[SCM] Samba Shared Repository - branch master updated
Christian Ambach
ambi at samba.org
Fri Oct 21 10:05:02 MDT 2011
The branch, master has been updated
via aa1fd27 s3:idmap_autorid: document allocation pool
via ed45a55 s3:idmap_autorid: add an allocation range to autorid
via 0a85d1c s3:idmap_autorid: move HWM initialization into a function
via 8d9aea2 s3:idmap_autorid: use strings as parameter for range allocator
via a4d245b s3:winbindd/idmap make idmap modules loadable again
via bfe1385 Revert "s3:idmap/autorid add a small alloc pool to autorid"
from 80741d9 libcli: remove unneeded com_err.h and fix the build here.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit aa1fd273171682271552ce82ce637c32c5047503
Author: Christian Ambach <ambi at samba.org>
Date: Thu Oct 20 18:53:02 2011 +0200
s3:idmap_autorid: document allocation pool
document the need that excessive use of local users/group might
require increasing the rangesize
Autobuild-User: Christian Ambach <ambi at samba.org>
Autobuild-Date: Fri Oct 21 18:04:50 CEST 2011 on sn-devel-104
commit ed45a558aed5cd7c7f21425ee93212bbf77da3ad
Author: Christian Ambach <ambi at samba.org>
Date: Thu Oct 20 18:44:48 2011 +0200
s3:idmap_autorid: add an allocation range to autorid
this is needed to allocate gids for BUILTIN\Users and
BUILTIN\Administrators and for local users/group that
admins might want to create
autorid will now allocate one range for this purpose
and can so give out as many uids and gids as the
configured rangesize allows
commit 0a85d1c8916a953edd00235f0701ab7d52868de7
Author: Christian Ambach <ambi at samba.org>
Date: Thu Oct 20 18:39:30 2011 +0200
s3:idmap_autorid: move HWM initialization into a function
we will need some more HWM soon, so move out initialization and
optimize the logic using the new interface of dbwrap_fetch_uint32
commit 8d9aea2a66f83f109aba9e2fc2106c0b3fc4bf88
Author: Christian Ambach <ambi at samba.org>
Date: Thu Oct 20 18:22:19 2011 +0200
s3:idmap_autorid: use strings as parameter for range allocator
this prepares for allocation of non-domain ranges that cannot be
expressed by a SID (e.g. an allocation pool)
commit a4d245b3e8c4f7b911646464ba920fe71801358e
Author: Christian Ambach <ambi at samba.org>
Date: Thu Oct 20 17:59:32 2011 +0200
s3:winbindd/idmap make idmap modules loadable again
commit 355b5e3a831415d9bef97 changed the module system to
expect 'samba_init_module' as fixed initializer function
commit bfe1385e313156233c307855f507dbaf39e7616c
Author: Christian Ambach <ambi at samba.org>
Date: Wed Oct 19 16:14:06 2011 +0200
Revert "s3:idmap/autorid add a small alloc pool to autorid"
This reverts commit 0aa558718ad7427ee8b02046da73eea1838a5a32.
just having 500 uid/gids values is not good enough for
users using local users and groups in the order of thousands
better solution which will use a complete range for allocated
uids/gids will come next.
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages-3/idmap_autorid.8.xml | 7 +-
source3/winbindd/idmap_ad.c | 2 +-
source3/winbindd/idmap_adex/idmap_adex.c | 2 +-
source3/winbindd/idmap_autorid.c | 160 +++++++++++++++++++-----------
source3/winbindd/idmap_hash/idmap_hash.c | 2 +-
source3/winbindd/idmap_rid.c | 2 +-
source3/winbindd/idmap_tdb2.c | 2 +-
7 files changed, 113 insertions(+), 64 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/idmap_autorid.8.xml b/docs-xml/manpages-3/idmap_autorid.8.xml
index b5a9bde..e563cdd 100644
--- a/docs-xml/manpages-3/idmap_autorid.8.xml
+++ b/docs-xml/manpages-3/idmap_autorid.8.xml
@@ -51,7 +51,12 @@
for regular users. As the parameter cannot be changed later, please
plan accordingly for your expected number of users in a domain
with safety margins.
- </para>
+ </para>
+ <para>One range will be used for local users and groups.
+ Thus the number of local users and groups that can be created is
+ limited by this option as well. If you plan to create a large amount
+ of local users or groups, you will need set this parameter accordingly.
