Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 147344 Details for
Bug 227325
netsamlogon_cache.tdb group information becomes stale
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
netlogon_cache.patch
samba-3.0.21-netlogon_cache.patch (text/plain), 5.88 KB, created by
Jose Plans
on 2007-02-05 09:53:12 UTC
(
hide
)
Description:
netlogon_cache.patch
Filename:
MIME Type:
Creator:
Jose Plans
Created:
2007-02-05 09:53:12 UTC
Size:
5.88 KB
patch
obsolete
>--- samba-3.0.10/source/auth/auth_domain.c.orig 2007-01-03 16:30:18.000000000 +0000 >+++ samba-3.0.10/source/auth/auth_domain.c 2007-01-03 16:30:43.000000000 +0000 >@@ -205,7 +205,6 @@ static NTSTATUS domain_client_validate(T > } else { > nt_status = make_server_info_info3(mem_ctx, user_info->internal_username.str, > user_info->smb_name.str, domain, server_info, &info3); >- netsamlogon_cache_store( mem_ctx, user_info->smb_name.str, &info3 ); > } > > #if 0 >--- samba-3.0.10/source/nsswitch/winbindd.c.orig 2007-01-03 16:33:37.000000000 +0000 >+++ samba-3.0.10/source/nsswitch/winbindd.c 2007-01-03 16:33:50.000000000 +0000 >@@ -955,8 +955,6 @@ int main(int argc, char **argv) > > poptFreeContext(pc); > >- netsamlogon_cache_init(); /* Non-critical */ >- > init_domain_list(); > > /* Loop waiting for requests */ >--- samba-3.0.10/source/nsswitch/winbindd_cache.c.orig 2007-01-03 16:34:41.000000000 +0000 >+++ samba-3.0.10/source/nsswitch/winbindd_cache.c 2007-01-03 16:36:05.000000000 +0000 >@@ -1071,18 +1071,6 @@ static NTSTATUS query_user(struct winbin > > centry = wcache_fetch(cache, domain, "U/%s", sid_string_static(user_sid)); > >- /* If we have an access denied cache entry and a cached info3 in the >- samlogon cache then do a query. This will force the rpc back end >- to return the info3 data. */ >- >- if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) && >- netsamlogon_cache_have(user_sid)) { >- DEBUG(10, ("query_user: cached access denied and have cached info3\n")); >- domain->last_status = NT_STATUS_OK; >- centry_free(centry); >- goto do_query; >- } >- > if (!centry) > goto do_query; > >@@ -1136,18 +1124,6 @@ static NTSTATUS lookup_usergroups(struct > > centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid)); > >- /* If we have an access denied cache entry and a cached info3 in the >- samlogon cache then do a query. This will force the rpc back end >- to return the info3 data. */ >- >- if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) && >- netsamlogon_cache_have(user_sid)) { >- DEBUG(10, ("query_user: cached access denied and have cached info3\n")); >- domain->last_status = NT_STATUS_OK; >- centry_free(centry); >- goto do_query; >- } >- > if (!centry) > goto do_query; > >@@ -1349,20 +1325,6 @@ static int traverse_fn(TDB_CONTEXT *the_ > return 0; > } > >-/* Invalidate the getpwnam and getgroups entries for a winbindd domain */ >- >-void wcache_invalidate_samlogon(struct winbindd_domain *domain, >- NET_USER_INFO_3 *info3) >-{ >- struct winbind_cache *cache; >- >- if (!domain) >- return; >- >- cache = get_cache(domain); >- netsamlogon_clear_cached_user(cache->tdb, info3); >-} >- > void wcache_invalidate_cache(void) > { > struct winbindd_domain *domain; >--- samba-3.0.10/source/nsswitch/winbindd_pam.c.orig 2007-01-03 16:36:29.000000000 +0000 >+++ samba-3.0.10/source/nsswitch/winbindd_pam.c 2007-01-03 16:36:56.000000000 +0000 >@@ -329,9 +329,6 @@ enum winbindd_result winbindd_pam_auth(s > } > > if (NT_STATUS_IS_OK(result)) { >- netsamlogon_cache_store( cli->mem_ctx, name_user, &info3 ); >- wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3); >- > /* Check if the user is in the right group */ > > if (!NT_STATUS_IS_OK(result = check_info3_in_group(mem_ctx, &info3, state->request.data.auth.require_membership_of_sid))) { >@@ -568,9 +565,6 @@ enum winbindd_result winbindd_pam_auth_c > } > > if (NT_STATUS_IS_OK(result)) { >- netsamlogon_cache_store( cli->mem_ctx, name_user, &info3 ); >- wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3); >- > if (!NT_STATUS_IS_OK(result = check_info3_in_group(mem_ctx, &info3, state->request.data.auth_crap.require_membership_of_sid))) { > DEBUG(3, ("User %s is not in the required group (%s), so plaintext authentication is rejected\n", > state->request.data.auth_crap.user, >--- samba-3.0.10/source/nsswitch/winbindd_rpc.c.orig 2007-01-03 16:37:17.000000000 +0000 >+++ samba-3.0.10/source/nsswitch/winbindd_rpc.c 2007-01-03 16:38:07.000000000 +0000 >@@ -371,34 +371,12 @@ static NTSTATUS query_user(struct winbin > int retry; > fstring sid_string; > uint32 user_rid; >- NET_USER_INFO_3 *user; > > DEBUG(3,("rpc: query_user rid=%s\n", sid_to_string(sid_string, user_sid))); > if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid)) { > goto done; > } > >- /* try netsamlogon cache first */ >- >- if ( (user = netsamlogon_cache_get( mem_ctx, user_sid )) != NULL ) >- { >- >- DEBUG(5,("query_user: Cache lookup succeeded for %s\n", >- sid_string_static(user_sid))); >- >- user_info->user_sid = rid_to_talloced_sid( domain, mem_ctx, user_rid ); >- user_info->group_sid = rid_to_talloced_sid( domain, mem_ctx, user->group_rid ); >- >- user_info->acct_name = unistr2_tdup(mem_ctx, &user->uni_user_name); >- user_info->full_name = unistr2_tdup(mem_ctx, &user->uni_full_name); >- >- SAFE_FREE(user); >- >- return NT_STATUS_OK; >- } >- >- /* no cache; hit the wire */ >- > retry = 0; > do { > /* Get sam handle; if we fail here there is no hope */ >@@ -472,34 +450,12 @@ static NTSTATUS lookup_usergroups(struct > unsigned int retry; > fstring sid_string; > uint32 user_rid; >- NET_USER_INFO_3 *user; > > DEBUG(3,("rpc: lookup_usergroups sid=%s\n", sid_to_string(sid_string, user_sid))); > > *num_groups = 0; > *user_grpsids = NULL; > >- /* so lets see if we have a cached user_info_3 */ >- >- if ( (user = netsamlogon_cache_get( mem_ctx, user_sid )) != NULL ) >- { >- DEBUG(5,("query_user: Cache lookup succeeded for %s\n", >- sid_string_static(user_sid))); >- >- *num_groups = user->num_groups; >- >- (*user_grpsids) = TALLOC_ARRAY(mem_ctx, DOM_SID*, *num_groups); >- for (i=0;i<(*num_groups);i++) { >- (*user_grpsids)[i] = rid_to_talloced_sid(domain, mem_ctx, user->gids[i].g_rid); >- } >- >- SAFE_FREE(user); >- >- return NT_STATUS_OK; >- } >- >- /* no cache; hit the wire */ >- > retry = 0; > do { > /* Get sam handle; if we fail here there is no hope */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=147344">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 227325
: 147344