1 |
From 8672b486a2c847361e0e157be19eb2143ac550ab Mon Sep 17 00:00:00 2001 |
2 |
From: Volker Lendecke <vl@samba.org> |
3 |
Date: Tue, 18 Aug 2015 13:18:33 +0200 |
4 |
Subject: [PATCH 01/14] loadparm3: Add lp_wi_scan_global_parametrics() |
5 |
|
6 |
This routine takes a regex and goes through all parametric parameters |
7 |
in [global], matching the regex. It can easily be extended to also |
8 |
look at shares, but right now it will only be used to list all idmap |
9 |
config domain names. |
10 |
|
11 |
Signed-off-by: Volker Lendecke <vl@samba.org> |
12 |
Reviewed-by: Stefan Metzmacher <metze@samba.org> |
13 |
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 |
14 |
(cherry picked from commit 443dd9bbbc641ede10a2a3708465f61ea3dfbde3) |
15 |
--- |
16 |
source3/include/proto.h | 9 ++++++ |
17 |
source3/param/loadparm.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++ |
18 |
2 files changed, 82 insertions(+) |
19 |
|
20 |
diff --git a/source3/include/proto.h b/source3/include/proto.h |
21 |
index be90024..df7eecc 100644 |
22 |
--- a/source3/include/proto.h |
23 |
+++ b/source3/include/proto.h |
24 |
@@ -23,6 +23,9 @@ |
25 |
#ifndef _PROTO_H_ |
26 |
#define _PROTO_H_ |
27 |
|
28 |
+#include <sys/types.h> |
29 |
+#include <regex.h> |
30 |
+ |
31 |
/* The following definitions come from lib/access.c */ |
32 |
|
33 |
bool client_match(const char *tok, const void *item); |
34 |
@@ -951,6 +954,12 @@ int lp_smb2_max_credits(void); |
35 |
int lp_cups_encrypt(void); |
36 |
bool lp_widelinks(int ); |
37 |
|
38 |
+int lp_wi_scan_global_parametrics( |
39 |
+ const char *regex, size_t max_matches, |
40 |
+ bool (*cb)(const char *string, regmatch_t matches[], |
41 |
+ void *private_data), |
42 |
+ void *private_data); |
43 |
+ |
44 |
char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *type, const char *option, const char *def); |
45 |
const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def); |
46 |
struct loadparm_service; |
47 |
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c |
48 |
index e805fa4..9e56aca 100644 |
49 |
--- a/source3/param/loadparm.c |
50 |
+++ b/source3/param/loadparm.c |
51 |
@@ -1074,6 +1074,79 @@ static struct parmlist_entry *get_parametrics(int snum, const char *type, |
52 |
} |
53 |
} |
54 |
|
55 |
+static void discard_whitespace(char *str) |
56 |
+{ |
57 |
+ size_t len = strlen(str); |
58 |
+ size_t i = 0; |
59 |
+ |
60 |
+ while (i < len) { |
61 |
+ if (isspace(str[i])) { |
62 |
+ memmove(&str[i], &str[i+1], len-i); |
63 |
+ len -= 1; |
64 |
+ continue; |
65 |
+ } |
66 |
+ i += 1; |
67 |
+ } |
68 |
+} |
69 |
+ |
70 |
+/** |
71 |
+ * @brief Go through all global parametric parameters |
72 |
+ * |
73 |
+ * @param regex_str A regular expression to scan param for |
74 |
+ * @param max_matches Max number of submatches the regexp expects |
75 |
+ * @param cb Function to call on match. Should return true |
76 |
+ * when it wants wi_scan_global_parametrics to stop |
77 |
+ * scanning |
78 |
+ * @param private_data Anonymous pointer passed to cb |
79 |
+ * |
80 |
+ * @return 0: success, regcomp/regexec return value on error. |
81 |
+ * See "man regexec" for possible errors |
82 |
+ */ |
83 |
+ |
84 |
+int lp_wi_scan_global_parametrics( |
85 |
+ const char *regex_str, size_t max_matches, |
86 |
+ bool (*cb)(const char *string, regmatch_t matches[], |
87 |
+ void *private_data), |
88 |
+ void *private_data) |
89 |
+{ |
90 |
+ struct parmlist_entry *data; |
91 |
+ regex_t regex; |
92 |
+ int ret; |
93 |
+ |
94 |
+ ret = regcomp(®ex, regex_str, REG_ICASE); |
95 |
+ if (ret != 0) { |
96 |
+ return ret; |
97 |
+ } |
98 |
+ |
99 |
+ for (data = Globals.param_opt; data != NULL; data = data->next) { |
100 |
+ size_t keylen = strlen(data->key); |
101 |
+ char key[keylen+1]; |
102 |
+ regmatch_t matches[max_matches]; |
103 |
+ bool stop; |
104 |
+ |
105 |
+ memcpy(key, data->key, sizeof(key)); |
106 |
+ discard_whitespace(key); |
107 |
+ |
108 |
+ ret = regexec(®ex, key, max_matches, matches, 0); |
109 |
+ if (ret == REG_NOMATCH) { |
110 |
+ continue; |
111 |
+ } |
112 |
+ if (ret != 0) { |
113 |
+ goto fail; |
114 |
+ } |
115 |
+ |
116 |
+ stop = cb(key, matches, private_data); |
117 |
+ if (stop) { |
118 |
+ break; |
119 |
+ } |
120 |
+ } |
121 |
+ |
122 |
+ ret = 0; |
123 |
+fail: |
124 |
+ regfree(®ex); |
125 |
+ return ret; |
126 |
+} |
127 |
+ |
128 |
|
129 |
#define MISSING_PARAMETER(name) \ |
130 |
DEBUG(0, ("%s(): value is NULL or empty!\n", #name)) |
131 |
-- |
132 |
2.9.0 |
133 |
|
134 |
|
135 |
From ef3701654107528530141bb9a66ee1209060f21c Mon Sep 17 00:00:00 2001 |
136 |
From: Volker Lendecke <vl@samba.org> |
137 |
Date: Thu, 22 Jan 2015 12:08:52 +0000 |
138 |
Subject: [PATCH 02/14] winbind: Fix idmap initialization |
139 |
|
140 |
The fix is in the sscanf line: %u in the sscanf format mandates the use of |
141 |
a pointer to an "unsigned". idmap_domain->[low|high]_id are uint32_t. On |
142 |
little endian 64-bit this might at least put the correct values into |
143 |
low_id and high_id, but might overwrite the read_only bit set earlier, |
144 |
depending on structure alignment and packing. On big endian 64-bit, |
