The branch, master has been updated
via 6c2d6ad s3:auth small optimization in create_token_from_sid
via deea99a s3:net: reduce indentation in net idmap delete for symmetry
and consistency
via 50e3592 s3:net: introduce a talloc stackframe for net idmap delete
via 8473764 s3:net_idmap_delete do not lock two records at the same time
via 9aa79c1 s3:net idmap: use lp_idmap_default_backend() now that we
have it.
via c37a493 s3:param: add new lp_idmap_default_backend()
via 321401e s3:param: introduce new lp_idmap_backend() that takes the
domain
via 4198e80 s3:param: add a comment
via 085b976 s3:param: remove unused function lp_idmap_backend()
via cef05fb s3:net idmap: remove call to lp_idmap_backend() - this is
useless.
via 600ba80 s3:param: remove unused functions lp_idmap_uid() and
lp_idmap_gid()
via 4e52fa7 s3:auth: use new lp_idmap_default_range() instead of
lp_idmap_gid() in create_token_from_sid()
via 58b302d s3:param: add utility function lp_idmap_default_range()
via 1342bdd s3:param: add a utility function lp_idmap_range() to get
the configured range for a given domain.
via e7b39fb s3:param: remove an old comment (that is not up-to date any
more)
from 72cd5d5 tdb: Remove "header" from tdb_context
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6c2d6ada42779b1c7015ddf3cf0dc420c4558be1
Author: Christian Ambach <a...@samba.org>
Date: Tue Jan 29 17:19:17 2013 +0100
s3:auth small optimization in create_token_from_sid
save some calls to lp_idmap_default_range(), calling it
once is enough
Signed-off-by: Christian Ambach <a...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
Autobuild-User(master): Michael Adam <ob...@samba.org>
Autobuild-Date(master): Tue Feb 5 19:14:25 CET 2013 on sn-devel-104
commit deea99ac36a431befae3af39b7e160ce2d7ba5dc
Author: Michael Adam <ob...@samba.org>
Date: Wed Jan 30 15:50:52 2013 +0100
s3:net: reduce indentation in net idmap delete for symmetry and consistency
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 50e3592ace69a919b3196420e56f09ce435302ea
Author: Michael Adam <ob...@samba.org>
Date: Wed Jan 30 15:46:47 2013 +0100
s3:net: introduce a talloc stackframe for net idmap delete
this simplifies the freeing at the end
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 8473764234bfec2f21b87ec69c213af4365749b4
Author: Christian Ambach <a...@samba.org>
Date: Fri Dec 7 13:43:57 2012 +0100
s3:net_idmap_delete do not lock two records at the same time
the lock order check will prohibit this and as we are running inside
a transaction there is no need to lock the records before deleting them
Pair-Programmed-With: Michael Adam <ob...@samba.org>
Signed-off-by: Christian Ambach <a...@samba.org>
Signed-off-by: Michael Adam <ob...@samba.org>
commit 9aa79c11f07624d10f49a6840e93e84739997ffe
Author: Michael Adam <ob...@samba.org>
Date: Tue Jan 29 13:34:26 2013 +0100
s3:net idmap: use lp_idmap_default_backend() now that we have it.
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit c37a4939026622e3751e9188a3079def89171153
Author: Michael Adam <ob...@samba.org>
Date: Tue Jan 29 13:26:11 2013 +0100
s3:param: add new lp_idmap_default_backend()
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 321401e7d1c812d70aa44350de0386a12d9c25f4
Author: Michael Adam <ob...@samba.org>
Date: Tue Jan 29 13:24:20 2013 +0100
s3:param: introduce new lp_idmap_backend() that takes the domain
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 4198e800d809cd0b7be5a0214a22b9a31b906cc4
Author: Michael Adam <ob...@samba.org>
Date: Mon Jan 28 15:41:13 2013 +0100
s3:param: add a comment
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 085b9767a6886aa04b8cfbee8077b411e466bfec
Author: Michael Adam <ob...@samba.org>
Date: Mon Jan 28 14:35:53 2013 +0100
s3:param: remove unused function lp_idmap_backend()
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit cef05fbe8dc210ba257d2d018878d0b351009c02
Author: Michael Adam <ob...@samba.org>
Date: Mon Jan 28 14:29:21 2013 +0100
s3:net idmap: remove call to lp_idmap_backend() - this is useless.
The variable behind lp_idmap_backend() is never set.
