The Samba-Bugzilla – Attachment 11372 Details for
Bug 11464
xid2sid gives inconsistent results
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-3-test
tmp43.diff.txt (text/plain), 31.79 KB, created by
Stefan Metzmacher
on 2015-08-27 12:49:45 UTC
(
hide
)
Description:
Patches for v4-3-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2015-08-27 12:49:45 UTC
Size:
31.79 KB
patch
obsolete
>From aadea8db50ae795e756baf9325944ddd59bd7179 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 18 Aug 2015 13:18:33 +0200 >Subject: [PATCH 01/12] loadparm3: Add lp_wi_scan_global_parametrics() > >This routine takes a regex and goes through all parametric parameters >in [global], matching the regex. It can easily be extended to also >look at shares, but right now it will only be used to list all idmap >config domain names. > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 >(cherry picked from commit 443dd9bbbc641ede10a2a3708465f61ea3dfbde3) >--- > source3/include/proto.h | 9 ++++++ > source3/param/loadparm.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 82 insertions(+) > >diff --git a/source3/include/proto.h b/source3/include/proto.h >index 0858289..b8f4a67 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -23,6 +23,9 @@ > #ifndef _PROTO_H_ > #define _PROTO_H_ > >+#include <sys/types.h> >+#include <regex.h> >+ > /* The following definitions come from lib/access.c */ > > bool client_match(const char *tok, const void *item); >@@ -986,6 +989,12 @@ int lp_smb2_max_credits(void); > int lp_cups_encrypt(void); > bool lp_widelinks(int ); > >+int lp_wi_scan_global_parametrics( >+ const char *regex, size_t max_matches, >+ bool (*cb)(const char *string, regmatch_t matches[], >+ void *private_data), >+ void *private_data); >+ > char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *type, const char *option, const char *def); > const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def); > struct loadparm_service; >diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c >index beba137..2f53a74 100644 >--- a/source3/param/loadparm.c >+++ b/source3/param/loadparm.c >@@ -1099,6 +1099,79 @@ static struct parmlist_entry *get_parametrics(int snum, const char *type, > } > } > >+static void discard_whitespace(char *str) >+{ >+ size_t len = strlen(str); >+ size_t i = 0; >+ >+ while (i < len) { >+ if (isspace(str[i])) { >+ memmove(&str[i], &str[i+1], len-i); >+ len -= 1; >+ continue; >+ } >+ i += 1; >+ } >+} >+ >+/** >+ * @brief Go through all global parametric parameters >+ * >+ * @param regex_str A regular expression to scan param for >+ * @param max_matches Max number of submatches the regexp expects >+ * @param cb Function to call on match. Should return true >+ * when it wants wi_scan_global_parametrics to stop >+ * scanning >+ * @param private_data Anonymous pointer passed to cb >+ * >+ * @return 0: success, regcomp/regexec return value on error. >+ * See "man regexec" for possible errors >+ */ >+ >+int lp_wi_scan_global_parametrics( >+ const char *regex_str, size_t max_matches, >+ bool (*cb)(const char *string, regmatch_t matches[], >+ void *private_data), >+ void *private_data) >+{ >+ struct parmlist_entry *data; >+ regex_t regex; >+ int ret; >+ >+ ret = regcomp(®ex, regex_str, REG_ICASE); >+ if (ret != 0) { >+ return ret; >+ } >+ >+ for (data = Globals.param_opt; data != NULL; data = data->next) { >+ size_t keylen = strlen(data->key); >+ char key[keylen+1]; >+ regmatch_t matches[max_matches]; >+ bool stop; >+ >+ memcpy(key, data->key, sizeof(key)); >+ discard_whitespace(key); >+ >+ ret = regexec(®ex, key, max_matches, matches, 0); >+ if (ret == REG_NOMATCH) { >+ continue; >+ } >+ if (ret != 0) { >+ goto fail; >+ } >+ >+ stop = cb(key, matches, private_data); >+ if (stop) { >+ break; >+ } >+ } >+ >+ ret = 0; >+fail: >+ regfree(®ex); >+ return ret; >+} >+ > > #define MISSING_PARAMETER(name) \ > DEBUG(0, ("%s(): value is NULL or empty!