The branch, master has been updated
via 8d34f2f docs: update the description of the formulas in the
idmap_autorid manpage
via 7bc9563 s3:idmap:autorid: add a comment block explaining the
calculations
via 9c6594d s3:idmap:autorid: simplify the id->sid calculation
via 7b9a567 s3:idmap:autorid: calculate the range's low_id in
idmap_autorid_get_domainrange()
via 30a27ba s3:idmap:autorid: make calculation in
idmap_autorid_sid_to_id much more obvious
via a0ea6c2 s3:idmap:autorid: rename range.multiplier to
domain_range_index
via 196aa1d s3:idmap:autorid: rename autorid_range_config.sid to
domsid, along with instances
via 2a25874 s3:idmap:autorid: rename autorid_domain_config -->
autorid_range_config and instances to "range"
via 11b9b7d s3:idmap:autorid: rename domainnum to rangenum
via 5190e4d docs-xml: manpage update for autorid multirange support
via b384c55 s3:winbindd/autorid multiple range support
via e0a0280 s3:utils fix wrong usage of PRIu64 in sscanf
via 24ce31a s3:lib fix wrong usage of PRIu64 in sscanf
via a4cc41d lib/replace: add SCNx macros
via d68e676 lib/replace: prefer inttypes.h over stdint.h
from bbf6221 selftest: do not run doc tests if we don't build manpages
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8d34f2fe1e219a0be28bc6b8ce9f93620d39a5b2
Author: Michael Adam <ob...@samba.org>
Date: Fri Apr 26 01:06:58 2013 +0200
docs: update the description of the formulas in the idmap_autorid manpage
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
Autobuild-User(master): Christian Ambach <a...@samba.org>
Autobuild-Date(master): Mon May 6 18:23:56 CEST 2013 on sn-devel-104
commit 7bc9563c96c0b91628ec501f8226c1adc24d083d
Author: Michael Adam <ob...@samba.org>
Date: Fri Apr 26 00:52:49 2013 +0200
s3:idmap:autorid: add a comment block explaining the calculations
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 9c6594dadbdd800470d4b217f1351fbba87989ba
Author: Michael Adam <ob...@samba.org>
Date: Thu Apr 25 20:24:36 2013 +0200
s3:idmap:autorid: simplify the id->sid calculation
To make it more intutive.
rid = reduced_rid + domain_range_index * range_size
where
reduced_rid = (id - id_low) % range_size
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 7b9a567b8943e0c3d0b6fa97bea72f1b89aea4ab
Author: Michael Adam <ob...@samba.org>
Date: Thu Apr 25 20:12:39 2013 +0200
s3:idmap:autorid: calculate the range's low_id in
idmap_autorid_get_domainrange()
This way, the calculation needs to be don only in one central place and
the formulas get simpler.
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 30a27ba428f346ff2fd56f9727ce0f1fb18a5a41
Author: Michael Adam <ob...@samba.org>
Date: Thu Apr 25 19:47:00 2013 +0200
s3:idmap:autorid: make calculation in idmap_autorid_sid_to_id much more
obvious
This is my attempt to make the sid->unix-id calculation much more obvious.
Especially with the introduction of the multi-range support an the
originally
named "multiplier", the calculation
id = low_id + range_size * domain_number + rid - range_size * multiplier
was rather opaque to me.
What really happens here is this:
The rid is split into a reduced_rid part that is < rangesize and
a multiple of rangesize. This is given by the formula
rid = rid % range_size + (rid / range_size) * range_size
We define
reduced_rid := rid % range_size
and
domain_range_index := rid / range_size ( == the original multiplier)
and the original formula is equivalent to:
id = reduced_rid + low_id + range_number * range_size;
and reads
id = reduced_rid + range_minvalue
if we set range_minvalue := low_id + range_number * range_size.
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit a0ea6c2536b6b07f2fee799518b5f84da36e53ba
Author: Michael Adam <ob...@samba.org>
Date: Thu Apr 25 19:18:27 2013 +0200
s3:idmap:autorid: rename range.multiplier to domain_range_index
The name multiplier is very confusing (at least for me).
This is an index that is used to reference the various
per-domain ranges.
