[SCM] Samba Shared Repository - branch v3-6-test updated
Michael Adam
obnox at samba.org
Tue Mar 22 17:24:02 MDT 2011
The branch, v3-6-test has been updated
via 012e371 s3:WHATSNEW: document changes of the id mapping system
via 4e0e6db s3:selftest: fix Samba3.pm deprecated idmap config
via 8ddb61d s3:idmap: make sure that the id mapping system is initialized for first access
via ee7648d s3:loadparm: set the default "idmap config * : backend" in initialize_globals().
via ca9ee95 s3:loadparm: deprecate "idmap uid/gid/backend" and have them set "idmap config * : range/backend"
via 6ffd937 s3:WHATSNEW: remove mention of "idmap read only" as new parameter
via 9345f32 s3:docs: remove documentation of "idmap read only" which was removed.
via 7e2fda2 s3:loadparm: remove unused parameter "idmap read only".
via c457509 s3:idmap: remove (now) unneeded function parse_idmap_module()
via ce6ac15 s3:idmap: simply call idmap_init_named_domain for "*" in idmap_init_default_domain
via 7742e87 s3:idmap: remove passdb argument from idmap_init_domain()
via a347781 s3:idmap: remove the params argument from the init function
via 4e3f904 s3:idmap: remove use of params from idmap_ldap_init - it is not used any more
via f042317 s3:idmap: remove special treatment of domain "*" from idmap_ldap_init.
via 0b1f2f4 s3:idmap: remove the special treatment of the default domain "*" from idmap_init_domain
from edb5c6e s4:ntvfs/posix: name->dos.attrib isn't initialized in pvfs_access_check_create()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 012e3712260d76fd1e86c4f1c136dc3ad8876622
Author: Michael Adam <obnox at samba.org>
Date: Tue Feb 1 11:58:14 2011 +0100
s3:WHATSNEW: document changes of the id mapping system
Autobuild-User: Michael Adam <obnox at samba.org>
Autobuild-Date: Tue Mar 22 23:57:29 CET 2011 on sn-devel-104
commit 4e0e6db9f750a2b5f33080a0d3b68eb59a5b6113
Author: Björn Baumbach <bb at sernet.de>
Date: Thu Mar 10 15:58:05 2011 +0100
s3:selftest: fix Samba3.pm deprecated idmap config
Replace deprecated idmap uid and gid option with new
idmap config * : range
commit 8ddb61d1712134dd2d9bfa7baee7497d2cdbf86b
Author: Michael Adam <obnox at samba.org>
Date: Thu Mar 10 23:41:17 2011 +0100
s3:idmap: make sure that the id mapping system is initialized for first access
commit ee7648db47adf6d44c84d03d23120359c2af6eb3
Author: Michael Adam <obnox at samba.org>
Date: Thu Mar 10 23:40:19 2011 +0100
s3:loadparm: set the default "idmap config * : backend" in initialize_globals().
commit ca9ee9501f48c4f5497baeefeb9de1980250f2b3
Author: Michael Adam <obnox at samba.org>
Date: Tue Mar 8 07:15:36 2011 +0100
s3:loadparm: deprecate "idmap uid/gid/backend" and have them set "idmap config * : range/backend"
commit 6ffd937cd993c3c4d74e4733b3f6ffec4c16da27
Author: Michael Adam <obnox at samba.org>
Date: Tue Mar 22 17:09:47 2011 +0100
s3:WHATSNEW: remove mention of "idmap read only" as new parameter
commit 9345f32aa62136cb7cb732609acfe3c3bf9e9dd1
Author: Michael Adam <obnox at samba.org>
Date: Tue Mar 22 17:08:42 2011 +0100
s3:docs: remove documentation of "idmap read only" which was removed.
commit 7e2fda2be6f2955b5eb291fb63fdb9518beab597
Author: Michael Adam <obnox at samba.org>
Date: Fri Mar 4 14:25:58 2011 +0100
s3:loadparm: remove unused parameter "idmap read only".