\n", #name)) >-- >1.9.1 > > >From 79489d858e58c124452cf7501708c8bb3ae852f9 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 18 Aug 2015 16:58:02 +0200 >Subject: [PATCH 02/12] idmap: Move idmap_init() under the static vars > >Just moving code, idmap_init will need to reference the variables > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 >(cherry picked from commit d36de86639b7782e1e959d61917d8f19fdfc902c) >--- > source3/winbindd/idmap.c | 30 +++++++++++++++--------------- > 1 file changed, 15 insertions(+), 15 deletions(-) > >diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c >index 1e2feb9..0ba8fda 100644 >--- a/source3/winbindd/idmap.c >+++ b/source3/winbindd/idmap.c >@@ -32,21 +32,6 @@ > > static_decl_idmap; > >-static void idmap_init(void) >-{ >- static bool initialized; >- >- if (initialized) { >- return; >- } >- >- DEBUG(10, ("idmap_init(): calling static_init_idmap\n")); >- >- static_init_idmap; >- >- initialized = true; >-} >- > /** > * Pointer to the backend methods. Modules register themselves here via > * smb_register_idmap. >@@ -79,6 +64,21 @@ static struct idmap_domain *passdb_idmap_domain; > static struct idmap_domain **idmap_domains = NULL; > static int num_domains = 0; > >+static void idmap_init(void) >+{ >+ static bool initialized; >+ >+ if (initialized) { >+ return; >+ } >+ >+ DEBUG(10, ("idmap_init(): calling static_init_idmap\n")); >+ >+ static_init_idmap; >+ >+ initialized = true; >+} >+ > static struct idmap_methods *get_methods(const char *name) > { > struct idmap_backend *b; >-- >1.9.1 > > >From 179d2f177ebc335bd0b0d4fb948961ea00c7c921 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 19 Aug 2015 17:00:46 +0200 >Subject: [PATCH 03/12] idmap: Initialize all idmap domains at startup > >So far we have initialized idmap domains on demand indexed by name. >For sid2xid this works okay, because we could do lookupsids before >and thus get the name. For xid2sid this is more problematic. We >have to rely on enumtrustdoms to work completely, and we have to >look at the list of winbind domains in the parent to get the domain >name. Relying on domain->have_idmap_config is not particularly nice. > >This patch re-works initialization of idmap domains by scanning all >parametric parameters, scanning for :backend configuration settings. >This way we get a complete list of :range definitions. This means >we can rely on the idmap domain array to be complete. This in turn >means we can live without the domain name to find a domain, we can >do a range search by uid or gid. > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 >(cherry picked from commit ef0c91195533d95ba4fb7947ff5f69c20aa677b8) >--- > source3/winbindd/idmap.c | 199 ++++++++++++++++++++++++++--------------------- > 1 file changed, 109 insertions(+), 90 deletions(-) > >diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c >index 0ba8fda..7b4a84d 100644 >--- a/source3/winbindd/idmap.c >+++ b/source3/winbindd/idmap.c >@@ -64,12 +64,22 @@ static struct idmap_domain *passdb_idmap_domain; > static struct idmap_domain **idmap_domains = NULL; > static int num_domains = 0; > >-static void idmap_init(void) >+static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx, >+ const char *domname); >+static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, >+ const char *domainname, >+ const char *modulename, >+ bool check_range); >+static bool idmap_found_domain_backend( >+ const char *string, regmatch_t matches[], void *private_data); >+ >+static bool idmap_init(void) > { > static bool initialized; >+ int ret; > > if (initialized) { >- return; >+ return true; > } > > DEBUG(10, ("idmap_init(): calling static_init_idmap\n")); >@@ -77,6 +87,80 @@ static void idmap_init(void) > static_init_idmap; > > initialized = true; >+ >+ if (!pdb_is_responsible_for_everything_else()) { >+ default_idmap_domain = idmap_init_named_domain(NULL, "*"); >+ if (default_idmap_domain == NULL) { >+ return false; >+ } >+ } >+ >+ passdb_idmap_domain = idmap_init_domain( >+ NULL, get_global_sam_name(), "passdb", false); >+ if (passdb_idmap_domain == NULL) { >+ TALLOC_FREE(default_idmap_domain); >+ return false; >+ } >+ >+ idmap_domains = talloc_array(NULL, struct idmap_domain *, 0); >+ if (idmap_domains == NULL) { >+ TALLOC_FREE(passdb_idmap_domain); >+ TALLOC_FREE(default_idmap_domain); >+ return false; >+ } >+ >+ ret = lp_wi_scan_global_parametrics( >+ "idmapconfig\\(.