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 196aa1dea76b894ebdcf4322bb52edeac57d68ce
Author: Michael Adam <ob...@samba.org>
Date: Thu Apr 25 19:13:45 2013 +0200
s3:idmap:autorid: rename autorid_range_config.sid to domsid, along with
instances
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 2a258747b6ec67e9e5d4aa97ffeeabeab0e94d6c
Author: Michael Adam <ob...@samba.org>
Date: Thu Apr 25 19:04:56 2013 +0200
s3:idmap:autorid: rename autorid_domain_config --> autorid_range_config and
instances to "range"
This describes it better with the new support for multiple ranges for
domains.
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 11b9b7d051575ff5b398c240bd33dadac9c4ed81
Author: Michael Adam <ob...@samba.org>
Date: Thu Apr 25 13:56:03 2013 +0200
s3:idmap:autorid: rename domainnum to rangenum
Now ranges don't correspond to domains any more, but
multiple ranges are associated to a domain. So the name
is misleading.
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
commit 5190e4da2b51fdfa6df452a23127add5059cc4ac
Author: Abhidnya Joshi <achir...@in.ibm.com>
Date: Tue Apr 16 16:41:45 2013 +0530
docs-xml: manpage update for autorid multirange support
Signed-off-by: Abhidnya Joshi <achir...@in.ibm.com>
Reviewed-by: Christian Ambach <a...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit b384c55bf3fa230a945f36c493427f2341051cd1
Author: Abhidnya Joshi <achir...@in.ibm.com>
Date: Wed Apr 10 16:26:07 2013 +0530
s3:winbindd/autorid multiple range support
when a mapping request for a RID comes in that is larger
than the rangesize, allocate an extension range to be able
to map this one
This is especially important for large installations which
might have large RIDs being used in a trusted domain that
the administrator was not aware of when planning for autorid
usage and so those objects could not be mapped up to now.
As it is not possible to change the rangesize after the first
start of autorid, this would lead to big trouble.
Signed-off-by: Abhidnya Joshi <achir...@in.ibm.com>
Reviewed-by: Christian Ambach <a...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit e0a0280c4fcf85f28b488d3868be38123910271c
Author: Christian Ambach <a...@samba.org>
Date: Tue Apr 16 12:39:55 2013 +0200
s3:utils fix wrong usage of PRIu64 in sscanf
Signed-off-by: Christian Ambach <a...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit 24ce31a33ff15b11e5c5024b911637a46bbd59ea
Author: Christian Ambach <a...@samba.org>
Date: Tue Apr 16 12:39:39 2013 +0200
s3:lib fix wrong usage of PRIu64 in sscanf
Signed-off-by: Christian Ambach <a...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit a4cc41d4d0ef42915694e10cd819462523b92a3b
Author: Christian Ambach <a...@samba.org>
Date: Tue Apr 16 10:56:29 2013 +0200
lib/replace: add SCNx macros
we already have PRI*, but the corresponding SCN* were missing
Signed-off-by: Christian Ambach <a...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit d68e676cacdcd346f0555c80a3389f50079d2e4f
Author: Christian Ambach <a...@samba.org>
Date: Tue Apr 9 23:10:16 2013 +0200
lib/replace: prefer inttypes.h over stdint.h
according to C99 7.8, inttypes.h should include stdint.h so prefer
inttypes.h
and fall back to stdint.h (and our own definitions of PRI*) only when
inttypes.h
could not be found
Signed-off-by: Christian Ambach <a...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/idmap_autorid.8.xml | 38 ++++---
lib/replace/replace.h | 47 ++++++++-
source3/lib/util_str.c | 2 +-
source3/utils/smbcquotas.c | 4 +-
source3/winbindd/idmap_autorid.c | 191 +++++++++++++++++++++++----------
5 files changed, 207 insertions(+), 75 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/idmap_autorid.8.xml
b/docs-xml/manpages/idmap_autorid.8.xml
index ed698e9..c35f903 100644
--- a/docs-xml/manpages/idmap_autorid.8.xml
+++ b/docs-xml/manpages/idmap_autorid.8.xml
@@ -40,17 +40,21 @@
<varlistentry>
<term>rangesize = numberofidsperdomain</term>
<listitem><para>
- Defines the available number of uids/gids per domain.
The
- minimum needed value is 2000. SIDs with RIDs larger
than this
- value cannot be mapped, are ignored and the
corresponding map
- is discarded. Choose this value carefully, as this
should
- not be changed after the first ranges for domains have
been
- defined, otherwise mappings between domains will get
intermixed
- leading to unpredictable results. Please note that RIDs
in Windows
- Domains usually start with 500 for builtin users and
1000
- for regular users. As the parameter cannot be changed
later, please
- plan accordingly for your expected number of users in a
domain
- with safety margins.
