The branch, v3-4-test has been updated
via 4ca03e3bb96518665c296ba2cf5aa1d91916897e (commit)
via df4a0fabff06ea31149aac45d6477564cf96179b (commit)
via b369902cddd55fab74ca6e0743e15e0f8cbfc4cc (commit)
via 34500d59b6f35de2c3d273d3523708ec22df59ce (commit)
from 1c8f9892010ce8cc754089b25313c6bc8e622165 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test
- Log -----------------------------------------------------------------
commit 4ca03e3bb96518665c296ba2cf5aa1d91916897e
Author: Michael Adam <ob...@samba.org>
Date: Wed May 27 19:25:44 2009 +0200
s3:idmap_ldap: filter out of range mappings in default idmap config
This fixes bug #6417
Michael
(cherry picked from commit e381c13b023f2b512b3f6aec133db9f323bc8132)
commit df4a0fabff06ea31149aac45d6477564cf96179b
Author: Michael Adam <ob...@samba.org>
Date: Wed May 27 19:26:32 2009 +0200
s3:idmap: fix a comment typo
Michael
(cherry picked from commit 3fe9859342c28fe9da7011fb18a5fb5de8b29fa6)
commit b369902cddd55fab74ca6e0743e15e0f8cbfc4cc
Author: Michael Adam <ob...@samba.org>
Date: Wed May 27 19:24:03 2009 +0200
s3:idmap_tdb2: filter out of range mappings in default idmap config
This fixes bug #6416
Michael
(cherry picked from commit e12670a1053edf57af137026bd3fdb9fc7dfb0b2)
commit 34500d59b6f35de2c3d273d3523708ec22df59ce
Author: Michael Adam <ob...@samba.org>
Date: Wed May 27 19:12:28 2009 +0200
s3:idmap_tdb: filter out of range mappings in default idmap config
This fixes bug #6415
Michael
(cherry picked from commit 3d3f39838261ddc401053dadcc5bd8e6317a3a8e)
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/idmap.c | 2 +-
source3/winbindd/idmap_ldap.c | 71 +++++++++++++++++++++++++++++++---------
source3/winbindd/idmap_tdb.c | 73 ++++++++++++++++++++++++++++++++---------
source3/winbindd/idmap_tdb2.c | 61 +++++++++++++++++++++++++++-------
4 files changed, 162 insertions(+), 45 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index c097170..4aa229c 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -761,7 +761,7 @@ NTSTATUS idmap_backends_sid_to_unixid(const char *domain,
struct id_map *id)
struct idmap_domain *dom;
struct id_map *maps[2];
- DEBUG(10, ("idmap_backend_sid_to_unixid: domain = '%s', sid = [%s]\n",
+ DEBUG(10, ("idmap_backends_sid_to_unixid: domain = '%s', sid = [%s]\n",
domain?domain:"NULL", sid_string_dbg(id->sid)));
maps[0] = id;
diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 88ece8c..3d1dd48 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -765,7 +765,6 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom,
NTSTATUS ret;
struct idmap_ldap_context *ctx = NULL;
char *config_option = NULL;
- const char *range = NULL;
const char *tmp = NULL;
/* Only do init if we are online */
@@ -779,23 +778,63 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain
*dom,
return NT_STATUS_NO_MEMORY;
}
- config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
- if ( ! config_option) {
- DEBUG(0, ("Out of memory!\n"));
- ret = NT_STATUS_NO_MEMORY;
- goto done;
- }
+ if (strequal(dom->name, "*")) {
+ uid_t low_uid = 0;
+ uid_t high_uid = 0;
+ gid_t low_gid = 0;
+ gid_t high_gid = 0;
- /* load ranges */
- range = lp_parm_const_string(-1, config_option, "range", NULL);
- if (range && range[0]) {
- if ((sscanf(range, "%u - %u", &ctx->filter_low_id,
- &ctx->filter_high_id) != 2) ||