145 |
this will just fail. |
146 |
|
147 |
Automatic conversion to uint32_t will happen only at assignment, not |
148 |
when you take a pointer of such a thing. |
149 |
|
150 |
Signed-off-by: Volker Lendecke <vl@samba.org> |
151 |
Reviewed-by: Andreas Schneider <asn@samba.org> |
152 |
|
153 |
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> |
154 |
Autobuild-Date(master): Thu Jan 22 17:58:16 CET 2015 on sn-devel-104 |
155 |
|
156 |
(cherry picked from commit 63552f1c4c05a710143f12c2269754d0e547d945) |
157 |
--- |
158 |
source3/winbindd/idmap.c | 14 ++++++++------ |
159 |
1 file changed, 8 insertions(+), 6 deletions(-) |
160 |
|
161 |
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
162 |
index a8beab7..841f710 100644 |
163 |
--- a/source3/winbindd/idmap.c |
164 |
+++ b/source3/winbindd/idmap.c |
165 |
@@ -172,6 +172,7 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, |
166 |
NTSTATUS status; |
167 |
char *config_option = NULL; |
168 |
const char *range; |
169 |
+ unsigned low_id, high_id; |
170 |
|
171 |
result = talloc_zero(mem_ctx, struct idmap_domain); |
172 |
if (result == NULL) { |
173 |
@@ -230,23 +231,24 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, |
174 |
result->name)); |
175 |
goto fail; |
176 |
} |
177 |
- } else if (sscanf(range, "%u - %u", &result->low_id, |
178 |
- &result->high_id) != 2) |
179 |
+ } else if (sscanf(range, "%u - %u", &low_id, &high_id) != 2) |
180 |
{ |
181 |
DEBUG(1, ("invalid range '%s' specified for domain " |
182 |
"'%s'\n", range, result->name)); |
183 |
if (check_range) { |
184 |
goto fail; |
185 |
} |
186 |
- } else if (result->low_id > result->high_id) { |
187 |
- DEBUG(1, ("Error: invalid idmap range detected: %lu - %lu\n", |
188 |
- (unsigned long)result->low_id, |
189 |
- (unsigned long)result->high_id)); |
190 |
+ } else if (low_id > high_id) { |
191 |
+ DEBUG(1, ("Error: invalid idmap range detected: %u - %u\n", |
192 |
+ low_id, high_id)); |
193 |
if (check_range) { |
194 |
goto fail; |
195 |
} |
196 |
} |
197 |
|
198 |
+ result->low_id = low_id; |
199 |
+ result->high_id = high_id; |
200 |
+ |
201 |
status = result->methods->init(result); |
202 |
if (!NT_STATUS_IS_OK(status)) { |
203 |
DEBUG(1, ("idmap initialization returned %s\n", |
204 |
-- |
205 |
2.9.0 |
206 |
|
207 |
|
208 |
From ad0688f0b2ed0e060fa2c5a612d10bf4daa2e9cf Mon Sep 17 00:00:00 2001 |
209 |
From: Volker Lendecke <vl@samba.org> |
210 |
Date: Wed, 4 Mar 2015 10:22:48 +0100 |
211 |
Subject: [PATCH 03/14] winbind: Fix CID 1273295 Uninitialized scalar variable |
212 |
|
213 |
Signed-off-by: Volker Lendecke <vl@samba.org> |
214 |
Reviewed-by: David Disseldorp <ddiss@samba.org> |
215 |
(cherry picked from commit 25928b1bcc031469c5321ab283a8d0c32dde2f4f) |
216 |
--- |
217 |
source3/winbindd/idmap.c | 3 ++- |
218 |
1 file changed, 2 insertions(+), 1 deletion(-) |
219 |
|
220 |
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
221 |
index 841f710..70f4e02 100644 |
222 |
--- a/source3/winbindd/idmap.c |
223 |
+++ b/source3/winbindd/idmap.c |
224 |
@@ -172,7 +172,8 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, |
225 |
NTSTATUS status; |
226 |
char *config_option = NULL; |
227 |
const char *range; |
228 |
- unsigned low_id, high_id; |
229 |
+ unsigned low_id = 0; |
230 |
+ unsigned high_id; |
231 |
|
232 |
result = talloc_zero(mem_ctx, struct idmap_domain); |
233 |
if (result == NULL) { |
234 |
-- |
235 |
2.9.0 |
236 |
|
237 |
|
238 |
From 940b73398d1e8847504db4d989ee548966f1e9c5 Mon Sep 17 00:00:00 2001 |
239 |
From: Volker Lendecke <vl@samba.org> |
240 |
Date: Wed, 4 Mar 2015 10:28:20 +0100 |
241 |
Subject: [PATCH 04/14] winbind: Fix CID 1273294 Uninitialized scalar variable |
242 |
|
243 |
Signed-off-by: Volker Lendecke <vl@samba.org> |
244 |
Reviewed-by: David Disseldorp <ddiss@samba.org> |
245 |
(cherry picked from commit 8e195fb52ecfa3c263f68b74f989fb48a3c9116f) |
246 |
--- |
247 |
source3/winbindd/idmap.c | 2 +- |
248 |
1 file changed, 1 insertion(+), 1 deletion(-) |
249 |
|
250 |
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
251 |
index 70f4e02..1e2feb9 100644 |
252 |
--- a/source3/winbindd/idmap.c |
253 |
+++ b/source3/winbindd/idmap.c |
254 |
@@ -173,7 +173,7 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, |
255 |
char *config_option = NULL; |
256 |
const char *range; |
257 |
unsigned low_id = 0; |
258 |
- unsigned high_id; |
259 |
+ unsigned high_id = 0; |
260 |
|
261 |
result = talloc_zero(mem_ctx, struct idmap_domain); |
262 |
if (result == NULL) { |
263 |
-- |
264 |
2.9.0 |
265 |
|
266 |
|
267 |
From 461e69a3cb81247f0d514de865981ad56517d901 Mon Sep 17 00:00:00 2001 |
268 |
From: Volker Lendecke <vl@samba.org> |
269 |
Date: Tue, 18 Aug 2015 16:58:02 +0200 |
270 |
Subject: [PATCH 05/14] idmap: Move idmap_init() under the static vars |
271 |
|
272 |
Just moving code, idmap_init will need to reference the variables |
273 |
|
274 |
Signed-off-by: Volker Lendecke <vl@samba.org> |
275 |
Reviewed-by: Stefan Metzmacher <metze@samba.org> |
276 |
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 |
277 |
(cherry picked from commit d36de86639b7782e1e959d61917d8f19fdfc902c) |
