[SCM] Samba Shared Repository - branch v3-4-stable updated -
release-3-4-0pre1-241-g13174ad
Karolin Seeger
kseeger at samba.org
Fri May 29 07:53:20 GMT 2009
The branch, v3-4-stable has been updated
via 13174ada2f545c4e4f170c62a0f20eb24b52a866 (commit)
via dca252e98173422713bf1a72123844c516823ee6 (commit)
via 89a287c07a2d373085b3ac591735dd111d393603 (commit)
via abcb6cbd2a08d584870cf3700bc3a5916a1afc3e (commit)
via befc85e5de8f827f1ef7c18c763f5b33d238fd45 (commit)
via a93117ed5016d93f5dabcd780d5882642c57c748 (commit)
via 1f937c6a766d35b1d1f9fa52bbc4601eeeb9ebca (commit)
via ae42622ae88b286350d7333723e5878b1b22898e (commit)
from 6f3a58dce40c7acd21f405e6eaf57e5c660a6678 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable
- Log -----------------------------------------------------------------
commit 13174ada2f545c4e4f170c62a0f20eb24b52a866
Author: Jeremy Allison <jra at samba.org>
Date: Thu May 28 13:33:06 2009 -0700
Fix uninitialized variable use caught by valgrind.
Jeremy.
(cherry picked from commit 62d767d57fafd869ec956cbcc84e8c866c6d665b)
commit dca252e98173422713bf1a72123844c516823ee6
Author: Steven Danneman <steven.danneman at isilon.com>
Date: Wed May 27 17:14:49 2009 -0700
s3/auth map NULL domains to our global sam name
This is an addendum to d8c54fdd, which made make_user_info_map() match
Windows behavior by mapping untrusted domains given to smbd on the wire
with the users credentials to smbd's global sam name.
This fix was being circumvented in the case where the client passed
a NULL domain. Vista clients do this. In that case smbd was always
remapping the name to the machine workgroup. The NULL domain case
should also be mapped to the global sam name.
Removing the code in this patch, causes us to fall down to the logic
added in d8c54fdd and properly map the domain.
(cherry picked from commit fbca26923915a70031f561b198cfe2cc0d9c3aa6)
(cherry picked from commit 22b9d9d28d9acd68a9bc492530fcd0a565ff0aa3)
commit 89a287c07a2d373085b3ac591735dd111d393603
Author: Michael Adam <obnox at samba.org>
Date: Wed May 27 19:25:44 2009 +0200
s3:idmap_ldap: filter out of range mappings in default idmap config
This fixes bug #6417
Michael
(cherry picked from commit e381c13b023f2b512b3f6aec133db9f323bc8132)
(cherry picked from commit 4ca03e3bb96518665c296ba2cf5aa1d91916897e)
commit abcb6cbd2a08d584870cf3700bc3a5916a1afc3e
Author: Michael Adam <obnox at samba.org>
Date: Wed May 27 19:26:32 2009 +0200
s3:idmap: fix a comment typo
Michael
(cherry picked from commit 3fe9859342c28fe9da7011fb18a5fb5de8b29fa6)
(cherry picked from commit df4a0fabff06ea31149aac45d6477564cf96179b)
commit befc85e5de8f827f1ef7c18c763f5b33d238fd45
Author: Michael Adam <obnox at samba.org>
Date: Wed May 27 19:24:03 2009 +0200
s3:idmap_tdb2: filter out of range mappings in default idmap config
This fixes bug #6416
Michael
(cherry picked from commit e12670a1053edf57af137026bd3fdb9fc7dfb0b2)
(cherry picked from commit b369902cddd55fab74ca6e0743e15e0f8cbfc4cc)
commit a93117ed5016d93f5dabcd780d5882642c57c748
Author: Michael Adam <obnox at samba.org>
Date: Wed May 27 19:12:28 2009 +0200
s3:idmap_tdb: filter out of range mappings in default idmap config
This fixes bug #6415
Michael
(cherry picked from commit 3d3f39838261ddc401053dadcc5bd8e6317a3a8e)
(cherry picked from commit 34500d59b6f35de2c3d273d3523708ec22df59ce)
commit 1f937c6a766d35b1d1f9fa52bbc4601eeeb9ebca
Author: Marc VanHeyningen <marc.vanheyningen at isilon.com>
Date: Tue May 5 21:18:50 2009 +0000
s3: Allow child processes to exit gracefully if we are out of fds
When we run out of file descriptors for some reason, every new
connection forks a child that immediately panics causing smbd to
coredump. This seems unnecessarily harsh; with this code change we
now catch that error and merely log a message about it and exit
without the core dump.