+ Defines the number of uids/gids available per
+ domain range. The minimum needed value is 2000.
+ SIDs with RIDs larger than this value will be mapped
+ into extension ranges depending upon number of available
+ ranges. If the autorid backend runs out of available
+ ranges, mapping requests for new domains (or new
+ extension ranges for domains already known) are ignored
+ and the corresponding map is discarded.
+ </para>
+ <para>
+ Example: with rangesize set to 10000, users/groups with
+ a RID up to 10000 will be put into the first range for
the
+ domain. When attempting to map the an object with a RID
+ of 25000, an extension range will be allocated that
+ will then be used to map all RIDs from 20000-29999.
</para>
<para>One range will be used for local users and groups
and for
non-domain well-known SIDs like Everyone (S-1-1-0) or
Creator Owner (S-1-3-0).
@@ -84,15 +88,20 @@
<para>
The Unix ID for a RID is calculated this way:
<programlisting>
- ID = IDMAP UID LOW VALUE + DOMAINRANGENUMBER *
RANGESIZE + RID
+ ID = REDUCED RID + IDMAP RANGE LOW VALUE + RANGE
NUMBER * RANGE SIZE
</programlisting>
+ where REDUCED RID = RID % RANGE_SIZE
+ and a DOMAIN RANGE INDEX = RID / RANGE_SIZE is used together
with the
+ domain sid to determine the RANGE NUMBER (stored in the
database).
</para>
<para>
Correspondingly, the formula for calculating the RID for a
given Unix ID is this:
<programlisting>
- RID = ID - IDMAP UID LOW VALUE - DOMAINRANGENUMBER *
RANGESIZE
+ RID = (ID - LOW ID) % RANGE SIZE + DOMAIN RANGE INDEX *
RANGE SIZE
</programlisting>
+ Where the DOMAIN RANGE INDEX is retrieved from the database
along with the
+ domain sid by the RANGE NUMBER = (ID - LOW ID) / RANGE SIZE .
</para>
</refsect1>
@@ -100,7 +109,8 @@
<title>EXAMPLES</title>
<para>
This example shows you the minimal configuration that will
- work for the principial domain and 19 trusted domains.
+ work for the principial domain and 19 trusted domains / range
+ extensions.
</para>
<programlisting>
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index 9774da4..c0b7997 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -46,14 +46,14 @@
#endif
-#ifdef HAVE_STDINT_H
+#ifdef HAVE_INTTYPES_H
+#define __STDC_FORMAT_MACROS
+#include <inttypes.h>
+#elif HAVE_STDINT_H
#include <stdint.h>
/* force off HAVE_INTTYPES_H so that roken doesn't try to include both,
which causes a warning storm on irix */
#undef HAVE_INTTYPES_H
-#elif HAVE_INTTYPES_H
-#define __STDC_FORMAT_MACROS
-#include <inttypes.h>
#endif
#ifdef HAVE_MALLOC_H
@@ -108,6 +108,45 @@
# define PRIu64 __PRI64_PREFIX "u"
#endif
+#ifndef SCNd8
+# define SCNd8 "hhd"
+#endif
+#ifndef SCNd16
+# define SCNd16 "hd"
+#endif
+#ifndef SCNd32
+# define SCNd32 "d"
+#endif
+#ifndef SCNd64
+# define SCNd64 __PRI64_PREFIX "d"
+#endif
+
+#ifndef SCNi8
+# define SCNi8 "hhi"
+#endif
+#ifndef SCNi16
+# define SCNi16 "hi"
+#endif
+#ifndef SCNi32
+# define SCNi32 "i"
+#endif
+#ifndef SCNi64
+# define SCNi64 __PRI64_PREFIX "i"
+#endif
+
+#ifndef SCNu8
+# define SCNu8 "hhu"
+#endif
+#ifndef SCNu16
+# define SCNu16 "hu"
+#endif
+#ifndef SCNu32
+# define SCNu32 "u"
+#endif
+#ifndef SCNu64
+# define SCNu64 __PRI64_PREFIX "u"
+#endif
+
#ifdef HAVE_BSD_STRING_H
#include <bsd/string.h>
#endif
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index aa77d75..314c7ea 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -852,7 +852,7 @@ uint64_t STR_TO_SMB_BIG_UINT(const char *nptr, const char
**entptr)
while (*p && isspace(*p))
p++;
- sscanf(p,"%"PRIu64,&val);
+ sscanf(p,"%"SCNu64,&val);
if (entptr) {
while (*p && isdigit(*p))
p++;
diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c
index 7363d6b..b875b1e 100644
--- a/source3/utils/smbcquotas.c
+++ b/source3/utils/smbcquotas.c
@@ -187,7 +187,9 @@ static int parse_quota_set(TALLOC_CTX *ctx,
switch (todo) {
case PARSE_LIM:
- if
(sscanf(p,"%"PRIu64"/%"PRIu64,&pqt->softlim,&pqt->hardlim)!=2) {
+ if (sscanf(p,"%"SCNu64"/%"SCNu64,&pqt->softlim,
+ &pqt->hardlim) != 2)
+ {
return -1;
}
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index 0747916..391a314 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -22,6 +22,57 @@
*
*/
+/*
+ * This module allocates ranges for domains to be used in a
+ * algorithmic mode like idmap_rid. Multiple ranges are supported
+ * for a single domain: If a rid exceeds the range size, a matching
+ * range is allocated to hold the rid's id.
