[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Fri Apr 25 09:53:03 MDT 2014
The branch, master has been updated
via 2372bd7 autorid: Add allocation from above in alloc range for well known sids
via 90d9445 autorid: use dbwrap_trans_do() in idmap_autorid_sid_to_id_alloc()
via 0df8988 autorid: add high_id to range config and fill it where we also fill range->low_id.
via a1adc88 autorid: reserve 500 IDs at the top of the ALLOC range.
via 57e49d9 autorid: reverse order of arguments of idmap_autorid_sid_to_id_alloc()
via 3f1297f autorid: introduce idmap_autorid_domsid_is_for_alloc()
via eaf770a autorid: factor idmap_autorid_sid_to_id() out of idmap_autorid_sids_to_unixids()
via 64e267c autorid: make the checks for bumping num_mapped identical for alloc and rid case
via 5d7b136 autorid: explicitly return NTSTATUS_OK in idmap_autorid_sid_to_id_alloc().
via 79a2458 autorid: more explicitly and reasonably set map->state in idmap_autorid_sid_to_id_alloc
via e32f6a2 autorid: rename idmap_autorid_sid_to_id() -> idmap_autorid_sid_to_id_rid()
via 31241be autorid: rename idmap_autorid_map_sid_to_id() -> idmap_autorid_sid_to_id_alloc()
via 22f7126 autorid: rename idmap_autorid_map_id_to_sid() -> idmap_autorid_id_to_sid_alloc()
via 5d9d4c7 autorid: factor idmap_autorid_get_alloc_range() out of idmap_autorid_allocate_id()
via 3c706e9 autorid: fix discard-const warning in idmap_autorid_init_hwm()
via 1da7b5b autorid: fix uninitialized return code for successful autorid.tdb creation/opening
via 04a4dc9 autorid: improve a debug message in idmap_autorid_map_sid_to_id()
via b1cb75a autorid: add debug messages to idmap_autorid_get_domainrange()
via b2ddea9 autorid: improve wording in a debug message
via 8408137 autorid: remove a legacy comment from sid_to_id
via 1eeb4bc idmap_rid: remove a legacy comment from sid_to_id
via 26062b4 idmap_tdb_common: remove legacy comment.
via 11b3937 idmap_tdb_common: fix a debug message in idmap_tdb_common_set_mapping()
via 377091a idmap_tdb_common: fix a debug message in idmap_tdb_common_unixid_to_sid()
from d50c007 s3-rpc_server: Remove ncalrpc_as_system from make_server_pipes_struct().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2372bd7d0ce6bfe2ce2cc64c1b368b6cc876c70d
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 11 19:14:41 2014 +0200
autorid: Add allocation from above in alloc range for well known sids
This way, we achieve a better determinism for the id mappings
of the well knowns without wasting a separate range.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Fri Apr 25 17:52:10 CEST 2014 on sn-devel-104
commit 90d9445da47f622093b6a18e7c2b4b4888cd26d6
Author: Michael Adam <obnox at samba.org>
Date: Thu Apr 24 13:34:40 2014 +0200
autorid: use dbwrap_trans_do() in idmap_autorid_sid_to_id_alloc()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 0df8988c086fb4d4ea4f683f3a2d399fd6e59f82
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 11 21:31:48 2014 +0200
autorid: add high_id to range config and fill it where we also fill range->low_id.
This corresponds to low_id for convenience and allows
for computations without going back to the global config.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a1adc881cf28643d1936b43c51e9a8839fc914d1
Author: Michael Adam <obnox at samba.org>
Date: Mon Apr 7 17:24:31 2014 +0200
autorid: reserve 500 IDs at the top of the ALLOC range.
The wellknowns are now allocated into this sub-range.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 57e49d90f245873883fb3ccc71191032b8d4768f
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 11 21:06:26 2014 +0200
autorid: reverse order of arguments of idmap_autorid_sid_to_id_alloc()
for consistency
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 3f1297f363552083397c206d2dcb512e7a5e5f8e
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 11 18:56:21 2014 +0200
autorid: introduce idmap_autorid_domsid_is_for_alloc()
Currently, this checks if the sid is a wellknown domain sid.