Signed-off-by: Tim Prouty <tprouty at samba.org>
(cherry picked from commit 1c8f9892010ce8cc754089b25313c6bc8e622165)
commit ae42622ae88b286350d7333723e5878b1b22898e
Author: Marc VanHeyningen <marc.vanheyningen at isilon.com>
Date: Tue May 5 22:07:40 2009 +0000
s3: zero an uninitialized array
Invalid pointers were being dereferenced in lookup_sids causing
occasional seg faults.
Signed-off-by: Tim Prouty <tprouty at samba.org>
(cherry picked from commit 5afacc0a65e52e73e3887545c4e5e1ad44264b66)
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_util.c | 12 ++-----
source3/include/proto.h | 2 +-
source3/lib/util.c | 12 +++---
source3/libsmb/clifile.c | 2 +-
source3/nmbd/asyncdns.c | 4 +-
source3/nmbd/nmbd.c | 4 +-
source3/passdb/lookup_sid.c | 5 ++-
source3/printing/print_cups.c | 4 +-
source3/printing/printing.c | 5 ++-
source3/smbd/server.c | 19 +++++++---
source3/winbindd/idmap.c | 2 +-
source3/winbindd/idmap_ldap.c | 71 ++++++++++++++++++++++++++++--------
source3/winbindd/idmap_tdb.c | 73 +++++++++++++++++++++++++++++--------
source3/winbindd/idmap_tdb2.c | 61 +++++++++++++++++++++++++------
source3/winbindd/winbindd.c | 5 ++-
source3/winbindd/winbindd_dual.c | 5 ++-
16 files changed, 205 insertions(+), 81 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 24c5a82..4a8fc95 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -207,21 +207,15 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
DEBUG(5, ("Mapping user [%s]\\[%s] from workstation [%s]\n",
client_domain, smb_name, wksta_name));
- /* don't allow "" as a domain, fixes a Win9X bug
- where it doens't supply a domain for logon script
- 'net use' commands. */
-
- if ( *client_domain )
- domain = client_domain;
- else
- domain = lp_workgroup();
+ domain = client_domain;
/* If you connect to a Windows domain member using a bogus domain name,
* the Windows box will map the BOGUS\user to SAMNAME\user. Thus, if
* the Windows box is a DC the name will become DOMAIN\user and be
* authenticated against AD, if the Windows box is a member server but
* not a DC the name will become WORKSTATION\user. A standalone
- * non-domain member box will also map to WORKSTATION\user. */
+ * non-domain member box will also map to WORKSTATION\user.