+ *
+ * Here are the formulas applied:
+ *
+ *
+ * For a sid of the form domain_sid-rid, we have
+ *
+ * rid = reduced_rid + domain_range_index * range_size
+ *
+ * with
+ * reduced_rid := rid % range_size
+ * domain_range_index := rid / range_size
+ *
+ * And reduced_rid fits into a range.
+ *
+ * In the database, we associate a range_number to
+ * the pair domain_sid,domain_range_index.
+ *
+ * Now the unix id for the given sid calculates as:
+ *
+ * id = reduced_rid + range_low_id
+ *
+ * with
+ *
+ * range_low_id = low_id + range_number * range_size
+ *
+ *
+ * The inverse calculation goes like this:
+ *
+ * Given a unix id, let
+ *
+ * normalized_id := id - low_id
+ * reduced_rid := normalized_id % range_size
+ * range_number = normalized_id / range_size
+ *
+ * Then we have
+ *
+ * id = reduced_rid + low_id + range_number * range_size
+ *
+ * From the database, get the domain_sid,domain_range_index pair
+ * belonging to the range_number (if there is already one).
+ *
+ * Then the rid for the unix id calculates as:
+ *
+ * rid = reduced_rid + domain_range_index * range_size
+ */
+
#include "includes.h"
#include "system/filesys.h"
#include "winbindd.h"
@@ -49,9 +100,12 @@ struct autorid_global_config {
bool ignore_builtin;
};
-struct autorid_domain_config {
- fstring sid;
- uint32_t domainnum;
+struct autorid_range_config {
+ fstring domsid;
+ fstring keystr;
+ uint32_t rangenum;
+ uint32_t domain_range_index;
+ uint32_t low_id;
struct autorid_global_config *globalcfg;
};
@@ -62,20 +116,23 @@ static NTSTATUS
idmap_autorid_get_domainrange_action(struct db_context *db,
void *private_data)
{
NTSTATUS ret;
- uint32_t domainnum, hwm;
+ uint32_t rangenum, hwm;
char *numstr;
- struct autorid_domain_config *cfg;
+ struct autorid_range_config *range;
- cfg = (struct autorid_domain_config *)private_data;
+ range = (struct autorid_range_config *)private_data;
- ret = dbwrap_fetch_uint32_bystring(db, cfg->sid, &(cfg->domainnum));
+ ret = dbwrap_fetch_uint32_bystring(db, range->keystr,
+ &(range->rangenum));
if (NT_STATUS_IS_OK(ret)) {
/* entry is already present*/
return ret;
}
- DEBUG(10, ("Acquiring new range for domain %s\n", cfg->sid));
+ DEBUG(10, ("Acquiring new range for domain %s "
+ "(domain_range_index=%"PRIu32")\n",
+ range->domsid, range->domain_range_index));
/* fetch the current HWM */
ret = dbwrap_fetch_uint32_bystring(db, HWM, &hwm);
@@ -87,14 +144,14 @@ static NTSTATUS
idmap_autorid_get_domainrange_action(struct db_context *db,
}
/* do we have a range left? */
- if (hwm >= cfg->globalcfg->maxranges) {
+ if (hwm >= range->globalcfg->maxranges) {
DEBUG(1, ("No more domain ranges available!\n"));
ret = NT_STATUS_NO_MEMORY;
goto error;
}
/* increase the HWM */
- ret = dbwrap_change_uint32_atomic_bystring(db, HWM, &domainnum, 1);
+ ret = dbwrap_change_uint32_atomic_bystring(db, HWM, &rangenum, 1);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1, ("Fatal error while fetching a new "
"domain range value!\n"));
@@ -102,21 +159,21 @@ static NTSTATUS
idmap_autorid_get_domainrange_action(struct db_context *db,
}
/* store away the new mapping in both directions */
- ret = dbwrap_store_uint32_bystring(db, cfg->sid, domainnum);