278 |
--- |
279 |
source3/winbindd/idmap.c | 30 +++++++++++++++--------------- |
280 |
1 file changed, 15 insertions(+), 15 deletions(-) |
281 |
|
282 |
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
283 |
index 1e2feb9..0ba8fda 100644 |
284 |
--- a/source3/winbindd/idmap.c |
285 |
+++ b/source3/winbindd/idmap.c |
286 |
@@ -32,21 +32,6 @@ |
287 |
|
288 |
static_decl_idmap; |
289 |
|
290 |
-static void idmap_init(void) |
291 |
-{ |
292 |
- static bool initialized; |
293 |
- |
294 |
- if (initialized) { |
295 |
- return; |
296 |
- } |
297 |
- |
298 |
- DEBUG(10, ("idmap_init(): calling static_init_idmap\n")); |
299 |
- |
300 |
- static_init_idmap; |
301 |
- |
302 |
- initialized = true; |
303 |
-} |
304 |
- |
305 |
/** |
306 |
* Pointer to the backend methods. Modules register themselves here via |
307 |
* smb_register_idmap. |
308 |
@@ -79,6 +64,21 @@ static struct idmap_domain *passdb_idmap_domain; |
309 |
static struct idmap_domain **idmap_domains = NULL; |
310 |
static int num_domains = 0; |
311 |
|
312 |
+static void idmap_init(void) |
313 |
+{ |
314 |
+ static bool initialized; |
315 |
+ |
316 |
+ if (initialized) { |
317 |
+ return; |
318 |
+ } |
319 |
+ |
320 |
+ DEBUG(10, ("idmap_init(): calling static_init_idmap\n")); |
321 |
+ |
322 |
+ static_init_idmap; |
323 |
+ |
324 |
+ initialized = true; |
325 |
+} |
326 |
+ |
327 |
static struct idmap_methods *get_methods(const char *name) |
328 |
{ |
329 |
struct idmap_backend *b; |
330 |
-- |
331 |
2.9.0 |
332 |
|
333 |
|
334 |
From 5b3f88a29d5e9d6133f6a1e43e3db69dc6fdd1f2 Mon Sep 17 00:00:00 2001 |
335 |
From: Volker Lendecke <vl@samba.org> |
336 |
Date: Wed, 19 Aug 2015 17:00:46 +0200 |
337 |
Subject: [PATCH 06/14] idmap: Initialize all idmap domains at startup |
338 |
|
339 |
So far we have initialized idmap domains on demand indexed by name. |
340 |
For sid2xid this works okay, because we could do lookupsids before |
341 |
and thus get the name. For xid2sid this is more problematic. We |
342 |
have to rely on enumtrustdoms to work completely, and we have to |
343 |
look at the list of winbind domains in the parent to get the domain |
344 |
name. Relying on domain->have_idmap_config is not particularly nice. |
345 |
|
346 |
This patch re-works initialization of idmap domains by scanning all |
347 |
parametric parameters, scanning for :backend configuration settings. |
348 |
This way we get a complete list of :range definitions. This means |
349 |
we can rely on the idmap domain array to be complete. This in turn |
350 |
means we can live without the domain name to find a domain, we can |
351 |
do a range search by uid or gid. |
352 |
|
353 |
Signed-off-by: Volker Lendecke <vl@samba.org> |
354 |
Reviewed-by: Stefan Metzmacher <metze@samba.org> |
355 |
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 |
356 |
(cherry picked from commit ef0c91195533d95ba4fb7947ff5f69c20aa677b8) |
357 |
--- |
358 |
source3/winbindd/idmap.c | 199 ++++++++++++++++++++++++++--------------------- |
359 |
1 file changed, 109 insertions(+), 90 deletions(-) |
360 |
|
361 |
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
362 |
index 0ba8fda..40d87a7 100644 |
363 |
--- a/source3/winbindd/idmap.c |
364 |
+++ b/source3/winbindd/idmap.c |
365 |
@@ -64,12 +64,22 @@ static struct idmap_domain *passdb_idmap_domain; |
366 |
static struct idmap_domain **idmap_domains = NULL; |
367 |
static int num_domains = 0; |
368 |
|
369 |
-static void idmap_init(void) |
370 |
+static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx, |
371 |
+ const char *domname); |
372 |
+static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, |
373 |
+ const char *domainname, |
374 |
+ const char *modulename, |
375 |
+ bool check_range); |
376 |
+static bool idmap_found_domain_backend( |
377 |
+ const char *string, regmatch_t matches[], void *private_data); |
378 |
+ |
379 |
+static bool idmap_init(void) |
380 |
{ |
381 |
static bool initialized; |
382 |
+ int ret; |
383 |
|
384 |
if (initialized) { |
385 |
- return; |
386 |
+ return true; |
387 |
} |
388 |
|
389 |
DEBUG(10, ("idmap_init(): calling static_init_idmap\n")); |
390 |
@@ -77,6 +87,80 @@ static void idmap_init(void) |
391 |
static_init_idmap; |
392 |
|
393 |
initialized = true; |
394 |
+ |
395 |
+ if (!pdb_is_responsible_for_everything_else()) { |
396 |
+ default_idmap_domain = idmap_init_named_domain(NULL, "*"); |
397 |
+ if (default_idmap_domain == NULL) { |
398 |
+ return false; |
399 |
+ } |
400 |
+ } |
401 |
+ |
402 |
+ passdb_idmap_domain = idmap_init_domain( |
403 |
+ NULL, get_global_sam_name(), "passdb", false); |
404 |
+ if (passdb_idmap_domain == NULL) { |
405 |
+ TALLOC_FREE(default_idmap_domain); |
406 |
+ return false; |
407 |
+ } |
408 |
+ |
409 |
+ idmap_domains = talloc_array(NULL, struct idmap_domain *, 0); |
410 |
+ if (idmap_domains == NULL) { |
411 |
+ TALLOC_FREE(passdb_idmap_domain); |
412 |
+ TALLOC_FREE(default_idmap_domain); |
413 |
+ return false; |
414 |
+ } |
415 |
+ |
416 |
+ ret = lp_wi_scan_global_parametrics( |
417 |
+ "idmapconfig\\(.*\\):backend", 2, |
418 |
+ idmap_found_domain_backend, NULL); |