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 600ba80246aaa6cb9499a49f48e92a2657fdc918
Author: Michael Adam <ob...@samba.org>
Date: Mon Jan 28 14:21:44 2013 +0100
s3:param: remove unused functions lp_idmap_uid() and lp_idmap_gid()
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 4e52fa7b7346c3afdaeb87c2af69ee71cb3cd1fb
Author: Michael Adam <ob...@samba.org>
Date: Mon Jan 28 16:45:30 2013 +0100
s3:auth: use new lp_idmap_default_range() instead of lp_idmap_gid() in
create_token_from_sid()
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 58b302d76a83880744d637f95b4aa7f80c040ea8
Author: Michael Adam <ob...@samba.org>
Date: Mon Jan 28 16:35:50 2013 +0100
s3:param: add utility function lp_idmap_default_range()
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 1342bdd55c9759bc23f93298b34ed8d587816e6b
Author: Michael Adam <ob...@samba.org>
Date: Mon Jan 28 16:31:23 2013 +0100
s3:param: add a utility function lp_idmap_range() to get the configured
range for a given domain.
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit e7b39fba5e46f01e43250a758c69e3067400a0d3
Author: Michael Adam <ob...@samba.org>
Date: Mon Jan 28 14:18:48 2013 +0100
s3:param: remove an old comment (that is not up-to date any more)
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/param/loadparm.c | 1 +
lib/param/param_functions.c | 1 -
source3/auth/token_util.c | 8 ++-
source3/include/proto.h | 7 ++-
source3/param/loadparm.c | 119 +++++++++++++++++++++++++++---------------
source3/utils/net_idmap.c | 64 ++++++++++++-----------
6 files changed, 119 insertions(+), 81 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 2462796..fdb02c3 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -87,6 +87,7 @@ static bool defaults_saved = false;
char *szUsershareTemplateShare; \
char *szIdmapUID; \
char *szIdmapGID; \
+ char *szIdmapBackend; \
int winbindMaxDomainConnections; \
int ismb2_max_credits; \
char *tls_keyfile; \
diff --git a/lib/param/param_functions.c b/lib/param/param_functions.c
index 94652fa..852f525 100644
--- a/lib/param/param_functions.c
+++ b/lib/param/param_functions.c
@@ -239,7 +239,6 @@ FN_GLOBAL_CONST_STRING(dnsdomain, szRealm_lower)
FN_GLOBAL_CONST_STRING(dns_forwarder, dns_forwarder)
FN_GLOBAL_CONST_STRING(dos_charset, dos_charset)
FN_GLOBAL_CONST_STRING(guestaccount, szGuestaccount)
-FN_GLOBAL_CONST_STRING(idmap_backend, szIdmapBackend)
FN_GLOBAL_CONST_STRING(lockdir, szLockDir)
FN_GLOBAL_CONST_STRING(logon_drive, szLogonDrive)
FN_GLOBAL_CONST_STRING(logon_home, szLogonHome)
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index ac242f1..d86d589 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -565,6 +565,8 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
uint32_t num_group_sids;
uint32_t num_gids;
uint32_t i;
+ uint32_t high, low;
+ bool range_ok;
if (sid_check_is_in_our_sam(user_sid)) {
bool ret;
@@ -757,13 +759,13 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
to 'valid user = "Domain Admins"'. --jerry */
num_gids = num_group_sids;
+ range_ok = lp_idmap_default_range(&low, &high);
for ( i=0; i<num_gids; i++ ) {
- gid_t high, low;
/* don't pickup anything managed by Winbind */
-
- if ( lp_idmap_gid(&low, &high) && (gids[i] >= low) && (gids[i]
<= high) )
+ if (range_ok && (gids[i] >= low) && (gids[i] <= high)) {
continue;
+ }
gid_to_unix_groups_sid(gids[i], &unix_group_sid);
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 6856dd7..925039d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1080,9 +1080,12 @@ bool lp_winbind_normalize_names(void);
bool lp_winbind_rpc_only(void);
bool lp_create_krb5_conf(void);
int lp_winbind_max_domain_connections(void);
-const char *lp_idmap_backend(void);
int lp_idmap_cache_time(void);
int lp_idmap_negative_cache_time(void);
+bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high);
+bool lp_idmap_default_range(uint32_t *low, uint32_t *high);
+const char *lp_idmap_backend(const char *domain_name);
+const char *lp_idmap_default_backend (void);
int lp_keepalive(void);
bool lp_passdb_expand_explicit(void);
char *lp_ldap_suffix(TALLOC_CTX *ctx);
@@ -1392,8 +1395,6 @@ bool process_registry_shares(void);
bool lp_config_backend_is_registry(void);
bool lp_config_backend_is_file(void);
bool lp_file_list_changed(void);
-bool lp_idmap_uid(uid_t *low, uid_t *high);
-bool lp_idmap_gid(gid_t *low, gid_t *high);
const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx);
const char *lp_ldap_user_suffix(TALLOC_CTX *ctx);
const char *lp_ldap_group_suffix(TALLOC_CTX *ctx);
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 0e1b019..5bf430d 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -124,6 +124,7 @@ static bool defaults_saved = false;
char *szUsershareTemplateShare; \
char *szIdmapUID; \
char *szIdmapGID; \
+ char *szIdmapBackend; \
int winbindMaxDomainConnections; \
int ismb2_max_credits; \
char *tls_keyfile; \
@@ -2884,74 +2885,106 @@ static bool handle_ldap_debug_level(struct
loadparm_context *unused, int snum, c
return true;
}
-/***************************************************************************
- Handle idmap/non unix account uid and gid allocation parameters. The format
of these
- parameters is:
+/*
+ * idmap related parameters
+ */
- [global]
+static bool handle_idmap_backend(struct loadparm_context *unused, int snum,
const char *pszParmValue, char **ptr)
+{
+ lp_do_parameter(snum, "idmap config * : backend", pszParmValue);
- idmap uid = 1000-1999
- idmap gid = 700-899
+ return true;
+}
- We only do simple parsing checks here. The strings are parsed into useful
- structures in the idmap daemon code.
