From aadea8db50ae795e756baf9325944ddd59bd7179 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 18 Aug 2015 13:18:33 +0200 Subject: [PATCH 01/12] loadparm3: Add lp_wi_scan_global_parametrics() This routine takes a regex and goes through all parametric parameters in [global], matching the regex. It can easily be extended to also look at shares, but right now it will only be used to list all idmap config domain names. Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 (cherry picked from commit 443dd9bbbc641ede10a2a3708465f61ea3dfbde3) --- source3/include/proto.h | 9 ++++++ source3/param/loadparm.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) diff --git a/source3/include/proto.h b/source3/include/proto.h index 0858289..b8f4a67 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -23,6 +23,9 @@ #ifndef _PROTO_H_ #define _PROTO_H_ +#include +#include + /* The following definitions come from lib/access.c */ bool client_match(const char *tok, const void *item); @@ -986,6 +989,12 @@ int lp_smb2_max_credits(void); int lp_cups_encrypt(void); bool lp_widelinks(int ); +int lp_wi_scan_global_parametrics( + const char *regex, size_t max_matches, + bool (*cb)(const char *string, regmatch_t matches[], + void *private_data), + void *private_data); + char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *type, const char *option, const char *def); const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def); struct loadparm_service; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index beba137..2f53a74 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -1099,6 +1099,79 @@ static struct parmlist_entry *get_parametrics(int snum, const char *type, } } +static void discard_whitespace(char *str) +{ + size_t len = strlen(str); + size_t i = 0; + + while (i < len) { + if (isspace(str[i])) { + memmove(&str[i], &str[i+1], len-i); + len -= 1; + continue; + } + i += 1; + } +} + +/** + * @brief Go through all global parametric parameters + * + * @param regex_str A regular expression to scan param for + * @param max_matches Max number of submatches the regexp expects + * @param cb Function to call on match. Should return true + * when it wants wi_scan_global_parametrics to stop + * scanning + * @param private_data Anonymous pointer passed to cb + * + * @return 0: success, regcomp/regexec return value on error. + * See "man regexec" for possible errors + */ + +int lp_wi_scan_global_parametrics( + const char *regex_str, size_t max_matches, + bool (*cb)(const char *string, regmatch_t matches[], + void *private_data), + void *private_data) +{ + struct parmlist_entry *data; + regex_t regex; + int ret; + + ret = regcomp(®ex, regex_str, REG_ICASE); + if (ret != 0) { + return ret; + } + + for (data = Globals.param_opt; data != NULL; data = data->next) { + size_t keylen = strlen(data->key); + char key[keylen+1]; + regmatch_t matches[max_matches]; + bool stop; + + memcpy(key, data->key, sizeof(key)); + discard_whitespace(key); + + ret = regexec(®ex, key, max_matches, matches, 0); + if (ret == REG_NOMATCH) { + continue; + } + if (ret != 0) { + goto fail; + } + + stop = cb(key, matches, private_data); + if (stop) { + break; + } + } + + ret = 0; +fail: + regfree(®ex); + return ret; +} + #define MISSING_PARAMETER(name) \ DEBUG(0, ("%s(): value is NULL or empty!\n", #name)) -- 1.9.1 From 79489d858e58c124452cf7501708c8bb3ae852f9 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 18 Aug 2015 16:58:02 +0200 Subject: [PATCH 02/12] idmap: Move idmap_init() under the static vars Just moving code, idmap_init will need to reference the variables Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 (cherry picked from commit d36de86639b7782e1e959d61917d8f19fdfc902c) --- source3/winbindd/idmap.