This has not been released yet and is now useless since we
use the "idmap config * : read only = ..." syntax.
commit c45750993eff865c4918dbb3582b38e1bb794eb5
Author: Michael Adam <obnox at samba.org>
Date: Thu Mar 3 17:50:28 2011 +0100
s3:idmap: remove (now) unneeded function parse_idmap_module()
commit ce6ac15da1ee9fd6fcc606bed0311bbf076eb183
Author: Michael Adam <obnox at samba.org>
Date: Thu Mar 3 17:48:43 2011 +0100
s3:idmap: simply call idmap_init_named_domain for "*" in idmap_init_default_domain
The default domain "*" is now treated exactly the same as other explicitly
configured domains.
commit 7742e87fc8ed1e085ad5f54d3f4b560bba01fc95
Author: Michael Adam <obnox at samba.org>
Date: Thu Mar 3 17:40:36 2011 +0100
s3:idmap: remove passdb argument from idmap_init_domain()
commit a3477815a6d86ef99a9e29e8757b017deff31496
Author: Michael Adam <obnox at samba.org>
Date: Wed Mar 2 23:00:58 2011 +0100
s3:idmap: remove the params argument from the init function
commit 4e3f9040953809c4baad48d0ff6b8b5cb3ca9aa3
Author: Michael Adam <obnox at samba.org>
Date: Wed Mar 2 17:04:59 2011 +0100
s3:idmap: remove use of params from idmap_ldap_init - it is not used any more
commit f04231780aa12a5f2fe4c0435df5f6569c79f548
Author: Michael Adam <obnox at samba.org>
Date: Wed Mar 2 17:08:01 2011 +0100
s3:idmap: remove special treatment of domain "*" from idmap_ldap_init.
The default config via domain "*" is now treated just as the explicit
domain configs.
commit 0b1f2f4393d70b038df5cb82b521d6f9c2fd6f6d
Author: Michael Adam <obnox at samba.org>
Date: Wed Mar 2 15:41:06 2011 +0100
s3:idmap: remove the special treatment of the default domain "*" from idmap_init_domain
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 44 ++++++-
docs-xml/smbdotconf/winbind/idmapreadonly.xml | 21 ---
selftest/target/Samba3.pm | 3 +-
source3/include/idmap.h | 2 +-
source3/include/proto.h | 1 -
source3/param/loadparm.c | 52 ++-----
source3/winbindd/idmap.c | 193 ++++++-------------------
source3/winbindd/idmap_ad.c | 3 +-
source3/winbindd/idmap_adex/idmap_adex.c | 15 +-
source3/winbindd/idmap_autorid.c | 3 +-
source3/winbindd/idmap_hash/idmap_hash.c | 9 +-
source3/winbindd/idmap_ldap.c | 37 ++---
source3/winbindd/idmap_nss.c | 3 +-
source3/winbindd/idmap_passdb.c | 2 +-
source3/winbindd/idmap_rid.c | 3 +-
source3/winbindd/idmap_tdb.c | 2 +-
source3/winbindd/idmap_tdb2.c | 3 +-
17 files changed, 136 insertions(+), 260 deletions(-)
delete mode 100644 docs-xml/smbdotconf/winbind/idmapreadonly.xml
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 0e5db2b..abf9088 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -114,6 +114,49 @@ need printing functionality in their appliances, reducing the code
footprint.
+ID Mapping Changes
+------------------
+
+The id mapping configuration has been a source of much grief in the past.
+For this release, id mapping has ben rewritten yet again with the goal
+of making the configuration more simple and more coherent while keeping
+the needed flexibility and even adding to the flexibility in some respects.
+
+The major change that implies the configuration simplifications is at
+the heart of the id mapping system: The separation of the "idmap alloc
+system" that is responsible for the unix id counters in the tdb, tdb2
+and ldap idmap backends from the id mapping code itself has been removed.
