1 |
vip-ire |
1.1 |
From 8672b486a2c847361e0e157be19eb2143ac550ab Mon Sep 17 00:00:00 2001 |
2 |
|
|
From: Volker Lendecke <vl@samba.org> |
3 |
|
|
Date: Tue, 18 Aug 2015 13:18:33 +0200 |
4 |
|
|
Subject: [PATCH 01/14] loadparm3: Add lp_wi_scan_global_parametrics() |
5 |
|
|
|
6 |
|
|
This routine takes a regex and goes through all parametric parameters |
7 |
|
|
in [global], matching the regex. It can easily be extended to also |
8 |
|
|
look at shares, but right now it will only be used to list all idmap |
9 |
|
|
config domain names. |
10 |
|
|
|
11 |
|
|
Signed-off-by: Volker Lendecke <vl@samba.org> |
12 |
|
|
Reviewed-by: Stefan Metzmacher <metze@samba.org> |
13 |
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 |
14 |
|
|
(cherry picked from commit 443dd9bbbc641ede10a2a3708465f61ea3dfbde3) |
15 |
|
|
--- |
16 |
|
|
source3/include/proto.h | 9 ++++++ |
17 |
|
|
source3/param/loadparm.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++ |
18 |
|
|
2 files changed, 82 insertions(+) |
19 |
|
|
|
20 |
|
|
diff --git a/source3/include/proto.h b/source3/include/proto.h |
21 |
|
|
index be90024..df7eecc 100644 |
22 |
|
|
--- a/source3/include/proto.h |
23 |
|
|
+++ b/source3/include/proto.h |
24 |
|
|
@@ -23,6 +23,9 @@ |
25 |
|
|
#ifndef _PROTO_H_ |
26 |
|
|
#define _PROTO_H_ |
27 |
|
|
|
28 |
|
|
+#include <sys/types.h> |
29 |
|
|
+#include <regex.h> |
30 |
|
|
+ |
31 |
|
|
/* The following definitions come from lib/access.c */ |
32 |
|
|
|
33 |
|
|
bool client_match(const char *tok, const void *item); |
34 |
|
|
@@ -951,6 +954,12 @@ int lp_smb2_max_credits(void); |
35 |
|
|
int lp_cups_encrypt(void); |
36 |
|
|
bool lp_widelinks(int ); |
37 |
|
|
|
38 |
|
|
+int lp_wi_scan_global_parametrics( |
39 |
|
|
+ const char *regex, size_t max_matches, |
40 |
|
|
+ bool (*cb)(const char *string, regmatch_t matches[], |
41 |
|
|
+ void *private_data), |
42 |
|
|
+ void *private_data); |
43 |
|
|
+ |
44 |
|
|
char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *type, const char *option, const char *def); |
45 |
|
|
const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def); |
46 |
|
|
struct loadparm_service; |
47 |
|
|
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c |
48 |
|
|
index e805fa4..9e56aca 100644 |
49 |
|
|
--- a/source3/param/loadparm.c |
50 |
|
|
+++ b/source3/param/loadparm.c |
51 |
|
|
@@ -1074,6 +1074,79 @@ static struct parmlist_entry *get_parametrics(int snum, const char *type, |
52 |
|
|
} |
53 |
|
|
} |
54 |
|
|
|
55 |
|
|
+static void discard_whitespace(char *str) |
56 |
|
|
+{ |
57 |
|
|
+ size_t len = strlen(str); |
58 |
|
|
+ size_t i = 0; |
59 |
|
|
+ |
60 |
|
|
+ while (i < len) { |
61 |
|
|
+ if (isspace(str[i])) { |
62 |
|
|
+ memmove(&str[i], &str[i+1], len-i); |
63 |
|
|
+ len -= 1; |
64 |
|
|
+ continue; |
65 |
|
|
+ } |
66 |
|
|
+ i += 1; |
67 |
|
|
+ } |
68 |
|
|
+} |
69 |
|
|
+ |
70 |
|
|
+/** |
71 |
|
|
+ * @brief Go through all global parametric parameters |
72 |
|
|
+ * |
73 |
|
|
+ * @param regex_str A regular expression to scan param for |
74 |
|
|
+ * @param max_matches Max number of submatches the regexp expects |
75 |
|
|
+ * @param cb Function to call on match. Should return true |
76 |
|
|
+ * when it wants wi_scan_global_parametrics to stop |
77 |
|
|
+ * scanning |
78 |
|
|
+ * @param private_data Anonymous pointer passed to cb |
79 |
|
|
+ * |
80 |
|
|
+ * @return 0: success, regcomp/regexec return value on error. |
81 |
|
|
+ * See "man regexec" for possible errors |
82 |
|
|
+ */ |
83 |
|
|
+ |
84 |
|
|
+int lp_wi_scan_global_parametrics( |
85 |
|
|
+ const char *regex_str, size_t max_matches, |
86 |
|
|
+ bool (*cb)(const char *string, regmatch_t matches[], |
87 |
|
|
+ void *private_data), |
88 |
|
|
+ void *private_data) |
89 |
|
|
+{ |
90 |
|
|
+ struct parmlist_entry *data; |
91 |
|
|
+ regex_t regex; |
92 |
|
|
+ int ret; |
93 |
|
|
+ |
94 |
|
|
+ ret = regcomp(®ex, regex_str, REG_ICASE); |
95 |
|
|
+ if (ret != 0) { |
96 |
|
|
+ return ret; |
97 |
|
|
+ } |
98 |
|
|
+ |
99 |
|
|
+ for (data = Globals.param_opt; data != NULL; data = data->next) { |
100 |
|
|
+ size_t keylen = strlen(data->key); |
101 |
|
|
+ char key[keylen+1]; |
102 |
|
|
+ regmatch_t matches[max_matches]; |
103 |
|
|
+ bool stop; |
104 |
|
|
+ |
105 |
|
|
+ memcpy(key, data->key, sizeof(key)); |
106 |
|
|
+ discard_whitespace(key); |
107 |
|
|
+ |
108 |
|
|
+ ret = regexec(®ex, key, max_matches, matches, 0); |
109 |
|
|
+ if (ret == REG_NOMATCH) { |
110 |
|
|
+ continue; |
111 |
|
|
+ } |
112 |
|
|
+ if (ret != 0) { |
113 |
|
|
+ goto fail; |
114 |
|
|
+ } |
115 |
|
|
+ |
116 |
|
|
+ stop = cb(key, matches, private_data); |
117 |
|
|
+ if (stop) { |
118 |
|
|
+ break; |
119 |
|
|
+ } |
120 |
|
|
+ } |
121 |
|
|
+ |
122 |
|
|
+ ret = 0; |
123 |
|
|
+fail: |
124 |
|
|
+ regfree(®ex); |
125 |
|
|
+ return ret; |
126 |
|
|
+} |
127 |
|
|
+ |
128 |
|
|
|
129 |
|
|
#define MISSING_PARAMETER(name) \ |
130 |
|
|
DEBUG(0, ("%s(): value is NULL or empty!\n", #name)) |
131 |
|
|
-- |
132 |
|
|
2.9.0 |
133 |
|
|
|
134 |
|
|
|
135 |
|
|
From ef3701654107528530141bb9a66ee1209060f21c Mon Sep 17 00:00:00 2001 |
136 |
|
|
From: Volker Lendecke <vl@samba.org> |
137 |
|
|
Date: Thu, 22 Jan 2015 12:08:52 +0000 |
138 |
|
|
Subject: [PATCH 02/14] winbind: Fix idmap initialization |
139 |
|
|
|
140 |
|
|
The fix is in the sscanf line: %u in the sscanf format mandates the use of |
141 |
|
|
a pointer to an "unsigned". idmap_domain->[low|high]_id are uint32_t. On |
142 |
|
|
little endian 64-bit this might at least put the correct values into |
143 |
|
|
low_id and high_id, but might overwrite the read_only bit set earlier, |
144 |
|
|
