The Samba-Bugzilla – Attachment 4217 Details for
Bug 6417
"idmap backend = ldap" does not filter out of range id mappings
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
fix for v3-3-test
0003-s3-idmap_ldap-filter-out-of-range-mappings-in-defau.patch (text/plain), 3.15 KB, created by
Michael Adam
on 2009-05-27 18:34:55 UTC
(
hide
)
Description:
fix for v3-3-test
Filename:
MIME Type:
Creator:
Michael Adam
Created:
2009-05-27 18:34:55 UTC
Size:
3.15 KB
patch
obsolete
>From df8fa5c44cc1224856ccbe7cd878102840178fa0 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Wed, 27 May 2009 19:25:44 +0200 >Subject: [PATCH] s3:idmap_ldap: filter out of range mappings in default idmap config > >This fixes bug #6417 > >Michael >(cherry picked from commit e381c13b023f2b512b3f6aec133db9f323bc8132) >--- > source/winbindd/idmap_ldap.c | 71 ++++++++++++++++++++++++++++++++--------- > 1 files changed, 55 insertions(+), 16 deletions(-) > >diff --git a/source/winbindd/idmap_ldap.c b/source/winbindd/idmap_ldap.c >index 88ece8c..3d1dd48 100644 >--- a/source/winbindd/idmap_ldap.c >+++ b/source/winbindd/idmap_ldap.c >@@ -765,7 +765,6 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom, > NTSTATUS ret; > struct idmap_ldap_context *ctx = NULL; > char *config_option = NULL; >- const char *range = NULL; > const char *tmp = NULL; > > /* Only do init if we are online */ >@@ -779,23 +778,63 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom, > return NT_STATUS_NO_MEMORY; > } > >- config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); >- if ( ! config_option) { >- DEBUG(0, ("Out of memory!\n")); >- ret = NT_STATUS_NO_MEMORY; >- goto done; >- } >+ if (strequal(dom->name, "*")) { >+ uid_t low_uid = 0; >+ uid_t high_uid = 0; >+ gid_t low_gid = 0; >+ gid_t high_gid = 0; > >- /* load ranges */ >- range = lp_parm_const_string(-1, config_option, "range", NULL); >- if (range && range[0]) { >- if ((sscanf(range, "%u - %u", &ctx->filter_low_id, >- &ctx->filter_high_id) != 2) || >- (ctx->filter_low_id > ctx->filter_high_id)) { >- DEBUG(1, ("ERROR: invalid filter range [%s]", range)); >- ctx->filter_low_id = 0; >- ctx->filter_high_id = 0; >+ ctx->filter_low_id = 0; >+ ctx->filter_high_id = 0; >+ >+ if (lp_idmap_uid(&low_uid, &high_uid)) { >+ ctx->filter_low_id = low_uid; >+ ctx->filter_high_id = high_uid; >+ } else { >+ DEBUG(3, ("Warning: 'idmap uid' not set!\n")); >+ } >+ >+ if (lp_idmap_gid(&low_gid, &high_gid)) { >+ if ((low_gid != low_uid) || (high_gid != high_uid)) { >+ DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'" >+ " ranges do not agree -- building " >+ "intersection\n")); >+ ctx->filter_low_id = MAX(ctx->filter_low_id, >+ low_gid); >+ ctx->filter_high_id = MIN(ctx->filter_high_id, >+ high_gid); >+ } >+ } else { >+ DEBUG(3, ("Warning: 'idmap gid' not set!\n")); >+ } >+ } else { >+ const char *range = NULL; >+ >+ config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); >+ if ( ! config_option) { >+ DEBUG(0, ("Out of memory!\n")); >+ ret = NT_STATUS_NO_MEMORY; >+ goto done; > } >+ >+ /* load ranges */ >+ range = lp_parm_const_string(-1, config_option, "range", NULL); >+ if (range && range[0]) { >+ if ((sscanf(range, "%u - %u", &ctx->filter_low_id, >+ &ctx->filter_high_id) != 2)) >+ { >+ DEBUG(1, ("ERROR: invalid filter range [%s]", range)); >+ ctx->filter_low_id = 0; >+ ctx->filter_high_id = 0; >+ } >+ } >+ } >+ >+ if (ctx->filter_low_id > ctx->filter_high_id) { >+ DEBUG(1, ("ERROR: invalid filter range [%u-%u]", >+ ctx->filter_low_id, ctx->filter_high_id)); >+ ctx->filter_low_id = 0; >+ ctx->filter_high_id = 0; > } > > if (params != NULL) { >-- >1.6.0.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=4217">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 6417
: 4217