+The sids_to_unixids operation is now atomic and encapsulates (if needed)
+the action of allocating a unix id for a mapping that is to be created.
+Consequently all idmap alloc configuration parameters have vanished and
+it is hence now also not possible any more to specify an idmap alloc
+backend different from the idmap backend. Each idmap backend uses its
+own idmap unixid creation mechanism transparently.
+
+As a consequence of the id mapping changes, the methods that are used
+for storing and deleting id mappings have been removed from the winbindd
+API. The "net idmap dump/restore" commands have been rewritten to
+not speak through winbindd any more but directly act on the databases.
+This is currently available for the tdb and tdb2 backends, the implementation
+for ldap still missing.
+
+The allocate_id functionality is preserved for the unix id creator of the
+default idmap configuration is also used as the source of unix ids
+for the group mapping database and for the posix attributes in a
+ldapsam:editposix setup.
+
+As part of the changes, the default idmap configuration has been
+changed to be more coherent with the per-domain configuration.
+The parameters "idmap uid", "idmap gid" and "idmap range" are now
+deprecated in favour of the systematic "idmap config * : range"
+and "idmap config * : backend" parameters. The reason for this change
+is that the old options only provided an incomplete and hence deceiving
+backwards compatibility, which was a source of many problems with
+updgrades. By introducing this change in configuration, it should be
+brought to the conciousness of the users that even the simple
+id mapping is not working exactly as in Samba 3.0 versions any more.
+
+
SMB Traffic Analyzer
--------------------
@@ -151,7 +194,6 @@ smb.conf changes
client use spnego principal New No
ctdb locktime warn threshold New 0
idmap alloc backend Removed
- idmap read only New No
log writeable files on exit New No
multicast dns register New Yes
ncalrpc dir New
diff --git a/docs-xml/smbdotconf/winbind/idmapreadonly.xml b/docs-xml/smbdotconf/winbind/idmapreadonly.xml
deleted file mode 100644
index 9767ff0..0000000
--- a/docs-xml/smbdotconf/winbind/idmapreadonly.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<samba:parameter name="idmap read only"
- context="G"
- type="string"
- advanced="1" developer="0"
- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
-
- <para>
- Setting this parameter to <value type="example">yes</value> allows
- the default idmap back-end to be switched to a read only mode, which
- means that it can not allocate new user or group IDs to create new
- mappings. Normally, the default idmap back-end is a so called allocating
- back-end that creates user and group ids and new mappings as needed.
-
- Whether a back-end honors the read only setting is left to the
- implementation of the back-end.
- </para>
-
-</description>
-<value type="default">no</value>
-</samba:parameter>
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 1ed76b1..6a18f27 100644
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -565,8 +565,7 @@ sub provision($$$$$$)
winbindd:socket dir = $wbsockdir
nmbd:socket dir = $nmbdsockdir
- idmap uid = 100000-200000
- idmap gid = 100000-200000
+ idmap config * : range = 100000-200000
winbind enum users = yes
winbind enum groups = yes
diff --git a/source3/include/idmap.h b/source3/include/idmap.h
index 7b3d6de..800e694 100644
--- a/source3/include/idmap.h
+++ b/source3/include/idmap.h
@@ -45,7 +45,7 @@ struct idmap_domain {
struct idmap_methods {
/* Called when backend is first loaded */