419 |
+ if (ret != 0) { |
420 |
+ DEBUG(5, ("wi_scan_global_parametrics returned %d\n", ret)); |
421 |
+ return false; |
422 |
+ } |
423 |
+ |
424 |
+ return true; |
425 |
+} |
426 |
+ |
427 |
+static bool idmap_found_domain_backend( |
428 |
+ const char *string, regmatch_t matches[], void *private_data) |
429 |
+{ |
430 |
+ if (matches[1].rm_so == -1) { |
431 |
+ DEBUG(5, ("Found match, but no name??\n")); |
432 |
+ return false; |
433 |
+ } |
434 |
+ |
435 |
+ { |
436 |
+ struct idmap_domain *dom, **tmp; |
437 |
+ regoff_t len = matches[1].rm_eo - matches[1].rm_so; |
438 |
+ char domname[len+1]; |
439 |
+ |
440 |
+ memcpy(domname, string + matches[1].rm_so, len); |
441 |
+ domname[len] = '\0'; |
442 |
+ |
443 |
+ DEBUG(7, ("Found idmap domain \"%s\"\n", domname)); |
444 |
+ |
445 |
+ if (strcmp(domname, "*") == 0) { |
446 |
+ return false; |
447 |
+ } |
448 |
+ |
449 |
+ dom = idmap_init_named_domain(idmap_domains, domname); |
450 |
+ if (dom == NULL) { |
451 |
+ DEBUG(3, ("Could not init idmap domain %s\n", |
452 |
+ domname)); |
453 |
+ } |
454 |
+ |
455 |
+ tmp = talloc_realloc(idmap_domains, idmap_domains, |
456 |
+ struct idmap_domain *, num_domains + 1); |
457 |
+ if (tmp == NULL) { |
458 |
+ DEBUG(1, ("talloc_realloc failed\n")); |
459 |
+ TALLOC_FREE(dom); |
460 |
+ return false; |
461 |
+ } |
462 |
+ idmap_domains = tmp; |
463 |
+ idmap_domains[num_domains] = dom; |
464 |
+ num_domains += 1; |
465 |
+ } |
466 |
+ |
467 |
+ return false; |
468 |
} |
469 |
|
470 |
static struct idmap_methods *get_methods(const char *name) |
471 |
@@ -280,8 +364,12 @@ static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx, |
472 |
struct idmap_domain *result = NULL; |
473 |
char *config_option; |
474 |
const char *backend; |
475 |
+ bool ok; |
476 |
|
477 |
- idmap_init(); |
478 |
+ ok = idmap_init(); |
479 |
+ if (!ok) { |
480 |
+ return NULL; |
481 |
+ } |
482 |
|
483 |
config_option = talloc_asprintf(talloc_tos(), "idmap config %s", |
484 |
domname); |
485 |
@@ -312,57 +400,6 @@ fail: |
486 |
} |
487 |
|
488 |
/** |
489 |
- * Initialize the default domain structure |
490 |
- * @param[in] mem_ctx memory context for the result |
491 |
- * @result The default domain structure |
492 |
- * |
493 |
- * This routine takes the module name from the "idmap backend" parameter, |
494 |
- * passing a possible parameter like ldap:ldap://ldap-url/ to the module. |
495 |
- */ |
496 |
- |
497 |
-static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx) |
498 |
-{ |
499 |
- return idmap_init_named_domain(mem_ctx, "*"); |
500 |
-} |
501 |
- |
502 |
-/** |
503 |
- * Initialize the passdb domain structure |
504 |
- * @param[in] mem_ctx memory context for the result |
505 |
- * @result The default domain structure |
506 |
- * |
507 |
- * No config, passdb has its own configuration. |
508 |
- */ |
509 |
- |
510 |
-static struct idmap_domain *idmap_passdb_domain(TALLOC_CTX *mem_ctx) |
511 |
-{ |
512 |
- idmap_init(); |
513 |
- |
514 |
- if (!pdb_is_responsible_for_everything_else()) { |
515 |
- /* |
516 |
- * Always init the default domain, we can't go without one |
517 |
- */ |
518 |
- if (default_idmap_domain == NULL) { |
519 |
- default_idmap_domain = idmap_init_default_domain(NULL); |
520 |
- } |
521 |
- if (default_idmap_domain == NULL) { |
522 |
- return NULL; |
523 |
- } |
524 |
- } |
525 |
- |
526 |
- if (passdb_idmap_domain != NULL) { |
527 |
- return passdb_idmap_domain; |
528 |
- } |
529 |
- |
530 |
- passdb_idmap_domain = idmap_init_domain(mem_ctx, get_global_sam_name(), |
531 |
- "passdb", false); |
532 |
- if (passdb_idmap_domain == NULL) { |
533 |
- DEBUG(1, ("Could not init passdb idmap domain\n")); |
534 |
- } |
535 |
- |
536 |
- return passdb_idmap_domain; |
537 |
-} |
538 |
- |
539 |
-/** |
540 |
* Find a domain struct according to a domain name |
541 |
* @param[in] domname Domain name to get the config for |
542 |
* @result The default domain structure that fits |
543 |
@@ -379,21 +416,14 @@ static struct idmap_domain *idmap_passdb_domain(TALLOC_CTX *mem_ctx) |
544 |
|
545 |
static struct idmap_domain *idmap_find_domain(const char *domname) |
546 |
{ |
547 |
- struct idmap_domain *result; |
548 |
+ bool ok; |
549 |
int i; |
550 |
|
551 |
DEBUG(10, ("idmap_find_domain called for domain '%s'\n", |
552 |
domname?domname:"NULL")); |
553 |
|
554 |
- idmap_init(); |
555 |
- |
556 |
- /* |
557 |
- * Always init the default domain, we can't go without one |
558 |
- */ |
559 |
- if (default_idmap_domain == NULL) { |
560 |
- default_idmap_domain = idmap_init_default_domain(NULL); |
561 |
- } |
562 |
- if (default_idmap_domain == NULL) { |
563 |
+ ok = idmap_init(); |
564 |
+ if (!ok) { |
565 |
return NULL; |
566 |
} |
567 |
|
568 |
@@ -407,38 +437,21 @@ static struct idmap_domain *idmap_find_domain(const char *domname) |
569 |
} |
570 |
} |
571 |
|
572 |
- if (idmap_domains == NULL) { |
573 |
- /* |
574 |
- * talloc context for all idmap domains |
575 |
- */ |
576 |
- idmap_domains = talloc_array(NULL, struct idmap_domain *, 1); |
577 |
- } |
578 |
- |
579 |
- if (idmap_domains == NULL) { |
580 |
- DEBUG(0, ("talloc failed\n")); |
