[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Thu Nov 10 12:54:35 MST 2011
The branch, v3-6-test has been updated
via a0cfd19 s3:idmap_autorid: document allocation pool
via a980956 s3:idmap_autorid: add an allocation range to autorid
via 31593bc s3:idmap_autorid: move HWM initialization into a function
via 188a12e s3:idmap_autorid: use strings as parameter for range allocator
from 81823a0 systemd: Fix dependencies.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit a0cfd1983fae8b0090bcae36a11dad4531e48f49
Author: Christian Ambach <ambi at samba.org>
Date: Thu Oct 20 18:53:02 2011 +0200
s3:idmap_autorid: document allocation pool
document the need that excessive use of local users/group might
require increasing the rangesize
Autobuild-User: Christian Ambach <ambi at samba.org>
Autobuild-Date: Fri Oct 21 18:04:50 CEST 2011 on sn-devel-104
The last 4 patches address bug #8444 (idmap_autorid does not have allocation
pool).
commit a98095601dc585a6c49813399466a455c43fc0fc
Author: Christian Ambach <ambi at samba.org>
Date: Thu Oct 20 18:44:48 2011 +0200
s3:idmap_autorid: add an allocation range to autorid
this is needed to allocate gids for BUILTIN\Users and
BUILTIN\Administrators and for local users/group that
admins might want to create
autorid will now allocate one range for this purpose
and can so give out as many uids and gids as the
configured rangesize allows
commit 31593bcd74f4063217190012a83e1003e29fdba7
Author: Christian Ambach <ambi at samba.org>
Date: Thu Oct 20 18:39:30 2011 +0200
s3:idmap_autorid: move HWM initialization into a function
we will need some more HWM soon, so move out initialization and
optimize the logic using the new interface of dbwrap_fetch_uint32
commit 188a12e1df2a5a3ae39cb2e25c87ae2093a62853
Author: Christian Ambach <ambi at samba.org>
Date: Thu Oct 20 18:22:19 2011 +0200
s3:idmap_autorid: use strings as parameter for range allocator
this prepares for allocation of non-domain ranges that cannot be
expressed by a SID (e.g. an allocation pool)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages-3/idmap_autorid.8.xml | 7 +-
source3/winbindd/idmap_autorid.c | 158 ++++++++++++++++++++++++++-----
2 files changed, 138 insertions(+), 27 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/idmap_autorid.8.xml b/docs-xml/manpages-3/idmap_autorid.8.xml
index 87b9268..c437d0e 100644
--- a/docs-xml/manpages-3/idmap_autorid.8.xml
+++ b/docs-xml/manpages-3/idmap_autorid.8.xml
@@ -51,7 +51,12 @@
for regular users. As the parameter cannot be changed later, please
plan accordingly for your expected number of users in a domain
with safety margins.
- </para>
+ </para>
+ <para>One range will be used for local users and groups.
+ Thus the number of local users and groups that can be created is
+ limited by this option as well. If you plan to create a large amount
+ of local users or groups, you will need set this parameter accordingly.
