The branch, v3-4-test has been updated via 4ca03e3bb96518665c296ba2cf5aa1d91916897e (commit) via df4a0fabff06ea31149aac45d6477564cf96179b (commit) via b369902cddd55fab74ca6e0743e15e0f8cbfc4cc (commit) via 34500d59b6f35de2c3d273d3523708ec22df59ce (commit) from 1c8f9892010ce8cc754089b25313c6bc8e622165 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log ----------------------------------------------------------------- commit 4ca03e3bb96518665c296ba2cf5aa1d91916897e Author: Michael Adam <ob...@samba.org> Date: Wed May 27 19:25:44 2009 +0200 s3:idmap_ldap: filter out of range mappings in default idmap config This fixes bug #6417 Michael (cherry picked from commit e381c13b023f2b512b3f6aec133db9f323bc8132) commit df4a0fabff06ea31149aac45d6477564cf96179b Author: Michael Adam <ob...@samba.org> Date: Wed May 27 19:26:32 2009 +0200 s3:idmap: fix a comment typo Michael (cherry picked from commit 3fe9859342c28fe9da7011fb18a5fb5de8b29fa6) commit b369902cddd55fab74ca6e0743e15e0f8cbfc4cc Author: Michael Adam <ob...@samba.org> Date: Wed May 27 19:24:03 2009 +0200 s3:idmap_tdb2: filter out of range mappings in default idmap config This fixes bug #6416 Michael (cherry picked from commit e12670a1053edf57af137026bd3fdb9fc7dfb0b2) commit 34500d59b6f35de2c3d273d3523708ec22df59ce Author: Michael Adam <ob...@samba.org> Date: Wed May 27 19:12:28 2009 +0200 s3:idmap_tdb: filter out of range mappings in default idmap config This fixes bug #6415 Michael (cherry picked from commit 3d3f39838261ddc401053dadcc5bd8e6317a3a8e) ----------------------------------------------------------------------- Summary of changes: source3/winbindd/idmap.c | 2 +- source3/winbindd/idmap_ldap.c | 71 +++++++++++++++++++++++++++++++--------- source3/winbindd/idmap_tdb.c | 73 ++++++++++++++++++++++++++++++++--------- source3/winbindd/idmap_tdb2.c | 61 +++++++++++++++++++++++++++------- 4 files changed, 162 insertions(+), 45 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index c097170..4aa229c 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -761,7 +761,7 @@ NTSTATUS idmap_backends_sid_to_unixid(const char *domain, struct id_map *id) struct idmap_domain *dom; struct id_map *maps[2]; - DEBUG(10, ("idmap_backend_sid_to_unixid: domain = '%s', sid = [%s]\n", + DEBUG(10, ("idmap_backends_sid_to_unixid: domain = '%s', sid = [%s]\n", domain?domain:"NULL", sid_string_dbg(id->sid))); maps[0] = id; diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c index 88ece8c..3d1dd48 100644 --- a/source3/winbindd/idmap_ldap.c +++ b/source3/winbindd/idmap_ldap.c @@ -765,7 +765,6 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom, NTSTATUS ret; struct idmap_ldap_context *ctx = NULL; char *config_option = NULL; - const char *range = NULL; const char *tmp = NULL; /* Only do init if we are online */ @@ -779,23 +778,63 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom, return NT_STATUS_NO_MEMORY; } - config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); - if ( ! config_option) { - DEBUG(0, ("Out of memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto done; - } + if (strequal(dom->name, "*")) { + uid_t low_uid = 0; + uid_t high_uid = 0; + gid_t low_gid = 0; + gid_t high_gid = 0; - /* load ranges */ - range = lp_parm_const_string(-1, config_option, "range", NULL); - if (range && range[0]) { - if ((sscanf(range, "%u - %u", &ctx->filter_low_id, - &ctx->filter_high_id) != 2) || - (ctx->filter_low_id > ctx->filter_high_id)) { - DEBUG(1, ("ERROR: invalid filter range [%s]", range)); - ctx->filter_low_id = 0; - ctx->filter_high_id = 0; + ctx->filter_low_id = 0; + ctx->filter_high_id = 0; + + if (lp_idmap_uid(&low_uid, &high_uid)) { + ctx->filter_low_id = low_uid; + ctx->filter_high_id = high_uid; + } else { + DEBUG(3, ("Warning: 'idmap uid' not set!\n")); + } + + if (lp_idmap_gid(&low_gid, &high_gid)) { + if ((low_gid != low_uid) || (high_gid != high_uid)) { + DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'" + " ranges do not agree -- building " + "intersection\n")); + ctx->filter_low_id = MAX(ctx->filter_low_id, + low_gid); + ctx->filter_high_id = MIN(ctx->filter_high_id, + high_gid); + } + } else { + DEBUG(3, ("Warning: 'idmap gid' not set!\n")); + } + } else { + const char *range = NULL; + + config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); + if ( ! config_option) { + DEBUG(0, ("Out of memory!