- NTSTATUS (*init)(struct idmap_domain *dom, const char *params);
+ NTSTATUS (*init)(struct idmap_domain *dom);
/* Map an array of uids/gids to SIDs. The caller specifies
the uid/gid and type. Gets back the SID. */
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 9edbfc5..742716f 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2999,7 +2999,6 @@ bool lp_winbind_rpc_only(void);
bool lp_create_krb5_conf(void);
int lp_winbind_max_domain_connections(void);
const char *lp_idmap_backend(void);
-bool lp_idmap_read_only(void);
int lp_idmap_cache_time(void);
int lp_idmap_negative_cache_time(void);
int lp_keepalive(void);
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index f9b8f70..a82d21c 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -699,6 +699,7 @@ static int default_server_announce;
static bool handle_include( int snum, const char *pszParmValue, char **ptr);
static bool handle_copy( int snum, const char *pszParmValue, char **ptr);
static bool handle_netbios_name( int snum, const char *pszParmValue, char **ptr);
+static bool handle_idmap_backend(int snum, const char *pszParmValue, char **ptr);
static bool handle_idmap_uid( int snum, const char *pszParmValue, char **ptr);
static bool handle_idmap_gid( int snum, const char *pszParmValue, char **ptr);
static bool handle_debug_list( int snum, const char *pszParmValue, char **ptr );
@@ -4547,18 +4548,9 @@ static struct parm_struct parm_table[] = {
.type = P_STRING,
.p_class = P_GLOBAL,
.ptr = &Globals.szIdmapBackend,
- .special = NULL,
+ .special = handle_idmap_backend,
.enum_list = NULL,
- .flags = FLAG_ADVANCED,
- },
- {
- .label = "idmap read only",
- .type = P_BOOL,
- .p_class = P_GLOBAL,
- .ptr = &Globals.bIdmapReadOnly,
- .special = NULL,
- .enum_list = NULL,
- .flags = FLAG_ADVANCED,
+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED,
},
{
.label = "idmap cache time",
@@ -4585,7 +4577,7 @@ static struct parm_struct parm_table[] = {
.ptr = &Globals.szIdmapUID,
.special = handle_idmap_uid,
.enum_list = NULL,
- .flags = FLAG_ADVANCED,
+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED,
},
{
.label = "winbind uid",
@@ -4603,7 +4595,7 @@ static struct parm_struct parm_table[] = {
.ptr = &Globals.szIdmapGID,
.special = handle_idmap_gid,
.enum_list = NULL,
- .flags = FLAG_ADVANCED,
+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED,
},
{
.label = "winbind gid",
@@ -5689,7 +5681,6 @@ int lp_winbind_max_domain_connections(void)
}
FN_GLOBAL_CONST_STRING(lp_idmap_backend, &Globals.szIdmapBackend)
-FN_GLOBAL_BOOL(lp_idmap_read_only, &Globals.bIdmapReadOnly)
FN_GLOBAL_INTEGER(lp_idmap_cache_time, &Globals.iIdmapCacheTime)
FN_GLOBAL_INTEGER(lp_idmap_negative_cache_time, &Globals.iIdmapNegativeCacheTime)
FN_GLOBAL_INTEGER(lp_keepalive, &Globals.iKeepalive)
@@ -7665,38 +7656,25 @@ bool lp_idmap_gid(gid_t *low, gid_t *high)
return True;
}
-/* Do some simple checks on "idmap [ug]id" parameter values */
-
-static bool handle_idmap_uid(int snum, const char *pszParmValue, char **ptr)
+static bool handle_idmap_backend(int snum, const char *pszParmValue, char **ptr)
{
- uint32 low, high;
+ lp_do_parameter(snum, "idmap config * : backend", pszParmValue);
- if (sscanf(pszParmValue, "%u - %u", &low, &high) != 2 || high < low)
- return False;
-
- /* Parse OK */
+ return true;
+}
- string_set(ptr, pszParmValue);
+/* Do some simple checks on "idmap [ug]id" parameter values */
- idmap_uid_low = low;
- idmap_uid_high = high;
+static bool handle_idmap_uid(int snum, const char *pszParmValue, char **ptr)
+{
+ lp_do_parameter(snum, "idmap config * : range", pszParmValue);
return True;
}