But the code reads more nicely and more domains might be added
in the future.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit eaf770a61191bdc968510b7b216d62fd633ca163
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 11 18:43:58 2014 +0200
autorid: factor idmap_autorid_sid_to_id() out of idmap_autorid_sids_to_unixids()
- reduces indentation
- unifies error code paths and bumping counters
- makes the code more easy to read
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 64e267c2feaecd9c2f0a60d548ccd2ff0ee37879
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 11 18:25:44 2014 +0200
autorid: make the checks for bumping num_mapped identical for alloc and rid case
in idmap_autorid_sids_to_unixids()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 5d7b1363f0c31acc7f385f69e7dec028b192e4bd
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 11 18:20:56 2014 +0200
autorid: explicitly return NTSTATUS_OK in idmap_autorid_sid_to_id_alloc().
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 79a245808cc61ad3396e246680d9d3ce9d230096
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 11 18:20:01 2014 +0200
autorid: more explicitly and reasonably set map->state in idmap_autorid_sid_to_id_alloc
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit e32f6a278dccb14991ba8103876d9a98a585150d
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 11 17:56:37 2014 +0200
autorid: rename idmap_autorid_sid_to_id() -> idmap_autorid_sid_to_id_rid()
For consistency. This is the function that does the calculation
if the sid is treated by a rid range.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 31241beec6f27ce69ff967a717d23d851001cb26
Author: Michael Adam <obnox at samba.org>
Date: Thu Apr 10 18:33:20 2014 +0200
autorid: rename idmap_autorid_map_sid_to_id() -> idmap_autorid_sid_to_id_alloc()
for consistency. this is the sid->id function for the alloc range.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 22f712628b5948352654a29796858ed95ccc14a1
Author: Michael Adam <obnox at samba.org>
Date: Thu Apr 10 18:20:23 2014 +0200
autorid: rename idmap_autorid_map_id_to_sid() -> idmap_autorid_id_to_sid_alloc()
for consistency. This is the function that maps id to sid
for the alloc range.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 5d9d4c73d77434d811f8e492c5efc5e7336f30db
Author: Michael Adam <obnox at samba.org>
Date: Mon Mar 17 12:49:59 2014 +0100
autorid: factor idmap_autorid_get_alloc_range() out of idmap_autorid_allocate_id()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 3c706e9f014fa1bd06e80c5c81f321dcf90ff58e
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 11 21:42:43 2014 +0200
autorid: fix discard-const warning in idmap_autorid_init_hwm()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 1da7b5b50cfc58550774a82197ff0a27f979b78b
Author: Michael Adam <obnox at samba.org>
Date: Wed Apr 23 18:19:09 2014 +0200
autorid: fix uninitialized return code for successful autorid.tdb creation/opening
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 04a4dc961e98cb07c9bee16513a96bebe5031153
Author: Michael Adam <obnox at samba.org>
Date: Mon Mar 17 12:49:19 2014 +0100
autorid: improve a debug message in idmap_autorid_map_sid_to_id()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit b1cb75a97232b433ecdf18e50027590238f05a9a
Author: Michael Adam <obnox at samba.org>
Date: Mon Mar 17 12:43:12 2014 +0100
autorid: add debug messages to idmap_autorid_get_domainrange()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit b2ddea94ccf6bd18bc0b8397239270c369293fd7
Author: Michael Adam <obnox at samba.org>
Date: Mon Mar 17 12:42:41 2014 +0100
autorid: improve wording in a debug message
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 840813793ab974b1acb1ca803188f18e87ae4dbb
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 11 20:59:52 2014 +0200
autorid: remove a legacy comment from sid_to_id
With the introduction of the ID_TYPE_BOTH mapping
