[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha6-949-gb1b9be4
Michael Adam
obnox at samba.org
Tue Feb 17 17:26:39 GMT 2009
The branch, master has been updated
via b1b9be46ab84382e1017a157fc8b85a1a2d441eb (commit)
via 74940606f715bfc9d99ded2fb1d1da02d037609a (commit)
via 2feaaa885a485adb11096cdfc3db223f3b73e1a6 (commit)
via 08bef5bba042843cbfc41f1ed701243140dcf298 (commit)
from 64cec9984346ce1c8aeb170cd55be6e7e6784919 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b1b9be46ab84382e1017a157fc8b85a1a2d441eb
Author: Michael Adam <obnox at samba.org>
Date: Tue Feb 17 08:59:27 2009 +0100
docs: extend the example in the idmp_rid manpage to configure 2 domains with rid
Michael
commit 74940606f715bfc9d99ded2fb1d1da02d037609a
Author: Michael Adam <obnox at samba.org>
Date: Tue Feb 17 08:51:39 2009 +0100
docs: extend the idmap_rid manpage
Michael
commit 2feaaa885a485adb11096cdfc3db223f3b73e1a6
Author: Michael Adam <obnox at samba.org>
Date: Fri Feb 13 16:40:17 2009 +0100
s3:winbindd: make do_async_domain() static.
Michael
commit 08bef5bba042843cbfc41f1ed701243140dcf298
Author: Michael Adam <obnox at samba.org>
Date: Fri Feb 13 13:02:23 2009 +0100
s3:build: improve the check for a working krb5-config.
Not only check if it exists and is executable, but also
check whether it accepts the command line "krb5-config --libs gssapi".
Chris Hoogendyk <hoogendyk at bio.umass.edu> has reported configure
failing on a Solaris machine due to krb5-config raising errors on
these options.
Michael
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages-3/idmap_rid.8.xml | 43 ++++++++++++++++++++++++++++++-----
source3/configure.in | 2 +-
source3/winbindd/winbindd_async.c | 12 +++++-----
source3/winbindd/winbindd_proto.h | 6 -----
4 files changed, 44 insertions(+), 19 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/idmap_rid.8.xml b/docs-xml/manpages-3/idmap_rid.8.xml
index 5eba356..146c4b9 100644
--- a/docs-xml/manpages-3/idmap_rid.8.xml
+++ b/docs-xml/manpages-3/idmap_rid.8.xml
@@ -42,11 +42,13 @@
<varlistentry>
<term>base_rid = INTEGER</term>
<listitem><para>
- Defines the base integer used to build SIDs out of an UID or a GID,
- and to rebase the UID or GID to be obtained from a SID. User RIDs
- by default start at 1000 (512 hexadecimal), this means a good value
- for base_rid can be 1000 as the resulting ID is calculated this way:
- ID = RID - BASE_RID + LOW RANGE ID.
+ Defines the base integer used to build SIDs out of a UID or a GID,
+ and to rebase the UID or GID to be obtained from a SID.
+ This means SIDs with a RID less than the base rid are filtered.
+ The default is not to restrict the allowed rids at all,
+ i.e. a base_rid value of 0.
+ A good value for the base_rid can be 1000, since user
+ RIDs by default start at 1000 (512 hexadecimal).
</para>
<para>
Use of this parameter is deprecated.
@@ -56,17 +58,46 @@
</refsect1>
<refsect1>
+ <title>THE MAPPING FORMULAS</title>
+ <para>
+ The Unix ID for a RID is calculated this way:
+ <programlisting>
+ ID = RID - BASE_RID + LOW_RANGE_ID.
+ </programlisting>
+ </para>
+ <para>
+ Correspondingly, the formula for calculationg the RID for a
+ given Unix ID is this:
+ <programlisting>
+ RID = ID + BASE_RID - LOW_RANGE_ID.
+ </programlisting>
+ </para>
+</refsect1>
+
+<refsect1>
<title>EXAMPLES</title>
- <para>This example shows how to configure a domain with idmap_rid</para>
+ <para>
+ This example shows how to configure two domains with idmap_rid,
+ the principal domain and a trusted domain, leaving the default
+ id mapping scheme at tdb. The example also demonstrates the use
+ of the base_rid parameter for the trusted domain.
+ </para>
<programlisting>
[global]
+ security = domain
+ workgroup = MAIN
+
idmap backend = tdb
idmap uid = 1000000-1999999
idmap gid = 1000000-1999999
+ idmap config MAIN : backend = rid
+ idmap config MAIN : range = 10000 - 49999
+
idmap config TRUSTED : backend = rid
idmap config TRUSTED : range = 50000 - 99999
+ idmap config TRUSTED : base_rid = 1000
</programlisting>
</refsect1>
diff --git a/source3/configure.in b/source3/configure.in
index 4a8d594..691d0a8 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -3185,7 +3185,7 @@ if test x"$with_ads_support" != x"no"; then
# check for krb5-config from recent MIT and Heimdal kerberos 5
AC_PATH_PROG(KRB5CONFIG, krb5-config)
AC_MSG_CHECKING(for working krb5-config)
- if test -x "$KRB5CONFIG"; then
+ if test -x "$KRB5CONFIG" && $KRB5CONFIG --libs gssapi > /dev/null ; then
ac_save_CFLAGS=$CFLAGS
CFLAGS="";export CFLAGS
ac_save_LDFLAGS=$LDFLAGS
diff --git a/source3/winbindd/winbindd_async.c b/source3/winbindd/winbindd_async.c
index 0271abb..b5c432f 100644
--- a/source3/winbindd/winbindd_async.c
+++ b/source3/winbindd/winbindd_async.c
@@ -84,12 +84,12 @@ void do_async(TALLOC_CTX *mem_ctx, struct winbindd_child *child,
&state->response, do_async_recv, state);
}
-void do_async_domain(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain,
- const struct winbindd_request *request,
- void (*cont)(TALLOC_CTX *mem_ctx, bool success,
- struct winbindd_response *response,
- void *c, void *private_data),
- void *c, void *private_data)
+static void do_async_domain(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain,
+ const struct winbindd_request *request,
+ void (*cont)(TALLOC_CTX *mem_ctx, bool success,
+ struct winbindd_response *response,
+ void *c, void *private_data),
+ void *c, void *private_data)
{
struct do_async_state *state;
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 5120402..c6e8803 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -78,12 +78,6 @@ void do_async(TALLOC_CTX *mem_ctx, struct winbindd_child *child,
struct winbindd_response *response,
void *c, void *private_data),
void *c, void *private_data);
-void do_async_domain(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain,
- const struct winbindd_request *request,
- void (*cont)(TALLOC_CTX *mem_ctx, bool success,
- struct winbindd_response *response,
- void *c, void *private_data),
- void *c, void *private_data);
void winbindd_lookupsid_async(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
void (*cont)(void *private_data, bool success,
const char *dom_name,
--
Samba Shared Repository
More information about the samba-cvs
mailing list