depending on structure alignment and packing. On big endian 64-bit, |
145 |
|
|
this will just fail. |
146 |
|
|
|
147 |
|
|
Automatic conversion to uint32_t will happen only at assignment, not |
148 |
|
|
when you take a pointer of such a thing. |
149 |
|
|
|
150 |
|
|
Signed-off-by: Volker Lendecke <vl@samba.org> |
151 |
|
|
Reviewed-by: Andreas Schneider <asn@samba.org> |
152 |
|
|
|
153 |
|
|
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> |
154 |
|
|
Autobuild-Date(master): Thu Jan 22 17:58:16 CET 2015 on sn-devel-104 |
155 |
|
|
|
156 |
|
|
(cherry picked from commit 63552f1c4c05a710143f12c2269754d0e547d945) |
157 |
|
|
--- |
158 |
|
|
source3/winbindd/idmap.c | 14 ++++++++------ |
159 |
|
|
1 file changed, 8 insertions(+), 6 deletions(-) |
160 |
|
|
|
161 |
|
|
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
162 |
|
|
index a8beab7..841f710 100644 |
163 |
|
|
--- a/source3/winbindd/idmap.c |
164 |
|
|
+++ b/source3/winbindd/idmap.c |
165 |
|
|
@@ -172,6 +172,7 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, |
166 |
|
|
NTSTATUS status; |
167 |
|
|
char *config_option = NULL; |
168 |
|
|
const char *range; |
169 |
|
|
+ unsigned low_id, high_id; |
170 |
|
|
|
171 |
|
|
result = talloc_zero(mem_ctx, struct idmap_domain); |
172 |
|
|
if (result == NULL) { |
173 |
|
|
@@ -230,23 +231,24 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, |
174 |
|
|
result->name)); |
175 |
|
|
goto fail; |
176 |
|
|
} |
177 |
|
|
- } else if (sscanf(range, "%u - %u", &result->low_id, |
178 |
|
|
- &result->high_id) != 2) |
179 |
|
|
+ } else if (sscanf(range, "%u - %u", &low_id, &high_id) != 2) |
180 |
|
|
{ |
181 |
|
|
DEBUG(1, ("invalid range '%s' specified for domain " |
182 |
|
|
"'%s'\n", range, result->name)); |
183 |
|
|
if (check_range) { |
184 |
|
|
goto fail; |
185 |
|
|
} |
186 |
|
|
- } else if (result->low_id > result->high_id) { |
187 |
|
|
- DEBUG(1, ("Error: invalid idmap range detected: %lu - %lu\n", |
188 |
|
|
- (unsigned long)result->low_id, |
189 |
|
|
- (unsigned long)result->high_id)); |
190 |
|
|
+ } else if (low_id > high_id) { |
191 |
|
|
+ DEBUG(1, ("Error: invalid idmap range detected: %u - %u\n", |
192 |
|
|
+ low_id, high_id)); |
193 |
|
|
if (check_range) { |
194 |
|
|
goto fail; |
195 |
|
|
} |
196 |
|
|
} |
197 |
|
|
|
198 |
|
|
+ result->low_id = low_id; |
199 |
|
|
+ result->high_id = high_id; |
200 |
|
|
+ |
201 |
|
|
status = result->methods->init(result); |
202 |
|
|
if (!NT_STATUS_IS_OK(status)) { |
203 |
|
|
DEBUG(1, ("idmap initialization returned %s\n", |
204 |
|
|
-- |
205 |
|
|
2.9.0 |
206 |
|
|
|
207 |
|
|
|
208 |
|
|
From ad0688f0b2ed0e060fa2c5a612d10bf4daa2e9cf Mon Sep 17 00:00:00 2001 |
209 |
|
|
From: Volker Lendecke <vl@samba.org> |
210 |
|
|
Date: Wed, 4 Mar 2015 10:22:48 +0100 |
211 |
|
|
Subject: [PATCH 03/14] winbind: Fix CID 1273295 Uninitialized scalar variable |
212 |
|
|
|
213 |
|
|
Signed-off-by: Volker Lendecke <vl@samba.org> |
214 |
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org> |
215 |
|
|
(cherry picked from commit 25928b1bcc031469c5321ab283a8d0c32dde2f4f) |
216 |
|
|
--- |
217 |
|
|
source3/winbindd/idmap.c | 3 ++- |
218 |
|
|
1 file changed, 2 insertions(+), 1 deletion(-) |
219 |
|
|
|
220 |
|
|
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
221 |
|
|
index 841f710..70f4e02 100644 |
222 |
|
|
--- a/source3/winbindd/idmap.c |
223 |
|
|
+++ b/source3/winbindd/idmap.c |
224 |
|
|
@@ -172,7 +172,8 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, |
225 |
|
|
NTSTATUS status; |
226 |
|
|
char *config_option = NULL; |
227 |
|
|
const char *range; |
228 |
|
|
- unsigned low_id, high_id; |
229 |
|
|
+ unsigned low_id = 0; |
230 |
|
|
+ unsigned high_id; |
231 |
|
|
|
232 |
|
|
result = talloc_zero(mem_ctx, struct idmap_domain); |
233 |
|
|
if (result == NULL) { |
234 |
|
|
-- |
235 |
|
|
2.9.0 |
236 |
|
|
|
237 |
|
|
|
238 |
|
|
From 940b73398d1e8847504db4d989ee548966f1e9c5 Mon Sep 17 00:00:00 2001 |
239 |
|
|
From: Volker Lendecke <vl@samba.org> |
240 |
|
|
Date: Wed, 4 Mar 2015 10:28:20 +0100 |
241 |
|
|
Subject: [PATCH 04/14] winbind: Fix CID 1273294 Uninitialized scalar variable |
242 |
|
|
|
243 |
|
|
Signed-off-by: Volker Lendecke <vl@samba.org> |
244 |
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org> |
245 |
|
|
(cherry picked from commit 8e195fb52ecfa3c263f68b74f989fb48a3c9116f) |
246 |
|
|
--- |
247 |
|
|
source3/winbindd/idmap.c | 2 +- |
248 |
|
|
1 file changed, 1 insertion(+), 1 deletion(-) |
249 |
|
|
|
250 |
|
|
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
251 |
|
|
index 70f4e02..1e2feb9 100644 |
252 |
|
|
--- a/source3/winbindd/idmap.c |
253 |
|
|
+++ b/source3/winbindd/idmap.c |
254 |
|
|
@@ -173,7 +173,7 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, |
255 |
|
|
char *config_option = NULL; |
256 |
|
|
const char *range; |
257 |
|
|
unsigned low_id = 0; |
258 |
|
|
- unsigned high_id; |
259 |
|
|
+ unsigned high_id = 0; |
260 |
|
|
|
261 |
|
|
result = talloc_zero(mem_ctx, struct idmap_domain); |
262 |
|
|
if (result == NULL) { |
263 |
|
|
-- |
264 |
|
|
2.9.0 |
265 |
|
|
|
266 |
|
|
|
267 |
|
|
From 461e69a3cb81247f0d514de865981ad56517d901 Mon Sep 17 00:00:00 2001 |
268 |
|
|
From: Volker Lendecke <vl@samba.org> |
269 |
|
|
Date: Tue, 18 Aug 2015 16:58:02 +0200 |
270 |
|
|
Subject: [PATCH 05/14] idmap: Move idmap_init() under the static vars |
271 |
|
|
|
272 |
|
|
Just moving code, idmap_init will need to reference the variables |
273 |
|
|
|
274 |
|
|
Signed-off-by: Volker Lendecke <vl@samba.org> |
275 |
|
|
Reviewed-by: Stefan Metzmacher <metze@samba.org> |
276 |
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 |
277 |
|
|
(cherry picked from commit d36de86639b7782e1e959d61917d8f19fdfc902c) |
