[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Thu Nov 7 17:04:02 MST 2013


The branch, master has been updated
       via  15b0c39 net: remove net idmap secret
       via  d6979ee doc: update the net manpage for net idmap set, get and delete
       via  ebc9ff6 idmap_autorid: fix failure in reverse lookup if ID is from domain range index #0
       via  1524dc6 idmap_autorid: fix status code when trying to load range for an invalid input
       via  066915f net: correct typos in net idmap delete ranges help message
       via  a0e2177 idmap_autorid: add space between two words in a debug message
      from  27ca838 s4-lsa: Make sure we also duplicate the domain_name.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 15b0c39befae67004a0d462601eabc5172060031
Author: Atul Kulkarni <atul.kulkarni at in.ibm.com>
Date:   Thu Oct 3 16:17:47 2013 +0530

    net: remove net idmap secret
    
    This is moved to net idmap set secret for consistency.
    
    Signed-off-by: Atul Kulkarni <atul.kulkarni at in.ibm.com>
    Reviewed-by: Michael Adam <obnox at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Fri Nov  8 01:03:25 CET 2013 on sn-devel-104

commit d6979eea80b5467ef380cd2804286801404a0f65
Author: Atul Kulkarni <atul.kulkarni at in.ibm.com>
Date:   Thu Oct 3 22:14:53 2013 +0530

    doc: update the net manpage for net idmap set, get and delete
    
    Signed-off-by: Atul Kulkarni <atul.kulkarni at in.ibm.com>
    Reviewed-by: Michael Adam <obnox at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit ebc9ff616fefbf10b31e4e097f28fa17a1abc2f8
Author: Abhidnya Joshi <achirmul at in.ibm.com>
Date:   Fri Oct 25 07:06:01 2013 +0200

    idmap_autorid: fix failure in reverse lookup if ID is from domain range index #0
    
    Domain range index #0 is not included in the database record.
    So in this special case we only have the SID, not SID#IDX...
    
    Signed-off-by: Abhidnya Joshi <achirmul at in.ibm.com>
    Reviewed-by: Michael Adam <obnox at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 1524dc6006071d99d1a61c53301a25de91cda07d
Author: Michael Adam <obnox at samba.org>
Date:   Tue Nov 5 13:46:15 2013 +0100

    idmap_autorid: fix status code when trying to load range for an invalid input
    
    The "sid" input needs to be verified (it can currently be a SID or "ALLOC").
    When handing in string that is valid for other kinds of records,
    but not for the SID[#IDX]-->RANGE direction of mappings, like for instance
    a range number, then we get "NT_STATUS_INTERNAL_DB_CORRUPTION" because
    parse records finds the record, but it does not have the expected size...
    
    This patch fixes this problem by pre-validating the input before fetching
    the record from the database.
    
    Signed-off-by: Michael Adam <obnox at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 066915f29d20676335a88e93d4148713ec37ace7
Author: Atul Kulkarni <atul.kulkarni at in.ibm.com>
Date:   Fri Oct 4 00:15:19 2013 +0530

    net: correct typos in net idmap delete ranges help message
    
    Signed-off-by: Atul Kulkarni <atul.kulkarni at in.ibm.com>
    Reviewed-by: Michael Adam <obnox at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit a0e217713f6b6b58e0cf2eb5c22f4d58e014c109
Author: Atul Kulkarni <atul.kulkarni at in.ibm.com>
Date:   Wed Oct 2 20:14:04 2013 +0530

    idmap_autorid: add space between two words in a debug message
    
    Signed-off-by: Atul Kulkarni <atul.kulkarni at in.ibm.com>
    Reviewed-by: Michael Adam <obnox at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages/net.8.xml          |   69 +++++++++++++++++++++++++++++++++-
 source3/utils/net_idmap.c            |   12 +-----
 source3/winbindd/idmap_autorid.c     |    2 +-
 source3/winbindd/idmap_autorid_tdb.c |   10 ++++-
 4 files changed, 78 insertions(+), 15 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 4d0c6a0..2f04deb 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -1392,7 +1392,7 @@ Restore the mappings from the specified file or stdin.
 </refsect2>
 
 <refsect2>
-<title>IDMAP SECRET <DOMAIN> <secret></title>
+<title>IDMAP SET SECRET <DOMAIN> <secret></title>
 
 <para>
 Store a secret for the specified domain, used primarily for domains
@@ -1403,8 +1403,53 @@ as the password for the user DN used to bind to the ldap server.
 </refsect2>
 