- (ctx->filter_low_id > ctx->filter_high_id)) {
- DEBUG(1, ("ERROR: invalid filter range [%s]", range));
- ctx->filter_low_id = 0;
- ctx->filter_high_id = 0;
+ ctx->filter_low_id = 0;
+ ctx->filter_high_id = 0;
+
+ if (lp_idmap_uid(&low_uid, &high_uid)) {
+ ctx->filter_low_id = low_uid;
+ ctx->filter_high_id = high_uid;
+ } else {
+ DEBUG(3, ("Warning: 'idmap uid' not set!\n"));
+ }
+
+ if (lp_idmap_gid(&low_gid, &high_gid)) {
+ if ((low_gid != low_uid) || (high_gid != high_uid)) {
+ DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'"
+ " ranges do not agree -- building "
+ "intersection\n"));
+ ctx->filter_low_id = MAX(ctx->filter_low_id,
+ low_gid);
+ ctx->filter_high_id = MIN(ctx->filter_high_id,
+ high_gid);
+ }
+ } else {
+ DEBUG(3, ("Warning: 'idmap gid' not set!\n"));
+ }
+ } else {
+ const char *range = NULL;
+
+ config_option = talloc_asprintf(ctx, "idmap config %s",
dom->name);
+ if ( ! config_option) {
+ DEBUG(0, ("Out of memory!\n"));
+ ret = NT_STATUS_NO_MEMORY;
+ goto done;
}
+
+ /* load ranges */
+ range = lp_parm_const_string(-1, config_option, "range", NULL);
+ if (range && range[0]) {
+ if ((sscanf(range, "%u - %u", &ctx->filter_low_id,
+ &ctx->filter_high_id)
!= 2))
+ {
+ DEBUG(1, ("ERROR: invalid filter range [%s]",
range));
+ ctx->filter_low_id = 0;
+ ctx->filter_high_id = 0;
+ }
+ }
+ }
+
+ if (ctx->filter_low_id > ctx->filter_high_id) {
+ DEBUG(1, ("ERROR: invalid filter range [%u-%u]",
+ ctx->filter_low_id, ctx->filter_high_id));
+ ctx->filter_low_id = 0;
+ ctx->filter_high_id = 0;
}
if (params != NULL) {
diff --git a/source3/winbindd/idmap_tdb.c b/source3/winbindd/idmap_tdb.c
index 22c1757..9032743 100644
--- a/source3/winbindd/idmap_tdb.c
+++ b/source3/winbindd/idmap_tdb.c
@@ -593,8 +593,6 @@ static NTSTATUS idmap_tdb_db_init(struct idmap_domain *dom,
const char *params)
{
NTSTATUS ret;
struct idmap_tdb_context *ctx;
- char *config_option = NULL;
- const char *range;
ctx = talloc(dom, struct idmap_tdb_context);
if ( ! ctx) {
@@ -602,29 +600,72 @@ static NTSTATUS idmap_tdb_db_init(struct idmap_domain
*dom, const char *params)
return NT_STATUS_NO_MEMORY;
}
- config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
- if ( ! config_option) {
- DEBUG(0, ("Out of memory!\n"));
- ret = NT_STATUS_NO_MEMORY;
- goto failed;
- }
+ if (strequal(dom->name, "*")) {
+ uid_t low_uid = 0;
+ uid_t high_uid = 0;
+ gid_t low_gid = 0;
+ gid_t high_gid = 0;
- ret = idmap_tdb_open_db(ctx, false, &ctx->db);
- if ( ! NT_STATUS_IS_OK(ret)) {
- goto failed;
+ ctx->filter_low_id = 0;
+ ctx->filter_high_id = 0;
+
+ if (lp_idmap_uid(&low_uid, &high_uid)) {
+ ctx->filter_low_id = low_uid;
+ ctx->filter_high_id = high_uid;
+ } else {
+ DEBUG(3, ("Warning: 'idmap uid' not set!\n"));
+ }
+
+ if (lp_idmap_gid(&low_gid, &high_gid)) {
+ if ((low_gid != low_uid) || (high_gid != high_uid)) {
+ DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'"
+ " ranges do not agree -- building "
+ "intersection\n"));
+ ctx->filter_low_id = MAX(ctx->filter_low_id,
+ low_gid);
+ ctx->filter_high_id = MIN(ctx->filter_high_id,
+ high_gid);
+ }
+ } else {
+ DEBUG(3, ("Warning: 'idmap gid' not set!\n"));
+ }
+ } else {
+ char *config_option = NULL;
+ const char *range;
+
+ config_option = talloc_asprintf(ctx, "idmap config %s",
dom->name);
+ if ( ! config_option) {