to idmap_autorid, it is not a deficiency but a
virtue of the autorid backend that it does not
care about the existence or type of the
sid to be mapped.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 1eeb4bc0ffb7b470c255ca8888a752122d551d1d
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 11 21:03:06 2014 +0200
idmap_rid: remove a legacy comment from sid_to_id
With the introduction of the ID_TYPE_BOTH mapping
to idmap_rid, it is not a deficiency but a
virtue of the rid backend that it does not
care about the existence or type of the
sid to be mapped.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 26062b4a9d3c8684f8d1d3cf39656cb89f7a959c
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 11 23:52:20 2014 +0200
idmap_tdb_common: remove legacy comment.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 11b3937dddae1422fbacff7a0a639f6b40901275
Author: Michael Adam <obnox at samba.org>
Date: Thu Apr 24 17:18:34 2014 +0200
idmap_tdb_common: fix a debug message in idmap_tdb_common_set_mapping()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 377091a06580616ff5861751fa5eaacc7c08db65
Author: Michael Adam <obnox at samba.org>
Date: Wed Apr 23 21:52:07 2014 +0200
idmap_tdb_common: fix a debug message in idmap_tdb_common_unixid_to_sid()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/include/idmap_autorid_tdb.h | 1 +
source3/winbindd/idmap_autorid.c | 364 +++++++++++++++++++++-------------
source3/winbindd/idmap_autorid_tdb.c | 14 +-
source3/winbindd/idmap_rid.c | 4 -
source3/winbindd/idmap_tdb_common.c | 10 +-
5 files changed, 243 insertions(+), 150 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/idmap_autorid_tdb.h b/source3/include/idmap_autorid_tdb.h
index 2d2d01a..52bee56 100644
--- a/source3/include/idmap_autorid_tdb.h
+++ b/source3/include/idmap_autorid_tdb.h
@@ -49,6 +49,7 @@ struct autorid_range_config {
uint32_t rangenum;
uint32_t domain_range_index;
uint32_t low_id;
+ uint32_t high_id;
};
/**
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index a0262fa..37612c2 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -82,11 +82,29 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_IDMAP
+#define IDMAP_AUTORID_ALLOC_RESERVED 500
+
/* handle to the tdb storing domain <-> range assignments */
static struct db_context *autorid_db;
static bool ignore_builtin = false;
+static NTSTATUS idmap_autorid_get_alloc_range(struct idmap_domain *dom,
+ struct autorid_range_config *range)
+{
+ NTSTATUS status;
+
+ ZERO_STRUCT(*range);
+
+ fstrcpy(range->domsid, ALLOC_RANGE);
+
+ status = idmap_autorid_get_domainrange(autorid_db,
+ range,
+ dom->read_only);
+
+ return status;
+}
+
static NTSTATUS idmap_autorid_allocate_id(struct idmap_domain *dom,
struct unixid *xid) {
@@ -101,12 +119,7 @@ static NTSTATUS idmap_autorid_allocate_id(struct idmap_domain *dom,
/* fetch the range for the allocation pool */
- ZERO_STRUCT(range);
-
- fstrcpy(range.domsid, ALLOC_RANGE);
-
- ret = idmap_autorid_get_domainrange(autorid_db, &range, dom->read_only);
-
+ ret = idmap_autorid_get_alloc_range(dom, &range);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(3, ("Could not determine range for allocation pool, "
"check previous messages for reason\n"));
@@ -131,8 +144,8 @@ static NTSTATUS idmap_autorid_allocate_id(struct idmap_domain *dom,
/*
* map a SID to xid using the idmap_tdb like pool
*/
-static NTSTATUS idmap_autorid_map_id_to_sid(struct idmap_domain *dom,
- struct id_map *map)
+static NTSTATUS idmap_autorid_id_to_sid_alloc(struct idmap_domain *dom,
+ struct id_map *map)
{
NTSTATUS ret;
@@ -214,7 +227,7 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg,
"checking for mapping\n",
map->xid.id));
TALLOC_FREE(data.dptr);
- return idmap_autorid_map_id_to_sid(dom, map);
+ return idmap_autorid_id_to_sid_alloc(dom, map);
}
ok = dom_sid_parse_endp((const char *)data.dptr, &domsid, &q);
@@ -250,7 +263,8 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg,
Single sid to id lookup function.