+ </para>
<para>The default value is 100000.</para>
</listitem>
</varlistentry>
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 65b5180..a3ecc47 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -1096,7 +1096,7 @@ static struct nss_info_methods nss_sfu20_methods = {
Initialize the plugins
***********************************************************************/
-NTSTATUS idmap_ad_init(void)
+NTSTATUS samba_init_module(void)
{
static NTSTATUS status_idmap_ad = NT_STATUS_UNSUCCESSFUL;
static NTSTATUS status_nss_rfc2307 = NT_STATUS_UNSUCCESSFUL;
diff --git a/source3/winbindd/idmap_adex/idmap_adex.c b/source3/winbindd/idmap_adex/idmap_adex.c
index c13642e..56e025d 100644
--- a/source3/winbindd/idmap_adex/idmap_adex.c
+++ b/source3/winbindd/idmap_adex/idmap_adex.c
@@ -385,7 +385,7 @@ static struct nss_info_methods adex_nss_methods = {
against the idmap and nss_info interfaces being in a half-registered
state.
**********************************************************************/
-NTSTATUS idmap_adex_init(void)
+NTSTATUS samba_init_module(void)
{
static NTSTATUS idmap_status = NT_STATUS_UNSUCCESSFUL;
static NTSTATUS nss_status = NT_STATUS_UNSUCCESSFUL;
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index 62339f1..1a88fd4 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -35,8 +35,9 @@
#define DBGC_CLASS DBGC_IDMAP
#define HWM "NEXT RANGE"
-#define ALLOC_HWM "NEXT ALLOC ID"
-#define ALLOC_POOL_SIZE 500
+#define ALLOC_HWM_UID "NEXT ALLOC UID"
+#define ALLOC_HWM_GID "NEXT ALLOC GID"
+#define ALLOC_RANGE "ALLOC"
#define CONFIGKEY "CONFIG"
struct autorid_global_config {
@@ -46,7 +47,7 @@ struct autorid_global_config {
};
struct autorid_domain_config {
- struct dom_sid sid;
+ fstring sid;
uint32_t domainnum;
struct autorid_global_config *globalcfg;
};
@@ -59,16 +60,14 @@ static NTSTATUS idmap_autorid_get_domainrange(struct db_context *db,
{
NTSTATUS ret;
uint32_t domainnum, hwm;
- fstring sidstr;
char *numstr;
struct autorid_domain_config *cfg;
cfg = (struct autorid_domain_config *)private_data;
- dom_sid_string_buf(&(cfg->sid), sidstr, sizeof(sidstr));
- ret = dbwrap_fetch_uint32(db, sidstr, &domainnum);
+ ret = dbwrap_fetch_uint32(db, cfg->sid, &domainnum);
if (!NT_STATUS_IS_OK(ret)) {
- DEBUG(10, ("Acquiring new range for domain %s\n", sidstr));
+ DEBUG(10, ("Acquiring new range for domain %s\n", cfg->sid));
/* fetch the current HWM */
ret = dbwrap_fetch_uint32(db, HWM, &hwm);
@@ -95,7 +94,7 @@ static NTSTATUS idmap_autorid_get_domainrange(struct db_context *db,
}
/* store away the new mapping in both directions */
- ret = dbwrap_trans_store_uint32(db, sidstr, domainnum);
+ ret = dbwrap_trans_store_uint32(db, cfg->sid, domainnum);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1, ("Fatal error while storing new "
"domain->range assignment!\n"));
@@ -109,8 +108,8 @@ static NTSTATUS idmap_autorid_get_domainrange(struct db_context *db,
}
ret = dbwrap_trans_store_bystring(db, numstr,
- string_term_tdb_data(sidstr),
- TDB_INSERT);
+ string_term_tdb_data(cfg->sid), TDB_INSERT);
+
talloc_free(numstr);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1, ("Fatal error while storing "
@@ -118,10 +117,10 @@ static NTSTATUS idmap_autorid_get_domainrange(struct db_context *db,
goto error;
}
DEBUG(5, ("Acquired new range #%d for domain %s\n",
- domainnum, sidstr));
+ domainnum, cfg->sid));
}
- DEBUG(10, ("Using range #%d for domain %s\n", domainnum, sidstr));
+ DEBUG(10, ("Using range #%d for domain %s\n", domainnum, cfg->sid));
cfg->domainnum = domainnum;
return NT_STATUS_OK;
@@ -170,6 +169,18 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg,
DEBUG(4, ("id %d belongs to range %d which does not have "
"domain mapping, ignoring mapping request\n",
map->xid.id, range));
+ TALLOC_FREE(data.dptr);
+ map->status = ID_UNKNOWN;
+ return NT_STATUS_OK;
+ }
+
+ if (strncmp((const char *)data.dptr,
+ ALLOC_RANGE,
