The branch, master has been updated
via e015748 idmap_autorid: allocate new domain range if the callers
knows the sid is valid
via 0c212c5 manpages/vfs_fruit: document global options
via 263a1fd winbind: Add a debug message for out-of-range IDs
via 431bc96 winbind: Remove unused wcache_tdc_fetch_domainbysid
from b796622 winbind: Correcly pass !authoritative from wb_irpc_SamLogon
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e015748657e9ee755b04f55f088c78bd025378cc
Author: Stefan Metzmacher <[email protected]>
Date: Mon Mar 6 11:53:09 2017 +0000
idmap_autorid: allocate new domain range if the callers knows the sid is
valid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12613
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Wed Mar 8 04:06:59 CET 2017 on sn-devel-144
commit 0c212c50b59081583572f807cf5214037d1517c4
Author: Ralph Boehme <[email protected]>
Date: Tue Mar 7 18:10:56 2017 +0100
manpages/vfs_fruit: document global options
Some options MUST be set in the global section, better document that.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12615
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 263a1fdf1829490e671e9a763cd75084a66e478a
Author: Volker Lendecke <[email protected]>
Date: Tue Mar 7 14:06:52 2017 +0100
winbind: Add a debug message for out-of-range IDs
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 431bc966ea984abfa3b0a06cbab6a7be2fea85cb
Author: Volker Lendecke <[email protected]>
Date: Tue Feb 21 18:41:59 2017 +0100
winbind: Remove unused wcache_tdc_fetch_domainbysid
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/vfs_fruit.8.xml | 155 ++++++++++++++++++++++-------------
source3/winbindd/idmap_autorid.c | 13 +++
source3/winbindd/winbindd_cache.c | 41 ---------
source3/winbindd/winbindd_dual_srv.c | 4 +
source3/winbindd/winbindd_proto.h | 1 -
5 files changed, 116 insertions(+), 98 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/vfs_fruit.8.xml
b/docs-xml/manpages/vfs_fruit.8.xml
index fbe30d3..a00f6a9 100644
--- a/docs-xml/manpages/vfs_fruit.8.xml
+++ b/docs-xml/manpages/vfs_fruit.8.xml
@@ -77,8 +77,81 @@
</refsect1>
<refsect1>
+ <title>GLOBAL OPTIONS</title>
+
+ <para>The following options must be set in the global smb.conf section
+ and won't take effect when set per share.</para>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>fruit:aapl = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether to enable
Apple's SMB2+
+ extension codenamed AAPL. Default
+ <emphasis>yes</emphasis>. This extension enhances
+ several deficiencies when connecting from Macs:</para>
+
+ <itemizedlist>
+ <listitem><para>directory enumeration is enriched with
+ Mac relevant filesystem metadata (UNIX mode,
+ FinderInfo, resource fork size and effective
+ permission), as a result the Mac client doesn't need
+ to fetch this metadata individuallly per directory
+ entry resulting in an often tremendous performance
+ increase.</para></listitem>
+
+ <listitem><para>The ability to query and modify the
+ UNIX mode of directory entries.</para></listitem>
+ </itemizedlist>
+
+ <para>There's a set of per share options that come into play when
+ <emphasis>fruit:aapl</emphasis> is enabled. These opions, listed
+ below, can be used to disable the computation of specific Mac
+ metadata in the directory enumeration context, all are enabled by
+ default:</para>
+
+ <itemizedlist>
+ <listitem><para>readdir_attr:aapl_rsize = yes |
no</para></listitem>
+ <listitem><para>readdir_attr:aapl_finder_info = yes |
no</para></listitem>
+ <listitem><para>readdir_attr:aapl_max_access = yes |
no</para></listitem>
+ </itemizedlist>
+
+ <para>See below for a description of these options.</para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:nfs_aces = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether support for
+ querying and modifying the UNIX mode of directory entries via NFS
+ ACEs is enabled, default <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:copyfile = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether to enable OS X
+ specific copychunk ioctl that requests a copy of a whole file
+ along with all attached metadata.</para>
+ <para>WARNING: the copyfile request is blocking the
+ client while the server does the copy.</para>.
+ <para>The default is <emphasis>no</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+</refsect1>
+
+<refsect1>
<title>OPTIONS</title>
+ <para>The following options can be set either in the global smb.conf
section
+ or per share.</para>
+
<variablelist>
<varlistentry>
@@ -176,50 +249,6 @@
</varlistentry>
<varlistentry>
- <term>fruit:aapl = yes | no</term>
- <listitem>
- <para>A global option whether to enable Apple's SMB2+
- extension codenamed AAPL. Default
- <emphasis>yes</emphasis>. This extension enhances
- several deficiencies when connecting from Macs:</para>
-
- <itemizedlist>
- <listitem><para>directory enumeration is enriched with
- Mac relevant filesystem metadata (UNIX mode,
- FinderInfo, resource fork size and effective
- permission), as a result the Mac client doesn't need
- to fetch this metadata individuallly per directory
- entry resulting in an often tremendous performance
- increase.</para></listitem>
-
- <listitem><para>The ability to query and modify the
- UNIX mode of directory entries.</para></listitem>
- </itemizedlist>
-
- <para>There's a set of per share options that can be
- used to disable the computation of specific Mac metadata
- in the directory enumeration context, all are enabled by
- default:</para>
-
- <itemizedlist>
- <listitem><para>readdir_attr:aapl_rsize = true |
false</para></listitem>
- <listitem><para>readdir_attr:aapl_finder_info = true |
false</para></listitem>
- <listitem><para>readdir_attr:aapl_max_access = true |
false</para></listitem>
- </itemizedlist>
-
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>fruit:nfs_aces = yes | no</term>
- <listitem>
- <para>Whether support for querying and modifying the
- UNIX mode of directory entries via NFS ACEs is enabled,
- default <emphasis>yes</emphasis>.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
<term>fruit:veto_appledouble = yes | no</term>
<listitem>
<para><emphasis>Note:</emphasis> this option only applies when
@@ -241,18 +270,6 @@
</varlistentry>
<varlistentry>
- <term>fruit:copyfile = yes | no</term>
- <listitem>
- <para>Whether to enable OS X specific copychunk ioctl
- that requests a copy of a whole file along with all
- attached metadata.</para>
- <para>WARNING: the copyfile request is blocking the
- client while the server does the copy.</para>.