*\\):backend", 2, >+ idmap_found_domain_backend, NULL); >+ if (ret != 0) { >+ DBG_WARNING("wi_scan_global_parametrics returned %d\n", ret); >+ return false; >+ } >+ >+ return true; >+} >+ >+static bool idmap_found_domain_backend( >+ const char *string, regmatch_t matches[], void *private_data) >+{ >+ if (matches[1].rm_so == -1) { >+ DBG_WARNING("Found match, but no name??\n"); >+ return false; >+ } >+ >+ { >+ struct idmap_domain *dom, **tmp; >+ regoff_t len = matches[1].rm_eo - matches[1].rm_so; >+ char domname[len+1]; >+ >+ memcpy(domname, string + matches[1].rm_so, len); >+ domname[len] = '\0'; >+ >+ DBG_DEBUG("Found idmap domain \"%s\"\n", domname); >+ >+ if (strcmp(domname, "*") == 0) { >+ return false; >+ } >+ >+ dom = idmap_init_named_domain(idmap_domains, domname); >+ if (dom == NULL) { >+ DBG_NOTICE("Could not init idmap domain %s\n", >+ domname); >+ } >+ >+ tmp = talloc_realloc(idmap_domains, idmap_domains, >+ struct idmap_domain *, num_domains + 1); >+ if (tmp == NULL) { >+ DBG_WARNING("talloc_realloc failed\n"); >+ TALLOC_FREE(dom); >+ return false; >+ } >+ idmap_domains = tmp; >+ idmap_domains[num_domains] = dom; >+ num_domains += 1; >+ } >+ >+ return false; > } > > static struct idmap_methods *get_methods(const char *name) >@@ -280,8 +364,12 @@ static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx, > struct idmap_domain *result = NULL; > char *config_option; > const char *backend; >+ bool ok; > >- idmap_init(); >+ ok = idmap_init(); >+ if (!ok) { >+ return NULL; >+ } > > config_option = talloc_asprintf(talloc_tos(), "idmap config %s", > domname); >@@ -312,57 +400,6 @@ fail: > } > > /** >- * Initialize the default domain structure >- * @param[in] mem_ctx memory context for the result >- * @result The default domain structure >- * >- * This routine takes the module name from the "idmap backend" parameter, >- * passing a possible parameter like ldap:ldap://ldap-url/ to the module. >- */ >- >-static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx) >-{ >- return idmap_init_named_domain(mem_ctx, "*"); >-} >- >-/** >- * Initialize the passdb domain structure >- * @param[in] mem_ctx memory context for the result >- * @result The default domain structure >- * >- * No config, passdb has its own configuration. >- */ >- >-static struct idmap_domain *idmap_passdb_domain(TALLOC_CTX *mem_ctx) >-{ >- idmap_init(); >- >- if (!pdb_is_responsible_for_everything_else()) { >- /* >- * Always init the default domain, we can't go without one >- */ >- if (default_idmap_domain == NULL) { >- default_idmap_domain = idmap_init_default_domain(NULL); >- } >- if (default_idmap_domain == NULL) { >- return NULL; >- } >- } >- >- if (passdb_idmap_domain != NULL) { >- return passdb_idmap_domain; >- } >- >- passdb_idmap_domain = idmap_init_domain(mem_ctx, get_global_sam_name(), >- "passdb", false); >- if (passdb_idmap_domain == NULL) { >- DEBUG(1, ("Could not init passdb idmap domain\n")); >- } >- >- return passdb_idmap_domain; >-} >- >-/** > * Find a domain struct according to a domain name > * @param[in] domname Domain name to get the config for > * @result The default domain structure that fits >@@ -379,21 +416,14 @@ static struct idmap_domain *idmap_passdb_domain(TALLOC_CTX *mem_ctx) > > static struct idmap_domain *idmap_find_domain(const char *domname) > { >- struct idmap_domain *result; >+ bool ok; > int i; > > DEBUG(10, ("idmap_find_domain called