581 |
- return NULL; |
582 |
- } |
583 |
- |
584 |
- result = idmap_init_named_domain(idmap_domains, domname); |
585 |
- if (result == NULL) { |
586 |
- /* |
587 |
- * Could not init that domain -- try the default one |
588 |
- */ |
589 |
- return default_idmap_domain; |
590 |
- } |
591 |
- |
592 |
- ADD_TO_ARRAY(idmap_domains, struct idmap_domain *, result, |
593 |
- &idmap_domains, &num_domains); |
594 |
- return result; |
595 |
+ return default_idmap_domain; |
596 |
} |
597 |
|
598 |
struct idmap_domain *idmap_find_domain_with_sid(const char *domname, |
599 |
const struct dom_sid *sid) |
600 |
{ |
601 |
- idmap_init(); |
602 |
+ bool ok; |
603 |
+ |
604 |
+ ok = idmap_init(); |
605 |
+ if (!ok) { |
606 |
+ return NULL; |
607 |
+ } |
608 |
|
609 |
if (sid_check_is_for_passdb(sid)) { |
610 |
- return idmap_passdb_domain(NULL); |
611 |
+ return passdb_idmap_domain; |
612 |
} |
613 |
|
614 |
return idmap_find_domain(domname); |
615 |
@@ -493,6 +506,12 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) |
616 |
{ |
617 |
struct idmap_domain *dom; |
618 |
struct id_map *maps[2]; |
619 |
+ bool ok; |
620 |
+ |
621 |
+ ok = idmap_init(); |
622 |
+ if (!ok) { |
623 |
+ return NT_STATUS_NONE_MAPPED; |
624 |
+ } |
625 |
|
626 |
DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d " |
627 |
"(type %d)\n", |
628 |
@@ -505,7 +524,7 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) |
629 |
* Always give passdb a chance first |
630 |
*/ |
631 |
|
632 |
- dom = idmap_passdb_domain(NULL); |
633 |
+ dom = passdb_idmap_domain; |
634 |
if ((dom != NULL) |
635 |
&& NT_STATUS_IS_OK(dom->methods->unixids_to_sids(dom, maps)) |
636 |
&& id->status == ID_MAPPED) { |
637 |
-- |
638 |
2.9.0 |
639 |
|
640 |
|
641 |
From 808cde4e8490af596ec2c6d1df3a24c4e2b719cb Mon Sep 17 00:00:00 2001 |
642 |
From: Volker Lendecke <vl@samba.org> |
643 |
Date: Tue, 18 Aug 2015 17:30:27 +0200 |
644 |
Subject: [PATCH 07/14] idmap: Use a range search in |
645 |
idmap_backends_unixid_to_sid |
646 |
|
647 |
This obsoletes the domain name in the xid2sid calls |
648 |
|
649 |
Signed-off-by: Volker Lendecke <vl@samba.org> |
650 |
Reviewed-by: Stefan Metzmacher <metze@samba.org> |
651 |
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 |
652 |
(cherry picked from commit ad626b9e6b3c200c70b0d840c956f7b6fff20660) |
653 |
--- |
654 |
source3/winbindd/idmap.c | 12 +++++++++++- |
655 |
1 file changed, 11 insertions(+), 1 deletion(-) |
656 |
|
657 |
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
658 |
index 40d87a7..aff5792 100644 |
659 |
--- a/source3/winbindd/idmap.c |
660 |
+++ b/source3/winbindd/idmap.c |
661 |
@@ -507,6 +507,7 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) |
662 |
struct idmap_domain *dom; |
663 |
struct id_map *maps[2]; |
664 |
bool ok; |
665 |
+ int i; |
666 |
|
667 |
ok = idmap_init(); |
668 |
if (!ok) { |
669 |
@@ -531,7 +532,16 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) |
670 |
return NT_STATUS_OK; |
671 |
} |
672 |
|
673 |
- dom = idmap_find_domain(domname); |
674 |
+ dom = default_idmap_domain; |
675 |
+ |
676 |
+ for (i=0; i<num_domains; i++) { |
677 |
+ if ((id->xid.id >= idmap_domains[i]->low_id) && |
678 |
+ (id->xid.id <= idmap_domains[i]->high_id)) { |
679 |
+ dom = idmap_domains[i]; |
680 |
+ break; |
681 |
+ } |
682 |
+ } |
683 |
+ |
684 |
if (dom == NULL) { |
685 |
return NT_STATUS_NONE_MAPPED; |
686 |
} |
687 |
-- |
688 |
2.9.0 |
689 |
|
690 |
|
691 |
From ebc02665c40d38fca33df001a4f660a18719e33b Mon Sep 17 00:00:00 2001 |
692 |
From: Volker Lendecke <vl@samba.org> |
693 |
Date: Tue, 18 Aug 2015 17:34:29 +0200 |
694 |
Subject: [PATCH 08/14] idmap: Remove "domname" from |
695 |
idmap_backends_unixid_to_sid |
696 |
|
697 |
Signed-off-by: Volker Lendecke <vl@samba.org> |
698 |
Reviewed-by: Stefan Metzmacher <metze@samba.org> |
699 |
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 |
700 |
(cherry picked from commit ac4cc243771fc3273872547087679db21c9bb1cb) |
701 |
--- |
702 |
source3/torture/test_idmap_tdb_common.c | 2 +- |
703 |
source3/winbindd/idmap.c | 8 ++++---- |
704 |
source3/winbindd/idmap_proto.h | 3 +-- |
705 |
source3/winbindd/idmap_util.c | 4 ++-- |
706 |
4 files changed, 8 insertions(+), 9 deletions(-) |
707 |
|
708 |
diff --git a/source3/torture/test_idmap_tdb_common.c b/source3/torture/test_idmap_tdb_common.c |
709 |
index f7262a2..dd736ad 100644 |
710 |
--- a/source3/torture/test_idmap_tdb_common.c |
711 |
+++ b/source3/torture/test_idmap_tdb_common.c |
712 |
@@ -62,7 +62,7 @@ bool idmap_is_online(void) |
713 |
return true; |
714 |
} |
715 |
|
716 |
-NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) |
717 |
+NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id) |
718 |
{ |
719 |
return NT_STATUS_OK; |
720 |
} |
721 |
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
722 |
index aff5792..56ebf21 100644 |
723 |
--- a/source3/winbindd/idmap.c |
724 |
+++ b/source3/winbindd/idmap.c |
725 |
@@ -146,6 +146,7 @@ static bool idmap_found_domain_backend( |
726 |
if (dom == NULL) { |
727 |
DEBUG(3, ("Could not init idmap domain %s\n", |
728 |
domname)); |
729 |
+ return false; |
730 |