+ ret = dbwrap_store_uint32_bystring(db, range->keystr, rangenum);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1, ("Fatal error while storing new "
"domain->range assignment!\n"));
goto error;
}
- numstr = talloc_asprintf(db, "%u", domainnum);
+ numstr = talloc_asprintf(db, "%u", rangenum);
if (!numstr) {
ret = NT_STATUS_NO_MEMORY;
goto error;
}
ret = dbwrap_store_bystring(db, numstr,
- string_term_tdb_data(cfg->sid), TDB_INSERT);
+ string_term_tdb_data(range->keystr), TDB_INSERT);
talloc_free(numstr);
if (!NT_STATUS_IS_OK(ret)) {
@@ -124,10 +181,11 @@ static NTSTATUS
idmap_autorid_get_domainrange_action(struct db_context *db,
"new domain->range assignment!\n"));
goto error;
}
- DEBUG(5, ("Acquired new range #%d for domain %s\n",
- domainnum, cfg->sid));
+ DEBUG(5, ("Acquired new range #%d for domain %s "
+ "(domain_range_index=%"PRIu32")\n", rangenum, range->keystr,
+ range->domain_range_index));
- cfg->domainnum = domainnum;
+ range->rangenum = rangenum;
return NT_STATUS_OK;
@@ -136,7 +194,7 @@ error:
}
-static NTSTATUS idmap_autorid_get_domainrange(struct autorid_domain_config
*dom,
+static NTSTATUS idmap_autorid_get_domainrange(struct autorid_range_config
*range,
bool read_only)
{
NTSTATUS ret;
@@ -146,19 +204,31 @@ static NTSTATUS idmap_autorid_get_domainrange(struct
autorid_domain_config *dom,
* if it is not found create a mapping in a transaction unless
* read-only mode has been set
*/
- ret = dbwrap_fetch_uint32_bystring(autorid_db, dom->sid,
- &(dom->domainnum));
+ if (range->domain_range_index > 0) {
+ snprintf(range->keystr, FSTRING_LEN, "%s#%"PRIu32,
+ range->domsid, range->domain_range_index);
+ } else {
+ fstrcpy(range->keystr, range->domsid);
+ }
+
+ ret = dbwrap_fetch_uint32_bystring(autorid_db, range->keystr,
+ &(range->rangenum));
if (!NT_STATUS_IS_OK(ret)) {
if (read_only) {
return NT_STATUS_NOT_FOUND;
}
ret = dbwrap_trans_do(autorid_db,
- idmap_autorid_get_domainrange_action, dom);
+ idmap_autorid_get_domainrange_action, range);
}
- DEBUG(10, ("Using range #%d for domain %s\n", dom->domainnum,
- dom->sid));
+ range->low_id = range->globalcfg->minvalue
+ + range->rangenum * range->globalcfg->rangesize;
+
+ DEBUG(10, ("Using range #%d for domain %s "
+ "(domain_range_index=%"PRIu32", low_id=%"PRIu32")\n",
+ range->rangenum, range->domsid, range->domain_range_index,
+ range->low_id));
return ret;
}
@@ -169,7 +239,7 @@ static NTSTATUS idmap_autorid_allocate_id(struct
idmap_domain *dom,
NTSTATUS ret;
struct idmap_tdb_common_context *commoncfg;
struct autorid_global_config *globalcfg;
- struct autorid_domain_config domaincfg;
+ struct autorid_range_config range;
commoncfg =
talloc_get_type_abort(dom->private_data,
@@ -186,12 +256,12 @@ static NTSTATUS idmap_autorid_allocate_id(struct
idmap_domain *dom,
/* fetch the range for the allocation pool */
- ZERO_STRUCT(domaincfg);
+ ZERO_STRUCT(range);
- domaincfg.globalcfg = globalcfg;
- fstrcpy(domaincfg.sid, ALLOC_RANGE);
+ range.globalcfg = globalcfg;
+ fstrcpy(range.domsid, ALLOC_RANGE);
- ret = idmap_autorid_get_domainrange(&domaincfg, dom->read_only);
