The branch, v3-6-test has been updated via 9d30733 s3:net: make idmap_store_secret static. via ed31148 s3:net: fix the usage for net idmap secret (removing alloc) via 57beac0 s3:net: remove alloc parameter from idmap_store_secret() (net idmap store). via ef2cc5f s3:idmap_ldap: remove special handling of alloc secret (not used any more). via 2b87f84 s3:idmap_ldap: remove unused idmap_ldap_alloc_context. via 0819160 s3:idmap_ldap: remove alloc context member from ldap_idmap_context via c4bb784 s3:idmap_ldap: remove use of alloc context from idmap_ldap_allocate_id(). via 3aab070 s3:idmap_ldap: remove unused idmap_ldap_alloc_close_destructor(). via 84a28a1 s3:idmap_ldap: remove unused idmap_ldap_alloc_init(). via c32e154 s3:idmap_ldap: don't call idmap_ldap_alloc_init in idmap_ldap_init. via e814929 s3:idmap_ldap: remove use of the ldap_idmap_alloc_context from verify_idpool(). from a31f756 Fix a valgrind error
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log ----------------------------------------------------------------- commit 9d30733496f0a53d556dacff6284f4642ae00dce Author: Michael Adam <ob...@samba.org> Date: Wed Dec 8 00:43:34 2010 +0100 s3:net: make idmap_store_secret static. Autobuild-User: Michael Adam <ob...@samba.org> Autobuild-Date: Sun Jan 2 13:41:07 CET 2011 on sn-devel-104 commit ed31148c4838789a2ad30da8db2f0a82cb702143 Author: Michael Adam <ob...@samba.org> Date: Wed Dec 8 00:41:28 2010 +0100 s3:net: fix the usage for net idmap secret (removing alloc) commit 57beac091a4c8284c268c9c40951643718cccb3a Author: Michael Adam <ob...@samba.org> Date: Wed Dec 8 00:39:28 2010 +0100 s3:net: remove alloc parameter from idmap_store_secret() (net idmap store). commit ef2cc5f9b9568b843d95b81d9f751f0d3e6a66b2 Author: Michael Adam <ob...@samba.org> Date: Wed Dec 8 00:32:53 2010 +0100 s3:idmap_ldap: remove special handling of alloc secret (not used any more). commit 2b87f84c26c411b69be28e109d631ccd93bbe5be Author: Michael Adam <ob...@samba.org> Date: Wed Dec 8 00:26:29 2010 +0100 s3:idmap_ldap: remove unused idmap_ldap_alloc_context. commit 0819160898a64249a685c0be1944fd9e04ba875f Author: Michael Adam <ob...@samba.org> Date: Wed Dec 8 00:26:05 2010 +0100 s3:idmap_ldap: remove alloc context member from ldap_idmap_context commit c4bb7843ab787469a2150f7bb66da7919dac1e90 Author: Michael Adam <ob...@samba.org> Date: Wed Dec 8 00:24:01 2010 +0100 s3:idmap_ldap: remove use of alloc context from idmap_ldap_allocate_id(). commit 3aab0703754fdd2652da9402c7fab9b94f5aaf75 Author: Michael Adam <ob...@samba.org> Date: Wed Dec 8 00:07:29 2010 +0100 s3:idmap_ldap: remove unused idmap_ldap_alloc_close_destructor(). commit 84a28a1893d918bb9588d9eea843156c6a956ab1 Author: Michael Adam <ob...@samba.org> Date: Wed Dec 8 00:06:50 2010 +0100 s3:idmap_ldap: remove unused idmap_ldap_alloc_init(). commit c32e15493a27bf606c4b409bd1a4d9c41a4f0949 Author: Michael Adam <ob...@samba.org> Date: Wed Dec 8 00:04:20 2010 +0100 s3:idmap_ldap: don't call idmap_ldap_alloc_init in idmap_ldap_init. Call verify_idpool() instead. commit e814929cd69bbe198fdcec47969f603a3713d145 Author: Michael Adam <ob...