+static bool handle_idmap_uid(struct loadparm_context *unused, int snum, const
char *pszParmValue, char **ptr)
+{
+ lp_do_parameter(snum, "idmap config * : range", pszParmValue);
-***************************************************************************/
+ return true;
+}
-/* Some lp_ routines to return idmap [ug]id information */
+static bool handle_idmap_gid(struct loadparm_context *unused, int snum, const
char *pszParmValue, char **ptr)
+{
+ lp_do_parameter(snum, "idmap config * : range", pszParmValue);
-static uid_t idmap_uid_low, idmap_uid_high;
-static gid_t idmap_gid_low, idmap_gid_high;
+ return true;
+}
-bool lp_idmap_uid(uid_t *low, uid_t *high)
+bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
{
- if (idmap_uid_low == 0 || idmap_uid_high == 0)
- return false;
+ char *config_option = NULL;
+ const char *range = NULL;
+ bool ret = false;
- if (low)
- *low = idmap_uid_low;
+ SMB_ASSERT(low != NULL);
+ SMB_ASSERT(high != NULL);
- if (high)
- *high = idmap_uid_high;
+ if ((domain_name == NULL) || (domain_name[0] == '\0')) {
+ domain_name = "*";
+ }
- return true;
-}
+ config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
+ domain_name);
+ if (config_option == NULL) {
+ DEBUG(0, ("out of memory\n"));
+ return false;
+ }
-bool lp_idmap_gid(gid_t *low, gid_t *high)
-{
- if (idmap_gid_low == 0 || idmap_gid_high == 0)
- return false;
+ range = lp_parm_const_string(-1, config_option, "range", NULL);
+ if (range == NULL) {
+ DEBUG(1, ("idmap range not specified for domain '%s'\n",
domain_name));
+ goto done;
+ }
- if (low)
- *low = idmap_gid_low;
+ if (sscanf(range, "%u - %u", low, high) != 2) {
+ DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
+ range, domain_name));
+ goto done;
+ }
- if (high)
- *high = idmap_gid_high;
+ ret = true;
+
+done:
+ talloc_free(config_option);
+ return ret;
- return true;
}
-static bool handle_idmap_backend(struct loadparm_context *unused, int snum,
const char *pszParmValue, char **ptr)
+bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
{
- lp_do_parameter(snum, "idmap config * : backend", pszParmValue);
-
- return true;
+ return lp_idmap_range("*", low, high);
}
-/* Do some simple checks on "idmap [ug]id" parameter values */
-
-static bool handle_idmap_uid(struct loadparm_context *unused, int snum, const
char *pszParmValue, char **ptr)
+const char *lp_idmap_backend(const char *domain_name)
{
- lp_do_parameter(snum, "idmap config * : range", pszParmValue);
+ char *config_option = NULL;
+ const char *backend = NULL;
- return true;
+ if ((domain_name == NULL) || (domain_name[0] == '\0')) {
+ domain_name = "*";
+ }
+
+ config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
+ domain_name);
+ if (config_option == NULL) {
+ DEBUG(0, ("out of memory\n"));
+ return false;
+ }
+
+ backend = lp_parm_const_string(-1, config_option, "backend", NULL);
+ if (backend == NULL) {
+ DEBUG(1, ("idmap backend not specified for domain '%s'\n",
domain_name));
+ goto done;
+ }
+
+done:
+ talloc_free(config_option);
+ return backend;
}
-static bool handle_idmap_gid(struct loadparm_context *unused, int snum, const
char *pszParmValue, char **ptr)
+const char *lp_idmap_default_backend(void)
{
- lp_do_parameter(snum, "idmap config * : range", pszParmValue);
-
- return true;
+ return lp_idmap_backend("*");
}
/***************************************************************************