+ * This also deals with the client passing in a "" domain */
if (!is_trusted_domain(domain) &&
!strequal(domain, get_global_sam_name()) )
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 923dd7c..a7ef216 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1119,7 +1119,7 @@ char *clean_name(TALLOC_CTX *ctx, const char *s);
ssize_t write_data_at_offset(int fd, const char *buffer, size_t N, SMB_OFF_T pos);
int set_blocking(int fd, bool set);
void smb_msleep(unsigned int t);
-bool reinit_after_fork(struct messaging_context *msg_ctx,
+NTSTATUS reinit_after_fork(struct messaging_context *msg_ctx,
struct event_context *ev_ctx,
bool parent_longlived);
bool yesno(const char *p);
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 75fd827..822b0cf 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -927,11 +927,11 @@ void smb_msleep(unsigned int t)
#endif
}
-bool reinit_after_fork(struct messaging_context *msg_ctx,
+NTSTATUS reinit_after_fork(struct messaging_context *msg_ctx,
struct event_context *ev_ctx,
bool parent_longlived)
{
- NTSTATUS status;
+ NTSTATUS status = NT_STATUS_OK;
/* Reset the state of the random
* number generation system, so
@@ -942,7 +942,8 @@ bool reinit_after_fork(struct messaging_context *msg_ctx,
/* tdb needs special fork handling */
if (tdb_reopen_all(parent_longlived ? 1 : 0) == -1) {
DEBUG(0,("tdb_reopen_all failed.\n"));
- return false;
+ status = NT_STATUS_OPEN_FAILED;
+ goto done;
}
if (ev_ctx) {
@@ -958,11 +959,10 @@ bool reinit_after_fork(struct messaging_context *msg_ctx,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("messaging_reinit() failed: %s\n",
nt_errstr(status)));
- return false;
}
}
-
- return true;
+ done:
+ return status;
}
/****************************************************************************
diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
index 0703f04..62d710e 100644
--- a/source3/libsmb/clifile.c
+++ b/source3/libsmb/clifile.c
@@ -308,7 +308,7 @@ bool cli_unix_stat(struct cli_state *cli, const char *name, SMB_STRUCT_STAT *sbu
sbuf->st_uid = (uid_t) IVAL(rdata,40); /* user ID of owner */
sbuf->st_gid = (gid_t) IVAL(rdata,48); /* group ID of owner */
- sbuf->st_mode |= unix_filetype_from_wire(IVAL(rdata, 56));
+ sbuf->st_mode = unix_filetype_from_wire(IVAL(rdata, 56));
#if defined(HAVE_MAKEDEV)
{
uint32 dev_major = IVAL(rdata,60);
diff --git a/source3/nmbd/asyncdns.c b/source3/nmbd/asyncdns.c
index 0736a66..85729ae 100644
--- a/source3/nmbd/asyncdns.c
+++ b/source3/nmbd/asyncdns.c
@@ -164,8 +164,8 @@ void start_async_dns(void)
CatchSignal(SIGHUP, SIG_IGN);
CatchSignal(SIGTERM, SIGNAL_CAST sig_term );
- if (!reinit_after_fork(nmbd_messaging_context(),
- nmbd_event_context(), true)) {
+ if (!NT_STATUS_IS_OK(reinit_after_fork(nmbd_messaging_context(),
+ nmbd_event_context(), true))) {
DEBUG(0,("reinit_after_fork() failed\n"));
smb_panic("reinit_after_fork() failed");
}
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 3279466..064242b 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -913,8 +913,8 @@ static bool open_sockets(bool isdaemon, int port)
pidfile_create("nmbd");
- if (!reinit_after_fork(nmbd_messaging_context(),
- nmbd_event_context(), false)) {
+ if (!NT_STATUS_IS_OK(reinit_after_fork(nmbd_messaging_context(),
+ nmbd_event_context(), false))) {
DEBUG(0,("reinit_after_fork() failed\n"));
exit(1);
}
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index b45000e..3a03cfe 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -468,12 +468,15 @@ static bool lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