**********************************/
-static NTSTATUS idmap_autorid_sid_to_id(struct autorid_global_config *global,
+static NTSTATUS idmap_autorid_sid_to_id_rid(
+ struct autorid_global_config *global,
struct autorid_range_config *range,
struct id_map *map)
{
@@ -263,11 +277,6 @@ static NTSTATUS idmap_autorid_sid_to_id(struct autorid_global_config *global,
map->xid.id = reduced_rid + range->low_id;
map->xid.type = ID_TYPE_BOTH;
-
- /* We **really** should have some way of validating
- the SID exists and is the correct type here. But
- that is a deficiency in the idmap_rid design. */
-
map->status = ID_MAPPED;
return NT_STATUS_OK;
@@ -331,15 +340,120 @@ static NTSTATUS idmap_autorid_unixids_to_sids(struct idmap_domain *dom,
return ret;
}
+static bool idmap_autorid_sid_is_special(struct dom_sid *sid)
+{
+ bool match;
+
+ match = sid_check_is_in_wellknown_domain(sid);
+ if (match) {
+ return true;
+ }
+
+ return false;
+}
+
+static NTSTATUS idmap_autorid_sid_to_id_special(struct idmap_domain *dom,
+ struct id_map *map)
+{
+ struct idmap_tdb_common_context *common =
+ talloc_get_type_abort(dom->private_data,
+ struct idmap_tdb_common_context);
+ uint32_t count;
+ struct autorid_range_config range;
+ NTSTATUS status;
+ uint32_t free_id;
+
+ status = idmap_autorid_get_alloc_range(dom, &range);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* Take the next free ID, counting from the top */
+ free_id = 0;
+ for (count = 0; count < IDMAP_AUTORID_ALLOC_RESERVED; count++) {
+ struct id_map test_map;
+ struct dom_sid sid;
+
+ test_map.sid = &sid;
+ test_map.xid.type = map->xid.type;
+ test_map.xid.id = range.high_id - count;
+ test_map.status = ID_UNKNOWN;
+
+ status = idmap_tdb_common_unixid_to_sid(dom, &test_map);
+ if (NT_STATUS_EQUAL(NT_STATUS_NONE_MAPPED, status)) {
+ free_id = test_map.xid.id;
+ break;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ /* error - get out */
+ return status;
+ }
+
+ /* mapping exists - try next ID */
+ }
+
+ if (free_id == 0) {
+ return NT_STATUS_NONE_MAPPED;
+ }
+
+ map->status = ID_MAPPED;
+ map->xid.id = free_id;
+
+ status = common->rw_ops->set_mapping(dom, map);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2, ("Error storing new mapping: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+struct idmap_autorid_sid_to_id_alloc_ctx {
+ struct idmap_domain *dom;
+ struct id_map *map;
+};
+
+static NTSTATUS idmap_autorid_sid_to_id_alloc_action(
+ struct db_context *db,
+ void *private_data)
+{
+ struct idmap_autorid_sid_to_id_alloc_ctx *ctx;
+
+ ctx = (struct idmap_autorid_sid_to_id_alloc_ctx *)private_data;
+
+ if (idmap_autorid_sid_is_special(ctx->map->sid)) {
+ NTSTATUS ret;
+
+ ret = idmap_autorid_sid_to_id_special(ctx->dom, ctx->map);
+ if (NT_STATUS_IS_OK(ret)) {
+ return NT_STATUS_OK;
+ }
+ if (!NT_STATUS_EQUAL(NT_STATUS_NONE_MAPPED, ret)) {
+ return ret;
+ }
+
+ DEBUG(10, ("Sepecial sid %s not mapped. falling back to "
+ "regular allocation\n",
+ sid_string_dbg(ctx->map->sid)));
+ }
+
+ return idmap_tdb_common_new_mapping(ctx->dom, ctx->map);
+}
+
/*
* map a SID to xid using the idmap_tdb like pool
*/
-static NTSTATUS idmap_autorid_map_sid_to_id(struct idmap_domain *dom,
- struct id_map *map,
- struct idmap_tdb_common_context *ctx)
+static NTSTATUS idmap_autorid_sid_to_id_alloc(
+ struct idmap_tdb_common_context *ctx,
+ struct idmap_domain *dom,
+ struct id_map *map)
{
NTSTATUS ret;
- int res;
+ struct idmap_autorid_sid_to_id_alloc_ctx alloc_ctx;
+
+ map->status = ID_UNKNOWN;