} |
731 |
|
732 |
tmp = talloc_realloc(idmap_domains, idmap_domains, |
733 |
@@ -502,7 +503,7 @@ NTSTATUS idmap_allocate_gid(struct unixid *id) |
734 |
return idmap_allocate_unixid(id); |
735 |
} |
736 |
|
737 |
-NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) |
738 |
+NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id) |
739 |
{ |
740 |
struct idmap_domain *dom; |
741 |
struct id_map *maps[2]; |
742 |
@@ -514,9 +515,8 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) |
743 |
return NT_STATUS_NONE_MAPPED; |
744 |
} |
745 |
|
746 |
- DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d " |
747 |
- "(type %d)\n", |
748 |
- domname?domname:"NULL", id->xid.id, id->xid.type)); |
749 |
+ DEBUG(10, ("idmap_backend_unixid_to_sid: xid = %d (type %d)\n", |
750 |
+ id->xid.id, id->xid.type)); |
751 |
|
752 |
maps[0] = id; |
753 |
maps[1] = NULL; |
754 |
diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h |
755 |
index f7af8ed..159aac6 100644 |
756 |
--- a/source3/winbindd/idmap_proto.h |
757 |
+++ b/source3/winbindd/idmap_proto.h |
758 |
@@ -34,8 +34,7 @@ NTSTATUS smb_register_idmap(int version, const char *name, |
759 |
void idmap_close(void); |
760 |
NTSTATUS idmap_allocate_uid(struct unixid *id); |
761 |
NTSTATUS idmap_allocate_gid(struct unixid *id); |
762 |
-NTSTATUS idmap_backends_unixid_to_sid(const char *domname, |
763 |
- struct id_map *id); |
764 |
+NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id); |
765 |
|
766 |
/* The following definitions come from winbindd/idmap_nss.c */ |
767 |
|
768 |
diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c |
769 |
index e671acf..08857ab 100644 |
770 |
--- a/source3/winbindd/idmap_util.c |
771 |
+++ b/source3/winbindd/idmap_util.c |
772 |
@@ -66,7 +66,7 @@ backend: |
773 |
map.xid.type = ID_TYPE_UID; |
774 |
map.xid.id = uid; |
775 |
|
776 |
- ret = idmap_backends_unixid_to_sid(domname, &map); |
777 |
+ ret = idmap_backends_unixid_to_sid(&map); |
778 |
if ( ! NT_STATUS_IS_OK(ret)) { |
779 |
DEBUG(10, ("error mapping uid [%lu]: %s\n", (unsigned long)uid, |
780 |
nt_errstr(ret))); |
781 |
@@ -130,7 +130,7 @@ backend: |
782 |
map.xid.type = ID_TYPE_GID; |
783 |
map.xid.id = gid; |
784 |
|
785 |
- ret = idmap_backends_unixid_to_sid(domname, &map); |
786 |
+ ret = idmap_backends_unixid_to_sid(&map); |
787 |
if ( ! NT_STATUS_IS_OK(ret)) { |
788 |
DEBUG(10, ("error mapping gid [%lu]: %s\n", (unsigned long)gid, |
789 |
nt_errstr(ret))); |
790 |
-- |
791 |
2.9.0 |
792 |
|
793 |
|
794 |
From e7ca0730e3b3ba4eaa447b1ff487377978c70e64 Mon Sep 17 00:00:00 2001 |
795 |
From: Michael Adam <obnox@samba.org> |
796 |
Date: Thu, 10 Mar 2016 10:38:29 +0100 |
797 |
Subject: [PATCH 09/14] s3:winbindd:idmap: add domain_has_idmap_config() helper |
798 |
function. |
799 |
|
800 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 |
801 |
|
802 |
Pair-Programmed-With: Guenther Deschner <gd@samba.org> |
803 |
|
804 |
Signed-off-by: Michael Adam <obnox@samba.org> |
805 |
Signed-off-by: Guenther Deschner <gd@samba.org> |
806 |
Reviewed-by: Jeremy Allison <jra@samba.org> |
807 |
(cherry picked from commit fb80e1158bb1a14f2602e65464909a213296cde1) |
808 |
--- |
809 |
source3/winbindd/idmap.c | 15 +++++++++++++++ |
810 |
source3/winbindd/winbindd_proto.h | 1 + |
811 |
2 files changed, 16 insertions(+) |
812 |
|
813 |
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
814 |
index 56ebf21..7a96b92 100644 |
815 |
--- a/source3/winbindd/idmap.c |
816 |
+++ b/source3/winbindd/idmap.c |
817 |
@@ -120,6 +120,21 @@ static bool idmap_init(void) |
818 |
return true; |
819 |
} |
820 |
|
821 |
+bool domain_has_idmap_config(const char *domname) |
822 |
+{ |
823 |
+ int i; |
824 |
+ |
825 |
+ idmap_init(); |
826 |
+ |
827 |
+ for (i=0; i<num_domains; i++) { |
828 |
+ if (strequal(idmap_domains[i]->name, domname)) { |
829 |
+ return true; |
830 |
+ } |
831 |
+ } |
832 |
+ |
833 |
+ return false; |
834 |
+} |
835 |
+ |
836 |
static bool idmap_found_domain_backend( |
837 |
const char *string, regmatch_t matches[], void *private_data) |
838 |
{ |
839 |
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h |
840 |
index 42fffc0..85aee5b 100644 |
841 |
--- a/source3/winbindd/winbindd_proto.h |
842 |
+++ b/source3/winbindd/winbindd_proto.h |
843 |
@@ -339,6 +339,7 @@ void init_idmap_child(void); |
844 |
struct winbindd_child *idmap_child(void); |
845 |
struct idmap_domain *idmap_find_domain_with_sid(const char *domname, |
846 |
const struct dom_sid *sid); |
847 |
+bool domain_has_idmap_config(const char *domname); |
848 |
|
849 |
/* The following definitions come from winbindd/winbindd_locator.c */ |
850 |
|
851 |
-- |
852 |
2.9.0 |
853 |
|
854 |
|
855 |
From d58905a6113fc0dc1e5cccb91568a550ee953999 Mon Sep 17 00:00:00 2001 |
856 |
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> |
857 |
Date: Thu, 10 Mar 2016 10:39:15 +0100 |
858 |
Subject: [PATCH 10/14] s3:winbindd:idmap_hash: skip domains that already have |
859 |
their own idmap configuration. |
860 |
|
861 |
Check if the domain from the list is not already configured to use another idmap |
862 |
backend. Not checking this makes the idmap_hash module map IDs for *all* domains |