278 |
|
|
--- |
279 |
|
|
source3/winbindd/idmap.c | 30 +++++++++++++++--------------- |
280 |
|
|
1 file changed, 15 insertions(+), 15 deletions(-) |
281 |
|
|
|
282 |
|
|
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
283 |
|
|
index 1e2feb9..0ba8fda 100644 |
284 |
|
|
--- a/source3/winbindd/idmap.c |
285 |
|
|
+++ b/source3/winbindd/idmap.c |
286 |
|
|
@@ -32,21 +32,6 @@ |
287 |
|
|
|
288 |
|
|
static_decl_idmap; |
289 |
|
|
|
290 |
|
|
-static void idmap_init(void) |
291 |
|
|
-{ |
292 |
|
|
- static bool initialized; |
293 |
|
|
- |
294 |
|
|
- if (initialized) { |
295 |
|
|
- return; |
296 |
|
|
- } |
297 |
|
|
- |
298 |
|
|
- DEBUG(10, ("idmap_init(): calling static_init_idmap\n")); |
299 |
|
|
- |
300 |
|
|
- static_init_idmap; |
301 |
|
|
- |
302 |
|
|
- initialized = true; |
303 |
|
|
-} |
304 |
|
|
- |
305 |
|
|
/** |
306 |
|
|
* Pointer to the backend methods. Modules register themselves here via |
307 |
|
|
* smb_register_idmap. |
308 |
|
|
@@ -79,6 +64,21 @@ static struct idmap_domain *passdb_idmap_domain; |
309 |
|
|
static struct idmap_domain **idmap_domains = NULL; |
310 |
|
|
static int num_domains = 0; |
311 |
|
|
|
312 |
|
|
+static void idmap_init(void) |
313 |
|
|
+{ |
314 |
|
|
+ static bool initialized; |
315 |
|
|
+ |
316 |
|
|
+ if (initialized) { |
317 |
|
|
+ return; |
318 |
|
|
+ } |
319 |
|
|
+ |
320 |
|
|
+ DEBUG(10, ("idmap_init(): calling static_init_idmap\n")); |
321 |
|
|
+ |
322 |
|
|
+ static_init_idmap; |
323 |
|
|
+ |
324 |
|
|
+ initialized = true; |
325 |
|
|
+} |
326 |
|
|
+ |
327 |
|
|
static struct idmap_methods *get_methods(const char *name) |
328 |
|
|
{ |
329 |
|
|
struct idmap_backend *b; |
330 |
|
|
-- |
331 |
|
|
2.9.0 |
332 |
|
|
|
333 |
|
|
|
334 |
|
|
From 5b3f88a29d5e9d6133f6a1e43e3db69dc6fdd1f2 Mon Sep 17 00:00:00 2001 |
335 |
|
|
From: Volker Lendecke <vl@samba.org> |
336 |
|
|
Date: Wed, 19 Aug 2015 17:00:46 +0200 |
337 |
|
|
Subject: [PATCH 06/14] idmap: Initialize all idmap domains at startup |
338 |
|
|
|
339 |
|
|
So far we have initialized idmap domains on demand indexed by name. |
340 |
|
|
For sid2xid this works okay, because we could do lookupsids before |
341 |
|
|
and thus get the name. For xid2sid this is more problematic. We |
342 |
|
|
have to rely on enumtrustdoms to work completely, and we have to |
343 |
|
|
look at the list of winbind domains in the parent to get the domain |
344 |
|
|
name. Relying on domain->have_idmap_config is not particularly nice. |
345 |
|
|
|
346 |
|
|
This patch re-works initialization of idmap domains by scanning all |
347 |
|
|
parametric parameters, scanning for :backend configuration settings. |
348 |
|
|
This way we get a complete list of :range definitions. This means |
349 |
|
|
we can rely on the idmap domain array to be complete. This in turn |
350 |
|
|
means we can live without the domain name to find a domain, we can |
351 |
|
|
do a range search by uid or gid. |
352 |
|
|
|
353 |
|
|
Signed-off-by: Volker Lendecke <vl@samba.org> |
354 |
|
|
Reviewed-by: Stefan Metzmacher <metze@samba.org> |
355 |
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 |
356 |
|
|
(cherry picked from commit ef0c91195533d95ba4fb7947ff5f69c20aa677b8) |
357 |
|
|
--- |
358 |
|
|
source3/winbindd/idmap.c | 199 ++++++++++++++++++++++++++--------------------- |
359 |
|
|
1 file changed, 109 insertions(+), 90 deletions(-) |
360 |
|
|
|
361 |
|
|
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
362 |
|
|
index 0ba8fda..40d87a7 100644 |
363 |
|
|
--- a/source3/winbindd/idmap.c |
364 |
|
|
+++ b/source3/winbindd/idmap.c |
365 |
|
|
@@ -64,12 +64,22 @@ static struct idmap_domain *passdb_idmap_domain; |
366 |
|
|
static struct idmap_domain **idmap_domains = NULL; |
367 |
|
|
static int num_domains = 0; |
368 |
|
|
|
369 |
|
|
-static void idmap_init(void) |
370 |
|
|
+static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx, |
371 |
|
|
+ const char *domname); |
372 |
|
|
+static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, |
373 |
|
|
+ const char *domainname, |
374 |
|
|
+ const char *modulename, |
375 |
|
|
+ bool check_range); |
376 |
|
|
+static bool idmap_found_domain_backend( |
377 |
|
|
+ const char *string, regmatch_t matches[], void *private_data); |
378 |
|
|
+ |
379 |
|
|
+static bool idmap_init(void) |
380 |
|
|
{ |
381 |
|
|
static bool initialized; |
382 |
|
|
+ int ret; |
383 |
|
|
|
384 |
|
|
if (initialized) { |
385 |
|
|
- return; |
386 |
|
|
+ return true; |
387 |
|
|
} |
388 |
|
|
|
389 |
|
|
DEBUG(10, ("idmap_init(): calling static_init_idmap\n")); |
390 |
|
|
@@ -77,6 +87,80 @@ static void idmap_init(void) |
391 |
|
|
static_init_idmap; |
392 |
|
|
|
393 |
|
|
initialized = true; |
394 |
|
|
+ |
395 |
|
|
+ if (!pdb_is_responsible_for_everything_else()) { |
396 |
|
|
+ default_idmap_domain = idmap_init_named_domain(NULL, "*"); |
397 |
|
|
+ if (default_idmap_domain == NULL) { |
398 |
|
|
+ return false; |
399 |
|
|
+ } |
400 |
|
|
+ } |
401 |
|
|
+ |
402 |
|
|
+ passdb_idmap_domain = idmap_init_domain( |
403 |
|
|
+ NULL, get_global_sam_name(), "passdb", false); |
404 |
|
|
+ if (passdb_idmap_domain == NULL) { |
405 |
|
|
+ TALLOC_FREE(default_idmap_domain); |
406 |
|
|
+ return false; |
407 |
|
|
+ } |
408 |
|
|
+ |
409 |
|
|
+ idmap_domains = talloc_array(NULL, struct idmap_domain *, 0); |
410 |
|
|
+ if (idmap_domains == NULL) { |
411 |
|
|
+ TALLOC_FREE(passdb_idmap_domain); |
412 |
|
|
+ TALLOC_FREE(default_idmap_domain); |
413 |
|
|
+ return false; |
414 |
|
|
+ } |
415 |
|
|
+ |
416 |
|
|
+ ret = lp_wi_scan_global_parametrics( |
417 |
|
|
+ "idmapconfig\\(.*\\):backend", 2, |
418 |
|
|
+ idmap_found_domain_backend, NULL); |