+ strlen(ALLOC_RANGE)) == 0) {
+ /* this is from the alloc range, there is no mapping back */
+ DEBUG(5, ("id %d belongs to alloc range, cannot map back\n",
+ map->xid.id));
+ TALLOC_FREE(data.dptr);
map->status = ID_UNKNOWN;
return NT_STATUS_OK;
}
@@ -280,11 +291,12 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom,
struct winbindd_tdc_domain *domain;
struct autorid_domain_config domaincfg;
uint32_t rid;
+ struct dom_sid domainsid;
ZERO_STRUCT(domaincfg);
- sid_copy(&domaincfg.sid, ids[i]->sid);
- if (!sid_split_rid(&domaincfg.sid, &rid)) {
+ sid_copy(&domainsid, ids[i]->sid);
+ if (!sid_split_rid(&domainsid, &rid)) {
DEBUG(4, ("Could not determine domain SID from %s, "
"ignoring mapping request\n",
sid_string_dbg(ids[i]->sid)));
@@ -295,15 +307,16 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom,
* Check if the domain is around
*/
domain = wcache_tdc_fetch_domainbysid(talloc_tos(),
- &domaincfg.sid);
+ &domainsid);
if (domain == NULL) {
DEBUG(10, ("Ignoring unknown domain sid %s\n",
- sid_string_dbg(&domaincfg.sid)));
+ sid_string_dbg(&domainsid)));
continue;
}
TALLOC_FREE(domain);
domaincfg.globalcfg = global;
+ sid_to_fstring(domaincfg.sid, &domainsid);
ret = dbwrap_trans_do(autorid_db,
idmap_autorid_get_domainrange,
@@ -332,12 +345,35 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom,
}
+/* initialize the given HWM to 0 if it does not exist yet */
+static NTSTATUS idmap_autorid_init_hwm(const char *hwm) {
+
+ NTSTATUS status;
+ uint32_t hwmval;
+
+ status = dbwrap_fetch_uint32(autorid_db, hwm, &hwmval);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+ status = dbwrap_trans_store_int32(autorid_db, hwm, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,
+ ("Unable to initialise HWM (%s) in autorid "
+ "database: %s\n", hwm, nt_errstr(status)));
+ return NT_STATUS_INTERNAL_DB_ERROR;
+ }
+ } else if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("unable to fetch HWM (%s) from autorid "
+ "database: %s\n", hwm, nt_errstr(status)));
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
/*
* open and initialize the database which stores the ranges for the domains
*/
static NTSTATUS idmap_autorid_db_init(void)
{
- int32_t hwm;
NTSTATUS status;
if (autorid_db) {
@@ -356,42 +392,16 @@ static NTSTATUS idmap_autorid_db_init(void)
}
/* Initialize high water mark for the currently used range to 0 */
- status = dbwrap_fetch_int32(autorid_db, HWM, &hwm);
- if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND) ||
- (NT_STATUS_IS_OK(status) && (hwm < 0)))
- {
- status = dbwrap_trans_store_int32(autorid_db, HWM, 0);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,
- ("Unable to initialise HWM in autorid "
- "database: %s\n", nt_errstr(status)));
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
- } else if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("unable to fetch HWM from autorid database: %s\n",
- nt_errstr(status)));
- return status;
- }
- /* Initialize high water mark for alloc pool to 0 */
- status = dbwrap_fetch_int32(autorid_db, ALLOC_HWM, &hwm);
- if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND) ||
- (NT_STATUS_IS_OK(status) && (hwm < 0)))
- {
- status = dbwrap_trans_store_int32(autorid_db, ALLOC_HWM, 0);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,
- ("Unable to initialise alloc HWM in autorid "
- "database: %s\n", nt_errstr(status)));
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
- } else if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("unable to fetch alloc HWM from autorid database: "
- "%s\n", nt_errstr(status)));
- return status;
- }
+ status = idmap_autorid_init_hwm(HWM);
+ NT_STATUS_NOT_OK_RETURN(status);
- return NT_STATUS_OK;
+ status = idmap_autorid_init_hwm(ALLOC_HWM_UID);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ status = idmap_autorid_init_hwm(ALLOC_HWM_GID);
+
+ return status;
}
static struct autorid_global_config *idmap_autorid_loadconfig(TALLOC_CTX * ctx)
