The Samba-Bugzilla – Attachment 11934 Details for
Bug 11786
idmap_hash cannot be used with other idmap plugins simultaneously
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch from master for v4-4-test
patch (text/plain), 9.81 KB, created by
Guenther Deschner
on 2016-03-23 18:39:37 UTC
(
hide
)
Description:
patch from master for v4-4-test
Filename:
MIME Type:
Creator:
Guenther Deschner
Created:
2016-03-23 18:39:37 UTC
Size:
9.81 KB
patch
obsolete
>From fb80e1158bb1a14f2602e65464909a213296cde1 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Thu, 10 Mar 2016 10:38:29 +0100 >Subject: [PATCH 1/5] s3:winbindd:idmap: add domain_has_idmap_config() helper > function. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 > >Pair-Programmed-With: Guenther Deschner <gd@samba.org> > >Signed-off-by: Michael Adam <obnox@samba.org> >Signed-off-by: Guenther Deschner <gd@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >--- > source3/winbindd/idmap.c | 15 +++++++++++++++ > source3/winbindd/winbindd_proto.h | 1 + > 2 files changed, 16 insertions(+) > >diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c >index 4012e70..39ee230 100644 >--- a/source3/winbindd/idmap.c >+++ b/source3/winbindd/idmap.c >@@ -120,6 +120,21 @@ static bool idmap_init(void) > return true; > } > >+bool domain_has_idmap_config(const char *domname) >+{ >+ int i; >+ >+ idmap_init(); >+ >+ for (i=0; i<num_domains; i++) { >+ if (strequal(idmap_domains[i]->name, domname)) { >+ return true; >+ } >+ } >+ >+ return false; >+} >+ > static bool idmap_found_domain_backend( > const char *string, regmatch_t matches[], void *private_data) > { >diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h >index dd389c2..12629ff 100644 >--- a/source3/winbindd/winbindd_proto.h >+++ b/source3/winbindd/winbindd_proto.h >@@ -330,6 +330,7 @@ void init_idmap_child(void); > struct winbindd_child *idmap_child(void); > struct idmap_domain *idmap_find_domain_with_sid(const char *domname, > const struct dom_sid *sid); >+bool domain_has_idmap_config(const char *domname); > > /* The following definitions come from winbindd/winbindd_locator.c */ > >-- >2.5.5 > > >From 55be1ee69743c94d33f4244ade848517fc98e264 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 10 Mar 2016 10:39:15 +0100 >Subject: [PATCH 2/5] s3:winbindd:idmap_hash: skip domains that already have > their own idmap configuration. > >Check if the domain from the list is not already configured to use another idmap >backend. Not checking this makes the idmap_hash module map IDs for *all* domains >implicitly. This is quite dangeorous in multi-idmap-config setups. > >Guenther > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 > >Pair-Programmed-With: Michael Adam <obnox@samba.org> > >Signed-off-by: Guenther Deschner <gd@samba.org> >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >--- > source3/winbindd/idmap_hash/idmap_hash.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > >diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c >index 51bbf5b..818d102 100644 >--- a/source3/winbindd/idmap_hash/idmap_hash.c >+++ b/source3/winbindd/idmap_hash/idmap_hash.c >@@ -137,6 +137,19 @@ static NTSTATUS be_init(struct idmap_domain *dom) > > if (is_null_sid(&dom_list[i].sid)) > continue; >+ >+ /* >+ * Check if the domain from the list is not already configured >+ * to use another idmap backend. Not checking this makes the >+ * idmap_hash module map IDs for *all* domains implicitly. This >+ * is quite dangerous in setups that use multiple idmap >+ * configurations. >+ */ >+ >+ if (domain_has_idmap_config(dom_list[i].domain_name)) { >+ continue; >+ } >+ > if ((hash = hash_domain_sid(&dom_list[i].sid)) == 0) > continue; > >-- >2.5.5 > > >From 4632ad98c4af5a4e0a2723c0cf716439e376e61f Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 10 Mar 2016 12:21:52 +0100 >Subject: [PATCH 3/5] s3:winbindd:idmap: check loadparm in > domain_has_idmap_config() helper as well. > >Guenther > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 > >Pair-Programmed-With: Michael Adam <obnox@samba.org> > >Signed-off-by: Guenther Deschner <gd@samba.org> >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >--- > source3/winbindd/idmap.c | 22 ++++++++++++++++++++++ > 1 file changed, 22 insertions(+) > >diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c >index 39ee230..faf0df2 100644 >--- a/source3/winbindd/idmap.c >+++ b/source3/winbindd/idmap.c >@@ -123,6 +123,9 @@ static bool idmap_init(void) > bool domain_has_idmap_config(const char *domname) > { > int i; >+ char *config_option; >+ const char *range = NULL; >+ const char *backend = NULL; > > idmap_init(); > >@@ -132,6 +135,25 @@ bool domain_has_idmap_config(const char *domname) > } > } > >+ /* fallback: also check loadparm */ >+ >+ config_option = talloc_asprintf(talloc_tos(), "idmap config %s", >+ domname); >+ if (config_option == NULL) { >+ DEBUG(0, ("out of memory\n")); >+ return false; >+ } >+ >+ range = lp_parm_const_string(-1, config_option, "range", NULL); >+ backend = lp_parm_const_string(-1, config_option, "backend", NULL); >+ if (range != NULL && backend != NULL) { >+ DEBUG(5, ("idmap configuration specified for domain '%s'\n", >+ domname)); >+ TALLOC_FREE(config_option); >+ return true; >+ } >+ >+ TALLOC_FREE(config_option); > return false; > } > >-- >2.5.5 > > >From 4172491cbe7bb8ad2a7089efe15fbe46fcc123fb Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Mon, 14 Mar 2016 17:06:34 +0100 >Subject: [PATCH 4/5] idmap_hash: rename be_init() --> idmap_hash_initialize() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 > >Pair-Programmed-With: Guenther Deschner <gd@samba.org> > >Signed-off-by: Michael Adam <obnox@samba.org> >Signed-off-by: Guenther Deschner <gd@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >--- > source3/winbindd/idmap_hash/idmap_hash.