419 |
|
|
+ if (ret != 0) { |
420 |
|
|
+ DEBUG(5, ("wi_scan_global_parametrics returned %d\n", ret)); |
421 |
|
|
+ return false; |
422 |
|
|
+ } |
423 |
|
|
+ |
424 |
|
|
+ return true; |
425 |
|
|
+} |
426 |
|
|
+ |
427 |
|
|
+static bool idmap_found_domain_backend( |
428 |
|
|
+ const char *string, regmatch_t matches[], void *private_data) |
429 |
|
|
+{ |
430 |
|
|
+ if (matches[1].rm_so == -1) { |
431 |
|
|
+ DEBUG(5, ("Found match, but no name??\n")); |
432 |
|
|
+ return false; |
433 |
|
|
+ } |
434 |
|
|
+ |
435 |
|
|
+ { |
436 |
|
|
+ struct idmap_domain *dom, **tmp; |
437 |
|
|
+ regoff_t len = matches[1].rm_eo - matches[1].rm_so; |
438 |
|
|
+ char domname[len+1]; |
439 |
|
|
+ |
440 |
|
|
+ memcpy(domname, string + matches[1].rm_so, len); |
441 |
|
|
+ domname[len] = '\0'; |
442 |
|
|
+ |
443 |
|
|
+ DEBUG(7, ("Found idmap domain \"%s\"\n", domname)); |
444 |
|
|
+ |
445 |
|
|
+ if (strcmp(domname, "*") == 0) { |
446 |
|
|
+ return false; |
447 |
|
|
+ } |
448 |
|
|
+ |
449 |
|
|
+ dom = idmap_init_named_domain(idmap_domains, domname); |
450 |
|
|
+ if (dom == NULL) { |
451 |
|
|
+ DEBUG(3, ("Could not init idmap domain %s\n", |
452 |
|
|
+ domname)); |
453 |
|
|
+ } |
454 |
|
|
+ |
455 |
|
|
+ tmp = talloc_realloc(idmap_domains, idmap_domains, |
456 |
|
|
+ struct idmap_domain *, num_domains + 1); |
457 |
|
|
+ if (tmp == NULL) { |
458 |
|
|
+ DEBUG(1, ("talloc_realloc failed\n")); |
459 |
|
|
+ TALLOC_FREE(dom); |
460 |
|
|
+ return false; |
461 |
|
|
+ } |
462 |
|
|
+ idmap_domains = tmp; |
463 |
|
|
+ idmap_domains[num_domains] = dom; |
464 |
|
|
+ num_domains += 1; |
465 |
|
|
+ } |
466 |
|
|
+ |
467 |
|
|
+ return false; |
468 |
|
|
} |
469 |
|
|
|
470 |
|
|
static struct idmap_methods *get_methods(const char *name) |
471 |
|
|
@@ -280,8 +364,12 @@ static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx, |
472 |
|
|
struct idmap_domain *result = NULL; |
473 |
|
|
char *config_option; |
474 |
|
|
const char *backend; |
475 |
|
|
+ bool ok; |
476 |
|
|
|
477 |
|
|
- idmap_init(); |
478 |
|
|
+ ok = idmap_init(); |
479 |
|
|
+ if (!ok) { |
480 |
|
|
+ return NULL; |
481 |
|
|
+ } |
482 |
|
|
|
483 |
|
|
config_option = talloc_asprintf(talloc_tos(), "idmap config %s", |
484 |
|
|
domname); |
485 |
|
|
@@ -312,57 +400,6 @@ fail: |
486 |
|
|
} |
487 |
|
|
|
488 |
|
|
/** |
489 |
|
|
- * Initialize the default domain structure |
490 |
|
|
- * @param[in] mem_ctx memory context for the result |
491 |
|
|
- * @result The default domain structure |
492 |
|
|
- * |
493 |
|
|
- * This routine takes the module name from the "idmap backend" parameter, |
494 |
|
|
- * passing a possible parameter like ldap:ldap://ldap-url/ to the module. |
495 |
|
|
- */ |
496 |
|
|
- |
497 |
|
|
-static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx) |
498 |
|
|
-{ |
499 |
|
|
- return idmap_init_named_domain(mem_ctx, "*"); |
500 |
|
|
-} |
501 |
|
|
- |
502 |
|
|
-/** |
503 |
|
|
- * Initialize the passdb domain structure |
504 |
|
|
- * @param[in] mem_ctx memory context for the result |
505 |
|
|
- * @result The default domain structure |
506 |
|
|
- * |
507 |
|
|
- * No config, passdb has its own configuration. |
508 |
|
|
- */ |
509 |
|
|
- |
510 |
|
|
-static struct idmap_domain *idmap_passdb_domain(TALLOC_CTX *mem_ctx) |
511 |
|
|
-{ |
512 |
|
|
- idmap_init(); |
513 |
|
|
- |
514 |
|
|
- if (!pdb_is_responsible_for_everything_else()) { |
515 |
|
|
- /* |
516 |
|
|
- * Always init the default domain, we can't go without one |
517 |
|
|
- */ |
518 |
|
|
- if (default_idmap_domain == NULL) { |
519 |
|
|
- default_idmap_domain = idmap_init_default_domain(NULL); |
520 |
|
|
- } |
521 |
|
|
- if (default_idmap_domain == NULL) { |
522 |
|
|
- return NULL; |
523 |
|
|
- } |
524 |
|
|
- } |
525 |
|
|
- |
526 |
|
|
- if (passdb_idmap_domain != NULL) { |
527 |
|
|
- return passdb_idmap_domain; |
528 |
|
|
- } |
529 |
|
|
- |
530 |
|
|
- passdb_idmap_domain = idmap_init_domain(mem_ctx, get_global_sam_name(), |
531 |
|
|
- "passdb", false); |
532 |
|
|
- if (passdb_idmap_domain == NULL) { |
533 |
|
|
- DEBUG(1, ("Could not init passdb idmap domain\n")); |
534 |
|
|
- } |
535 |
|
|
- |
536 |
|
|
- return passdb_idmap_domain; |
537 |
|
|
-} |
538 |
|
|
- |
539 |
|
|
-/** |
540 |
|
|
* Find a domain struct according to a domain name |
541 |
|
|
* @param[in] domname Domain name to get the config for |
542 |
|
|
* @result The default domain structure that fits |
543 |
|
|
@@ -379,21 +416,14 @@ static struct idmap_domain *idmap_passdb_domain(TALLOC_CTX *mem_ctx) |
544 |
|
|
|
545 |
|
|
static struct idmap_domain *idmap_find_domain(const char *domname) |
546 |
|
|
{ |
547 |
|
|
- struct idmap_domain *result; |
548 |
|
|
+ bool ok; |
549 |
|
|
int i; |
550 |
|
|
|
551 |
|
|
DEBUG(10, ("idmap_find_domain called for domain '%s'\n", |
552 |
|
|
domname?domname:"NULL")); |
553 |
|
|
|
554 |
|
|
- idmap_init(); |
555 |
|
|
- |
556 |
|
|
- /* |
557 |
|
|
- * Always init the default domain, we can't go without one |
558 |
|
|
- */ |
559 |
|
|
- if (default_idmap_domain == NULL) { |
560 |
|
|
- default_idmap_domain = idmap_init_default_domain(NULL); |
561 |
|
|
- } |
562 |
|
|
- if (default_idmap_domain == NULL) { |
563 |
|
|
+ ok = idmap_init(); |
564 |
|
|
+ if (!ok) { |
565 |
|
|
return NULL; |
566 |
|
|
} |
567 |
|
|
|
568 |
|
|
@@ -407,38 +437,21 @@ static struct idmap_domain *idmap_find_domain(const char *domname) |
569 |
|
|
} |
570 |
|
|
} |
571 |
|
|
|
572 |
|
|
- if (idmap_domains == NULL) { |
573 |
|
|
- /* |
574 |
|
|
- * talloc context for all idmap domains |
575 |
|
|
- */ |
576 |
|
|
- idmap_domains = talloc_array(NULL, struct idmap_domain *, 1); |
577 |
|
|
- } |
578 |
|
|
- |
579 |
|
|