sid_string_dbg(domain_sid)));
if (num_rids) {
- *names = TALLOC_ARRAY(mem_ctx, const char *, num_rids);
+ *names = TALLOC_ZERO_ARRAY(mem_ctx, const char *, num_rids);
*types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids);
if ((*names == NULL) || (*types == NULL)) {
return false;
}
+
+ for (i = 0; i < num_rids; i++)
+ (*types)[i] = SID_NAME_UNKNOWN;
} else {
*names = NULL;
*types = NULL;
diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c
index 8e792a9..d94c13f 100644
--- a/source3/printing/print_cups.c
+++ b/source3/printing/print_cups.c
@@ -428,8 +428,8 @@ static bool cups_pcap_load_async(int *pfd)
close_all_print_db();
- if (!reinit_after_fork(smbd_messaging_context(),
- smbd_event_context(), true)) {
+ if (!NT_STATUS_IS_OK(reinit_after_fork(smbd_messaging_context(),
+ smbd_event_context(), true))) {
DEBUG(0,("cups_pcap_load_async: reinit_after_fork() failed\n"));
smb_panic("cups_pcap_load_async: reinit_after_fork() failed");
}
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 69466ba..10cd1d7 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -1436,8 +1436,9 @@ void start_background_queue(void)
close(pause_pipe[0]);
pause_pipe[0] = -1;
- if (!reinit_after_fork(smbd_messaging_context(),
- smbd_event_context(), true)) {
+ if (!NT_STATUS_IS_OK(reinit_after_fork(smbd_messaging_context(),
+ smbd_event_context(),
+ true))) {
DEBUG(0,("reinit_after_fork() failed\n"));
smb_panic("reinit_after_fork() failed");
}
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 67836f7..685b26f 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -356,6 +356,7 @@ static void smbd_accept_connection(struct tevent_context *ev,
pid = sys_fork();
if (pid == 0) {
+ NTSTATUS status = NT_STATUS_OK;
/* Child code ... */
am_parent = 0;
@@ -374,10 +375,15 @@ static void smbd_accept_connection(struct tevent_context *ev,
talloc_free(s->parent);
s = NULL;
- if (!reinit_after_fork(
- smbd_messaging_context(),
- smbd_event_context(),
- true)) {
+ status = reinit_after_fork(smbd_messaging_context(),
+ smbd_event_context(), true);
+ if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status,
+ NT_STATUS_TOO_MANY_OPENED_FILES)) {
+ DEBUG(0,("child process cannot initialize "
+ "because too many files are open\n"));
+ goto exit;
+ }
DEBUG(0,("reinit_after_fork() failed\n"));
smb_panic("reinit_after_fork() failed");
}
@@ -386,6 +392,7 @@ static void smbd_accept_connection(struct tevent_context *ev,
smbd_setup_sig_hup_handler();
smbd_process();
+ exit:
exit_server_cleanly("end of child");
return;
} else if (pid < 0) {
@@ -1122,8 +1129,8 @@ extern void build_options(bool screen);
if (is_daemon)
pidfile_create("smbd");
- if (!reinit_after_fork(smbd_messaging_context(),
- smbd_event_context(), false)) {
+ if (!NT_STATUS_IS_OK(reinit_after_fork(smbd_messaging_context(),
+ smbd_event_context(), false))) {
DEBUG(0,("reinit_after_fork() failed\n"));
exit(1);
}
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index c097170..4aa229c 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -761,7 +761,7 @@ NTSTATUS idmap_backends_sid_to_unixid(const char *domain, struct id_map *id)
struct idmap_domain *dom;
struct id_map *maps[2];
- DEBUG(10, ("idmap_backend_sid_to_unixid: domain = '%s', sid = [%s]\n",
+ DEBUG(10, ("idmap_backends_sid_to_unixid: domain = '%s', sid = [%s]\n",
domain?domain:"NULL", sid_string_dbg(id->sid)));
maps[0] = id;
diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 88ece8c..3d1dd48 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -765,7 +765,6 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom,
NTSTATUS ret;
struct idmap_ldap_context *ctx = NULL;
char *config_option = NULL;
- const char *range = NULL;
const char *tmp = NULL;
/* Only do init if we are online */
@@ -779,23 +778,63 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom,
return NT_STATUS_NO_MEMORY;
}
- config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
- if ( ! config_option) {
- DEBUG(0, ("Out of memory!\n"));
- ret = NT_STATUS_NO_MEMORY;
- goto done;
- }
+ if (strequal(dom->name, "*")) {
+ uid_t low_uid = 0;
+ uid_t high_uid = 0;
+ gid_t low_gid = 0;
+ gid_t high_gid = 0;
- /* load ranges */
- range = lp_parm_const_string(-1, config_option, "range", NULL);
- if (range && range[0]) {
- if ((sscanf(range, "%u - %u", &ctx->filter_low_id,
- &ctx->filter_high_id) != 2) ||
- (ctx->filter_low_id > ctx->filter_high_id)) {
- DEBUG(1, ("ERROR: invalid filter range [%s]", range));
- ctx->filter_low_id = 0;
- ctx->filter_high_id = 0;
+ ctx->filter_low_id = 0;
+ ctx->filter_high_id = 0;
+
+ if (lp_idmap_uid(&low_uid, &high_uid)) {
+ ctx->filter_low_id = low_uid;
+ ctx->filter_high_id = high_uid;
+ } else {
+ DEBUG(3, ("Warning: 'idmap uid' not set!\n"));
+ }
+
+ if (lp_idmap_gid(&low_gid, &high_gid)) {
+ if ((low_gid != low_uid) || (high_gid != high_uid)) {
+ DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'"
+ " ranges do not agree -- building "
+ "intersection\n"));
+ ctx->filter_low_id = MAX(ctx->filter_low_id,
+ low_gid);
+ ctx->filter_high_id = MIN(ctx->filter_high_id,
+ high_gid);
+ }
+ } else {
+ DEBUG(3, ("Warning: 'idmap gid' not set!\n"));
+ }
+ } else {
+ const char *range = NULL;
+
+ config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
+ if ( ! config_option) {
+ DEBUG(0, ("Out of memory!\n"));
+ ret = NT_STATUS_NO_MEMORY;
+ goto done;
}
+
+ /* load ranges */
+ range = lp_parm_const_string(-1, config_option, "range", NULL);
+ if (range && range[0]) {
+ if ((sscanf(range, "%u - %u", &ctx->filter_low_id,
+ &ctx->filter_high_id) != 2))
+ {
+ DEBUG(1, ("ERROR: invalid filter range [%s]", range));
+ ctx->filter_low_id = 0;
+ ctx->filter_high_id = 0;
+ }
+ }
+ }
+
+ if (ctx->filter_low_id > ctx->filter_high_id) {
+ DEBUG(1, ("ERROR: invalid filter range [%u-%u]",
+ ctx->filter_low_id, ctx->filter_high_id));
+ ctx->filter_low_id = 0;
+ ctx->filter_high_id = 0;
}
if (params != NULL) {
diff --git a/source3/winbindd/idmap_tdb.c b/source3/winbindd/idmap_tdb.c
index 22c1757..9032743 100644
--- a/source3/winbindd/idmap_tdb.c
+++ b/source3/winbindd/idmap_tdb.c
@@ -593,8 +593,6 @@ static NTSTATUS idmap_tdb_db_init(struct idmap_domain *dom, const char *params)
{
NTSTATUS ret;
struct idmap_tdb_context *ctx;
- char *config_option = NULL;
- const char *range;
ctx = talloc(dom, struct idmap_tdb_context);
if ( ! ctx) {
@@ -602,29 +600,72 @@ static NTSTATUS idmap_tdb_db_init(struct idmap_domain *dom, const char *params)
return NT_STATUS_NO_MEMORY;
}
- config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
- if ( ! config_option) {
- DEBUG(0, ("Out of memory!\n"));
- ret = NT_STATUS_NO_MEMORY;
- goto failed;
- }
+ if (strequal(dom->name, "*")) {
+ uid_t low_uid = 0;
+ uid_t high_uid = 0;
+ gid_t low_gid = 0;
+ gid_t high_gid = 0;
- ret = idmap_tdb_open_db(ctx, false, &ctx->db);
- if ( ! NT_STATUS_IS_OK(ret)) {
- goto failed;
+ ctx->filter_low_id = 0;
+ ctx->filter_high_id = 0;
+
+ if (lp_idmap_uid(&low_uid, &high_uid)) {
+ ctx->filter_low_id = low_uid;