+ ret = idmap_autorid_get_domainrange(&range, dom->read_only);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(3, ("Could not determine range for allocation pool, "
@@ -206,9 +276,7 @@ static NTSTATUS idmap_autorid_allocate_id(struct
idmap_domain *dom,
return ret;
}
- xid->id = globalcfg->minvalue +
- globalcfg->rangesize * domaincfg.domainnum +
- xid->id;
+ xid->id = xid->id + range.low_id;
DEBUG(10, ("Returned new %s %d from allocation range\n",
(xid->type==ID_TYPE_UID)?"uid":"gid", xid->id));
@@ -243,12 +311,17 @@ static NTSTATUS idmap_autorid_id_to_sid(struct
autorid_global_config *cfg,
struct idmap_domain *dom,
struct id_map *map)
{
- uint32_t range;
+ uint32_t range_number;
+ uint32_t domain_range_index = 0;
+ uint32_t normalized_id;
+ uint32_t reduced_rid;
+ uint32_t rid;
TDB_DATA data = tdb_null;
char *keystr;
- struct dom_sid sid;
+ struct dom_sid domsid;
NTSTATUS status;
bool ok;
+ const char *q = NULL;
/* can this be one of our ids? */
if (map->xid.id < cfg->minvalue) {
@@ -266,9 +339,11 @@ static NTSTATUS idmap_autorid_id_to_sid(struct
autorid_global_config *cfg,
}
/* determine the range of this uid */
- range = ((map->xid.id - cfg->minvalue) / cfg->rangesize);
- keystr = talloc_asprintf(talloc_tos(), "%u", range);
+ normalized_id = map->xid.id - cfg->minvalue;
+ range_number = normalized_id / cfg->rangesize;
+
+ keystr = talloc_asprintf(talloc_tos(), "%u", range_number);
if (!keystr) {
return NT_STATUS_NO_MEMORY;
}
@@ -279,7 +354,7 @@ static NTSTATUS idmap_autorid_id_to_sid(struct
autorid_global_config *cfg,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(4, ("id %d belongs to range %d which does not have "
"domain mapping, ignoring mapping request\n",
- map->xid.id, range));
+ map->xid.id, range_number));
TALLOC_FREE(data.dptr);
map->status = ID_UNKNOWN;
return NT_STATUS_OK;
@@ -298,16 +373,24 @@ static NTSTATUS idmap_autorid_id_to_sid(struct
autorid_global_config *cfg,
return idmap_autorid_map_id_to_sid(dom, map);
}
- ok = string_to_sid(&sid, (const char *)data.dptr);
+ ok = dom_sid_parse_endp((const char *)data.dptr, &domsid, &q);
TALLOC_FREE(data.dptr);
if (!ok) {
map->status = ID_UNKNOWN;
return NT_STATUS_OK;
}
+ if (q != NULL)
+ if (sscanf(q+1, "%"SCNu32, &domain_range_index) != 1) {
+ DEBUG(10, ("Domain range index not found, "
+ "ignoring mapping request\n"));
+ map->status = ID_UNKNOWN;
+ return NT_STATUS_OK;
+ }
- sid_compose(map->sid, &sid,
- (map->xid.id - cfg->minvalue -
- range * cfg->rangesize));
+ reduced_rid = normalized_id % cfg->rangesize;
+ rid = reduced_rid + domain_range_index * cfg->rangesize;
+
+ sid_compose(map->sid, &domsid, rid);
/* We **really** should have some way of validating
the SID exists and is the correct type here. But
@@ -324,22 +407,17 @@ static NTSTATUS idmap_autorid_id_to_sid(struct
autorid_global_config *cfg,
**********************************/
static NTSTATUS idmap_autorid_sid_to_id(struct autorid_global_config *global,
- struct autorid_domain_config *domain,
+ struct autorid_range_config *range,
struct id_map *map)
{
uint32_t rid;
+ uint32_t reduced_rid;
sid_peek_rid(map->sid, &rid);
- /* if the rid is higher than the size of the range, we cannot map it */
--
Samba Shared Repository