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index 1e2feb9..0ba8fda 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -32,21 +32,6 @@ static_decl_idmap; -static void idmap_init(void) -{ - static bool initialized; - - if (initialized) { - return; - } - - DEBUG(10, ("idmap_init(): calling static_init_idmap\n")); - - static_init_idmap; - - initialized = true; -} - /** * Pointer to the backend methods. Modules register themselves here via * smb_register_idmap. @@ -79,6 +64,21 @@ static struct idmap_domain *passdb_idmap_domain; static struct idmap_domain **idmap_domains = NULL; static int num_domains = 0; +static void idmap_init(void) +{ + static bool initialized; + + if (initialized) { + return; + } + + DEBUG(10, ("idmap_init(): calling static_init_idmap\n")); + + static_init_idmap; + + initialized = true; +} + static struct idmap_methods *get_methods(const char *name) { struct idmap_backend *b; -- 1.9.1 From 179d2f177ebc335bd0b0d4fb948961ea00c7c921 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Aug 2015 17:00:46 +0200 Subject: [PATCH 03/12] idmap: Initialize all idmap domains at startup So far we have initialized idmap domains on demand indexed by name. For sid2xid this works okay, because we could do lookupsids before and thus get the name. For xid2sid this is more problematic. We have to rely on enumtrustdoms to work completely, and we have to look at the list of winbind domains in the parent to get the domain name. Relying on domain->have_idmap_config is not particularly nice. This patch re-works initialization of idmap domains by scanning all parametric parameters, scanning for :backend configuration settings. This way we get a complete list of :range definitions. This means we can rely on the idmap domain array to be complete. This in turn means we can live without the domain name to find a domain, we can do a range search by uid or gid. Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 (cherry picked from commit ef0c91195533d95ba4fb7947ff5f69c20aa677b8) --- source3/winbindd/idmap.c | 199 ++++++++++++++++++++++++++--------------------- 1 file changed, 109 insertions(+), 90 deletions(-) diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index 0ba8fda..7b4a84d 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -64,12 +64,22 @@ static struct idmap_domain *passdb_idmap_domain; static struct idmap_domain **idmap_domains = NULL; static int num_domains = 0; -static void idmap_init(void) +static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx, + const char *domname); +static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, + const char *domainname, + const char *modulename, + bool check_range); +static bool idmap_found_domain_backend( + const char *string, regmatch_t matches[], void *private_data); + +static bool idmap_init(void) { static bool initialized; + int ret; if (initialized) { - return; + return true; } DEBUG(10, ("idmap_init(): calling static_init_idmap\n")); @@ -77,6 +87,80 @@ static void idmap_init(void) static_init_idmap; initialized = true; + + if (!pdb_is_responsible_for_everything_else()) { + default_idmap_domain = idmap_init_named_domain(NULL, "*"); + if (default_idmap_domain == NULL) { + return false; + } + } + + passdb_idmap_domain = idmap_init_domain( + NULL, get_global_sam_name(), "passdb", false); + if (passdb_idmap_domain == NULL) { + TALLOC_FREE(default_idmap_domain); + return false; + } + + idmap_domains = talloc_array(NULL, struct idmap_domain *, 0); + if (idmap_domains == NULL) { + TALLOC_FREE(passdb_idmap_domain); + TALLOC_FREE(default_idmap_domain); + return false; + } + + ret = lp_wi_scan_global_parametrics( + "idmapconfig\\(.*\\):backend", 2, + idmap_found_domain_backend, NULL); + if (ret != 0) { + DBG_WARNING("wi_scan_global_parametrics returned %d\n", ret); + return false; + } + + return true; +} + +static bool idmap_found_domain_backend( + const char *string, regmatch_t matches[], void *private_data) +{ + if (matches[1].rm_so == -1) { + DBG_WARNING("Found match, but no name??