- if (idmap_domains == NULL) { |
580 |
|
|
- DEBUG(0, ("talloc failed\n")); |
581 |
|
|
- return NULL; |
582 |
|
|
- } |
583 |
|
|
- |
584 |
|
|
- result = idmap_init_named_domain(idmap_domains, domname); |
585 |
|
|
- if (result == NULL) { |
586 |
|
|
- /* |
587 |
|
|
- * Could not init that domain -- try the default one |
588 |
|
|
- */ |
589 |
|
|
- return default_idmap_domain; |
590 |
|
|
- } |
591 |
|
|
- |
592 |
|
|
- ADD_TO_ARRAY(idmap_domains, struct idmap_domain *, result, |
593 |
|
|
- &idmap_domains, &num_domains); |
594 |
|
|
- return result; |
595 |
|
|
+ return default_idmap_domain; |
596 |
|
|
} |
597 |
|
|
|
598 |
|
|
struct idmap_domain *idmap_find_domain_with_sid(const char *domname, |
599 |
|
|
const struct dom_sid *sid) |
600 |
|
|
{ |
601 |
|
|
- idmap_init(); |
602 |
|
|
+ bool ok; |
603 |
|
|
+ |
604 |
|
|
+ ok = idmap_init(); |
605 |
|
|
+ if (!ok) { |
606 |
|
|
+ return NULL; |
607 |
|
|
+ } |
608 |
|
|
|
609 |
|
|
if (sid_check_is_for_passdb(sid)) { |
610 |
|
|
- return idmap_passdb_domain(NULL); |
611 |
|
|
+ return passdb_idmap_domain; |
612 |
|
|
} |
613 |
|
|
|
614 |
|
|
return idmap_find_domain(domname); |
615 |
|
|
@@ -493,6 +506,12 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) |
616 |
|
|
{ |
617 |
|
|
struct idmap_domain *dom; |
618 |
|
|
struct id_map *maps[2]; |
619 |
|
|
+ bool ok; |
620 |
|
|
+ |
621 |
|
|
+ ok = idmap_init(); |
622 |
|
|
+ if (!ok) { |
623 |
|
|
+ return NT_STATUS_NONE_MAPPED; |
624 |
|
|
+ } |
625 |
|
|
|
626 |
|
|
DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d " |
627 |
|
|
"(type %d)\n", |
628 |
|
|
@@ -505,7 +524,7 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) |
629 |
|
|
* Always give passdb a chance first |
630 |
|
|
*/ |
631 |
|
|
|
632 |
|
|
- dom = idmap_passdb_domain(NULL); |
633 |
|
|
+ dom = passdb_idmap_domain; |
634 |
|
|
if ((dom != NULL) |
635 |
|
|
&& NT_STATUS_IS_OK(dom->methods->unixids_to_sids(dom, maps)) |
636 |
|
|
&& id->status == ID_MAPPED) { |
637 |
|
|
-- |
638 |
|
|
2.9.0 |
639 |
|
|
|
640 |
|
|
|
641 |
|
|
From 808cde4e8490af596ec2c6d1df3a24c4e2b719cb Mon Sep 17 00:00:00 2001 |
642 |
|
|
From: Volker Lendecke <vl@samba.org> |
643 |
|
|
Date: Tue, 18 Aug 2015 17:30:27 +0200 |
644 |
|
|
Subject: [PATCH 07/14] idmap: Use a range search in |
645 |
|
|
idmap_backends_unixid_to_sid |
646 |
|
|
|
647 |
|
|
This obsoletes the domain name in the xid2sid calls |
648 |
|
|
|
649 |
|
|
Signed-off-by: Volker Lendecke <vl@samba.org> |
650 |
|
|
Reviewed-by: Stefan Metzmacher <metze@samba.org> |
651 |
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 |
652 |
|
|
(cherry picked from commit ad626b9e6b3c200c70b0d840c956f7b6fff20660) |
653 |
|
|
--- |
654 |
|
|
source3/winbindd/idmap.c | 12 +++++++++++- |
655 |
|
|
1 file changed, 11 insertions(+), 1 deletion(-) |
656 |
|
|
|
657 |
|
|
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
658 |
|
|
index 40d87a7..aff5792 100644 |
659 |
|
|
--- a/source3/winbindd/idmap.c |
660 |
|
|
+++ b/source3/winbindd/idmap.c |
661 |
|
|
@@ -507,6 +507,7 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) |
662 |
|
|
struct idmap_domain *dom; |
663 |
|
|
struct id_map *maps[2]; |
664 |
|
|
bool ok; |
665 |
|
|
+ int i; |
666 |
|
|
|
667 |
|
|
ok = idmap_init(); |
668 |
|
|
if (!ok) { |
669 |
|
|
@@ -531,7 +532,16 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) |
670 |
|
|
return NT_STATUS_OK; |
671 |
|
|
} |
672 |
|
|
|
673 |
|
|
- dom = idmap_find_domain(domname); |
674 |
|
|
+ dom = default_idmap_domain; |
675 |
|
|
+ |
676 |
|
|
+ for (i=0; i<num_domains; i++) { |
677 |
|
|
+ if ((id->xid.id >= idmap_domains[i]->low_id) && |
678 |
|
|
+ (id->xid.id <= idmap_domains[i]->high_id)) { |
679 |
|
|
+ dom = idmap_domains[i]; |
680 |
|
|
+ break; |
681 |
|
|
+ } |
682 |
|
|
+ } |
683 |
|
|
+ |
684 |
|
|
if (dom == NULL) { |
685 |
|
|
return NT_STATUS_NONE_MAPPED; |
686 |
|
|
} |
687 |
|
|
-- |
688 |
|
|
2.9.0 |
689 |
|
|
|
690 |
|
|
|
691 |
|
|
From ebc02665c40d38fca33df001a4f660a18719e33b Mon Sep 17 00:00:00 2001 |
692 |
|
|
From: Volker Lendecke <vl@samba.org> |
693 |
|
|
Date: Tue, 18 Aug 2015 17:34:29 +0200 |
694 |
|
|
Subject: [PATCH 08/14] idmap: Remove "domname" from |
695 |
|
|
idmap_backends_unixid_to_sid |
696 |
|
|
|
697 |
|
|
Signed-off-by: Volker Lendecke <vl@samba.org> |
698 |
|
|
Reviewed-by: Stefan Metzmacher <metze@samba.org> |
699 |
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 |
700 |
|
|
(cherry picked from commit ac4cc243771fc3273872547087679db21c9bb1cb) |
701 |
|
|
--- |
702 |
|
|
source3/torture/test_idmap_tdb_common.c | 2 +- |
703 |
|
|
source3/winbindd/idmap.c | 8 ++++---- |
704 |
|
|
source3/winbindd/idmap_proto.h | 3 +-- |
705 |
|
|
source3/winbindd/idmap_util.c | 4 ++-- |
706 |
|
|
4 files changed, 8 insertions(+), 9 deletions(-) |
707 |
|
|
|
708 |
|
|
diff --git a/source3/torture/test_idmap_tdb_common.c b/source3/torture/test_idmap_tdb_common.c |
709 |
|
|
index f7262a2..dd736ad 100644 |
710 |
|
|
--- a/source3/torture/test_idmap_tdb_common.c |
711 |
|
|
+++ b/source3/torture/test_idmap_tdb_common.c |
712 |
|
|
@@ -62,7 +62,7 @@ bool idmap_is_online(void) |
713 |
|
|
return true; |
714 |
|
|
} |
715 |
|
|
|
716 |
|
|
-NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) |
717 |
|
|
+NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id) |
718 |
|
|
{ |
719 |
|
|
return NT_STATUS_OK; |
720 |
|
|
} |
721 |
|
|
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
722 |
|
|
index aff5792..56ebf21 100644 |
723 |
|
|
--- a/source3/winbindd/idmap.c |
724 |
|
|
+++ b/source3/winbindd/idmap.c |
725 |
|
|
@@ -146,6 +146,7 @@ static bool idmap_found_domain_backend( |
726 |
|
|
if (dom == NULL) { |
727 |
|
|