static bool handle_idmap_gid(int snum, const char *pszParmValue, char **ptr)
{
- uint32 low, high;
-
- if (sscanf(pszParmValue, "%u - %u", &low, &high) != 2 || high < low)
- return False;
-
- /* Parse OK */
-
- string_set(ptr, pszParmValue);
-
- idmap_gid_low = low;
- idmap_gid_high = high;
+ lp_do_parameter(snum, "idmap config * : range", pszParmValue);
return True;
}
@@ -9481,6 +9459,8 @@ static bool lp_load_ex(const char *pszFname,
free_param_opts(&Globals.param_opt);
+ lp_do_parameter(-1, "idmap config * : backend", Globals.szIdmapBackend);
+
/* We get sections first, so have to start 'behind' to make up */
iServiceIndex = -1;
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index a2a727c..49d7c3a 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -153,61 +153,23 @@ NTSTATUS smb_register_idmap(int version, const char *name,
return NT_STATUS_OK;
}
-static bool parse_idmap_module(TALLOC_CTX *mem_ctx, const char *param,
- char **pmodulename, char **pargs)
-{
- char *modulename;
- char *args;
-
- if (strncmp(param, "idmap_", 6) == 0) {
- param += 6;
- DEBUG(1, ("idmap_init: idmap backend uses deprecated "
- "'idmap_' prefix. Please replace 'idmap_%s' by "
- "'%s'\n", param, param));
- }
-
- modulename = talloc_strdup(mem_ctx, param);
- if (modulename == NULL) {
- return false;
- }
-
- args = strchr(modulename, ':');
- if (args == NULL) {
- *pmodulename = modulename;
- *pargs = NULL;
- return true;
- }
-
- *args = '\0';
-
- args = talloc_strdup(mem_ctx, args+1);
- if (args == NULL) {
- TALLOC_FREE(modulename);
- return false;
- }
-
- *pmodulename = modulename;
- *pargs = args;
- return true;
-}
-
/**
* Initialize a domain structure
* @param[in] mem_ctx memory context for the result
* @param[in] domainname which domain is this for
* @param[in] modulename which backend module
- * @param[in] params parameter to pass to the init function
* @param[in] check_range whether range checking should be done
* @result The initialized structure
*/
static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx,
const char *domainname,
const char *modulename,
- const char *params,
bool check_range)
{
struct idmap_domain *result;
NTSTATUS status;
+ char *config_option = NULL;
+ const char *range;
result = talloc_zero(mem_ctx, struct idmap_domain);
if (result == NULL) {
@@ -224,78 +186,34 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx,
/*
* load ranges and read only information from the config
*/
- if (strequal(result->name, "*")) {
- /*
- * The default domain "*" is configured differently
- * from named domains.
- */
- uid_t low_uid = 0;
- uid_t high_uid = 0;
- gid_t low_gid = 0;
- gid_t high_gid = 0;
-
- result->low_id = 0;
- result->high_id = 0;
-
- if (!lp_idmap_uid(&low_uid, &high_uid)) {
- DEBUG(1, ("'idmap uid' not set!\n"));
- if (check_range) {
- goto fail;
- }
- }
-
- result->low_id = low_uid;
- result->high_id = high_uid;
- if (!lp_idmap_gid(&low_gid, &high_gid)) {
- DEBUG(1, ("'idmap gid' not set!\n"));
- if (check_range) {
- goto fail;
- }
- }
-
- if ((low_gid != low_uid) || (high_gid != high_uid)) {
- DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'"
- " ranges do not agree -- building "
- "intersection\n"));
- result->low_id = MAX(result->low_id, low_gid);
- result->high_id = MIN(result->high_id, high_gid);
- }
-
- result->read_only = lp_idmap_read_only();
- } else {
- char *config_option = NULL;
- const char *range;
+ config_option = talloc_asprintf(result, "idmap config %s",
+ result->name);
+ if (config_option == NULL) {
+ DEBUG(0, ("Out of memory!\n"));
+ goto fail;
+ }
- config_option = talloc_asprintf(result, "idmap config %s",
