,("msrpc_query_user sid=%s\n", sid_string_dbg(user_sid))); - - tmp_ctx = talloc_stackframe(); - if (tmp_ctx == NULL) { - return NT_STATUS_NO_MEMORY; - } - - if (user_info) { - user_info->homedir = NULL; - user_info->shell = NULL; - user_info->primary_gid = (gid_t)-1; - } - - /* try netsamlogon cache first */ - user = netsamlogon_cache_get(tmp_ctx, user_sid); - if (user != NULL) { - DEBUG(5,("msrpc_query_user: Cache lookup succeeded for %s\n", - sid_string_dbg(user_sid))); - - sid_compose(&user_info->user_sid, &domain->sid, user->base.rid); - sid_compose(&user_info->group_sid, &domain->sid, - user->base.primary_gid); - - user_info->acct_name = talloc_strdup(user_info, - user->base.account_name.string); - user_info->full_name = talloc_strdup(user_info, - user->base.full_name.string); - - if (user_info->full_name == NULL) { - /* this might fail so we don't check the return code */ - wcache_query_user_fullname(domain, - mem_ctx, - user_sid, - &user_info->full_name); - } - - status = NT_STATUS_OK; - goto done; - } - - if ( !winbindd_can_contact_domain( domain ) ) { - DEBUG(10,("query_user: No incoming trust for domain %s\n", - domain->name)); - /* Tell the cache manager not to remember this one */ - status = NT_STATUS_SYNCHRONIZATION_REQUIRED; - goto done; - } - - /* no cache; hit the wire */ - status = cm_connect_sam(domain, tmp_ctx, false, &samr_pipe, &dom_pol); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - - status = rpc_query_user(tmp_ctx, - samr_pipe, - &dom_pol, - &domain->sid, - user_sid, - user_info); - -done: - TALLOC_FREE(tmp_ctx); - return status; -} - /* Lookup groups a user is a member of. I wish Unix had a call like this! */ static NTSTATUS msrpc_lookup_usergroups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, @@ -1249,7 +1171,6 @@ struct winbindd_methods msrpc_methods = { msrpc_name_to_sid, msrpc_sid_to_name, msrpc_rids_to_names, - msrpc_query_user, msrpc_lookup_usergroups, msrpc_lookup_useraliases, msrpc_lookup_groupmem, diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c index f7dd8053f2e..0406c995b1b 100644 --- a/source3/winbindd/winbindd_reconnect.c +++ b/source3/winbindd/winbindd_reconnect.c @@ -201,24 +201,6 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain, return result; } -/* Lookup user information from a rid or username. */ -static NTSTATUS query_user(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const struct dom_sid *user_sid, - struct wbint_userinfo *user_info) -{ - NTSTATUS result; - - result = msrpc_methods.query_user(domain, mem_ctx, user_sid, - user_info); - - if (reconnect_need_retry(result, domain)) - result = msrpc_methods.query_user(domain, mem_ctx, user_sid, - user_info); - - return result; -} - /* Lookup groups a user is a member of. I wish Unix had a call like this! */ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, @@ -354,7 +336,6 @@ struct winbindd_methods reconnect_methods = { name_to_sid, sid_to_name, rids_to_names, - query_user, lookup_usergroups, lookup_useraliases, lookup_groupmem, diff --git a/source3/winbindd/winbindd_reconnect_ads.c b/source3/winbindd/winbindd_reconnect_ads.c index 7ea8298c4a4..5a913607472 100644 --- a/source3/winbindd/winbindd_reconnect_ads.c +++ b/source3/winbindd/winbindd_reconnect_ads.c @@ -156,24 +156,6 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain, return result; } -/* Lookup user information from a rid or username. */ -static NTSTATUS query_user(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const struct dom_sid *user_sid, - struct wbint_userinfo *user_info) -{ - NTSTATUS result; - - result = ads_methods.query_user(domain, mem_ctx, user_sid, user_info); - - if (reconnect_need_retry(result, domain)) { - result = ads_methods.query_user(domain, mem_ctx, user_sid, - user_info); - } - - return result; -} - /* Lookup groups a user is a member of. I wish Unix had a call like this! */ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, @@ -311,7 +293,6 @@ struct winbindd_methods reconnect_ads_methods = { name_to_sid, sid_to_name, rids_to_names, - query_user, lookup_usergroups, lookup_useraliases, lookup_groupmem, diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c index dce26d2f5a0..0ce98ab542a 100644 --- a/source3/winbindd/winbindd_samr.c +++ b/source3/winbindd/winbindd_samr.c @@ -225,59 +225,6 @@ done: return status; } -/* Lookup user information from a rid or username. */ -static NTSTATUS sam_query_user(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const struct dom_sid *user_sid, - struct wbint_userinfo *user_info) -{ - struct rpc_pipe_client *samr_pipe; - struct policy_handle dom_pol; - TALLOC_CTX *tmp_ctx; - NTSTATUS status, result; - struct dcerpc_binding_handle *b = NULL; - - DEBUG(3,("sam_query_user\n")); - - ZERO_STRUCT(dom_pol); - - /* Paranoia check */ - if (!sid_check_is_in_our_sam(user_sid)) { - return NT_STATUS_NO_SUCH_USER; - } - - user_info->homedir = NULL; - user_info->shell = NULL; - user_info->primary_gid = (gid_t) -1; - - tmp_ctx = talloc_stackframe(); - if (tmp_ctx == NULL) { - return NT_STATUS_NO_MEMORY; - } - - status = open_internal_samr_conn(tmp_ctx, domain, &samr_pipe, &dom_pol); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - - b = samr_pipe->binding_handle; - - status = rpc_query_user(tmp_ctx, - samr_pipe, - &dom_pol, - &domain->sid, - user_sid, - user_info); - -done: - if (b && is_valid_policy_hnd(&dom_pol)) { - dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result); - } - - TALLOC_FREE(tmp_ctx); - return status; -} - /* get a list of trusted domains - builtin domain */ static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, @@ -447,15 +394,6 @@ static NTSTATUS builtin_query_user_list(struct winbindd_domain *domain, return NT_STATUS_OK; } -/* Lookup user information from a rid or username. */ -static NTSTATUS builtin_query_user(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const struct dom_sid *user_sid, - struct wbint_userinfo *user_info) -{ - return NT_STATUS_NO_SUCH_USER; -} - /* get a list of trusted domains - builtin domain */ static NTSTATUS builtin_trusted_domains(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, @@ -1040,7 +978,6 @@ struct winbindd_methods builtin_passdb_methods = { .name_to_sid = sam_name_to_sid, .sid_to_name = sam_sid_to_name, .rids_to_names = sam_rids_to_names, - .query_user = builtin_query_user, .lookup_usergroups = sam_lookup_usergroups, .lookup_useraliases = sam_lookup_useraliases, .lookup_groupmem = sam_lookup_groupmem, @@ -1060,7 +997,6 @@ struct winbindd_methods sam_passdb_methods = { .name_to_sid = sam_name_to_sid, .sid_to_name = sam_sid_to_name, .rids_to_names = sam_rids_to_names, - .query_user = sam_query_user, .lookup_usergroups = sam_lookup_usergroups, .lookup_useraliases = sam_lookup_useraliases, .lookup_groupmem = sam_lookup_groupmem,