DEBUG(3, ("Could not init idmap domain %s\n", |
728 |
|
|
domname)); |
729 |
|
|
+ return false; |
730 |
|
|
} |
731 |
|
|
|
732 |
|
|
tmp = talloc_realloc(idmap_domains, idmap_domains, |
733 |
|
|
@@ -502,7 +503,7 @@ NTSTATUS idmap_allocate_gid(struct unixid *id) |
734 |
|
|
return idmap_allocate_unixid(id); |
735 |
|
|
} |
736 |
|
|
|
737 |
|
|
-NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) |
738 |
|
|
+NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id) |
739 |
|
|
{ |
740 |
|
|
struct idmap_domain *dom; |
741 |
|
|
struct id_map *maps[2]; |
742 |
|
|
@@ -514,9 +515,8 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) |
743 |
|
|
return NT_STATUS_NONE_MAPPED; |
744 |
|
|
} |
745 |
|
|
|
746 |
|
|
- DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d " |
747 |
|
|
- "(type %d)\n", |
748 |
|
|
- domname?domname:"NULL", id->xid.id, id->xid.type)); |
749 |
|
|
+ DEBUG(10, ("idmap_backend_unixid_to_sid: xid = %d (type %d)\n", |
750 |
|
|
+ id->xid.id, id->xid.type)); |
751 |
|
|
|
752 |
|
|
maps[0] = id; |
753 |
|
|
maps[1] = NULL; |
754 |
|
|
diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h |
755 |
|
|
index f7af8ed..159aac6 100644 |
756 |
|
|
--- a/source3/winbindd/idmap_proto.h |
757 |
|
|
+++ b/source3/winbindd/idmap_proto.h |
758 |
|
|
@@ -34,8 +34,7 @@ NTSTATUS smb_register_idmap(int version, const char *name, |
759 |
|
|
void idmap_close(void); |
760 |
|
|
NTSTATUS idmap_allocate_uid(struct unixid *id); |
761 |
|
|
NTSTATUS idmap_allocate_gid(struct unixid *id); |
762 |
|
|
-NTSTATUS idmap_backends_unixid_to_sid(const char *domname, |
763 |
|
|
- struct id_map *id); |
764 |
|
|
+NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id); |
765 |
|
|
|
766 |
|
|
/* The following definitions come from winbindd/idmap_nss.c */ |
767 |
|
|
|
768 |
|
|
diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c |
769 |
|
|
index e671acf..08857ab 100644 |
770 |
|
|
--- a/source3/winbindd/idmap_util.c |
771 |
|
|
+++ b/source3/winbindd/idmap_util.c |
772 |
|
|
@@ -66,7 +66,7 @@ backend: |
773 |
|
|
map.xid.type = ID_TYPE_UID; |
774 |
|
|
map.xid.id = uid; |
775 |
|
|
|
776 |
|
|
- ret = idmap_backends_unixid_to_sid(domname, &map); |
777 |
|
|
+ ret = idmap_backends_unixid_to_sid(&map); |
778 |
|
|
if ( ! NT_STATUS_IS_OK(ret)) { |
779 |
|
|
DEBUG(10, ("error mapping uid [%lu]: %s\n", (unsigned long)uid, |
780 |
|
|
nt_errstr(ret))); |
781 |
|
|
@@ -130,7 +130,7 @@ backend: |
782 |
|
|
map.xid.type = ID_TYPE_GID; |
783 |
|
|
map.xid.id = gid; |
784 |
|
|
|
785 |
|
|
- ret = idmap_backends_unixid_to_sid(domname, &map); |
786 |
|
|
+ ret = idmap_backends_unixid_to_sid(&map); |
787 |
|
|
if ( ! NT_STATUS_IS_OK(ret)) { |
788 |
|
|
DEBUG(10, ("error mapping gid [%lu]: %s\n", (unsigned long)gid, |
789 |
|
|
nt_errstr(ret))); |
790 |
|
|
-- |
791 |
|
|
2.9.0 |
792 |
|
|
|
793 |
|
|
|
794 |
|
|
From e7ca0730e3b3ba4eaa447b1ff487377978c70e64 Mon Sep 17 00:00:00 2001 |
795 |
|
|
From: Michael Adam <obnox@samba.org> |
796 |
|
|
Date: Thu, 10 Mar 2016 10:38:29 +0100 |
797 |
|
|
Subject: [PATCH 09/14] s3:winbindd:idmap: add domain_has_idmap_config() helper |
798 |
|
|
function. |
799 |
|
|
|
800 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 |
801 |
|
|
|
802 |
|
|
Pair-Programmed-With: Guenther Deschner <gd@samba.org> |
803 |
|
|
|
804 |
|
|
Signed-off-by: Michael Adam <obnox@samba.org> |
805 |
|
|
Signed-off-by: Guenther Deschner <gd@samba.org> |
806 |
|
|
Reviewed-by: Jeremy Allison <jra@samba.org> |
807 |
|
|
(cherry picked from commit fb80e1158bb1a14f2602e65464909a213296cde1) |
808 |
|
|
--- |
809 |
|
|
source3/winbindd/idmap.c | 15 +++++++++++++++ |
810 |
|
|
source3/winbindd/winbindd_proto.h | 1 + |
811 |
|
|
2 files changed, 16 insertions(+) |
812 |
|
|
|
813 |
|
|
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
814 |
|
|
index 56ebf21..7a96b92 100644 |
815 |
|
|
--- a/source3/winbindd/idmap.c |
816 |
|
|
+++ b/source3/winbindd/idmap.c |
817 |
|
|
@@ -120,6 +120,21 @@ static bool idmap_init(void) |
818 |
|
|
return true; |
819 |
|
|
} |
820 |
|
|
|
821 |
|
|
+bool domain_has_idmap_config(const char *domname) |
822 |
|
|
+{ |
823 |
|
|
+ int i; |
824 |
|
|
+ |
825 |
|
|
+ idmap_init(); |
826 |
|
|
+ |
827 |
|
|
+ for (i=0; i<num_domains; i++) { |
828 |
|
|
+ if (strequal(idmap_domains[i]->name, domname)) { |
829 |
|
|
+ return true; |
830 |
|
|
+ } |
831 |
|
|
+ } |
832 |
|
|
+ |
833 |
|
|
+ return false; |
834 |
|
|
+} |
835 |
|
|
+ |
836 |
|
|
static bool idmap_found_domain_backend( |
837 |
|
|
const char *string, regmatch_t matches[], void *private_data) |
838 |
|
|
{ |
839 |
|
|
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h |
840 |
|
|
index 42fffc0..85aee5b 100644 |
841 |
|
|
--- a/source3/winbindd/winbindd_proto.h |
842 |
|
|
+++ b/source3/winbindd/winbindd_proto.h |
843 |
|
|
@@ -339,6 +339,7 @@ void init_idmap_child(void); |
844 |
|
|
struct winbindd_child *idmap_child(void); |
845 |
|
|
struct idmap_domain *idmap_find_domain_with_sid(const char *domname, |
846 |
|
|
const struct dom_sid *sid); |
847 |
|
|
+bool domain_has_idmap_config(const char *domname); |
848 |
|
|
|
849 |
|
|
/* The following definitions come from winbindd/winbindd_locator.c */ |
850 |
|
|
|
851 |
|
|
-- |
852 |
|
|
2.9.0 |
853 |
|
|
|
854 |
|
|
|
855 |
|
|
From d58905a6113fc0dc1e5cccb91568a550ee953999 Mon Sep 17 00:00:00 2001 |
856 |
|
|
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> |
857 |
|
|
Date: Thu, 10 Mar 2016 10:39:15 +0100 |
858 |
|
|
Subject: [PATCH 10/14] s3:winbindd:idmap_hash: skip domains that already have |
859 |
|
|
their own idmap configuration. |
860 |
|
|
|
861 |
|
|
Check if the domain from the list is not already configured to use another idmap |