- result->name);
- if (config_option == NULL) {
- DEBUG(0, ("Out of memory!\n"));
+ range = lp_parm_const_string(-1, config_option, "range", NULL);
+ if (range == NULL) {
+ DEBUG(1, ("idmap range not specified for domain %s\n",
+ result->name));
+ if (check_range) {
goto fail;
}
-
- range = lp_parm_const_string(-1, config_option, "range", NULL);
- if (range == NULL) {
- DEBUG(1, ("idmap range not specified for domain %s\n",
- result ->name));
- if (check_range) {
- goto fail;
- }
- } else if (sscanf(range, "%u - %u", &result->low_id,
- &result->high_id) != 2)
- {
- DEBUG(1, ("invalid range '%s' specified for domain "
- "'%s'\n", range, result->name));
- if (check_range) {
- goto fail;
- }
+ } else if (sscanf(range, "%u - %u", &result->low_id,
+ &result->high_id) != 2)
+ {
+ DEBUG(1, ("invalid range '%s' specified for domain "
+ "'%s'\n", range, result->name));
+ if (check_range) {
+ goto fail;
}
+ }
- result->read_only = lp_parm_bool(-1, config_option, "read only",
- false);
+ result->read_only = lp_parm_bool(-1, config_option, "read only", false);
- talloc_free(config_option);
- }
+ talloc_free(config_option);
if (result->low_id > result->high_id) {
DEBUG(1, ("Error: invalid idmap range detected: %lu - %lu\n",
@@ -324,7 +242,7 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx,
goto fail;
}
- status = result->methods->init(result, params);
+ status = result->methods->init(result);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("idmap initialization returned %s\n",
nt_errstr(status)));
@@ -339,47 +257,6 @@ fail:
}
/**
- * Initialize the default domain structure
- * @param[in] mem_ctx memory context for the result
- * @result The default domain structure
- *
- * This routine takes the module name from the "idmap backend" parameter,
- * passing a possible parameter like ldap:ldap://ldap-url/ to the module.
- */
-
-static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx)
-{
- struct idmap_domain *result;
- char *modulename;
- char *params;
-
- idmap_init();
-
- if (!parse_idmap_module(talloc_tos(), lp_idmap_backend(), &modulename,
- ¶ms)) {
- DEBUG(1, ("parse_idmap_module failed\n"));
- return NULL;
- }
-
- DEBUG(3, ("idmap_init: using '%s' as remote backend\n", modulename));
-
- result = idmap_init_domain(mem_ctx, "*", modulename, params, true);
- if (result == NULL) {
- goto fail;
- }
-
- TALLOC_FREE(modulename);
- TALLOC_FREE(params);
- return result;
-
-fail:
- TALLOC_FREE(modulename);
- TALLOC_FREE(params);
- TALLOC_FREE(result);
- return NULL;
-}
-
-/**
* Initialize a named domain structure
* @param[in] mem_ctx memory context for the result
* @param[in] domname the domain name
@@ -396,6 +273,8 @@ static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx,
char *config_option;
const char *backend;
+ idmap_init();
+
config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
domname);
if (config_option == NULL) {
@@ -409,7 +288,7 @@ static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx,
goto fail;
}
- result = idmap_init_domain(mem_ctx, domname, backend, NULL, true);
+ result = idmap_init_domain(mem_ctx, domname, backend, true);
if (result == NULL) {
goto fail;
}
@@ -424,6 +303,20 @@ fail:
}
/**
+ * Initialize the default domain structure
+ * @param[in] mem_ctx memory context for the result
+ * @result The default domain structure
+ *
+ * This routine takes the module name from the "idmap backend" parameter,
+ * passing a possible parameter like ldap:ldap://ldap-url/ to the module.
+ */
+
+static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx)
--
Samba Shared Repository
More information about the samba-cvs
mailing list