diff --git a/source3/utils/net_idmap.c b/source3/utils/net_idmap.c
index 1190627..bdc4879 100644
--- a/source3/utils/net_idmap.c
+++ b/source3/utils/net_idmap.c
@@ -134,10 +134,10 @@ static const char* net_idmap_dbfile(struct net_context *c,
const char* dbfile = NULL;
const char *backend = NULL;
- /* prefer idmap config * : backend over idmap backend parameter */
- backend = lp_parm_const_string(-1, "idmap config *", "backend", NULL);
+ backend = lp_idmap_default_backend();
if (!backend) {
- backend = lp_idmap_backend();
+ d_printf(_("Internal error: 'idmap config * : backend' is not
set!\n"));
+ return NULL;
}
if (c->opt_db != NULL) {
@@ -426,64 +426,66 @@ done:
static
NTSTATUS dbwrap_delete_mapping(struct db_context *db, TDB_DATA key1, bool
force)
{
- TALLOC_CTX* mem_ctx = talloc_tos();
- struct db_record *rec1=NULL, *rec2=NULL;
- TDB_DATA key2;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
bool is_valid_mapping;
NTSTATUS status = NT_STATUS_OK;
- TDB_DATA value;
+ TDB_DATA val1, val2;
+
+ ZERO_STRUCT(val1);
+ ZERO_STRUCT(val2);
- rec1 = dbwrap_fetch_locked(db, mem_ctx, key1);
- if (rec1 == NULL) {
+ status = dbwrap_fetch(db, mem_ctx, key1, &val1);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("failed to fetch: %.*s\n", (int)key1.dsize,
key1.dptr));
- status = NT_STATUS_NO_MEMORY;
goto done;
}
- key2 = dbwrap_record_get_value(rec1);
- if (key2.dptr == NULL) {
- DEBUG(1, ("could not find %.*s\n", (int)key1.dsize, key1.dptr));
- status = NT_STATUS_NOT_FOUND;
+
+ if (val1.dptr == NULL) {
+ DEBUG(1, ("invalid mapping: %.*s -> empty value\n",
+ (int)key1.dsize, key1.dptr));
+ status = NT_STATUS_FILE_INVALID;
goto done;
}
DEBUG(2, ("mapping: %.*s -> %.*s\n",
- (int)key1.dsize, key1.dptr, (int)key2.dsize, key2.dptr));
+ (int)key1.dsize, key1.dptr, (int)val1.dsize, val1.dptr));
- rec2 = dbwrap_fetch_locked(db, mem_ctx, key2);
- if (rec2 == NULL) {
- DEBUG(1, ("failed to fetch: %.*s\n", (int)key2.dsize,
key2.dptr));
- status = NT_STATUS_NO_MEMORY;
+ status = dbwrap_fetch(db, mem_ctx, val1, &val2);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("failed to fetch: %.*s\n", (int)val1.dsize,
val1.dptr));
goto done;
}
- value = dbwrap_record_get_value(rec2);
- is_valid_mapping = tdb_data_equal(key1, value);
+ is_valid_mapping = tdb_data_equal(key1, val2);
if (!is_valid_mapping) {
DEBUG(1, ("invalid mapping: %.*s -> %.*s -> %.*s\n",
- (int)key1.dsize, key1.dptr, (int)key2.dsize,
key2.dptr,
- (int)value.dsize, value.dptr ));
+ (int)key1.dsize, key1.dptr,
+ (int)val1.dsize, val1.dptr,
+ (int)val2.dsize, val2.dptr));
if ( !force ) {
status = NT_STATUS_FILE_INVALID;
goto done;
}
}
- status = dbwrap_record_delete(rec1);
+ status = dbwrap_delete(db, key1);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("failed to delete: %.*s\n", (int)key1.dsize,
key1.dptr));
goto done;
}
- if (is_valid_mapping) {
- status = dbwrap_record_delete(rec2);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("failed to delete: %.*s\n", (int)key2.dsize,
key2.dptr));
- }
+ if (!is_valid_mapping) {
+ goto done;
+ }
+
+ status = dbwrap_delete(db, val1);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("failed to delete: %.*s\n", (int)val1.dsize,
val1.dptr));
}
+
done:
- TALLOC_FREE(rec1);
- TALLOC_FREE(rec2);
+ talloc_free(mem_ctx);
return status;
}
--
Samba Shared Repository