862 |
|
|
backend. Not checking this makes the idmap_hash module map IDs for *all* domains |
863 |
|
|
implicitly. This is quite dangeorous in multi-idmap-config setups. |
864 |
|
|
|
865 |
|
|
Guenther |
866 |
|
|
|
867 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 |
868 |
|
|
|
869 |
|
|
Pair-Programmed-With: Michael Adam <obnox@samba.org> |
870 |
|
|
|
871 |
|
|
Signed-off-by: Guenther Deschner <gd@samba.org> |
872 |
|
|
Signed-off-by: Michael Adam <obnox@samba.org> |
873 |
|
|
Reviewed-by: Jeremy Allison <jra@samba.org> |
874 |
|
|
(cherry picked from commit 55be1ee69743c94d33f4244ade848517fc98e264) |
875 |
|
|
--- |
876 |
|
|
source3/winbindd/idmap_hash/idmap_hash.c | 13 +++++++++++++ |
877 |
|
|
1 file changed, 13 insertions(+) |
878 |
|
|
|
879 |
|
|
diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c |
880 |
|
|
index 1dbd300..f77ee3b 100644 |
881 |
|
|
--- a/source3/winbindd/idmap_hash/idmap_hash.c |
882 |
|
|
+++ b/source3/winbindd/idmap_hash/idmap_hash.c |
883 |
|
|
@@ -137,6 +137,19 @@ static NTSTATUS be_init(struct idmap_domain *dom) |
884 |
|
|
|
885 |
|
|
if (is_null_sid(&dom_list[i].sid)) |
886 |
|
|
continue; |
887 |
|
|
+ |
888 |
|
|
+ /* |
889 |
|
|
+ * Check if the domain from the list is not already configured |
890 |
|
|
+ * to use another idmap backend. Not checking this makes the |
891 |
|
|
+ * idmap_hash module map IDs for *all* domains implicitly. This |
892 |
|
|
+ * is quite dangerous in setups that use multiple idmap |
893 |
|
|
+ * configurations. |
894 |
|
|
+ */ |
895 |
|
|
+ |
896 |
|
|
+ if (domain_has_idmap_config(dom_list[i].domain_name)) { |
897 |
|
|
+ continue; |
898 |
|
|
+ } |
899 |
|
|
+ |
900 |
|
|
if ((hash = hash_domain_sid(&dom_list[i].sid)) == 0) |
901 |
|
|
continue; |
902 |
|
|
|
903 |
|
|
-- |
904 |
|
|
2.9.0 |
905 |
|
|
|
906 |
|
|
|
907 |
|
|
From 87079a86d35e298a7ec8a4476c5ff15c4c12d7ca Mon Sep 17 00:00:00 2001 |
908 |
|
|
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> |
909 |
|
|
Date: Thu, 10 Mar 2016 12:21:52 +0100 |
910 |
|
|
Subject: [PATCH 11/14] s3:winbindd:idmap: check loadparm in |
911 |
|
|
domain_has_idmap_config() helper as well. |
912 |
|
|
|
913 |
|
|
Guenther |
914 |
|
|
|
915 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 |
916 |
|
|
|
917 |
|
|
Pair-Programmed-With: Michael Adam <obnox@samba.org> |
918 |
|
|
|
919 |
|
|
Signed-off-by: Guenther Deschner <gd@samba.org> |
920 |
|
|
Signed-off-by: Michael Adam <obnox@samba.org> |
921 |
|
|
Reviewed-by: Jeremy Allison <jra@samba.org> |
922 |
|
|
(cherry picked from commit 4632ad98c4af5a4e0a2723c0cf716439e376e61f) |
923 |
|
|
--- |
924 |
|
|
source3/winbindd/idmap.c | 22 ++++++++++++++++++++++ |
925 |
|
|
1 file changed, 22 insertions(+) |
926 |
|
|
|
927 |
|
|
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
928 |
|
|
index 7a96b92..f716b6d 100644 |
929 |
|
|
--- a/source3/winbindd/idmap.c |
930 |
|
|
+++ b/source3/winbindd/idmap.c |
931 |
|
|
@@ -123,6 +123,9 @@ static bool idmap_init(void) |
932 |
|
|
bool domain_has_idmap_config(const char *domname) |
933 |
|
|
{ |
934 |
|
|
int i; |
935 |
|
|
+ char *config_option; |
936 |
|
|
+ const char *range = NULL; |
937 |
|
|
+ const char *backend = NULL; |
938 |
|
|
|
939 |
|
|
idmap_init(); |
940 |
|
|
|
941 |
|
|
@@ -132,6 +135,25 @@ bool domain_has_idmap_config(const char *domname) |
942 |
|
|
} |
943 |
|
|
} |
944 |
|
|
|
945 |
|
|
+ /* fallback: also check loadparm */ |
946 |
|
|
+ |
947 |
|
|
+ config_option = talloc_asprintf(talloc_tos(), "idmap config %s", |
948 |
|
|
+ domname); |
949 |
|
|
+ if (config_option == NULL) { |
950 |
|
|
+ DEBUG(0, ("out of memory\n")); |
951 |
|
|
+ return false; |
952 |
|
|
+ } |
953 |
|
|
+ |
954 |
|
|
+ range = lp_parm_const_string(-1, config_option, "range", NULL); |
955 |
|
|
+ backend = lp_parm_const_string(-1, config_option, "backend", NULL); |
956 |
|
|
+ if (range != NULL && backend != NULL) { |
957 |
|
|
+ DEBUG(5, ("idmap configuration specified for domain '%s'\n", |
958 |
|
|
+ domname)); |
959 |
|
|
+ TALLOC_FREE(config_option); |
960 |
|
|
+ return true; |
961 |
|
|
+ } |
962 |
|
|
+ |
963 |
|
|
+ TALLOC_FREE(config_option); |
964 |
|
|
return false; |
965 |
|
|
} |
966 |
|
|
|
967 |
|
|
-- |
968 |
|
|
2.9.0 |
969 |
|
|
|
970 |
|
|
|
971 |
|
|
From d80f66cf98e47a7a8dfc8dd27c8c36529e36d235 Mon Sep 17 00:00:00 2001 |
972 |
|
|
From: Michael Adam <obnox@samba.org> |
973 |
|
|
Date: Mon, 14 Mar 2016 17:06:34 +0100 |
974 |
|
|
Subject: [PATCH 12/14] idmap_hash: rename be_init() --> |
975 |
|
|
idmap_hash_initialize() |
976 |
|
|
|
977 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 |
978 |
|
|
|
979 |
|
|
Pair-Programmed-With: Guenther Deschner <gd@samba.org> |
980 |
|
|
|
981 |
|
|
Signed-off-by: Michael Adam <obnox@samba.org> |
982 |
|
|
Signed-off-by: Guenther Deschner <gd@samba.org> |
983 |
|
|
Reviewed-by: Jeremy Allison <jra@samba.org> |
984 |
|
|
(cherry picked from commit 4172491cbe7bb8ad2a7089efe15fbe46fcc123fb) |
985 |
|
|
--- |
986 |
|
|
source3/winbindd/idmap_hash/idmap_hash.c | 16 ++++++++-------- |
987 |
|
|
1 file changed, 8 insertions(+), 8 deletions(-) |
988 |
|
|
|
989 |
|
|
diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c |
990 |
|
|
index f77ee3b..773d5a9 100644 |
991 |
|
|
--- a/source3/winbindd/idmap_hash/idmap_hash.c |
992 |
|
|
+++ b/source3/winbindd/idmap_hash/idmap_hash.c |
993 |
|
|
@@ -104,7 +104,7 @@ static void separate_hashes(uint32_t id, |
994 |
|
|
/********************************************************************* |
995 |
|
|
********************************************************************/ |
996 |
|
|
|
997 |
|
|
-static NTSTATUS be_init(struct idmap_domain *dom) |
998 |
