The branch, master has been updated
via 15b0c39 net: remove net idmap secret
via d6979ee doc: update the net manpage for net idmap set, get and
delete
via ebc9ff6 idmap_autorid: fix failure in reverse lookup if ID is from
domain range index #0
via 1524dc6 idmap_autorid: fix status code when trying to load range
for an invalid input
via 066915f net: correct typos in net idmap delete ranges help message
via a0e2177 idmap_autorid: add space between two words in a debug
message
from 27ca838 s4-lsa: Make sure we also duplicate the domain_name.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 15b0c39befae67004a0d462601eabc5172060031
Author: Atul Kulkarni <atul.kulka...@in.ibm.com>
Date: Thu Oct 3 16:17:47 2013 +0530
net: remove net idmap secret
This is moved to net idmap set secret for consistency.
Signed-off-by: Atul Kulkarni <atul.kulka...@in.ibm.com>
Reviewed-by: Michael Adam <ob...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Fri Nov 8 01:03:25 CET 2013 on sn-devel-104
commit d6979eea80b5467ef380cd2804286801404a0f65
Author: Atul Kulkarni <atul.kulka...@in.ibm.com>
Date: Thu Oct 3 22:14:53 2013 +0530
doc: update the net manpage for net idmap set, get and delete
Signed-off-by: Atul Kulkarni <atul.kulka...@in.ibm.com>
Reviewed-by: Michael Adam <ob...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit ebc9ff616fefbf10b31e4e097f28fa17a1abc2f8
Author: Abhidnya Joshi <achir...@in.ibm.com>
Date: Fri Oct 25 07:06:01 2013 +0200
idmap_autorid: fix failure in reverse lookup if ID is from domain range
index #0
Domain range index #0 is not included in the database record.
So in this special case we only have the SID, not SID#IDX...
Signed-off-by: Abhidnya Joshi <achir...@in.ibm.com>
Reviewed-by: Michael Adam <ob...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 1524dc6006071d99d1a61c53301a25de91cda07d
Author: Michael Adam <ob...@samba.org>
Date: Tue Nov 5 13:46:15 2013 +0100
idmap_autorid: fix status code when trying to load range for an invalid
input
The "sid" input needs to be verified (it can currently be a SID or "ALLOC").
When handing in string that is valid for other kinds of records,
but not for the SID[#IDX]-->RANGE direction of mappings, like for instance
a range number, then we get "NT_STATUS_INTERNAL_DB_CORRUPTION" because
parse records finds the record, but it does not have the expected size...
This patch fixes this problem by pre-validating the input before fetching
the record from the database.
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 066915f29d20676335a88e93d4148713ec37ace7
Author: Atul Kulkarni <atul.kulka...@in.ibm.com>
Date: Fri Oct 4 00:15:19 2013 +0530
net: correct typos in net idmap delete ranges help message
Signed-off-by: Atul Kulkarni <atul.kulka...@in.ibm.com>
Reviewed-by: Michael Adam <ob...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit a0e217713f6b6b58e0cf2eb5c22f4d58e014c109
Author: Atul Kulkarni <atul.kulka...@in.ibm.com>
Date: Wed Oct 2 20:14:04 2013 +0530
idmap_autorid: add space between two words in a debug message
Signed-off-by: Atul Kulkarni <atul.kulka...@in.ibm.com>
Reviewed-by: Michael Adam <ob...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/net.8.xml | 69 +++++++++++++++++++++++++++++++++-
source3/utils/net_idmap.c | 12 +-----
source3/winbindd/idmap_autorid.c | 2 +-
source3/winbindd/idmap_autorid_tdb.c | 10 ++++-
4 files changed, 78 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 4d0c6a0..2f04deb 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -1392,7 +1392,7 @@ Restore the mappings from the specified file or stdin.
</refsect2>
<refsect2>
-<title>IDMAP SECRET <DOMAIN> <secret></title>
+<title>IDMAP SET SECRET <DOMAIN> <secret></title>
<para>
Store a secret for the specified domain, used primarily for domains
@@ -1403,8 +1403,53 @@ as the password for the user DN used to bind to the ldap
server.
</refsect2>
<refsect2>
+<title>IDMAP SET RANGE <RANGE> <SID> [index]
[--db=<DB>]</title>
-<title>IDMAP DELETE [-f] [--db=<DB>] <ID></title>
+<para>
+Store a domain-range mapping for a given domain (and index) in autorid
database.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP SET CONFIG <config> [--db=<DB>]</title>
+
+<para>
+Update CONFIG entry in autorid database.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP GET RANGE <SID> [index] [--db=<DB>]</title>
+
+<para>
+Get the range for a given domain and index from autorid database.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP GET RANGES [<SID>] [--db=<DB>]</title>
+
+<para>
+Get ranges for all domains or for one identified by given SID.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP GET CONFIG [--db=<DB>]</title>
+
+<para>
+Get CONFIG entry from autorid database.