@samba.org> Date: Wed Dec 8 00:19:23 2010 +0100 s3:idmap_ldap: remove use of the ldap_idmap_alloc_context from verify_idpool(). Allocation is now subsumed in the idmap ldap config. This is the beginning of the removal of the idmap ldap alloc parameters. ----------------------------------------------------------------------- Summary of changes: source3/utils/net_idmap.c | 24 +++---- source3/utils/net_proto.h | 3 - source3/winbindd/idmap_ldap.c | 172 +++++++---------------------------------- 3 files changed, 38 insertions(+), 161 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/net_idmap.c b/source3/utils/net_idmap.c index 488132b..e3640bd 100644 --- a/source3/utils/net_idmap.c +++ b/source3/utils/net_idmap.c @@ -289,19 +289,16 @@ static int net_idmap_set(struct net_context *c, int argc, const char **argv) d_printf("%s\n", _("Not implemented yet")); return -1; } -bool idmap_store_secret(const char *backend, bool alloc, - const char *domain, const char *identity, - const char *secret) +static bool idmap_store_secret(const char *backend, + const char *domain, + const char *identity, + const char *secret) { char *tmp; int r; bool ret; - if (alloc) { - r = asprintf(&tmp, "IDMAP_ALLOC_%s", backend); - } else { - r = asprintf(&tmp, "IDMAP_%s_%s", backend, domain); - } + r = asprintf(&tmp, "IDMAP_%s_%s", backend, domain); if (r < 0) return false; @@ -363,7 +360,7 @@ static int net_idmap_secret(struct net_context *c, int argc, const char **argv) return -1; } - ret = idmap_store_secret("ldap", false, domain, dn, secret); + ret = idmap_store_secret("ldap", domain, dn, secret); if ( ! ret) { d_fprintf(stderr, _("Failed to store secret\n")); @@ -385,9 +382,8 @@ int net_help_idmap(struct net_context *c, int argc, const char **argv) /* Deliberately *not* document net idmap delete */ - d_printf(_("net idmap secret <DOMAIN>|alloc <secret>\n" - " Set the secret for the specified DOMAIN (or the alloc " - "module)\n")); + d_printf(_("net idmap secret <DOMAIN> <secret>\n" + " Set the secret for the specified DOMAIN module)\n")); return -1; } @@ -499,8 +495,8 @@ int net_idmap(struct net_context *c, int argc, const char **argv) net_idmap_secret, NET_TRANSPORT_LOCAL, N_("Set secret for specified domain"), - N_("net idmap secret {<DOMAIN>|alloc} <secret>\n" - " Set secret for specified domain or alloc module") + N_("net idmap secret <DOMAIN> <secret>\n" + " Set secret for specified domain") }, { "aclmapset", diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h index 9e9e82f..2475c9f 100644 --- a/source3/utils/net_proto.h +++ b/source3/utils/net_proto.h @@ -86,9 +86,6 @@ int net_help(struct net_context *c, int argc, const char **argv); /* The following definitions come from utils/net_idmap.c */ -bool idmap_store_secret(const char *backend, bool alloc, - const char *domain, const char *identity, - const char *secret); int net_help_idmap(struct net_context *c, int argc, const char **argv); int net_idmap(struct net_context *c, int argc, const char **argv); diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c index 7b1f247..aea5d6a 100644 --- a/source3/winbindd/idmap_ldap.c +++ b/source3/winbindd/idmap_ldap.c @@ -38,17 +38,13 @@ #include "smbldap.h" -static char *idmap_fetch_secret(const char *backend, bool alloc, +static char *idmap_fetch_secret(const char *backend, const char *domain, const char *identity) { char *tmp, *ret; int r; - if (alloc) { - r = asprintf(&tmp, "IDMAP_ALLOC_%s", backend); - } else { - r = asprintf(&tmp, "IDMAP_%s_%s", backend, domain); - } + r = asprintf(&tmp, "IDMAP_%s_%s", backend, domain); if (r < 0) return NULL; @@ -61,20 +57,12 @@ static char *idmap_fetch_secret(const char *backend, bool alloc, return ret; } -struct idmap_ldap_alloc_context { - struct smbldap_state *smbldap_state; - char *url; - char *suffix; - char *user_dn; -}; - struct idmap_ldap_context { struct smbldap_state *smbldap_state; char *url; char *suffix; char *user_dn; bool anon; - struct