\n"); + return false; + } + + { + struct idmap_domain *dom, **tmp; + regoff_t len = matches[1].rm_eo - matches[1].rm_so; + char domname[len+1]; + + memcpy(domname, string + matches[1].rm_so, len); + domname[len] = '\0'; + + DBG_DEBUG("Found idmap domain \"%s\"\n", domname); + + if (strcmp(domname, "*") == 0) { + return false; + } + + dom = idmap_init_named_domain(idmap_domains, domname); + if (dom == NULL) { + DBG_NOTICE("Could not init idmap domain %s\n", + domname); + } + + tmp = talloc_realloc(idmap_domains, idmap_domains, + struct idmap_domain *, num_domains + 1); + if (tmp == NULL) { + DBG_WARNING("talloc_realloc failed\n"); + TALLOC_FREE(dom); + return false; + } + idmap_domains = tmp; + idmap_domains[num_domains] = dom; + num_domains += 1; + } + + return false; } static struct idmap_methods *get_methods(const char *name) @@ -280,8 +364,12 @@ static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx, struct idmap_domain *result = NULL; char *config_option; const char *backend; + bool ok; - idmap_init(); + ok = idmap_init(); + if (!ok) { + return NULL; + } config_option = talloc_asprintf(talloc_tos(), "idmap config %s", domname); @@ -312,57 +400,6 @@ fail: } /** - * Initialize the default domain structure - * @param[in] mem_ctx memory context for the result - * @result The default domain structure - * - * This routine takes the module name from the "idmap backend" parameter, - * passing a possible parameter like ldap:ldap://ldap-url/ to the module. - */ - -static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx) -{ - return idmap_init_named_domain(mem_ctx, "*"); -} - -/** - * Initialize the passdb domain structure - * @param[in] mem_ctx memory context for the result - * @result The default domain structure - * - * No config, passdb has its own configuration. - */ - -static struct idmap_domain *idmap_passdb_domain(TALLOC_CTX *mem_ctx) -{ - idmap_init(); - - if (!pdb_is_responsible_for_everything_else()) { - /* - * Always init the default domain, we can't go without one - */ - if (default_idmap_domain == NULL) { - default_idmap_domain = idmap_init_default_domain(NULL); - } - if (default_idmap_domain == NULL) { - return NULL; - } - } - - if (passdb_idmap_domain != NULL) { - return passdb_idmap_domain; - } - - passdb_idmap_domain = idmap_init_domain(mem_ctx, get_global_sam_name(), - "passdb", false); - if (passdb_idmap_domain == NULL) { - DEBUG(1, ("Could not init passdb idmap domain\n")); - } - - return passdb_idmap_domain; -} - -/** * Find a domain struct according to a domain name * @param[in] domname Domain name to get the config for * @result The default domain structure that fits @@ -379,21 +416,14 @@ static struct idmap_domain *idmap_passdb_domain(TALLOC_CTX *mem_ctx) static struct idmap_domain *idmap_find_domain(const char *domname) { - struct idmap_domain *result; + bool ok; int i; DEBUG(10, ("idmap_find_domain called for domain '%s'\n", domname?domname:"NULL")); - idmap_init(); - - /* - * Always init the default domain, we can't go without one - */ - if (default_idmap_domain == NULL) { - default_idmap_domain = idmap_init_default_domain(NULL); - } - if (default_idmap_domain == NULL) { + ok = idmap_init(); + if (!ok) { return NULL; } @@ -407,38 +437,21 @@ static struct idmap_domain *idmap_find_domain(const char *domname) } } - if (idmap_domains == NULL) { - /* - * talloc context for all idmap domains - */ - idmap_domains = talloc_array(NULL, struct idmap_domain *, 1); - } - - if (idmap_domains == NULL) { - DEBUG(0, ("talloc failed\n")); - return NULL; - } - - result = idmap_init_named_domain(idmap_domains, domname); - if (result == NULL) { - /* - * Could not init that domain -- try the default one - */ - return default_idmap_domain; - } - - ADD_TO_ARRAY(idmap_domains, struct idmap_domain *, result, - &idmap_domains, &num_domains); - return result; + return default_idmap_domain; } struct idmap_domain *idmap_find_domain_with_sid(const char *domname, const struct dom_sid *sid) { - idmap_init(); + bool ok; + + ok = idmap_init(); + if (!ok) { + return NULL; + } if (sid_check_is_for_passdb(sid)) { - return idmap_passdb_domain(NULL); + return passdb_idmap_domain; } return idmap_find_domain(domname); @@ -493,6 +506,12 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) { struct idmap_domain *dom; struct id_map *maps[2]; + bool ok; + + ok = idmap_init(); + if (!ok) { + return NT_STATUS_NONE_MAPPED; + } DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d " "(type %d)\n", @@ -505,7 +524,7 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) * Always give passdb a chance first */ - dom = idmap_passdb_domain(NULL); + dom = passdb_idmap_domain; if ((dom != NULL) && NT_STATUS_IS_OK(dom->methods->unixids_to_sids(dom, maps)) && id->status == ID_MAPPED) { -- 1.9.1 From 9561d870f718f3c6602f6be5321cf50cb9c5206c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 18 Aug 2015 17:30:27 +0200 Subject: [PATCH 04/12] idmap: Use a range search in idmap_backends_unixid_to_sid This obsoletes the domain name in the xid2sid calls Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 (cherry picked from commit ad626b9e6b3c200c70b0d840c956f7b6fff20660) --- source3/winbindd/idmap.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index 7b4a84d..24277ca 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -507,6 +507,7 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) struct idmap_domain *dom; struct id_map *maps[2]; bool ok; + int i; ok = idmap_init(); if (!ok) { @@ -531,7 +532,16 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) return NT_STATUS_OK; } - dom = idmap_find_domain(domname); + dom = default_idmap_domain; + + for (i=0; ixid.id >= idmap_domains[i]->low_id) && + (id->xid.id <= idmap_domains[i]->high_id)) { + dom = idmap_domains[i]; + break; + } + } + if (dom == NULL) { return NT_STATUS_NONE_MAPPED; } -- 1.9.1 From 603f46e4d15c6ac3e92e6686a6e58e159eabc819 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 18 Aug 2015 17:34:29 +0200 Subject: [PATCH 05/12] idmap: Remove "domname" from idmap_backends_unixid_to_sid Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 (cherry picked from commit ac4cc243771fc3273872547087679db21c9bb1cb) --- source3/torture/test_idmap_tdb_common.c | 2 +- source3/winbindd/idmap.c | 7 +++---- source3/winbindd/idmap_proto.h | 3 +-- source3/winbindd/idmap_util.c | 4 ++-- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/source3/torture/test_idmap_tdb_common.c b/source3/torture/test_idmap_tdb_common.c index f7262a2..dd736ad 100644 --- a/source3/torture/test_idmap_tdb_common.c +++ b/source3/torture/test_idmap_tdb_common.c @@ -62,7 +62,7 @@ bool idmap_is_online(void) return true; } -NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) +NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id) { return NT_STATUS_OK; } diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index 24277ca..8de8990 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -502,7 +502,7 @@ NTSTATUS idmap_allocate_gid(struct unixid *id) return idmap_allocate_unixid(id); } -NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) +NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id) { struct idmap_domain *dom; struct id_map *maps[2]; @@ -514,9 +514,8 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) return NT_STATUS_NONE_MAPPED; } - DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d " - "(type %d)\n", - domname?domname:"NULL", id->xid.id, id->xid.type)); + DEBUG(10, ("idmap_backend_unixid_to_sid: xid = %d (type %d)\n", + id->xid.id, id->xid.type)); maps[0] = id; maps[1] = NULL; diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h index f7af8ed..159aac6 100644 --- a/source3/winbindd/idmap_proto.h +++ b/source3/winbindd/idmap_proto.h @@ -34,8 +34,7 @@ NTSTATUS smb_register_idmap(int version, const char *name, void idmap_close(void); NTSTATUS idmap_allocate_uid(struct unixid *id); NTSTATUS idmap_allocate_gid(struct unixid *id); -NTSTATUS idmap_backends_unixid_to_sid(const char *domname, - struct id_map *id); +NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id); /* The following definitions come from winbindd/idmap_nss.c */ diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c index e671acf..08857ab 100644 --- a/source3/winbindd/idmap_util.c +++ b/source3/winbindd/idmap_util.c @@ -66,7 +66,7 @@ backend: map.xid.type = ID_TYPE_UID; map.xid.id = uid; - ret = idmap_backends_unixid_to_sid(domname, &map); + ret = idmap_backends_unixid_to_sid(&map); if ( ! NT_STATUS_IS_OK(ret)) { DEBUG(10, ("error mapping uid [%lu]: %s\n", (unsigned long)uid, nt_errstr(ret))); @@ -130,7 +130,7 @@ backend: map.xid.type = ID_TYPE_GID; map.xid.id = gid; - ret = idmap_backends_unixid_to_sid(domname, &map); + ret = idmap_backends_unixid_to_sid(&map); if ( ! NT_STATUS_IS_OK(ret)) { DEBUG(10, ("error mapping gid [%lu]: %s\n", (unsigned long)gid, nt_errstr(ret))); -- 1.9.1 From d8dbc1435e2a6846a14f7e5b39eacf968283727d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Aug 2015 13:34:58 +0200 Subject: [PATCH 06/12] idmap: Remove "domname" from idmap_uid_to_sid Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 (cherry picked from commit 0f8c9b8d7f9a3ca288e42d857d253137e048d4bc) --- source3/winbindd/idmap_proto.h | 2 +- source3/winbindd/idmap_util.c | 5 ++--- source3/winbindd/winbindd_dual_srv.c | 3 +-- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h index 159aac6..73161bb 100644 --- a/source3/winbindd/idmap_proto.h +++ b/source3/winbindd/idmap_proto.h @@ -50,7 +50,7 @@ NTSTATUS idmap_tdb_init(void); /* The following definitions come from winbindd/idmap_util.c */ -NTSTATUS idmap_uid_to_sid(const char *domname, struct dom_sid *sid, uid_t uid); +NTSTATUS idmap_uid_to_sid(struct dom_sid *sid, uid_t uid); NTSTATUS idmap_gid_to_sid(const char *domname, struct dom_sid *sid, gid_t gid); bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom); struct id_map *idmap_find_map_by_id(struct id_map **maps, enum id_type type, diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c index 08857ab..fd7e6ed 100644 --- a/source3/winbindd/idmap_util.c +++ b/source3/winbindd/idmap_util.c @@ -34,14 +34,13 @@ If mapping is not possible returns an error. *****************************************************************/ -NTSTATUS idmap_uid_to_sid(const char *domname, struct dom_sid *sid, uid_t uid) +NTSTATUS idmap_uid_to_sid(struct dom_sid *sid, uid_t uid) { NTSTATUS ret; struct id_map map; bool expired; - DEBUG(10,("idmap_uid_to_sid: uid = [%lu], domain = '%s'\n", - (unsigned long)uid, domname?domname:"NULL")); + DEBUG(10, ("idmap_uid_to_sid: uid = [%lu]\n", (unsigned long)uid)); if (winbindd_use_idmap_cache() && idmap_cache_find_uid2sid(uid, sid, &expired)) { diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index 1fe66e1..47d9885 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -223,8 +223,7 @@ nomem: NTSTATUS _wbint_Uid2Sid(struct pipes_struct *p, struct wbint_Uid2Sid *r) { - return idmap_uid_to_sid(r->in.dom_name ? r->in.dom_name : "", - r->out.sid, r->in.uid); + return idmap_uid_to_sid(r->out.sid, r->in.uid); } NTSTATUS _wbint_Gid2Sid(struct pipes_struct *p, struct wbint_Gid2Sid *r) -- 1.9.1 From 197dde2a2e60f00b5912636b04b4fb5c616d54d5 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Aug 2015 13:34:58 +0200 Subject: [PATCH 07/12] idmap: Remove "domname" from idmap_gid_to_sid Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 (cherry picked from commit 2f4dad52c77c7d0aaad2a4ccc0cb7dff0d129612) --- source3/winbindd/idmap_proto.h | 2 +- source3/winbindd/idmap_util.c | 5 ++--- source3/winbindd/winbindd_dual_srv.c | 3 +-- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h index 73161bb..a12e5b4 100644 --- a/source3/winbindd/idmap_proto.h +++ b/source3/winbindd/idmap_proto.h @@ -51,7 +51,7 @@ NTSTATUS idmap_tdb_init(void); /* The following definitions come from winbindd/idmap_util.c */ NTSTATUS idmap_uid_to_sid(struct dom_sid *sid, uid_t uid); -NTSTATUS idmap_gid_to_sid(const char *domname, struct dom_sid *sid, gid_t gid); +NTSTATUS idmap_gid_to_sid(struct dom_sid *sid, gid_t gid); bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom); struct id_map *idmap_find_map_by_id(struct id_map **maps, enum id_type type, uint32_t id); diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c index fd7e6ed..dc7d37c 100644 --- a/source3/winbindd/idmap_util.c +++ b/source3/winbindd/idmap_util.c @@ -97,14 +97,13 @@ backend: If mapping is not possible returns an error. *****************************************************************/ -NTSTATUS idmap_gid_to_sid(const char *domname, struct dom_sid *sid, gid_t gid) +NTSTATUS idmap_gid_to_sid(struct dom_sid *sid, gid_t gid) { NTSTATUS