The branch, master has been updated via b1b9be46ab84382e1017a157fc8b85a1a2d441eb (commit) via 74940606f715bfc9d99ded2fb1d1da02d037609a (commit) via 2feaaa885a485adb11096cdfc3db223f3b73e1a6 (commit) via 08bef5bba042843cbfc41f1ed701243140dcf298 (commit) from 64cec9984346ce1c8aeb170cd55be6e7e6784919 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit b1b9be46ab84382e1017a157fc8b85a1a2d441eb Author: Michael Adam <ob...@samba.org> Date: Tue Feb 17 08:59:27 2009 +0100 docs: extend the example in the idmp_rid manpage to configure 2 domains with rid Michael commit 74940606f715bfc9d99ded2fb1d1da02d037609a Author: Michael Adam <ob...@samba.org> Date: Tue Feb 17 08:51:39 2009 +0100 docs: extend the idmap_rid manpage Michael commit 2feaaa885a485adb11096cdfc3db223f3b73e1a6 Author: Michael Adam <ob...@samba.org> Date: Fri Feb 13 16:40:17 2009 +0100 s3:winbindd: make do_async_domain() static. Michael commit 08bef5bba042843cbfc41f1ed701243140dcf298 Author: Michael Adam <ob...@samba.org> Date: Fri Feb 13 13:02:23 2009 +0100 s3:build: improve the check for a working krb5-config. Not only check if it exists and is executable, but also check whether it accepts the command line "krb5-config --libs gssapi". Chris Hoogendyk <hoogen...@bio.umass.edu> has reported configure failing on a Solaris machine due to krb5-config raising errors on these options. Michael ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages-3/idmap_rid.8.xml | 43 ++++++++++++++++++++++++++++++----- source3/configure.in | 2 +- source3/winbindd/winbindd_async.c | 12 +++++----- source3/winbindd/winbindd_proto.h | 6 ----- 4 files changed, 44 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/idmap_rid.8.xml b/docs-xml/manpages-3/idmap_rid.8.xml index 5eba356..146c4b9 100644 --- a/docs-xml/manpages-3/idmap_rid.8.xml +++ b/docs-xml/manpages-3/idmap_rid.8.xml @@ -42,11 +42,13 @@ <varlistentry> <term>base_rid = INTEGER</term> <listitem><para> - Defines the base integer used to build SIDs out of an UID or a GID, - and to rebase the UID or GID to be obtained from a SID. User RIDs - by default start at 1000 (512 hexadecimal), this means a good value - for base_rid can be 1000 as the resulting ID is calculated this way: - ID = RID - BASE_RID + LOW RANGE ID. + Defines the base integer used to build SIDs out of a UID or a GID, + and to rebase the UID or GID to be obtained from a SID. + This means SIDs with a RID less than the base rid are filtered. + The default is not to restrict the allowed rids at all, + i.e. a base_rid value of 0. + A good value for the base_rid can be 1000, since user + RIDs by default start at 1000 (512 hexadecimal). </para> <para> Use of this parameter is deprecated. @@ -56,17 +58,46 @@ </refsect1> <refsect1> + <title>THE MAPPING FORMULAS</title> + <para> + The Unix ID for a RID is calculated this way: + <programlisting> + ID = RID - BASE_RID + LOW_RANGE_ID. + </programlisting> + </para> + <para> + Correspondingly, the formula for calculationg the RID for a + given Unix ID is this: + <programlisting> + RID = ID + BASE_RID - LOW_RANGE_ID. + </programlisting> + </para> +</refsect1> + +<refsect1> <title>EXAMPLES</title> - <para>This example shows how to configure a domain with idmap_rid</para> + <para> + This example shows how to configure two domains with idmap_rid, + the principal domain and a trusted domain, leaving the default + id mapping scheme at tdb. The example also demonstrates the use + of the base_rid parameter for the trusted domain. + </para> <programlisting> [global] + security = domain + workgroup = MAIN + idmap backend = tdb idmap uid = 1000000-1999999 idmap gid = 1000000-1999999 + idmap config MAIN : backend = rid + idmap config MAIN : range = 10000 - 49999 + idmap config TRUSTED : backend = rid idmap config TRUSTED : range = 50000 - 99999 + idmap config TRUSTED : base_rid = 1000 </programlisting> </refsect1> diff --git a/source3/configure.in b/source3/configure.in index 4a8d594..691d0a8 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3185,7 +3185,7 @@ if test x"$with_ads_support" != x"no"; then # check for krb5-config from recent MIT and Heimdal kerberos 5 AC_PATH_PROG(KRB5CONFIG, krb5-config) AC_MSG_CHECKING(for working krb5-config) - if test -x "$KRB5CONFIG"; then + if test -x "$KRB5CONFIG" && $KRB5CONFIG --libs gssapi > /dev/null ; then ac_save_CFLAGS=$CFLAGS CFLAGS="";export CFLAGS ac_save_LDFLAGS=$LDFLAGS diff --git a/source3/winbindd/winbindd_async.c b/source3/winbindd/winbindd_async.c index 0271abb..b5c432f 100644 --- a/source3/winbindd/winbindd_async.c +++ b/source3/winbindd/winbindd_async.c @@ -84,12 +84,12 @@ void do_async(TALLOC_CTX *mem_ctx, struct winbindd_child *child, &state->response, do_async_recv, state); } -void do_async_domain(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, - const struct winbindd_request *request, - void (*cont)(TALLOC_CTX *mem_ctx, bool success, - struct winbindd_response *response, - void *c, void *private_data), - void *c, void *private_data) +static void do_async_domain(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, + const struct winbindd_request *request, + void (*cont)(TALLOC_CTX *mem_ctx, bool success, + struct winbindd_response *response, + void *c, void *private_data), + void *c, void *private_data) { struct do_async_state *state; diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 5120402..c6e8803 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -78,12 +78,6 @@ void do_async(TALLOC_CTX *mem_ctx, struct winbindd_child *child, struct winbindd_response *response, void *c, void *private_data), void *c, void *private_data); -void do_async_domain(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, - const struct winbindd_request *request, - void (*cont)(TALLOC_CTX *mem_ctx, bool success, - struct winbindd_response *response, - void *c, void *private_data), - void *c, void *private_data); void winbindd_lookupsid_async(TALLOC_CTX *mem_ctx, const DOM_SID *sid, void (*cont)(void *private_data, bool success, const char *dom_name, -- Samba Shared Repository