idmap_ldap_alloc_context *alloc; struct idmap_rw_ops *rw_ops; }; @@ -110,12 +98,13 @@ static NTSTATUS get_credentials( TALLOC_CTX *mem_ctx, if ( tmp ) { if (!dom) { - /* only the alloc backend can pass in a NULL dom */ - secret = idmap_fetch_secret("ldap", True, - NULL, tmp); + DEBUG(0, ("get_credentials: Invalid domain 'NULL' " + "encountered for user DN %s\n", + tmp)); + ret = NT_STATUS_UNSUCCESSFUL; + goto done; } else { - secret = idmap_fetch_secret("ldap", False, - dom->name, tmp); + secret = idmap_fetch_secret("ldap", dom->name, tmp); } if (!secret) { @@ -168,11 +157,7 @@ static NTSTATUS verify_idpool(struct idmap_domain *dom) ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context); - if (!ctx->alloc) { - return NT_STATUS_UNSUCCESSFUL; - } - - mem_ctx = talloc_new(ctx->alloc); + mem_ctx = talloc_new(ctx); if (mem_ctx == NULL) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; @@ -184,8 +169,8 @@ static NTSTATUS verify_idpool(struct idmap_domain *dom) attr_list = get_attr_list(mem_ctx, idpool_attr_list); CHECK_ALLOC_DONE(attr_list); - rc = smbldap_search(ctx->alloc->smbldap_state, - ctx->alloc->suffix, + rc = smbldap_search(ctx->smbldap_state, + ctx->suffix, LDAP_SCOPE_SUBTREE, filter, attr_list, @@ -198,14 +183,13 @@ static NTSTATUS verify_idpool(struct idmap_domain *dom) return NT_STATUS_UNSUCCESSFUL; } - count = ldap_count_entries(ctx->alloc->smbldap_state->ldap_struct, - result); + count = ldap_count_entries(ctx->smbldap_state->ldap_struct, result); ldap_msgfree(result); if ( count > 1 ) { DEBUG(0,("Multiple entries returned from %s (base == %s)\n", - filter, ctx->alloc->suffix)); + filter, ctx->suffix)); ret = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -228,8 +212,8 @@ static NTSTATUS verify_idpool(struct idmap_domain *dom) LDAP_ATTR_GIDNUMBER), gid_str); if (mods) { - rc = smbldap_modify(ctx->alloc->smbldap_state, - ctx->alloc->suffix, + rc = smbldap_modify(ctx->smbldap_state, + ctx->suffix, mods); ldap_mods_free(mods, True); } else { @@ -244,100 +228,6 @@ done: return ret; } -/***************************************************************************** - Initialise idmap database. -*****************************************************************************/ - -static int idmap_ldap_alloc_close_destructor(struct idmap_ldap_alloc_context *ctx) -{ - smbldap_free_struct(&ctx->smbldap_state); - DEBUG(5,("The connection to the LDAP server was closed\n")); - /* maybe free the results here --metze */ - return 0; -} - -static NTSTATUS idmap_ldap_alloc_init(struct idmap_domain *dom, - const char *params) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - const char *tmp; - struct idmap_ldap_context *ctx; - - /* Only do init if we are online */ - if (idmap_is_offline()) { - return NT_STATUS_FILE_IS_OFFLINE; - } - - ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context); - - ctx->alloc = talloc_zero(ctx, struct idmap_ldap_alloc_context); - CHECK_ALLOC_DONE(ctx->alloc); - - if (params && *params) { - /* assume location is the only parameter */ - ctx->alloc->url = talloc_strdup(ctx->alloc, params); - } else { - tmp = lp_parm_const_string(-1, "idmap alloc config", - "ldap_url", NULL); - - if ( ! tmp) { - DEBUG(1, ("ERROR: missing idmap ldap url\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ctx->alloc->url = talloc_strdup(ctx->alloc, tmp); - } - CHECK_ALLOC_DONE(ctx->alloc->url); - - trim_char(ctx->alloc->url, '\"', '\"'); - - tmp = lp_parm_const_string(-1, "idmap alloc config", - "ldap_base_dn", NULL); - if ( ! tmp || ! *tmp) { - tmp = lp_ldap_idmap_suffix(); - if ( ! tmp) { - DEBUG(1, ("ERROR: missing idmap ldap suffix\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - } - - ctx->alloc->suffix = talloc_strdup(ctx->alloc, tmp); - CHECK_ALLOC_DONE(ctx->alloc->suffix); - - ret = smbldap_init(ctx->alloc, winbind_event_context(), - ctx->alloc->url, - &ctx->alloc->smbldap_state); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(1, ("ERROR: smbldap_init (%s) failed!