- <para>The default is <emphasis>no</emphasis>.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
<term>fruit:posix_rename = yes | no</term>
<listitem>
<para>Whether to enable POSIX directory rename behaviour
@@ -263,6 +280,32 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>readdir_attr:aapl_rsize = yes | no</term>
+ <listitem>
+ <para>Return resource fork size in SMB2 FIND responses.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>readdir_attr:aapl_finder_info = yes | no</term>
+ <listitem>
+ <para>Return FinderInfo in SMB2 FIND responses.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>readdir_attr:aapl_max_access = yes | no</term>
+ <listitem>
+ <para>Return the user's effective maximum permissions in SMB2 FIND
+ responses. This is an expensive computation, setting this to off
+ pretends the use has maximum effective permissions.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index 786f839..ab89d35 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -636,6 +636,19 @@ static NTSTATUS idmap_autorid_sid_to_id(struct
idmap_tdb_common_context *common,
}
/*
+ * If the caller already did a lookup sid and made sure the
+ * domain sid is valid, we can allocate a new range.
+ *
+ * Currently the winbindd parent already does a lookup sids
+ * first, but hopefully changes in future. If the
+ * caller knows the domain sid, ID_TYPE_BOTH should be
+ * passed instead of ID_TYPE_NOT_SPECIFIED.
+ */
+ if (map->xid.type != ID_TYPE_NOT_SPECIFIED) {
+ goto allocate;
+ }
+
+ /*
* Check of last resort: A domain is valid if a user from that
* domain has recently logged in. The samlogon_cache these
* days also stores the domain sid.
diff --git a/source3/winbindd/winbindd_cache.c
b/source3/winbindd/winbindd_cache.c
index 5787441..4bb0195 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -4727,47 +4727,6 @@ struct winbindd_tdc_domain * wcache_tdc_fetch_domain(
TALLOC_CTX *ctx, const cha
/*********************************************************************
********************************************************************/
-struct winbindd_tdc_domain*
- wcache_tdc_fetch_domainbysid(TALLOC_CTX *ctx,
- const struct dom_sid *sid)
-{
- struct winbindd_tdc_domain *dom_list = NULL;
- size_t num_domains = 0;
- int i;
- struct winbindd_tdc_domain *d = NULL;
-
- DEBUG(10,("wcache_tdc_fetch_domainbysid: Searching for domain %s\n",
- sid_string_dbg(sid)));
-
- if (!init_wcache()) {
- return NULL;
- }
-
- /* fetch the list */
-
- wcache_tdc_fetch_list(&dom_list, &num_domains);
-
- for (i = 0; i<num_domains; i++) {
- if (dom_sid_equal(sid, &(dom_list[i].sid))) {
- DEBUG(10, ("wcache_tdc_fetch_domainbysid: "
- "Found domain %s for SID %s\n",
- dom_list[i].domain_name,
- sid_string_dbg(sid)));
-
- d = wcache_tdc_dup_domain(ctx, &dom_list[i]);
- break;
- }
- }
-
- TALLOC_FREE(dom_list);
-
- return d;
-}
-
-
-/*********************************************************************
- ********************************************************************/
-
void wcache_tdc_clear( void )
{
if ( !init_wcache() )
diff --git a/source3/winbindd/winbindd_dual_srv.c
b/source3/winbindd/winbindd_dual_srv.c
index 763ebb8..02b1adb 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -190,6 +190,10 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p,
struct id_map *m = id_map_ptrs[i];
if (!idmap_unix_id_is_in_range(m->xid.id, dom)) {
+ DBG_DEBUG("id %"PRIu32" is out of range "
+ "%"PRIu32"-%"PRIu32" for domain %s\n",
+ m->xid.id, dom->low_id, dom->high_id,
+ dom->name);
m->status = ID_UNMAPPED;
}
diff --git a/source3/winbindd/winbindd_proto.h
b/source3/winbindd/winbindd_proto.h
index 09be4b2..c5d934e 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -192,7 +192,6 @@ bool winbindd_cache_validate_and_initialize(void);
bool wcache_tdc_fetch_list( struct winbindd_tdc_domain **domains, size_t
*num_domains );
bool wcache_tdc_add_domain( struct winbindd_domain *domain );
struct winbindd_tdc_domain * wcache_tdc_fetch_domain( TALLOC_CTX *ctx, const
char *name );
-struct winbindd_tdc_domain* wcache_tdc_fetch_domainbysid(TALLOC_CTX *ctx,
const struct dom_sid *sid);
void wcache_tdc_clear( void );
bool wcache_store_seqnum(const char *domain_name, uint32_t seqnum,
time_t last_seq_check);
--
Samba Shared Repository