863 |
implicitly. This is quite dangeorous in multi-idmap-config setups. |
864 |
|
865 |
Guenther |
866 |
|
867 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 |
868 |
|
869 |
Pair-Programmed-With: Michael Adam <obnox@samba.org> |
870 |
|
871 |
Signed-off-by: Guenther Deschner <gd@samba.org> |
872 |
Signed-off-by: Michael Adam <obnox@samba.org> |
873 |
Reviewed-by: Jeremy Allison <jra@samba.org> |
874 |
(cherry picked from commit 55be1ee69743c94d33f4244ade848517fc98e264) |
875 |
--- |
876 |
source3/winbindd/idmap_hash/idmap_hash.c | 13 +++++++++++++ |
877 |
1 file changed, 13 insertions(+) |
878 |
|
879 |
diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c |
880 |
index 1dbd300..f77ee3b 100644 |
881 |
--- a/source3/winbindd/idmap_hash/idmap_hash.c |
882 |
+++ b/source3/winbindd/idmap_hash/idmap_hash.c |
883 |
@@ -137,6 +137,19 @@ static NTSTATUS be_init(struct idmap_domain *dom) |
884 |
|
885 |
if (is_null_sid(&dom_list[i].sid)) |
886 |
continue; |
887 |
+ |
888 |
+ /* |
889 |
+ * Check if the domain from the list is not already configured |
890 |
+ * to use another idmap backend. Not checking this makes the |
891 |
+ * idmap_hash module map IDs for *all* domains implicitly. This |
892 |
+ * is quite dangerous in setups that use multiple idmap |
893 |
+ * configurations. |
894 |
+ */ |
895 |
+ |
896 |
+ if (domain_has_idmap_config(dom_list[i].domain_name)) { |
897 |
+ continue; |
898 |
+ } |
899 |
+ |
900 |
if ((hash = hash_domain_sid(&dom_list[i].sid)) == 0) |
901 |
continue; |
902 |
|
903 |
-- |
904 |
2.9.0 |
905 |
|
906 |
|
907 |
From 87079a86d35e298a7ec8a4476c5ff15c4c12d7ca Mon Sep 17 00:00:00 2001 |
908 |
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> |
909 |
Date: Thu, 10 Mar 2016 12:21:52 +0100 |
910 |
Subject: [PATCH 11/14] s3:winbindd:idmap: check loadparm in |
911 |
domain_has_idmap_config() helper as well. |
912 |
|
913 |
Guenther |
914 |
|
915 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 |
916 |
|
917 |
Pair-Programmed-With: Michael Adam <obnox@samba.org> |
918 |
|
919 |
Signed-off-by: Guenther Deschner <gd@samba.org> |
920 |
Signed-off-by: Michael Adam <obnox@samba.org> |
921 |
Reviewed-by: Jeremy Allison <jra@samba.org> |
922 |
(cherry picked from commit 4632ad98c4af5a4e0a2723c0cf716439e376e61f) |
923 |
--- |
924 |
source3/winbindd/idmap.c | 22 ++++++++++++++++++++++ |
925 |
1 file changed, 22 insertions(+) |
926 |
|
927 |
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
928 |
index 7a96b92..f716b6d 100644 |
929 |
--- a/source3/winbindd/idmap.c |
930 |
+++ b/source3/winbindd/idmap.c |
931 |
@@ -123,6 +123,9 @@ static bool idmap_init(void) |
932 |
bool domain_has_idmap_config(const char *domname) |
933 |
{ |
934 |
int i; |
935 |
+ char *config_option; |
936 |
+ const char *range = NULL; |
937 |
+ const char *backend = NULL; |
938 |
|
939 |
idmap_init(); |
940 |
|
941 |
@@ -132,6 +135,25 @@ bool domain_has_idmap_config(const char *domname) |
942 |
} |
943 |
} |
944 |
|
945 |
+ /* fallback: also check loadparm */ |
946 |
+ |
947 |
+ config_option = talloc_asprintf(talloc_tos(), "idmap config %s", |
948 |
+ domname); |
949 |
+ if (config_option == NULL) { |
950 |
+ DEBUG(0, ("out of memory\n")); |
951 |
+ return false; |
952 |
+ } |
953 |
+ |
954 |
+ range = lp_parm_const_string(-1, config_option, "range", NULL); |
955 |
+ backend = lp_parm_const_string(-1, config_option, "backend", NULL); |
956 |
+ if (range != NULL && backend != NULL) { |
957 |
+ DEBUG(5, ("idmap configuration specified for domain '%s'\n", |
958 |
+ domname)); |
959 |
+ TALLOC_FREE(config_option); |
960 |
+ return true; |
961 |
+ } |
962 |
+ |
963 |
+ TALLOC_FREE(config_option); |
964 |
return false; |
965 |
} |
966 |
|
967 |
-- |
968 |
2.9.0 |
969 |
|
970 |
|
971 |
From d80f66cf98e47a7a8dfc8dd27c8c36529e36d235 Mon Sep 17 00:00:00 2001 |
972 |
From: Michael Adam <obnox@samba.org> |
973 |
Date: Mon, 14 Mar 2016 17:06:34 +0100 |
974 |
Subject: [PATCH 12/14] idmap_hash: rename be_init() --> |
975 |
idmap_hash_initialize() |
976 |
|
977 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 |
978 |
|
979 |
Pair-Programmed-With: Guenther Deschner <gd@samba.org> |
980 |
|
981 |
Signed-off-by: Michael Adam <obnox@samba.org> |
982 |
Signed-off-by: Guenther Deschner <gd@samba.org> |
983 |
Reviewed-by: Jeremy Allison <jra@samba.org> |
984 |
(cherry picked from commit 4172491cbe7bb8ad2a7089efe15fbe46fcc123fb) |
985 |
--- |
986 |
source3/winbindd/idmap_hash/idmap_hash.c | 16 ++++++++-------- |
987 |
1 file changed, 8 insertions(+), 8 deletions(-) |
988 |
|
989 |
diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c |
990 |
index f77ee3b..773d5a9 100644 |
991 |
--- a/source3/winbindd/idmap_hash/idmap_hash.c |
992 |
+++ b/source3/winbindd/idmap_hash/idmap_hash.c |
993 |
@@ -104,7 +104,7 @@ static void separate_hashes(uint32_t id, |
994 |
/********************************************************************* |
995 |
********************************************************************/ |
996 |
|
997 |
-static NTSTATUS be_init(struct idmap_domain *dom) |
998 |