|
|
+static NTSTATUS idmap_hash_initialize(struct idmap_domain *dom) |
999 |
|
|
{ |
1000 |
|
|
struct sid_hash_table *hashed_domains; |
1001 |
|
|
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; |
1002 |
|
|
@@ -153,10 +153,10 @@ static NTSTATUS be_init(struct idmap_domain *dom) |
1003 |
|
|
if ((hash = hash_domain_sid(&dom_list[i].sid)) == 0) |
1004 |
|
|
continue; |
1005 |
|
|
|
1006 |
|
|
- DEBUG(5,("hash:be_init() Adding %s (%s) -> %d\n", |
1007 |
|
|
- dom_list[i].domain_name, |
1008 |
|
|
- sid_string_dbg(&dom_list[i].sid), |
1009 |
|
|
- hash)); |
1010 |
|
|
+ DEBUG(3, ("Adding %s (%s) -> %d\n", |
1011 |
|
|
+ dom_list[i].domain_name, |
1012 |
|
|
+ sid_string_dbg(&dom_list[i].sid), |
1013 |
|
|
+ hash)); |
1014 |
|
|
|
1015 |
|
|
hashed_domains[hash].sid = talloc(hashed_domains, struct dom_sid); |
1016 |
|
|
sid_copy(hashed_domains[hash].sid, &dom_list[i].sid); |
1017 |
|
|
@@ -189,7 +189,7 @@ static NTSTATUS unixids_to_sids(struct idmap_domain *dom, |
1018 |
|
|
ids[i]->status = ID_UNKNOWN; |
1019 |
|
|
} |
1020 |
|
|
|
1021 |
|
|
- nt_status = be_init(dom); |
1022 |
|
|
+ nt_status = idmap_hash_initialize(dom); |
1023 |
|
|
BAIL_ON_NTSTATUS_ERROR(nt_status); |
1024 |
|
|
|
1025 |
|
|
for (i=0; ids[i]; i++) { |
1026 |
|
|
@@ -239,7 +239,7 @@ static NTSTATUS sids_to_unixids(struct idmap_domain *dom, |
1027 |
|
|
ids[i]->status = ID_UNKNOWN; |
1028 |
|
|
} |
1029 |
|
|
|
1030 |
|
|
- nt_status = be_init(dom); |
1031 |
|
|
+ nt_status = idmap_hash_initialize(dom); |
1032 |
|
|
BAIL_ON_NTSTATUS_ERROR(nt_status); |
1033 |
|
|
|
1034 |
|
|
for (i=0; ids[i]; i++) { |
1035 |
|
|
@@ -360,7 +360,7 @@ static NTSTATUS nss_hash_close(void) |
1036 |
|
|
********************************************************************/ |
1037 |
|
|
|
1038 |
|
|
static struct idmap_methods hash_idmap_methods = { |
1039 |
|
|
- .init = be_init, |
1040 |
|
|
+ .init = idmap_hash_initialize, |
1041 |
|
|
.unixids_to_sids = unixids_to_sids, |
1042 |
|
|
.sids_to_unixids = sids_to_unixids, |
1043 |
|
|
}; |
1044 |
|
|
-- |
1045 |
|
|
2.9.0 |
1046 |
|
|
|
1047 |
|
|
|
1048 |
|
|
From e4216d31e54d9936b021bf57fbaeddfcd8731995 Mon Sep 17 00:00:00 2001 |
1049 |
|
|
From: Michael Adam <obnox@samba.org> |
1050 |
|
|
Date: Mon, 14 Mar 2016 17:07:34 +0100 |
1051 |
|
|
Subject: [PATCH 13/14] idmap_hash: only allow the hash module for default |
1052 |
|
|
idmap config. |
1053 |
|
|
|
1054 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 |
1055 |
|
|
|
1056 |
|
|
This module only makes sense as the default idmap config |
1057 |
|
|
("idmap config * : backend = hash" ...) |
1058 |
|
|
|
1059 |
|
|
Pair-Programmed-With: Guenther Deschner <gd@samba.org> |
1060 |
|
|
|
1061 |
|
|
Signed-off-by: Michael Adam <obnox@samba.org> |
1062 |
|
|
Signed-off-by: Guenther Deschner <gd@samba.org> |
1063 |
|
|
Reviewed-by: Jeremy Allison <jra@samba.org> |
1064 |
|
|
(cherry picked from commit a16379c585a6f6e9470a8745b6043be8171eb615) |
1065 |
|
|
--- |
1066 |
|
|
source3/winbindd/idmap_hash/idmap_hash.c | 7 +++++++ |
1067 |
|
|
1 file changed, 7 insertions(+) |
1068 |
|
|
|
1069 |
|
|
diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c |
1070 |
|
|
index 773d5a9..b3aab86 100644 |
1071 |
|
|
--- a/source3/winbindd/idmap_hash/idmap_hash.c |
1072 |
|
|
+++ b/source3/winbindd/idmap_hash/idmap_hash.c |
1073 |
|
|
@@ -112,6 +112,13 @@ static NTSTATUS idmap_hash_initialize(struct idmap_domain *dom) |
1074 |
|
|
size_t num_domains = 0; |
1075 |
|
|
int i; |
1076 |
|
|
|
1077 |
|
|
+ if (!strequal(dom->name, "*")) { |
1078 |
|
|
+ DEBUG(0, ("Error: idmap_hash configured for domain '%s'. " |
1079 |
|
|
+ "But the hash module can only be used for the default " |
1080 |
|
|
+ "idmap configuration.\n", dom->name)); |
1081 |
|
|
+ return NT_STATUS_INVALID_PARAMETER; |
1082 |
|
|
+ } |
1083 |
|
|
+ |
1084 |
|
|
/* If the domain SID hash table has been initialized, assume |
1085 |
|
|
that we completed this function previously */ |
1086 |
|
|
|
1087 |
|
|
-- |
1088 |
|
|
2.9.0 |
1089 |
|
|
|
1090 |
|
|
|
1091 |
|
|
From 11a3354fcd7ff4bf6cd2cdb18e05b12c1ebc6cfd Mon Sep 17 00:00:00 2001 |
1092 |
|
|
From: Volker Lendecke <vl@samba.org> |
1093 |
|
|
Date: Tue, 22 Mar 2016 11:24:23 +0100 |
1094 |
|
|
Subject: [PATCH 14/14] winbind: Fix CID 1357100 Unchecked return value |
1095 |
|
|
MIME-Version: 1.0 |
1096 |
|
|
Content-Type: text/plain; charset=UTF-8 |
1097 |
|
|
Content-Transfer-Encoding: 8bit |
1098 |
|
|
|
1099 |
|
|
Signed-off-by: Volker Lendecke <vl@samba.org> |
1100 |
|
|
Reviewed-by: Ralph Boehme <slow@samba.org> |
1101 |
|
|
|
1102 |
|
|
Autobuild-User(master): Ralph Bรถhme <slow@samba.org> |
1103 |
|
|
Autobuild-Date(master): Tue Mar 22 15:49:14 CET 2016 on sn-devel-144 |
1104 |
|
|
|
1105 |
|
|
(cherry picked from commit 5291462bd8a683b2d21b5f21ad73f84939aa2d67) |
1106 |
|
|
--- |
1107 |
|
|
source3/winbindd/idmap.c | 6 +++++- |
1108 |
|
|
1 file changed, 5 insertions(+), 1 deletion(-) |
1109 |
|
|
|
1110 |
|
|
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c |
1111 |
|
|
index f716b6d..158fa81 100644 |
1112 |
|
|
--- a/source3/winbindd/idmap.c |
1113 |
|
|
+++ b/source3/winbindd/idmap.c |
1114 |
|
|
@@ -126,8 +126,12 @@ bool domain_has_idmap_config(const char *domname) |
1115 |
|
|
char *config_option; |
1116 |
|
|
const char *range = NULL; |
1117 |
|
|
const char *backend = NULL; |
1118 |
|
|
+ bool ok; |
1119 |
|
|
|
1120 |
|
|
- idmap_init(); |
1121 |
|
|
+ ok = idmap_init(); |
1122 |
|
|
+ if (!ok) { |
1123 |
|
|
+ return false; |
1124 |
|
|
+ } |
1125 |
|
|
|
1126 |
|
|
for (i=0; i<num_domains; i++) { |
1127 |
|
|
if (strequal(idmap_domains[i]->name, domname)) { |
1128 |
|
|
-- |
1129 |
|
|
2.9.0 |
1130 |
|
|
|