for domain '%s'\n", > domname?domname:"NULL")); > >- idmap_init(); >- >- /* >- * Always init the default domain, we can't go without one >- */ >- if (default_idmap_domain == NULL) { >- default_idmap_domain = idmap_init_default_domain(NULL); >- } >- if (default_idmap_domain == NULL) { >+ ok = idmap_init(); >+ if (!ok) { > return NULL; > } > >@@ -407,38 +437,21 @@ static struct idmap_domain *idmap_find_domain(const char *domname) > } > } > >- if (idmap_domains == NULL) { >- /* >- * talloc context for all idmap domains >- */ >- idmap_domains = talloc_array(NULL, struct idmap_domain *, 1); >- } >- >- if (idmap_domains == NULL) { >- DEBUG(0, ("talloc failed\n")); >- return NULL; >- } >- >- result = idmap_init_named_domain(idmap_domains, domname); >- if (result == NULL) { >- /* >- * Could not init that domain -- try the default one >- */ >- return default_idmap_domain; >- } >- >- ADD_TO_ARRAY(idmap_domains, struct idmap_domain *, result, >- &idmap_domains, &num_domains); >- return result; >+ return default_idmap_domain; > } > > struct idmap_domain *idmap_find_domain_with_sid(const char *domname, > const struct dom_sid *sid) > { >- idmap_init(); >+ bool ok; >+ >+ ok = idmap_init(); >+ if (!ok) { >+ return NULL; >+ } > > if (sid_check_is_for_passdb(sid)) { >- return idmap_passdb_domain(NULL); >+ return passdb_idmap_domain; > } > > return idmap_find_domain(domname); >@@ -493,6 +506,12 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) > { > struct idmap_domain *dom; > struct id_map *maps[2]; >+ bool ok; >+ >+ ok = idmap_init(); >+ if (!ok) { >+ return NT_STATUS_NONE_MAPPED; >+ } > > DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d " > "(type %d)\n", >@@ -505,7 +524,7 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) > * Always give passdb a chance first > */ > >- dom = idmap_passdb_domain(NULL); >+ dom = passdb_idmap_domain; > if ((dom != NULL) > && NT_STATUS_IS_OK(dom->methods->unixids_to_sids(dom, maps)) > && id->status == ID_MAPPED) { >-- >1.9.1 > > >From 9561d870f718f3c6602f6be5321cf50cb9c5206c Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 18 Aug 2015 17:30:27 +0200 >Subject: [PATCH 04/12] idmap: Use a range search in > idmap_backends_unixid_to_sid > >This obsoletes the domain name in the xid2sid calls > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 >(cherry picked from commit ad626b9e6b3c200c70b0d840c956f7b6fff20660) >--- > source3/winbindd/idmap.c | 12 +++++++++++- > 1 file changed, 11 insertions(+), 1 deletion(-) > >diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c >index 7b4a84d..24277ca 100644 >--- a/source3/winbindd/idmap.c >+++ b/source3/winbindd/idmap.c >@@ -507,6 +507,7 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) > struct idmap_domain *dom; > struct id_map *maps[2]; > bool ok; >+ int i; > > ok = idmap_init(); > if (!ok) { >@@ -531,7 +532,16 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) > return NT_STATUS_OK; > } > >- dom = idmap_find_domain(domname); >+ dom = default_idmap_domain; >+ >+ for (i=0; i<num_domains; i++) { >+ if ((id->xid.id >= idmap_domains[i]->low_id) && >+ (id->xid.id <= idmap_domains[i]->high_id)) { >+ dom = idmap_domains[i]; >+ break; >+ } >+ } >+ > if (dom == NULL) { > return NT_STATUS_NONE_MAPPED; > } >-- >1.9.1 > > >From 603f46e4d15c6ac3e92e6686a6e58e159eabc819 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 18 Aug 2015 17:34:29 +0200 >Subject: [PATCH 05/12] idmap: Remove "domname" from > idmap_backends_unixid_to_sid > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 >(cherry picked from commit ac4cc243771fc3273872547087679db21c9bb1cb) >--- > source3/torture/test_idmap_tdb_common.c | 2 +- > source3/winbindd/idmap.c | 7 +++---- > source3/winbindd/idmap_proto.h | 3 +-- > source3/winbindd/idmap_util.c | 4 ++-- > 4 files changed, 7 insertions(+), 9 deletions(-) > >diff --git a/source3/torture/test_idmap_tdb_common.c b/source3/torture/test_idmap_tdb_common.c >index f7262a2..dd736ad 100644 >--- a/source3/torture/test_idmap_tdb_common.c >+++ b/source3/torture/test_idmap_tdb_common.c >@@ -62,7 +62,7 @@ bool idmap_is_online(void) > return true; > } > >-NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) >+NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id) > { > return NT_STATUS_OK; > } >diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c >index 24277ca..8de8990 100644 >--- a/source3/winbindd/idmap.c >+++ b/source3/winbindd/idmap.c >@@ -502,7 +502,7 @@ NTSTATUS idmap_allocate_gid(struct unixid *id) > return idmap_allocate_unixid(id); > } > >-NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) >+NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id) > { > struct idmap_domain *dom; > struct id_map *maps[2]; >@@ -514,9 +514,8 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) > return NT_STATUS_NONE_MAPPED; > } > >- DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d " >- "(type %d)\n", >- domname?domname:"NULL", id->xid.id, id->xid.type)); >+ DEBUG(10, ("idmap_backend_unixid_to_sid: xid = %d (type %d)\n", >+ id->xid.id, id->xid.type)); > > maps[0] = id; > maps[1] = NULL; >diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h >index f7af8ed..159aac6 100644 >--- a/source3/winbindd/idmap_proto.h >+++ b/source3/winbindd/idmap_proto.h >@@ -34,8 +34,7 @@ NTSTATUS smb_register_idmap(int version, const char *name, > void idmap_close(void); > NTSTATUS idmap_allocate_uid(struct unixid *id); > NTSTATUS idmap_allocate_gid(struct unixid *id); >-NTSTATUS idmap_backends_unixid_to_sid(const char *domname, >- struct id_map *id); >+NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id); > > /* The following definitions come from winbindd/idmap_nss.c */ > >diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c >index e671acf..08857ab 100644 >--- a/source3/winbindd/idmap_util.c >+++ b/source3/winbindd/idmap_util.c >@@ -66,7 +66,7 @@ backend: > map.xid.type = ID_TYPE_UID; > map.xid.id = uid; > >- ret = idmap_backends_unixid_to_sid(domname, &map); >+ ret = idmap_backends_unixid_to_sid(&map); > if ( ! NT_STATUS_IS_OK(ret)) { > DEBUG(10, ("error mapping uid [%lu]: %s\n", (unsigned long)uid, > nt_errstr(ret))); >@@ -130,7 +130,7 @@ backend: > map.xid.type = ID_TYPE_GID; > map.xid.id = gid; > >- ret = idmap_backends_unixid_to_sid(domname, &map); >+ ret = idmap_backends_unixid_to_sid(&map); > if ( ! NT_STATUS_IS_OK(ret)) { > DEBUG(10, ("error mapping gid [%lu]: %s\n", (unsigned long)gid, > nt_errstr(ret))); >-- >1.9.1 > > >From d8dbc1435e2a6846a14f7e5b39eacf968283727d Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 19 Aug 2015 13:34:58 +0200 >Subject: [PATCH 06/12] idmap: Remove "domname" from idmap_uid_to_sid > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 >(cherry picked from commit 0f8c9b8d7f9a3ca288e42d857d253137e048d4bc) >--- > source3/winbindd/idmap_proto.h | 2 +- > source3/winbindd/idmap_util.c | 5 ++--- > source3/winbindd/winbindd_dual_srv.c | 3 +-- > 3 files changed, 4 insertions(+), 6 deletions(-) > >diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h >index 159aac6..73161bb 100644 >--- a/source3/winbindd/idmap_proto.h >+++ b/source3/winbindd/idmap_proto.h >@@ -50,7 +50,7 @@ NTSTATUS idmap_tdb_init(void); > > /* The following definitions come from winbindd/idmap_util.c */ > >-NTSTATUS idmap_uid_to_sid(const char *domname, struct dom_sid *sid, uid_t uid); >+NTSTATUS idmap_uid_to_sid(struct dom_sid *sid, uid_t uid); > NTSTATUS idmap_gid_to_sid(const char *domname, struct dom_sid *sid, gid_t gid); > bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom); > struct id_map *idmap_find_map_by_id(struct id_map **maps, enum id_type type, >diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c >index 08857ab..fd7e6ed 100644 >--- a/source3/winbindd/idmap_util.c >+++ b/source3/winbindd/idmap_util.c >@@ -34,14 +34,13 @@ > If mapping is not possible returns