+static NTSTATUS idmap_hash_initialize(struct idmap_domain *dom) |
999 |
{ |
1000 |
struct sid_hash_table *hashed_domains; |
1001 |
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; |
1002 |
@@ -153,10 +153,10 @@ static NTSTATUS be_init(struct idmap_domain *dom) |
1003 |
if ((hash = hash_domain_sid(&dom_list[i].sid)) == 0) |
1004 |
continue; |
1005 |
|
1006 |
- DEBUG(5,("hash:be_init() Adding %s (%s) -> %d\n", |
1007 |
- dom_list[i].domain_name, |
1008 |
- sid_string_dbg(&dom_list[i].sid), |
1009 |
- hash)); |
1010 |
+ DEBUG(3, ("Adding %s (%s) -> %d\n", |
1011 |
+ dom_list[i].domain_name, |
1012 |
+ sid_string_dbg(&dom_list[i].sid), |
1013 |
+ hash)); |
1014 |
|
1015 |
hashed_domains[hash].sid = talloc(hashed_domains, struct dom_sid); |
1016 |
sid_copy(hashed_domains[hash].sid, &dom_list[i].sid); |
1017 |
@@ -189,7 +189,7 @@ static NTSTATUS unixids_to_sids(struct idmap_domain *dom, |
1018 |
ids[i]->status = ID_UNKNOWN; |
1019 |
} |
1020 |
|
1021 |
- nt_status = be_init(dom); |
1022 |
+ nt_status = idmap_hash_initialize(dom); |
1023 |
BAIL_ON_NTSTATUS_ERROR(nt_status); |
1024 |
|
1025 |
for (i=0; ids[i]; i++) { |
1026 |
@@ -239,7 +239,7 @@ static NTSTATUS sids_to_unixids(struct idmap_domain *dom, |
1027 |
ids[i]->status = ID_UNKNOWN; |
1028 |
} |
1029 |
|
1030 |
- nt_status = be_init(dom); |
1031 |
+ nt_status = idmap_hash_initialize(dom); |
1032 |
BAIL_ON_NTSTATUS_ERROR(nt_status); |
1033 |
|
1034 |
for (i=0; ids[i]; i++) { |
1035 |
@@ -360,7 +360,7 @@ static NTSTATUS nss_hash_close(void) |
1036 |
********************************************************************/ |
1037 |
|
1038 |
static struct idmap_methods hash_idmap_methods = { |
1039 |
- .init = be_init, |
1040 |
+ .init = idmap_hash_initialize, |
1041 |
.unixids_to_sids = unixids_to_sids, |
1042 |
.sids_to_unixids = sids_to_unixids, |
1043 |
}; |
1044 |
-- |
1045 |
2.9.0 |
1046 |
|
1047 |
|
1048 |
From e4216d31e54d9936b021bf57fbaeddfcd8731995 Mon Sep 17 00:00:00 2001 |
1049 |
From: Michael Adam <obnox@samba.org> |
1050 |
Date: Mon, 14 Mar 2016 17:07:34 +0100 |
1051 |
Subject: [PATCH 13/14] idmap_hash: only allow the hash module for default |
1052 |
idmap config. |
1053 |
|
1054 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 |
1055 |
|
1056 |
This module only makes sense as the default idmap config |
1057 |
("idmap config * : backend = hash" ...) |
1058 |
|
1059 |
Pair-Programmed-With: Guenther Deschner <gd@samba.org> |
1060 |
|
1061 |
Signed-off-by: Michael Adam <obnox@samba.org> |
1062 |
Signed-off-by: Guenther Deschner <gd@samba.org> |
1063 |
Reviewed-by: Jeremy Allison <jra@samba.org> |
1064 |
(cherry picked from commit a16379c585a6f6e9470a8745b6043be8171eb615) |
1065 |
--- |
1066 |
source3/winbindd/idmap_hash/idmap_hash.c | 7 +++++++ |
1067 |
1 file changed, 7 insertions(+) |
1068 |
|
1069 |
diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c |
1070 |
index 773d5a9..b3aab86 100644 |
1071 |
--- a/source3/winbindd/idmap_hash/idmap_hash.c |
1072 |
+++ b/source3/winbindd/idmap_hash/idmap_hash.c |
1073 |
@@ -112,6 +112,13 @@ static NTSTATUS idmap_hash_initialize(struct idmap_domain *dom) |
1074 |
size_t num_domains = 0; |
1075 |
int i; |
1076 |
|
1077 |
+ if (!strequal(dom->name, "*")) { |
1078 |
+ DEBUG(0, ("Error: idmap_hash configured for domain '%s'. " |
1079 |
+ "But the hash module can only be used for the default " |
1080 |
+ "idmap configuration.\n", dom->name)); |
1081 |
+ return NT_STATUS_INVALID_PARAMETER; |
1082 |
+ } |
1083 |
+ |
1084 |
/* If the domain SID hash table has been initialized, assume |
1085 |
that we completed this function previously */ |
1086 |
|
1087 |
-- |
1088 |
2.9.0 |
1089 |
|
1090 |
|
1091 |
From 11a3354fcd7ff4bf6cd2cdb18e05b12c1ebc6cfd Mon Sep 17 00:00:00 2001 |
1092 |
From: Volker Lendecke <vl@samba.org> |
1093 |
Date: Tue, 22 Mar 2016 11:24:23 +0100 |
1094 |
Subject: [PATCH 14/14] winbind: Fix CID 1357100 Unchecked return value |
1095 |
MIME-Version: 1.0 |
1096 |
Content-Type: text/plain; charset=UTF-8 |
1097 |
Content-Transfer-Encoding: 8bit |
1098 |
|
1099 |
Signed-off-by: Volker Lendecke <vl@samba.org> |
1100 |
Reviewed-by: Ralph Boehme <slow@samba.org> |
1101 |
|
1102 |
Autobuild-User(master): Ralph Bรถhme <slow@samba.org> |
1103 |
Autobuild-Date(master): Tue Mar 22 15:49:14 CET 2016 on sn-devel-144 |
1104 |
|
1105 |
(cherry picked from commit 5291462bd8a683b2d21b5f21ad73f84939aa2d67) |
1106 |
--- |
1107 |
source3/winbindd/idmap.c | 6 +++++- |
1108 |
1 file changed, 5 insertions(+), 1 deletion(-) |
1109 |
|
1110 |
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
1111 |
index f716b6d..158fa81 100644 |
1112 |
--- a/source3/winbindd/idmap.c |
1113 |
+++ b/source3/winbindd/idmap.c |
1114 |
@@ -126,8 +126,12 @@ bool domain_has_idmap_config(const char *domname) |
1115 |
char *config_option; |
1116 |
const char *range = NULL; |
1117 |
const char *backend = NULL; |
1118 |
+ bool ok; |
1119 |
|
1120 |
- idmap_init(); |
1121 |
+ ok = idmap_init(); |
1122 |
+ if (!ok) { |
1123 |
+ return false; |
1124 |
+ } |
1125 |
|
1126 |
for (i=0; i<num_domains; i++) { |
1127 |
if (strequal(idmap_domains[i]->name, domname)) { |
1128 |
-- |
1129 |
2.9.0 |
1130 |
|