+</para>
+
+</refsect2>
+
+<refsect2>
+
+<title>IDMAP DELETE MAPPING [-f] [--db=<DB>] <ID></title>
<para>
Delete a mapping sid <-> gid or sid <-> uid from the IDMAP
database.
@@ -1419,6 +1464,26 @@ Use -f to delete an invalid partial mapping <ID>
-> xx
</refsect2>
<refsect2>
+<title>IDMAP DELETE RANGE [-f] [--db=<TDB>] <RANGE>|(<SID>
[<INDEX>])</title>
+
+<para>
+Delete a domain range mapping identified by 'RANGE' or "domain SID and INDEX"
from autorid database.
+Use -f to delete invalid mappings.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP DELETE RANGES [-f] [--db=<TDB>] <SID></title>
+
+<para>
+Delete all domain range mappings for a domain identified by SID.
+Use -f to delete invalid mappings.
+</para>
+
+</refsect2>
+
+<refsect2>
<title>IDMAP CHECK [-v] [-r] [-a] [-T] [-f] [-l] [--db=<DB>]</title>
diff --git a/source3/utils/net_idmap.c b/source3/utils/net_idmap.c
index de2d509..a26f2b9 100644
--- a/source3/utils/net_idmap.c
+++ b/source3/utils/net_idmap.c
@@ -737,7 +737,7 @@ static void net_idmap_autorid_delete_ranges_usage(void)
{
d_printf("%s\n%s",
_("Usage:"),
- _("net idmap delete ranges [-f] [--db=<TDB>] <SID>)\n"
+ _("net idmap delete ranges [-f] [--db=<TDB>] <SID>\n"
" Delete all domain range mappings for a given domain.\n"
" -f\tforce\n"
" TDB\tidmap database\n"
@@ -814,7 +814,7 @@ static int net_idmap_delete(struct net_context *c, int
argc, const char **argv)
"ranges",
net_idmap_autorid_delete_ranges,
NET_TRANSPORT_LOCAL,
- N_("Delete all domain range mapping for a given "
+ N_("Delete all domain range mappings for a given "
"domain"),
N_("net idmap delete ranges <SID>\n"
" Delete a domain range mapping")
@@ -1395,14 +1395,6 @@ int net_idmap(struct net_context *c, int argc, const
char **argv)
" Delete entries from the ID mapping database")
},
{
- "secret",
- net_idmap_secret,
- NET_TRANSPORT_LOCAL,
- N_("Set secret for specified domain"),
- N_("net idmap secret <DOMAIN> <secret>\n"
- " Set secret for specified domain")
- },
- {
"check",
net_idmap_check,
NET_TRANSPORT_LOCAL,
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index fa16c13..4669b8d 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -223,7 +223,7 @@ static NTSTATUS idmap_autorid_id_to_sid(struct
autorid_global_config *cfg,
map->status = ID_UNKNOWN;
return NT_STATUS_OK;
}
- if (q != NULL)
+ if ((q != NULL) && (*q != '\0'))
if (sscanf(q+1, "%"SCNu32, &domain_range_index) != 1) {
DEBUG(10, ("Domain range index not found, "
"ignoring mapping request\n"));
diff --git a/source3/winbindd/idmap_autorid_tdb.c
b/source3/winbindd/idmap_autorid_tdb.c
index 7d3275e..e06cb21 100644
--- a/source3/winbindd/idmap_autorid_tdb.c
+++ b/source3/winbindd/idmap_autorid_tdb.c
@@ -304,6 +304,12 @@ static NTSTATUS idmap_autorid_getrange_int(struct
db_context *db,
goto done;
}
+ if (!idmap_autorid_validate_sid(range->domsid)) {
+ DEBUG(3, ("Invalid SID: '%s'\n", range->domsid));
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
+
idmap_autorid_build_keystr(range->domsid, range->domain_range_index,
keystr);
@@ -743,8 +749,8 @@ bool idmap_autorid_parse_configstr(const char *configstr,
"minvalue:%lu rangesize:%lu maxranges:%lu",
&minvalue, &rangesize, &maxranges) != 3) {
DEBUG(1,
- ("Found invalid configuration data"
- "creating new config\n"));
+ ("Found invalid configuration data. "
+ "Creating new config\n"));
return false;
}
--
Samba Shared Repository