an error. > *****************************************************************/ > >-NTSTATUS idmap_uid_to_sid(const char *domname, struct dom_sid *sid, uid_t uid) >+NTSTATUS idmap_uid_to_sid(struct dom_sid *sid, uid_t uid) > { > NTSTATUS ret; > struct id_map map; > bool expired; > >- DEBUG(10,("idmap_uid_to_sid: uid = [%lu], domain = '%s'\n", >- (unsigned long)uid, domname?domname:"NULL")); >+ DEBUG(10, ("idmap_uid_to_sid: uid = [%lu]\n", (unsigned long)uid)); > > if (winbindd_use_idmap_cache() > && idmap_cache_find_uid2sid(uid, sid, &expired)) { >diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c >index 1fe66e1..47d9885 100644 >--- a/source3/winbindd/winbindd_dual_srv.c >+++ b/source3/winbindd/winbindd_dual_srv.c >@@ -223,8 +223,7 @@ nomem: > > NTSTATUS _wbint_Uid2Sid(struct pipes_struct *p, struct wbint_Uid2Sid *r) > { >- return idmap_uid_to_sid(r->in.dom_name ? r->in.dom_name : "", >- r->out.sid, r->in.uid); >+ return idmap_uid_to_sid(r->out.sid, r->in.uid); > } > > NTSTATUS _wbint_Gid2Sid(struct pipes_struct *p, struct wbint_Gid2Sid *r) >-- >1.9.1 > > >From 197dde2a2e60f00b5912636b04b4fb5c616d54d5 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 19 Aug 2015 13:34:58 +0200 >Subject: [PATCH 07/12] idmap: Remove "domname" from idmap_gid_to_sid > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 >(cherry picked from commit 2f4dad52c77c7d0aaad2a4ccc0cb7dff0d129612) >--- > source3/winbindd/idmap_proto.h | 2 +- > source3/winbindd/idmap_util.c | 5 ++--- > source3/winbindd/winbindd_dual_srv.c | 3 +-- > 3 files changed, 4 insertions(+), 6 deletions(-) > >diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h >index 73161bb..a12e5b4 100644 >--- a/source3/winbindd/idmap_proto.h >+++ b/source3/winbindd/idmap_proto.h >@@ -51,7 +51,7 @@ NTSTATUS idmap_tdb_init(void); > /* The following definitions come from winbindd/idmap_util.c */ > > NTSTATUS idmap_uid_to_sid(struct dom_sid *sid, uid_t uid); >-NTSTATUS idmap_gid_to_sid(const char *domname, struct dom_sid *sid, gid_t gid); >+NTSTATUS idmap_gid_to_sid(struct dom_sid *sid, gid_t gid); > bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom); > struct id_map *idmap_find_map_by_id(struct id_map **maps, enum id_type type, > uint32_t id); >diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c >index fd7e6ed..dc7d37c 100644 >--- a/source3/winbindd/idmap_util.c >+++ b/source3/winbindd/idmap_util.c >@@ -97,14 +97,13 @@ backend: > If mapping is not possible returns an error. > *****************************************************************/ > >-NTSTATUS idmap_gid_to_sid(const char *domname, struct dom_sid *sid, gid_t gid) >+NTSTATUS idmap_gid_to_sid(struct dom_sid *sid, gid_t gid) > { > NTSTATUS ret; > struct id_map map; > bool expired; > >- DEBUG(10,("idmap_gid_to_sid: gid = [%lu], domain = '%s'\n", >- (unsigned long)gid, domname?domname:"NULL")); >+ DEBUG(10, ("idmap_gid_to_sid: gid = [%lu]\n", (unsigned long)gid)); > > if (winbindd_use_idmap_cache() > && idmap_cache_find_gid2sid(gid, sid, &expired)) { >diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c >index 47d9885..44e4842 100644 >--- a/source3/winbindd/winbindd_dual_srv.c >+++ b/source3/winbindd/winbindd_dual_srv.c >@@ -228,8 +228,7 @@ NTSTATUS _wbint_Uid2Sid(struct pipes_struct *p, struct wbint_Uid2Sid *r) > > NTSTATUS _wbint_Gid2Sid(struct pipes_struct *p, struct wbint_Gid2Sid *r) > { >- return idmap_gid_to_sid(r->in.dom_name ? r->in.dom_name : "", >- r->out.sid, r->in.gid); >+ return idmap_gid_to_sid(r->out.sid, r->in.gid); > } > > NTSTATUS _wbint_AllocateUid(struct pipes_struct *p, struct wbint_AllocateUid *r) >-- >1.9.1 > > >From 495506e192f96009a34df8b6afb73d7c26483ff5 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 19 Aug 2015 13:44:02 +0200 >Subject: [PATCH 08/12] idmap: Remove dom_name from wbint_Uid2Sid > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 >(cherry picked from commit