+ </para>
<para>The default value is 100000.</para>
</listitem>
</varlistentry>
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index 4028a46..6bb35de 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -34,6 +34,9 @@
#define DBGC_CLASS DBGC_IDMAP
#define HWM "NEXT RANGE"
+#define ALLOC_HWM_UID "NEXT ALLOC UID"
+#define ALLOC_HWM_GID "NEXT ALLOC GID"
+#define ALLOC_RANGE "ALLOC"
#define CONFIGKEY "CONFIG"
struct autorid_global_config {
@@ -43,7 +46,7 @@ struct autorid_global_config {
};
struct autorid_domain_config {
- struct dom_sid sid;
+ fstring sid;
uint32_t domainnum;
struct autorid_global_config *globalcfg;
};
@@ -56,15 +59,13 @@ static NTSTATUS idmap_autorid_get_domainrange(struct db_context *db,
{
NTSTATUS ret;
uint32_t domainnum, hwm;
- fstring sidstr;
char *numstr;
struct autorid_domain_config *cfg;
cfg = (struct autorid_domain_config *)private_data;
- dom_sid_string_buf(&(cfg->sid), sidstr, sizeof(sidstr));
- if (!dbwrap_fetch_uint32(db, sidstr, &domainnum)) {
- DEBUG(10, ("Acquiring new range for domain %s\n", sidstr));
+ if (!dbwrap_fetch_uint32(db, cfg->sid, &domainnum)) {
+ DEBUG(10, ("Acquiring new range for domain %s\n", cfg->sid));
/* fetch the current HWM */
if (!dbwrap_fetch_uint32(db, HWM, &hwm)) {
@@ -90,7 +91,7 @@ static NTSTATUS idmap_autorid_get_domainrange(struct db_context *db,
}
/* store away the new mapping in both directions */
- ret = dbwrap_trans_store_uint32(db, sidstr, domainnum);
+ ret = dbwrap_trans_store_uint32(db, cfg->sid, domainnum);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1, ("Fatal error while storing new "
"domain->range assignment!\n"));
@@ -104,8 +105,8 @@ static NTSTATUS idmap_autorid_get_domainrange(struct db_context *db,
}
ret = dbwrap_trans_store_bystring(db, numstr,
- string_term_tdb_data(sidstr),
- TDB_INSERT);
+ string_term_tdb_data(cfg->sid), TDB_INSERT);
+
talloc_free(numstr);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1, ("Fatal error while storing "
@@ -113,10 +114,10 @@ static NTSTATUS idmap_autorid_get_domainrange(struct db_context *db,
goto error;
}
DEBUG(5, ("Acquired new range #%d for domain %s\n",
- domainnum, sidstr));
+ domainnum, cfg->sid));
}
- DEBUG(10, ("Using range #%d for domain %s\n", domainnum, sidstr));
+ DEBUG(10, ("Using range #%d for domain %s\n", domainnum, cfg->sid));
cfg->domainnum = domainnum;
return NT_STATUS_OK;
@@ -164,6 +165,18 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg,
DEBUG(4, ("id %d belongs to range %d which does not have "
"domain mapping, ignoring mapping request\n",
map->xid.id, range));
+ TALLOC_FREE(data.dptr);
+ map->status = ID_UNKNOWN;
+ return NT_STATUS_OK;
+ }
+
+ if (strncmp((const char *)data.dptr,
+ ALLOC_RANGE,
+ strlen(ALLOC_RANGE)) == 0) {
+ /* this is from the alloc range, there is no mapping back */
+ DEBUG(5, ("id %d belongs to alloc range, cannot map back\n",
+ map->xid.id));
+ TALLOC_FREE(data.dptr);
map->status = ID_UNKNOWN;
return NT_STATUS_OK;
}
@@ -274,11 +287,12 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom,
struct winbindd_tdc_domain *domain;
struct autorid_domain_config domaincfg;
uint32_t rid;
+ struct dom_sid domainsid;
ZERO_STRUCT(domaincfg);
- sid_copy(&domaincfg.sid, ids[i]->sid);
- if (!sid_split_rid(&domaincfg.sid, &rid)) {
+ sid_copy(&domainsid, ids[i]->sid);
+ if (!sid_split_rid(&domainsid, &rid)) {
DEBUG(4, ("Could not determine domain SID from %s, "
"ignoring mapping request\n",
sid_string_dbg(ids[i]->sid)));
@@ -289,15 +303,16 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom,
* Check if the domain is around
*/
domain = wcache_tdc_fetch_domainbysid(talloc_tos(),
- &domaincfg.sid);
+ &domainsid);
if (domain == NULL) {
DEBUG(10, ("Ignoring unknown domain sid %s\n",
- sid_string_dbg(&domaincfg.sid)));
+ sid_string_dbg(&domainsid)));
continue;
}
TALLOC_FREE(domain);
domaincfg.globalcfg = global;
+ sid_to_fstring(domaincfg.sid, &domainsid);
ret = dbwrap_trans_do(autorid_db,
