From 2b7e675dea0e17cbe07feeaa1d3fb67e7834bb95 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 27 May 2009 19:24:03 +0200 Subject: [PATCH] s3:idmap_tdb2: filter out of range mappings in default idmap config This fixes bug #6416 Michael (cherry picked from commit e12670a1053edf57af137026bd3fdb9fc7dfb0b2) --- source/winbindd/idmap_tdb2.c | 61 +++++++++++++++++++++++++++++++++-------- 1 files changed, 49 insertions(+), 12 deletions(-) diff --git a/source/winbindd/idmap_tdb2.c b/source/winbindd/idmap_tdb2.c index 0607713..679a1b5 100644 --- a/source/winbindd/idmap_tdb2.c +++ b/source/winbindd/idmap_tdb2.c @@ -342,8 +342,6 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom, { NTSTATUS ret; struct idmap_tdb2_context *ctx; - char *config_option = NULL; - const char *range; NTSTATUS status; status = idmap_tdb2_open_db(); @@ -355,24 +353,63 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom, return NT_STATUS_NO_MEMORY; } - config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); - if ( ! config_option) { - DEBUG(0, ("Out of memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto failed; + if (strequal(dom->name, "*")) { + uid_t low_uid = 0; + uid_t high_uid = 0; + gid_t low_gid = 0; + gid_t high_gid = 0; + + ctx->filter_low_id = 0; + ctx->filter_high_id = 0; + + if (lp_idmap_uid(&low_uid, &high_uid)) { + ctx->filter_low_id = low_uid; + ctx->filter_high_id = high_uid; + } else { + DEBUG(3, ("Warning: 'idmap uid' not set!\n")); + } + + if (lp_idmap_gid(&low_gid, &high_gid)) { + if ((low_gid != low_uid) || (high_gid != high_uid)) { + DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'" + " ranges do not agree -- building " + "intersection\n")); + ctx->filter_low_id = MAX(ctx->filter_low_id, + low_gid); + ctx->filter_high_id = MIN(ctx->filter_high_id, + high_gid); + } + } else { + DEBUG(3, ("Warning: 'idmap gid' not set!\n")); + } + } else { + char *config_option = NULL; + const char *range; + config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); + if ( ! config_option) { + DEBUG(0, ("Out of memory!\n")); + ret = NT_STATUS_NO_MEMORY; + goto failed; + } + + range = lp_parm_const_string(-1, config_option, "range", NULL); + if (( ! range) || + (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2)) + { + ctx->filter_low_id = 0; + ctx->filter_high_id = 0; + } + + talloc_free(config_option); } - range = lp_parm_const_string(-1, config_option, "range", NULL); - if (( ! range) || - (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2) || - (ctx->filter_low_id > ctx->filter_high_id)) { + if (ctx->filter_low_id > ctx->filter_high_id) { ctx->filter_low_id = 0; ctx->filter_high_id = 0; } dom->private_data = ctx; - talloc_free(config_option); return NT_STATUS_OK; failed: -- 1.6.0.4