d4730474da30c707339e21746c27eed5871cfdfe) >--- > librpc/idl/winbind.idl | 1 - > source3/winbindd/wb_uid2sid.c | 2 +- > 2 files changed, 1 insertion(+), 2 deletions(-) > >diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl >index 5b61950..71f3aa6 100644 >--- a/librpc/idl/winbind.idl >+++ b/librpc/idl/winbind.idl >@@ -57,7 +57,6 @@ interface winbind > ); > > NTSTATUS wbint_Uid2Sid( >- [in,unique,string,charset(UTF8)] char *dom_name, > [in] hyper uid, > [out] dom_sid *sid > ); >diff --git a/source3/winbindd/wb_uid2sid.c b/source3/winbindd/wb_uid2sid.c >index f4138f6..315cc4a 100644 >--- a/source3/winbindd/wb_uid2sid.c >+++ b/source3/winbindd/wb_uid2sid.c >@@ -78,7 +78,7 @@ struct tevent_req *wb_uid2sid_send(TALLOC_CTX *mem_ctx, > child = idmap_child(); > > subreq = dcerpc_wbint_Uid2Sid_send( >- state, ev, child->binding_handle, state->dom_name, >+ state, ev, child->binding_handle, > uid, &state->sid); > if (tevent_req_nomem(subreq, req)) { > return tevent_req_post(req, ev); >-- >1.9.1 > > >From 73883d1ebcd1cfc25b01552cb39d81b5261889ac Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 19 Aug 2015 13:44:02 +0200 >Subject: [PATCH 09/12] idmap: Remove dom_name from wbint_Gid2Sid > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 >(cherry picked from commit 8856555af43848830b7c1e47765d26ce59dfa62b) >--- > librpc/idl/winbind.idl | 1 - > source3/winbindd/wb_gid2sid.c | 2 +- > 2 files changed, 1 insertion(+), 2 deletions(-) > >diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl >index 71f3aa6..07deb80 100644 >--- a/librpc/idl/winbind.idl >+++ b/librpc/idl/winbind.idl >@@ -62,7 +62,6 @@ interface winbind > ); > > NTSTATUS wbint_Gid2Sid( >- [in,unique,string,charset(UTF8)] char *dom_name, > [in] hyper gid, > [out] dom_sid *sid > ); >diff --git a/source3/winbindd/wb_gid2sid.c b/source3/winbindd/wb_gid2sid.c >index d784212..323437b 100644 >--- a/source3/winbindd/wb_gid2sid.c >+++ b/source3/winbindd/wb_gid2sid.c >@@ -78,7 +78,7 @@ struct tevent_req *wb_gid2sid_send(TALLOC_CTX *mem_ctx, > child = idmap_child(); > > subreq = dcerpc_wbint_Gid2Sid_send( >- state, ev, child->binding_handle, state->dom_name, >+ state, ev, child->binding_handle, > gid, &state->sid); > if (tevent_req_nomem(subreq, req)) { > return tevent_req_post(req, ev); >-- >1.9.1 > > >From 705518272f605f85e923d4874a897a96c2cebe50 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 19 Aug 2015 13:48:17 +0200 >Subject: [PATCH 10/12] winbind: Do not look for the domain in wb_uid2sid > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 >(cherry picked from commit 2387d03b8ae9a471694503677667e623dff8ef88) >--- > source3/winbindd/wb_uid2sid.c | 13 ------------- > 1 file changed, 13 deletions(-) > >diff --git a/source3/winbindd/wb_uid2sid.c b/source3/winbindd/wb_uid2sid.c >index 315cc4a..c95bcd9 100644 >--- a/source3/winbindd/wb_uid2sid.c >+++ b/source3/winbindd/wb_uid2sid.c >@@ -26,7 +26,6 @@ > > struct wb_uid2sid_state { > struct tevent_context *ev; >- char *dom_name; > struct dom_sid sid; > }; > >@@ -38,7 +37,6 @@ struct tevent_req *wb_uid2sid_send(TALLOC_CTX *mem_ctx, > { > struct tevent_req *req, *subreq; > struct wb_uid2sid_state *state; >- struct winbindd_domain *domain; > struct winbindd_child *child; > bool expired; > >@@ -64,17 +62,6 @@ struct tevent_req *wb_uid2sid_send(TALLOC_CTX *mem_ctx, > } > } > >- state->dom_name = NULL; >- >- for (domain = domain_list(); domain != NULL; domain = domain->next) { >- if (domain->have_idmap_config >- && (uid >= domain->id_range_low) >- && (uid <= domain->id_range_high)) { >- state->dom_name = domain->name; >- break; >- } >- } >- > child = idmap_child(); > > subreq = dcerpc_wbint_Uid2Sid_send( >-- >1.9.1 > > >From 4ec0bee4f7aab0fb5d080da47b7fe9c54f764f8e Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 19 Aug 2015 13:48:17 +0200 >Subject: [PATCH 11/12] winbind: Do not look for the domain in wb_gid2sid > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 >(cherry picked from commit b62c7e26b4783cdff11e406e4d75bc2e0fba7933) >--- > source3/winbindd/wb_gid2sid.c | 13 ------------- > 1 file changed, 13 deletions(-) > >diff --git a/source3/winbindd/wb_gid2sid.c b/source3/winbindd/wb_gid2sid.c >index 323437b..97cc754 100644 >--- a/source3/winbindd/wb_gid2sid.c >+++ b/source3/winbindd/wb_gid2sid.c >@@ -26,7 +26,6 @@ > > struct wb_gid2sid_state { > struct tevent_context *ev; >- char *dom_name; > struct dom_sid sid; > }; > >@@ -38,7 +37,6 @@ struct tevent_req *wb_gid2sid_send(TALLOC_CTX *mem_ctx, > { > struct tevent_req *req, *subreq; > struct wb_gid2sid_state *state; >- struct winbindd_domain *domain; > struct winbindd_child *child; > bool expired; > >@@ -64,17 +62,6 @@ struct tevent_req *wb_gid2sid_send(TALLOC_CTX *mem_ctx, > } > } > >- state->dom_name = NULL; >- >- for (domain = domain_list(); domain != NULL; domain = domain->next) { >- if (domain->have_idmap_config >- && (gid >= domain->id_range_low) >- && (gid <= domain->id_range_high)) { >- state->dom_name = domain->name; >- break; >- } >- } >- > child = idmap_child(); > > subreq = dcerpc_wbint_Gid2Sid_send( >-- >1.9.1 > > >From 408157ad9e6373db2f491ed3356e06328fcaad59 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Fri, 21 Aug 2015 11:25:33 +0200 >Subject: [PATCH 12/12] winbind: Remove "have_idmap_config" from > winbindd_domain > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464 > >Autobuild-User(master): Volker Lendecke <vl@samba.org> >Autobuild-Date(master): Mon Aug 24 19:19:31 CEST 2015 on sn-devel-104 > >(cherry picked from commit 617bc3fe611266b8d3d0fd47b839d4ac8ad73f8f) >--- > source3/winbindd/winbindd.h | 7 ------- > source3/winbindd/winbindd_util.c | 33 --------------------------------- > 2 files changed, 40 deletions(-) > >diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h >index b2105e3..441b57f 100644 >--- a/source3/winbindd/winbindd.h >+++ b/source3/winbindd/winbindd.h >@@ -179,13 +179,6 @@ struct winbindd_domain { > > void *private_data; > >- /* >- * idmap config settings, used to tell the idmap child which >- * special domain config to use for a mapping >- */ >- bool have_idmap_config; >- uint32_t id_range_low, id_range_high; >- > /* A working DC */ > pid_t dc_probe_pid; /* Child we're using to detect the DC. */ > char *dcname; >diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c >index 233b5c9..57ee40c 100644 >--- a/source3/winbindd/winbindd_util.c >+++ b/source3/winbindd/winbindd_util.c >@@ -125,8 +125,6 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const > { > struct winbindd_domain *domain; > const char *alternative_name = NULL; >- char *idmap_config_option; >- const char *param; > const char **ignored_domains, **dom; > int role = lp_server_role(); > >@@ -252,37 +250,6 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const > > wcache_tdc_add_domain( domain ); > >- idmap_config_option = talloc_asprintf(talloc_tos(), "idmap config %s", >- domain->name); >- if (idmap_config_option == NULL) { >- DEBUG(0, ("talloc failed, not looking for idmap config\n")); >- goto done; >- } >- >- param = lp_parm_const_string(-1, idmap_config_option, "range", NULL); >- >- DEBUG(10, ("%s : range = %s\n", idmap_config_option, >- param ? param : "not defined")); >- >- if (param != NULL) { >- unsigned low_id, high_id; >- if (sscanf(param, "%u - %u", &low_id, &high_id) != 2) { >- DEBUG(1, ("invalid range syntax in %s: %s\n", >- idmap_config_option, param)); >- goto done; >- } >- if (low_id > high_id) { >- DEBUG(1, ("invalid range in %s: %s\n", >- idmap_config_option, param)); >- goto done; >- } >- domain->have_idmap_config = true; >- domain->id_range_low = low_id; >- domain->id_range_high = high_id; >- } >- >-done: >- > setup_domain_child(domain); > > DEBUG(2,("Added domain %s %s %s\n", >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
vl
:
review+
Actions:
View
Attachments on
bug 11464
: 11372