idmap_autorid_get_domainrange,
@@ -326,12 +341,32 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom,
}
+/* initialize the given HWM to 0 if it does not exist yet */
+static NTSTATUS idmap_autorid_init_hwm(const char *hwm) {
+
+ NTSTATUS status;
+ int32_t hwmval;
+
+ hwmval = dbwrap_fetch_int32(autorid_db, hwm);
+ if ((hwmval < 0)) {
+ status = dbwrap_trans_store_int32(autorid_db, hwm, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,
+ ("Unable to initialise HWM (%s) in autorid "
+ "database: %s\n", hwm, nt_errstr(status)));
+ return NT_STATUS_INTERNAL_DB_ERROR;
+ }
+ }
+
+ return NT_STATUS_OK;
+}
+
/*
* open and initialize the database which stores the ranges for the domains
*/
static NTSTATUS idmap_autorid_db_init(void)
{
- int32_t hwm;
+ NTSTATUS status;
if (autorid_db) {
/* its already open */
@@ -349,18 +384,16 @@ static NTSTATUS idmap_autorid_db_init(void)
}
/* Initialize high water mark for the currently used range to 0 */
- hwm = dbwrap_fetch_int32(autorid_db, HWM);
- if ((hwm < 0)) {
- if (!NT_STATUS_IS_OK
- (dbwrap_trans_store_int32(autorid_db, HWM, 0))) {
- DEBUG(0,
- ("Unable to initialise HWM in autorid "
- "database\n"));
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
- }
- return NT_STATUS_OK;
+ status = idmap_autorid_init_hwm(HWM);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ status = idmap_autorid_init_hwm(ALLOC_HWM_UID);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ status = idmap_autorid_init_hwm(ALLOC_HWM_GID);
+
+ return status;
}
static struct autorid_global_config *idmap_autorid_loadconfig(TALLOC_CTX * ctx)
@@ -541,6 +574,78 @@ done:
return status;
}
+static NTSTATUS idmap_autorid_allocate_id(struct idmap_domain *dom,
+ struct unixid *xid) {
+
+ NTSTATUS ret;
+ struct autorid_global_config *globalcfg;
+ struct autorid_domain_config domaincfg;
+ uint32_t hwm;
+ const char *hwmkey;
+
+ if (!strequal(dom->name, "*")) {
+ DEBUG(3, ("idmap_autorid_allocate_id: "
+ "Refusing creation of mapping for domain'%s'. "
+ "Currently only supported for the default "
+ "domain \"*\".\n",
+ dom->name));
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ if ((xid->type != ID_TYPE_UID) && (xid->type != ID_TYPE_GID)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+
+ globalcfg = talloc_get_type(dom->private_data,
+ struct autorid_global_config);
+
+ /* fetch the range for the allocation pool */
+
+ ZERO_STRUCT(domaincfg);
+
+ domaincfg.globalcfg = globalcfg;
+ fstrcpy(domaincfg.sid, ALLOC_RANGE);
+
+ ret = dbwrap_trans_do(autorid_db,
+ idmap_autorid_get_domainrange,
+ &domaincfg);
+ if (!NT_STATUS_IS_OK(ret)) {
+ DEBUG(3, ("Could not determine range for allocation pool, "
+ "check previous messages for reason\n"));
+ return ret;
+ }
+
+ /* fetch the current HWM */
+ hwmkey = (xid->type==ID_TYPE_UID)?ALLOC_HWM_UID:ALLOC_HWM_GID;
+
+ if (!dbwrap_fetch_uint32(autorid_db, hwmkey, &hwm)) {
+ DEBUG(1, ("Failed to fetch current allocation HWM value: %s\n",
+ nt_errstr(ret)));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ if (hwm >= globalcfg->rangesize) {
+ DEBUG(1, ("allocation range is depleted!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ret = dbwrap_change_uint32_atomic(autorid_db, hwmkey, &(xid->id), 1);
+ if (!NT_STATUS_IS_OK(ret)) {
+ DEBUG(1, ("Fatal error while allocating new ID!\n"));
+ return ret;
+ }
+
+ xid->id = globalcfg->minvalue +
+ globalcfg->rangesize * domaincfg.domainnum +
+ xid->id;
+
+ DEBUG(10, ("Returned new %s %d from allocation range\n",
+ (xid->type==ID_TYPE_UID)?"uid":"gid", xid->id));
+
+ return ret;
+}
+
/*
Close the idmap tdb instance
*/
@@ -548,6 +653,7 @@ static struct idmap_methods autorid_methods = {
.init = idmap_autorid_initialize,
.unixids_to_sids = idmap_autorid_unixids_to_sids,
.sids_to_unixids = idmap_autorid_sids_to_unixids,
+ .allocate_id = idmap_autorid_allocate_id
};
NTSTATUS idmap_autorid_init(void)
--
Samba Shared Repository
More information about the samba-cvs
mailing list