ret; struct id_map map; bool expired; - DEBUG(10,("idmap_gid_to_sid: gid = [%lu], domain = '%s'\n", - (unsigned long)gid, domname?domname:"NULL")); + DEBUG(10, ("idmap_gid_to_sid: gid = [%lu]\n", (unsigned long)gid)); if (winbindd_use_idmap_cache() && idmap_cache_find_gid2sid(gid, sid, &expired)) { diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index 47d9885..44e4842 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -228,8 +228,7 @@ NTSTATUS _wbint_Uid2Sid(struct pipes_struct *p, struct wbint_Uid2Sid *r) NTSTATUS _wbint_Gid2Sid(struct pipes_struct *p, struct wbint_Gid2Sid *r) { - return idmap_gid_to_sid(r->in.dom_name ? r->in.dom_name : "", - r->out.sid, r->in.gid); + return idmap_gid_to_sid(r->out.sid, r->in.gid); } NTSTATUS _wbint_AllocateUid(struct pipes_struct *p, struct wbint_AllocateUid *r) -- 1.9.1 From 495506e192f96009a34df8b6afb73d7c26483ff5 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Aug 2015 13:44:02 +0200 Subject: [PATCH 08/12] idmap: Remove dom_name from wbint_Uid2Sid Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 (cherry picked from commit d4730474da30c707339e21746c27eed5871cfdfe) --- librpc/idl/winbind.idl | 1 - source3/winbindd/wb_uid2sid.c | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl index 5b61950..71f3aa6 100644 --- a/librpc/idl/winbind.idl +++ b/librpc/idl/winbind.idl @@ -57,7 +57,6 @@ interface winbind ); NTSTATUS wbint_Uid2Sid( - [in,unique,string,charset(UTF8)] char *dom_name, [in] hyper uid, [out] dom_sid *sid ); diff --git a/source3/winbindd/wb_uid2sid.c b/source3/winbindd/wb_uid2sid.c index f4138f6..315cc4a 100644 --- a/source3/winbindd/wb_uid2sid.c +++ b/source3/winbindd/wb_uid2sid.c @@ -78,7 +78,7 @@ struct tevent_req *wb_uid2sid_send(TALLOC_CTX *mem_ctx, child = idmap_child(); subreq = dcerpc_wbint_Uid2Sid_send( - state, ev, child->binding_handle, state->dom_name, + state, ev, child->binding_handle, uid, &state->sid); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); -- 1.9.1 From 73883d1ebcd1cfc25b01552cb39d81b5261889ac Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Aug 2015 13:44:02 +0200 Subject: [PATCH 09/12] idmap: Remove dom_name from wbint_Gid2Sid Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 (cherry picked from commit 8856555af43848830b7c1e47765d26ce59dfa62b) --- librpc/idl/winbind.idl | 1 - source3/winbindd/wb_gid2sid.c | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl index 71f3aa6..07deb80 100644 --- a/librpc/idl/winbind.idl +++ b/librpc/idl/winbind.idl @@ -62,7 +62,6 @@ interface winbind ); NTSTATUS wbint_Gid2Sid( - [in,unique,string,charset(UTF8)] char *dom_name, [in] hyper gid, [out] dom_sid *sid ); diff --git a/source3/winbindd/wb_gid2sid.c b/source3/winbindd/wb_gid2sid.c index d784212..323437b 100644 --- a/source3/winbindd/wb_gid2sid.c +++ b/source3/winbindd/wb_gid2sid.c @@ -78,7 +78,7 @@ struct tevent_req *wb_gid2sid_send(TALLOC_CTX *mem_ctx, child = idmap_child(); subreq = dcerpc_wbint_Gid2Sid_send( - state, ev, child->binding_handle, state->dom_name, + state, ev, child->binding_handle, gid, &state->sid); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); -- 1.9.1 From 705518272f605f85e923d4874a897a96c2cebe50 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Aug 2015 13:48:17 +0200 Subject: [PATCH 10/12] winbind: Do not look for the domain in wb_uid2sid Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 (cherry picked from commit 2387d03b8ae9a471694503677667e623dff8ef88) --- source3/winbindd/wb_uid2sid.