\n")); + ret = NT_STATUS_NO_MEMORY; + goto done; } + + /* load ranges */ + range = lp_parm_const_string(-1, config_option, "range", NULL); + if (range && range[0]) { + if ((sscanf(range, "%u - %u", &ctx->filter_low_id, + &ctx->filter_high_id) != 2)) + { + DEBUG(1, ("ERROR: invalid filter range [%s]", range)); + ctx->filter_low_id = 0; + ctx->filter_high_id = 0; + } + } + } + + if (ctx->filter_low_id > ctx->filter_high_id) { + DEBUG(1, ("ERROR: invalid filter range [%u-%u]", + ctx->filter_low_id, ctx->filter_high_id)); + ctx->filter_low_id = 0; + ctx->filter_high_id = 0; } if (params != NULL) { diff --git a/source3/winbindd/idmap_tdb.c b/source3/winbindd/idmap_tdb.c index 22c1757..9032743 100644 --- a/source3/winbindd/idmap_tdb.c +++ b/source3/winbindd/idmap_tdb.c @@ -593,8 +593,6 @@ static NTSTATUS idmap_tdb_db_init(struct idmap_domain *dom, const char *params) { NTSTATUS ret; struct idmap_tdb_context *ctx; - char *config_option = NULL; - const char *range; ctx = talloc(dom, struct idmap_tdb_context); if ( ! ctx) { @@ -602,29 +600,72 @@ static NTSTATUS idmap_tdb_db_init(struct idmap_domain *dom, const char *params) return NT_STATUS_NO_MEMORY; } - config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); - if ( ! config_option) { - DEBUG(0, ("Out of memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto failed; - } + if (strequal(dom->name, "*")) { + uid_t low_uid = 0; + uid_t high_uid = 0; + gid_t low_gid = 0; + gid_t high_gid = 0; - ret = idmap_tdb_open_db(ctx, false, &ctx->db); - if ( ! NT_STATUS_IS_OK(ret)) { - goto failed; + ctx->filter_low_id = 0; + ctx->filter_high_id = 0; + + if (lp_idmap_uid(&low_uid, &high_uid)) { + ctx->filter_low_id = low_uid; + ctx->filter_high_id = high_uid; + } else { + DEBUG(3, ("Warning: 'idmap uid' not set!\n")); + } + + if (lp_idmap_gid(&low_gid, &high_gid)) { + if ((low_gid != low_uid) || (high_gid != high_uid)) { + DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'" + " ranges do not agree -- building " + "intersection\n")); + ctx->filter_low_id = MAX(ctx->filter_low_id, + low_gid); + ctx->filter_high_id = MIN(ctx->filter_high_id, + high_gid); + } + } else { + DEBUG(3, ("Warning: 'idmap gid' not set!\n")); + } + } else { + char *config_option = NULL; + const char *range; + + config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); + if ( ! config_option) { + DEBUG(0, ("Out of memory!\n")); + ret = NT_STATUS_NO_MEMORY; + goto failed; + } + + range = lp_parm_const_string(-1, config_option, "range", NULL); + if (( ! range) || + (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2)) + { + ctx->filter_low_id = 0; + ctx->filter_high_id = 0; + } + + talloc_free(config_option); } - range = lp_parm_const_string(-1, config_option, "range", NULL); - if (( ! range) || - (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2) || - (ctx->filter_low_id > ctx->filter_high_id)) { + if (ctx->filter_low_id > ctx->filter_high_id) { ctx->filter_low_id = 0; ctx->filter_high_id = 0; } + DEBUG(10, ("idmap_tdb_db_init: filter range %u-%u loaded for domain " + "'%s'\n", ctx->filter_low_id, ctx->filter_high_id, dom->name)); + + ret = idmap_tdb_open_db(ctx, false, &ctx->db); + if ( ! NT_STATUS_IS_OK(ret)) { + goto failed; + } + dom->private_data = ctx; - talloc_free(config_option); return NT_STATUS_OK; failed: diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c index b272327..d34d289 100644 --- a/source3/winbindd/idmap_tdb2.c +++ b/source3/winbindd/idmap_tdb2.c @@ -357,8 +357,6 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom, { NTSTATUS ret; struct idmap_tdb2_context *ctx; - char *config_option = NULL; - const char *range; NTSTATUS status; status = idmap_tdb2_open_db(); @@ -370,24 +368,63 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom, return NT_STATUS_NO_MEMORY; } - config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); - if ( ! config_option) { - DEBUG(0, ("Out of memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto failed; + if (strequal(dom->name, "*")) { + uid_t low_uid = 0; + uid_t high_uid = 0; + gid_t low_gid = 0; + gid_t high_gid = 0; + + ctx->filter_low_id = 0; + ctx->filter_high_id = 0; + + if (lp_idmap_uid(&low_uid, &high_uid)) { + ctx->filter_low_id = low_uid; + ctx->filter_high_id = high_uid; + } else { + DEBUG(3, ("Warning: 'idmap uid' not set!\n")); + } + + if (lp_idmap_gid(&low_gid, &high_gid)) { + if ((low_gid != low_uid) || (high_gid != high_uid)) { + DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'" + " ranges do not agree -- building " + "intersection\n")); + ctx->filter_low_id = MAX(ctx->filter_low_id, + low_gid); + ctx->filter_high_id = MIN(ctx->filter_high_id, + high_gid); + } + } else { + DEBUG(3, ("Warning: 'idmap gid' not set!\n")); + } + } else { + char *config_option = NULL; + const char *range; + config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); + if ( ! config_option) { + DEBUG(0, ("Out of memory!\n")); + ret = NT_STATUS_NO_MEMORY; + goto failed; + } + + range = lp_parm_const_string(-1, config_option, "range", NULL); + if (( ! range) || + (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2)) + { + ctx->filter_low_id = 0; + ctx->filter_high_id = 0; + } + + talloc_free(config_option); } - range = lp_parm_const_string(-1, config_option, "range", NULL); - if (( ! range) || - (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2) || - (ctx->filter_low_id > ctx->filter_high_id)) { + if (ctx->filter_low_id > ctx->filter_high_id) { ctx->filter_low_id = 0; ctx->filter_high_id = 0; } dom->private_data = ctx; - talloc_free(config_option); return NT_STATUS_OK; failed: -- Samba Shared Repository