@@ -577,9 +587,11 @@ done:
static NTSTATUS idmap_autorid_allocate_id(struct idmap_domain *dom,
struct unixid *xid) {
- struct autorid_global_config *globalcfg;
NTSTATUS ret;
+ struct autorid_global_config *globalcfg;
+ struct autorid_domain_config domaincfg;
uint32_t hwm;
+ const char *hwmkey;
if (!strequal(dom->name, "*")) {
DEBUG(3, ("idmap_autorid_allocate_id: "
@@ -590,26 +602,58 @@ static NTSTATUS idmap_autorid_allocate_id(struct idmap_domain *dom,
return NT_STATUS_NOT_IMPLEMENTED;
}
+ if ((xid->type != ID_TYPE_UID) && (xid->type != ID_TYPE_GID)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+
globalcfg = talloc_get_type(dom->private_data,
struct autorid_global_config);
- ret = dbwrap_fetch_uint32(autorid_db, ALLOC_HWM, &hwm);
+ /* fetch the range for the allocation pool */
+
+ ZERO_STRUCT(domaincfg);
+
+ domaincfg.globalcfg = globalcfg;
+ fstrcpy(domaincfg.sid, ALLOC_RANGE);
+
+ ret = dbwrap_trans_do(autorid_db,
+ idmap_autorid_get_domainrange,
+ &domaincfg);
+ if (!NT_STATUS_IS_OK(ret)) {
+ DEBUG(3, ("Could not determine range for allocation pool, "
+ "check previous messages for reason\n"));
+ return ret;
+ }
+
+ /* fetch the current HWM */
+ hwmkey = (xid->type==ID_TYPE_UID)?ALLOC_HWM_UID:ALLOC_HWM_GID;
+
+ ret = dbwrap_fetch_uint32(autorid_db, hwmkey, &hwm);
+
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1, ("Failed to fetch current allocation HWM value: %s\n",
nt_errstr(ret)));
return NT_STATUS_INTERNAL_ERROR;
}
- if (hwm > ALLOC_POOL_SIZE) {
- DEBUG(1, ("allocation pool is depleted!\n"));
+ if (hwm >= globalcfg->rangesize) {
+ DEBUG(1, ("allocation range is depleted!\n"));
return NT_STATUS_NO_MEMORY;
}
- ret = dbwrap_change_uint32_atomic(autorid_db, ALLOC_HWM, &(xid->id), 1);
+ ret = dbwrap_change_uint32_atomic(autorid_db, hwmkey, &(xid->id), 1);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1, ("Fatal error while allocating new ID!\n"));
+ return ret;
}
- xid->id = (xid->id)+(globalcfg->minvalue);
+
+ xid->id = globalcfg->minvalue +
+ globalcfg->rangesize * domaincfg.domainnum +
+ xid->id;
+
+ DEBUG(10, ("Returned new %s %d from allocation range\n",
+ (xid->type==ID_TYPE_UID)?"uid":"gid", xid->id));
return ret;
}
@@ -624,7 +668,7 @@ static struct idmap_methods autorid_methods = {
.allocate_id = idmap_autorid_allocate_id
};
-NTSTATUS idmap_autorid_init(void)
+NTSTATUS samba_init_module(void)
{
return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION,
"autorid", &autorid_methods);
diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c
index a6e883c..1f36b21 100644
--- a/source3/winbindd/idmap_hash/idmap_hash.c
+++ b/source3/winbindd/idmap_hash/idmap_hash.c
@@ -366,7 +366,7 @@ static struct nss_info_methods hash_nss_methods = {
state.
**********************************************************************/
-NTSTATUS idmap_hash_init(void)
+NTSTATUS samba_init_module(void)
{
static NTSTATUS idmap_status = NT_STATUS_UNSUCCESSFUL;
static NTSTATUS nss_status = NT_STATUS_UNSUCCESSFUL;
diff --git a/source3/winbindd/idmap_rid.c b/source3/winbindd/idmap_rid.c
index edc5e16..4112fb8 100644
--- a/source3/winbindd/idmap_rid.c
+++ b/source3/winbindd/idmap_rid.c
@@ -187,7 +187,7 @@ static struct idmap_methods rid_methods = {
.sids_to_unixids = idmap_rid_sids_to_unixids,
};
-NTSTATUS idmap_rid_init(void)
+NTSTATUS samba_init_module(void)
{
return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "rid", &rid_methods);
}
diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c
index ab47fe5..ac3743e 100644
--- a/source3/winbindd/idmap_tdb2.c
+++ b/source3/winbindd/idmap_tdb2.c
@@ -874,7 +874,7 @@ static struct idmap_methods db_methods = {
.allocate_id = idmap_tdb2_get_new_id
};
-NTSTATUS idmap_tdb2_init(void)
+NTSTATUS samba_init_module(void)
{
return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "tdb2", &db_methods);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list