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/source3/winbindd/wb_uid2sid.c b/source3/winbindd/wb_uid2sid.c index 315cc4a..c95bcd9 100644 --- a/source3/winbindd/wb_uid2sid.c +++ b/source3/winbindd/wb_uid2sid.c @@ -26,7 +26,6 @@ struct wb_uid2sid_state { struct tevent_context *ev; - char *dom_name; struct dom_sid sid; }; @@ -38,7 +37,6 @@ struct tevent_req *wb_uid2sid_send(TALLOC_CTX *mem_ctx, { struct tevent_req *req, *subreq; struct wb_uid2sid_state *state; - struct winbindd_domain *domain; struct winbindd_child *child; bool expired; @@ -64,17 +62,6 @@ struct tevent_req *wb_uid2sid_send(TALLOC_CTX *mem_ctx, } } - state->dom_name = NULL; - - for (domain = domain_list(); domain != NULL; domain = domain->next) { - if (domain->have_idmap_config - && (uid >= domain->id_range_low) - && (uid <= domain->id_range_high)) { - state->dom_name = domain->name; - break; - } - } - child = idmap_child(); subreq = dcerpc_wbint_Uid2Sid_send( -- 1.9.1 From 4ec0bee4f7aab0fb5d080da47b7fe9c54f764f8e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Aug 2015 13:48:17 +0200 Subject: [PATCH 11/12] winbind: Do not look for the domain in wb_gid2sid Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 (cherry picked from commit b62c7e26b4783cdff11e406e4d75bc2e0fba7933) --- source3/winbindd/wb_gid2sid.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/source3/winbindd/wb_gid2sid.c b/source3/winbindd/wb_gid2sid.c index 323437b..97cc754 100644 --- a/source3/winbindd/wb_gid2sid.c +++ b/source3/winbindd/wb_gid2sid.c @@ -26,7 +26,6 @@ struct wb_gid2sid_state { struct tevent_context *ev; - char *dom_name; struct dom_sid sid; }; @@ -38,7 +37,6 @@ struct tevent_req *wb_gid2sid_send(TALLOC_CTX *mem_ctx, { struct tevent_req *req, *subreq; struct wb_gid2sid_state *state; - struct winbindd_domain *domain; struct winbindd_child *child; bool expired; @@ -64,17 +62,6 @@ struct tevent_req *wb_gid2sid_send(TALLOC_CTX *mem_ctx, } } - state->dom_name = NULL; - - for (domain = domain_list(); domain != NULL; domain = domain->next) { - if (domain->have_idmap_config - && (gid >= domain->id_range_low) - && (gid <= domain->id_range_high)) { - state->dom_name = domain->name; - break; - } - } - child = idmap_child(); subreq = dcerpc_wbint_Gid2Sid_send( -- 1.9.1 From 408157ad9e6373db2f491ed3356e06328fcaad59 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 21 Aug 2015 11:25:33 +0200 Subject: [PATCH 12/12] winbind: Remove "have_idmap_config" from winbindd_domain Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Mon Aug 24 19:19:31 CEST 2015 on sn-devel-104 (cherry picked from commit 617bc3fe611266b8d3d0fd47b839d4ac8ad73f8f) --- source3/winbindd/winbindd.h | 7 ------- source3/winbindd/winbindd_util.c | 33 --------------------------------- 2 files changed, 40 deletions(-) diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h index b2105e3..441b57f 100644 --- a/source3/winbindd/winbindd.h +++ b/source3/winbindd/winbindd.h @@ -179,13 +179,6 @@ struct winbindd_domain { void *private_data; - /* - * idmap config settings, used to tell the idmap child which - * special domain config to use for a mapping - */ - bool have_idmap_config; - uint32_t id_range_low, id_range_high; - /* A working DC */ pid_t dc_probe_pid; /* Child we're using to detect the DC. */ char *dcname; diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 233b5c9..57ee40c 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -125,8 +125,6 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const { struct winbindd_domain *domain; const char *alternative_name = NULL; - char *idmap_config_option; - const char *param; const char **ignored_domains, **dom; int role = lp_server_role(); @@ -252,37 +250,6 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const wcache_tdc_add_domain( domain ); - idmap_config_option = talloc_asprintf(talloc_tos(), "idmap config %s", - domain->name); - if (idmap_config_option == NULL) { - DEBUG(0, ("talloc failed, not looking for idmap config\n")); - goto done; - } - - param = lp_parm_const_string(-1, idmap_config_option, "range", NULL); - - DEBUG(10, ("%s : range = %s\n", idmap_config_option, - param ? param : "not defined")); - - if (param != NULL) { - unsigned low_id, high_id; - if (sscanf(param, "%u - %u", &low_id, &high_id) != 2) { - DEBUG(1, ("invalid range syntax in %s: %s\n", - idmap_config_option, param)); - goto done; - } - if (low_id > high_id) { - DEBUG(1, ("invalid range in %s: %s\n", - idmap_config_option, param)); - goto done; - } - domain->have_idmap_config = true; - domain->id_range_low = low_id; - domain->id_range_high = high_id; - } - -done: - setup_domain_child(domain); DEBUG(2,("Added domain %s %s %s\n", -- 1.9.1