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > >diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c >index 818d102..ed9cc20 100644 >--- a/source3/winbindd/idmap_hash/idmap_hash.c >+++ b/source3/winbindd/idmap_hash/idmap_hash.c >@@ -104,7 +104,7 @@ static void separate_hashes(uint32_t id, > /********************************************************************* > ********************************************************************/ > >-static NTSTATUS be_init(struct idmap_domain *dom) >+static NTSTATUS idmap_hash_initialize(struct idmap_domain *dom) > { > struct sid_hash_table *hashed_domains; > NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; >@@ -153,10 +153,10 @@ static NTSTATUS be_init(struct idmap_domain *dom) > if ((hash = hash_domain_sid(&dom_list[i].sid)) == 0) > continue; > >- DEBUG(5,("hash:be_init() Adding %s (%s) -> %d\n", >+ DBG_INFO("Adding %s (%s) -> %d\n", > dom_list[i].domain_name, > sid_string_dbg(&dom_list[i].sid), >- hash)); >+ hash); > > hashed_domains[hash].sid = talloc(hashed_domains, struct dom_sid); > sid_copy(hashed_domains[hash].sid, &dom_list[i].sid); >@@ -189,7 +189,7 @@ static NTSTATUS unixids_to_sids(struct idmap_domain *dom, > ids[i]->status = ID_UNKNOWN; > } > >- nt_status = be_init(dom); >+ nt_status = idmap_hash_initialize(dom); > BAIL_ON_NTSTATUS_ERROR(nt_status); > > for (i=0; ids[i]; i++) { >@@ -239,7 +239,7 @@ static NTSTATUS sids_to_unixids(struct idmap_domain *dom, > ids[i]->status = ID_UNKNOWN; > } > >- nt_status = be_init(dom); >+ nt_status = idmap_hash_initialize(dom); > BAIL_ON_NTSTATUS_ERROR(nt_status); > > for (i=0; ids[i]; i++) { >@@ -360,7 +360,7 @@ static NTSTATUS nss_hash_close(void) > ********************************************************************/ > > static struct idmap_methods hash_idmap_methods = { >- .init = be_init, >+ .init = idmap_hash_initialize, > .unixids_to_sids = unixids_to_sids, > .sids_to_unixids = sids_to_unixids, > }; >-- >2.5.5 > > >From a16379c585a6f6e9470a8745b6043be8171eb615 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Mon, 14 Mar 2016 17:07:34 +0100 >Subject: [PATCH 5/5] idmap_hash: only allow the hash module for default idmap > config. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786 > >This module only makes sense as the default idmap config >("idmap config * : backend = hash" ...) > >Pair-Programmed-With: Guenther Deschner <gd@samba.org> > >Signed-off-by: Michael Adam <obnox@samba.org> >Signed-off-by: Guenther Deschner <gd@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >--- > source3/winbindd/idmap_hash/idmap_hash.c | 7 +++++++ > 1 file changed, 7 insertions(+) > >diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c >index ed9cc20..0aba36c 100644 >--- a/source3/winbindd/idmap_hash/idmap_hash.c >+++ b/source3/winbindd/idmap_hash/idmap_hash.c >@@ -112,6 +112,13 @@ static NTSTATUS idmap_hash_initialize(struct idmap_domain *dom) > size_t num_domains = 0; > int i; > >+ if (!strequal(dom->name, "*")) { >+ DBG_ERR("Error: idmap_hash configured for domain '%s'. " >+ "But the hash module can only be used for the default " >+ "idmap configuration.\n", dom->name); >+ return NT_STATUS_INVALID_PARAMETER; >+ } >+ > /* If the domain SID hash table has been initialized, assume > that we completed this function previously */ > >-- >2.5.5 > >From 5291462bd8a683b2d21b5f21ad73f84939aa2d67 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 22 Mar 2016 11:24:23 +0100 >Subject: [PATCH] winbind: Fix CID 1357100 Unchecked return value >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> > >Autobuild-User(master): Ralph Böhme <slow@samba.org> >Autobuild-Date(master): Tue Mar 22 15:49:14 CET 2016 on sn-devel-144 >--- > source3/winbindd/idmap.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > >diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c >index faf0df2..7eb7e58 100644 >--- a/source3/winbindd/idmap.c >+++ b/source3/winbindd/idmap.c >@@ -126,8 +126,12 @@ bool domain_has_idmap_config(const char *domname) > char *config_option; > const char *range = NULL; > const char *backend = NULL; >+ bool ok; > >- idmap_init(); >+ ok = idmap_init(); >+ if (!ok) { >+ return false; >+ } > > for (i=0; i<num_domains; i++) { > if (strequal(idmap_domains[i]->name, domname)) { >-- >2.5.5 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11934">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
obnox
:
review+
Actions:
View
Attachments on
bug 11786
: 11934