+ ctx->filter_high_id = high_uid;
+ } else {
+ DEBUG(3, ("Warning: 'idmap uid' not set!\n"));
+ }
+
+ if (lp_idmap_gid(&low_gid, &high_gid)) {
+ if ((low_gid != low_uid) || (high_gid != high_uid)) {
+ DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'"
+ " ranges do not agree -- building "
+ "intersection\n"));
+ ctx->filter_low_id = MAX(ctx->filter_low_id,
+ low_gid);
+ ctx->filter_high_id = MIN(ctx->filter_high_id,
+ high_gid);
+ }
+ } else {
+ DEBUG(3, ("Warning: 'idmap gid' not set!\n"));
+ }
+ } else {
+ char *config_option = NULL;
+ const char *range;
+
+ config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
+ if ( ! config_option) {
+ DEBUG(0, ("Out of memory!\n"));
+ ret = NT_STATUS_NO_MEMORY;
+ goto failed;
+ }
+
+ range = lp_parm_const_string(-1, config_option, "range", NULL);
+ if (( ! range) ||
+ (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2))
+ {
+ ctx->filter_low_id = 0;
+ ctx->filter_high_id = 0;
+ }
+
+ talloc_free(config_option);
}
- range = lp_parm_const_string(-1, config_option, "range", NULL);
- if (( ! range) ||
- (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2) ||
- (ctx->filter_low_id > ctx->filter_high_id)) {
+ if (ctx->filter_low_id > ctx->filter_high_id) {
ctx->filter_low_id = 0;
ctx->filter_high_id = 0;
}
+ DEBUG(10, ("idmap_tdb_db_init: filter range %u-%u loaded for domain "
+ "'%s'\n", ctx->filter_low_id, ctx->filter_high_id, dom->name));
+
+ ret = idmap_tdb_open_db(ctx, false, &ctx->db);
+ if ( ! NT_STATUS_IS_OK(ret)) {
+ goto failed;
+ }
+
dom->private_data = ctx;
- talloc_free(config_option);
return NT_STATUS_OK;
failed:
diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c
index b272327..d34d289 100644
--- a/source3/winbindd/idmap_tdb2.c
+++ b/source3/winbindd/idmap_tdb2.c
@@ -357,8 +357,6 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom,
{
NTSTATUS ret;
struct idmap_tdb2_context *ctx;
- char *config_option = NULL;
- const char *range;
NTSTATUS status;
status = idmap_tdb2_open_db();
@@ -370,24 +368,63 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom,
return NT_STATUS_NO_MEMORY;
}
- config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
- if ( ! config_option) {
- DEBUG(0, ("Out of memory!\n"));
- ret = NT_STATUS_NO_MEMORY;
- goto failed;
+ if (strequal(dom->name, "*")) {
+ uid_t low_uid = 0;
+ uid_t high_uid = 0;
+ gid_t low_gid = 0;
+ gid_t high_gid = 0;
+
+ ctx->filter_low_id = 0;
+ ctx->filter_high_id = 0;
+
+ if (lp_idmap_uid(&low_uid, &high_uid)) {
+ ctx->filter_low_id = low_uid;
+ ctx->filter_high_id = high_uid;
+ } else {
+ DEBUG(3, ("Warning: 'idmap uid' not set!\n"));
+ }
+
+ if (lp_idmap_gid(&low_gid, &high_gid)) {
+ if ((low_gid != low_uid) || (high_gid != high_uid)) {
+ DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'"
+ " ranges do not agree -- building "
+ "intersection\n"));
+ ctx->filter_low_id = MAX(ctx->filter_low_id,
+ low_gid);
+ ctx->filter_high_id = MIN(ctx->filter_high_id,
+ high_gid);
+ }
+ } else {
+ DEBUG(3, ("Warning: 'idmap gid' not set!\n"));
+ }
+ } else {
+ char *config_option = NULL;
+ const char *range;
+ config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
+ if ( ! config_option) {
+ DEBUG(0, ("Out of memory!\n"));
+ ret = NT_STATUS_NO_MEMORY;
+ goto failed;
+ }
+
+ range = lp_parm_const_string(-1, config_option, "range", NULL);
+ if (( ! range) ||
+ (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2))
+ {
+ ctx->filter_low_id = 0;
--
Samba Shared Repository
More information about the samba-cvs
mailing list