\n", - ctx->alloc->url)); - goto done; - } - - talloc_set_destructor(ctx->alloc, idmap_ldap_alloc_close_destructor); - - ret = get_credentials(ctx->alloc, - ctx->alloc->smbldap_state, - "idmap alloc config", NULL, - &ctx->alloc->user_dn); - if ( !NT_STATUS_IS_OK(ret) ) { - DEBUG(1,("idmap_ldap_alloc_init: Failed to get connection " - "credentials (%s)\n", nt_errstr(ret))); - goto done; - } - - /* see if the idmap suffix and sub entries exists */ - - ret = verify_idpool(dom); - - done: - if ( !NT_STATUS_IS_OK( ret ) ) - TALLOC_FREE(ctx->alloc); - - return ret; -} - /******************************** Allocate a new uid or gid ********************************/ @@ -367,11 +257,7 @@ static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom, ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context); - if (!ctx->alloc) { - return NT_STATUS_UNSUCCESSFUL; - } - - mem_ctx = talloc_new(ctx->alloc); + mem_ctx = talloc_new(ctx); if (!mem_ctx) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; @@ -403,10 +289,10 @@ static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom, DEBUG(10, ("Search of the id pool (filter: %s)\n", filter)); - rc = smbldap_search(ctx->alloc->smbldap_state, - ctx->alloc->suffix, - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &result); + rc = smbldap_search(ctx->smbldap_state, + ctx->suffix, + LDAP_SCOPE_SUBTREE, filter, + attr_list, 0, &result); if (rc != LDAP_SUCCESS) { DEBUG(0,("%s object not found\n", LDAP_OBJ_IDPOOL)); @@ -415,25 +301,23 @@ static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom, talloc_autofree_ldapmsg(mem_ctx, result); - count = ldap_count_entries(ctx->alloc->smbldap_state->ldap_struct, - result); + count = ldap_count_entries(ctx->smbldap_state->ldap_struct, result); if (count != 1) { DEBUG(0,("Single %s object not found\n", LDAP_OBJ_IDPOOL)); goto done; } - entry = ldap_first_entry(ctx->alloc->smbldap_state->ldap_struct, - result); + entry = ldap_first_entry(ctx->smbldap_state->ldap_struct, result); dn = smbldap_talloc_dn(mem_ctx, - ctx->alloc->smbldap_state->ldap_struct, + ctx->smbldap_state->ldap_struct, entry); if ( ! dn) { goto done; } id_str = smbldap_talloc_single_attribute( - ctx->alloc->smbldap_state->ldap_struct, + ctx->smbldap_state->ldap_struct, entry, type, mem_ctx); if (id_str == NULL) { DEBUG(0,("%s attribute not found\n", type)); @@ -485,7 +369,7 @@ static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom, DEBUG(10, ("Try to atomically increment the id (%s -> %s)\n", id_str, new_id_str)); - rc = smbldap_modify(ctx->alloc->smbldap_state, dn, mods); + rc = smbldap_modify(ctx->smbldap_state, dn, mods); ldap_mods_free(mods, True); @@ -636,10 +520,10 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom, dom->private_data = ctx; - ret = idmap_ldap_alloc_init(dom, params); + ret = verify_idpool(dom); if (!NT_STATUS_IS_OK(ret)) { - DEBUG(1, ("idmap_ldap_db_init: Failed to initialize alloc " - "subsystem: %s\n", nt_errstr(ret))); + DEBUG(1, ("idmap_ldap_db_init: failed to verify ID pool (%s)\n", + nt_errstr(ret))); goto done; } -- Samba Shared Repository