 <refsect2>
+<title>IDMAP SET RANGE <RANGE> <SID> [index] [--db=<DB>]</title>
 
-<title>IDMAP DELETE [-f] [--db=<DB>] <ID></title>
+<para>
+Store a domain-range mapping for a given domain (and index) in autorid database.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP SET CONFIG <config> [--db=<DB>]</title>
+
+<para>
+Update CONFIG entry in autorid database.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP GET RANGE <SID> [index] [--db=<DB>]</title>
+
+<para>
+Get the range for a given domain and index from autorid database.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP GET RANGES [<SID>] [--db=<DB>]</title>
+
+<para>
+Get ranges for all domains or for one identified by given SID.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP GET CONFIG [--db=<DB>]</title>
+
+<para>
+Get CONFIG entry from autorid database.
+</para>
+
+</refsect2>
+
+<refsect2>
+
+<title>IDMAP DELETE MAPPING [-f] [--db=<DB>] <ID></title>
 
 <para>
 Delete a mapping sid <-> gid or sid <-> uid from the IDMAP database.
@@ -1419,6 +1464,26 @@ Use -f to delete an invalid partial mapping <ID> -> xx
 </refsect2>
 
 <refsect2>
+<title>IDMAP DELETE RANGE [-f] [--db=<TDB>] <RANGE>|(<SID> [<INDEX>])</title>
+
+<para>
+Delete a domain range mapping identified by 'RANGE' or "domain SID and INDEX" from autorid database.
+Use -f to delete invalid mappings.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP DELETE RANGES [-f] [--db=<TDB>] <SID></title>
+
+<para>
+Delete all domain range mappings for a domain identified by SID.
+Use -f to delete invalid mappings.
+</para>
+
+</refsect2>
+
+<refsect2>
 
 <title>IDMAP CHECK [-v] [-r] [-a] [-T] [-f] [-l] [--db=<DB>]</title>
 
diff --git a/source3/utils/net_idmap.c b/source3/utils/net_idmap.c
index de2d509..a26f2b9 100644
--- a/source3/utils/net_idmap.c
+++ b/source3/utils/net_idmap.c
@@ -737,7 +737,7 @@ static void net_idmap_autorid_delete_ranges_usage(void)
 {
 	d_printf("%s\n%s",
 		 _("Usage:"),
-		 _("net idmap delete ranges [-f] [--db=<TDB>] <SID>)\n"
+		 _("net idmap delete ranges [-f] [--db=<TDB>] <SID>\n"
 		   "  Delete all domain range mappings for a given domain.\n"
 		   "    -f\tforce\n"
 		   "    TDB\tidmap database\n"
@@ -814,7 +814,7 @@ static int net_idmap_delete(struct net_context *c, int argc, const char **argv)
 			"ranges",
 			net_idmap_autorid_delete_ranges,
 			NET_TRANSPORT_LOCAL,
-			N_("Delete all domain range mapping for a given "
+			N_("Delete all domain range mappings for a given "
 			   "domain"),
 			N_("net idmap delete ranges <SID>\n"
 			   "  Delete a domain range mapping")
@@ -1395,14 +1395,6 @@ int net_idmap(struct net_context *c, int argc, const char **argv)
 			   "  Delete entries from the ID mapping database")
 		},
 		{
-			"secret",
-			net_idmap_secret,
-			NET_TRANSPORT_LOCAL,
-			N_("Set secret for specified domain"),
-			N_("net idmap secret <DOMAIN> <secret>\n"
-			   "  Set secret for specified domain")
-		},
-		{
 			"check",
 			net_idmap_check,
 			NET_TRANSPORT_LOCAL,
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index fa16c13..4669b8d 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -223,7 +223,7 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg,
 		map->status = ID_UNKNOWN;
 		return NT_STATUS_OK;
 	}
-	if (q != NULL)
+	if ((q != NULL) && (*q != '\0'))
 		if (sscanf(q+1, "%"SCNu32, &domain_range_index) != 1) {
 			DEBUG(10, ("Domain range index not found, "
 				   "ignoring mapping request\n"));
diff --git a/source3/winbindd/idmap_autorid_tdb.c b/source3/winbindd/idmap_autorid_tdb.c
index 7d3275e..e06cb21 100644
--- a/source3/winbindd/idmap_autorid_tdb.c
+++ b/source3/winbindd/idmap_autorid_tdb.c
@@ -304,6 +304,12 @@ static NTSTATUS idmap_autorid_getrange_int(struct db_context *db,
 		goto done;
 	}
 
+	if (!idmap_autorid_validate_sid(range->domsid)) {
+		DEBUG(3, ("Invalid SID: '%s'\n", range->domsid));
+		status = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
 	idmap_autorid_build_keystr(range->domsid, range->domain_range_index,
 				   keystr);
 
@@ -743,8 +749,8 @@ bool idmap_autorid_parse_configstr(const char *configstr,
 		   "minvalue:%lu rangesize:%lu maxranges:%lu",
 		   &minvalue, &rangesize, &maxranges) != 3) {
 		DEBUG(1,
-		      ("Found invalid configuration data"
-		       "creating new config\n"));
+		      ("Found invalid configuration data. "
+		       "Creating new config\n"));
 		return false;
 	}
 


-- 
Samba Shared Repository


More information about the samba-cvs mailing list