+ DEBUG(0, ("Out of memory!\n"));
+ ret = NT_STATUS_NO_MEMORY;
+ goto failed;
+ }
+
+ range = lp_parm_const_string(-1, config_option, "range", NULL);
+ if (( ! range) ||
+ (sscanf(range, "%u - %u", &ctx->filter_low_id,
&ctx->filter_high_id) != 2))
+ {
+ ctx->filter_low_id = 0;
+ ctx->filter_high_id = 0;
+ }
+
+ talloc_free(config_option);
}
- range = lp_parm_const_string(-1, config_option, "range", NULL);
- if (( ! range) ||
- (sscanf(range, "%u - %u", &ctx->filter_low_id,
&ctx->filter_high_id) != 2) ||
- (ctx->filter_low_id > ctx->filter_high_id)) {
+ if (ctx->filter_low_id > ctx->filter_high_id) {
ctx->filter_low_id = 0;
ctx->filter_high_id = 0;
}
+ DEBUG(10, ("idmap_tdb_db_init: filter range %u-%u loaded for domain "
+ "'%s'\n", ctx->filter_low_id, ctx->filter_high_id, dom->name));
+
+ ret = idmap_tdb_open_db(ctx, false, &ctx->db);
+ if ( ! NT_STATUS_IS_OK(ret)) {
+ goto failed;
+ }
+
dom->private_data = ctx;
- talloc_free(config_option);
return NT_STATUS_OK;
failed:
diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c
index b272327..d34d289 100644
--- a/source3/winbindd/idmap_tdb2.c
+++ b/source3/winbindd/idmap_tdb2.c
@@ -357,8 +357,6 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom,
{
NTSTATUS ret;
struct idmap_tdb2_context *ctx;
- char *config_option = NULL;
- const char *range;
NTSTATUS status;
status = idmap_tdb2_open_db();
@@ -370,24 +368,63 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain
*dom,
return NT_STATUS_NO_MEMORY;
}
- config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
- if ( ! config_option) {
- DEBUG(0, ("Out of memory!\n"));
- ret = NT_STATUS_NO_MEMORY;
- goto failed;
+ if (strequal(dom->name, "*")) {
+ uid_t low_uid = 0;
+ uid_t high_uid = 0;
+ gid_t low_gid = 0;
+ gid_t high_gid = 0;
+
+ ctx->filter_low_id = 0;
+ ctx->filter_high_id = 0;
+
+ if (lp_idmap_uid(&low_uid, &high_uid)) {
+ ctx->filter_low_id = low_uid;
+ ctx->filter_high_id = high_uid;
+ } else {
+ DEBUG(3, ("Warning: 'idmap uid' not set!\n"));
+ }
+
+ if (lp_idmap_gid(&low_gid, &high_gid)) {
+ if ((low_gid != low_uid) || (high_gid != high_uid)) {
+ DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'"
+ " ranges do not agree -- building "
+ "intersection\n"));
+ ctx->filter_low_id = MAX(ctx->filter_low_id,
+ low_gid);
+ ctx->filter_high_id = MIN(ctx->filter_high_id,
+ high_gid);
+ }
+ } else {
+ DEBUG(3, ("Warning: 'idmap gid' not set!\n"));
+ }
+ } else {
+ char *config_option = NULL;
+ const char *range;
+ config_option = talloc_asprintf(ctx, "idmap config %s",
dom->name);
+ if ( ! config_option) {
+ DEBUG(0, ("Out of memory!\n"));
+ ret = NT_STATUS_NO_MEMORY;
+ goto failed;
+ }
+
+ range = lp_parm_const_string(-1, config_option, "range", NULL);
+ if (( ! range) ||
+ (sscanf(range, "%u - %u", &ctx->filter_low_id,
&ctx->filter_high_id) != 2))
+ {
+ ctx->filter_low_id = 0;
+ ctx->filter_high_id = 0;
+ }
+
+ talloc_free(config_option);
}
- range = lp_parm_const_string(-1, config_option, "range", NULL);
- if (( ! range) ||
- (sscanf(range, "%u - %u", &ctx->filter_low_id,
&ctx->filter_high_id) != 2) ||
- (ctx->filter_low_id > ctx->filter_high_id)) {
+ if (ctx->filter_low_id > ctx->filter_high_id) {
ctx->filter_low_id = 0;
ctx->filter_high_id = 0;
}
dom->private_data = ctx;
- talloc_free(config_option);
return NT_STATUS_OK;
failed:
--
Samba Shared Repository