/* see if we already have a mapping */
ret = idmap_tdb_common_sid_to_unixid(dom, map);
@@ -351,46 +465,120 @@ static NTSTATUS idmap_autorid_map_sid_to_id(struct idmap_domain *dom,
/* bad things happened */
if (!NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) {
- DEBUG(1, ("Looking up SID->ID mapping for %s failed\n",
- sid_string_dbg(map->sid)));
+ DEBUG(1, ("Looking up SID->ID mapping for %s failed: %s\n",
+ sid_string_dbg(map->sid), nt_errstr(ret)));
return ret;
}
if (dom->read_only) {
DEBUG(3, ("Not allocating new mapping for %s, because backend "
"is read-only\n", sid_string_dbg(map->sid)));
+ map->status = ID_UNMAPPED;
return NT_STATUS_NONE_MAPPED;
}
DEBUG(10, ("Creating new mapping in pool for %s\n",
sid_string_dbg(map->sid)));
- /* create new mapping */
- res = dbwrap_transaction_start(ctx->db);
- if (res != 0) {
- DEBUG(2, ("transaction_start failed\n"));
+ alloc_ctx.dom = dom;
+ alloc_ctx.map = map;
+
+ ret = dbwrap_trans_do(ctx->db, idmap_autorid_sid_to_id_alloc_action,
+ &alloc_ctx);
+ if (!NT_STATUS_IS_OK(ret)) {
+ DEBUG(1, ("Failed to create a new mapping in alloc range: %s\n",
+ nt_errstr(ret)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- ret = idmap_tdb_common_new_mapping(dom, map);
+ map->status = ID_MAPPED;
+ return NT_STATUS_OK;
+}
- map->status = (NT_STATUS_IS_OK(ret))?ID_MAPPED:ID_UNMAPPED;
+static bool idmap_autorid_domsid_is_for_alloc(struct dom_sid *sid)
+{
+ bool match;
- if (!NT_STATUS_IS_OK(ret)) {
- if (dbwrap_transaction_cancel(ctx->db) != 0) {
- smb_panic("Cancelling transaction failed");
- }
- return ret;
+ match = sid_check_is_wellknown_domain(sid, NULL);
+ if (match) {
+ return true;
}
- res = dbwrap_transaction_commit(ctx->db);
- if (res == 0) {
- return ret;
+ return false;
+}
+
+static NTSTATUS idmap_autorid_sid_to_id(struct idmap_tdb_common_context *common,
+ struct idmap_domain *dom,
+ struct id_map *map)
+{
+ struct autorid_global_config *global =
+ talloc_get_type_abort(common->private_data,
+ struct autorid_global_config);
+ struct winbindd_tdc_domain *domain;
+ struct autorid_range_config range;
+ uint32_t rid;
+ struct dom_sid domainsid;
+ NTSTATUS ret;
+
+ ZERO_STRUCT(range);
+ map->status = ID_UNKNOWN;
+
+ DEBUG(10, ("Trying to map %s\n", sid_string_dbg(map->sid)));
+
+ sid_copy(&domainsid, map->sid);
+ if (!sid_split_rid(&domainsid, &rid)) {
+ DEBUG(4, ("Could not determine domain SID from %s, "
+ "ignoring mapping request\n",
+ sid_string_dbg(map->sid)));
+ map->status = ID_UNMAPPED;
+ return NT_STATUS_NONE_MAPPED;
+ }
+
+ if (idmap_autorid_domsid_is_for_alloc(&domainsid)) {
+ DEBUG(10, ("SID %s is for ALLOC range.\n",
+ sid_string_dbg(map->sid)));
+
+ return idmap_autorid_sid_to_id_alloc(common, dom, map);
}
- DEBUG(2, ("transaction_commit failed\n"));
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ if (dom_sid_equal(&domainsid, &global_sid_Builtin) && ignore_builtin) {
+ DEBUG(10, ("Ignoring request for BUILTIN domain\n"));
+ map->status = ID_UNMAPPED;
+ return NT_STATUS_NONE_MAPPED;
+ }
+
+ /*
+ * Check if the domain is around
+ */
+ domain = wcache_tdc_fetch_domainbysid(talloc_tos(),
+ &domainsid);
+ if (domain == NULL) {
+ DEBUG(10, ("Ignoring unknown domain sid %s\n",
+ sid_string_dbg(&domainsid)));
+ map->status = ID_UNMAPPED;
+ return NT_STATUS_NONE_MAPPED;
+ }
+ TALLOC_FREE(domain);
+
+ sid_to_fstring(range.domsid, &domainsid);
+
+ range.domain_range_index = rid / (global->rangesize);
+
+ ret = idmap_autorid_get_domainrange(autorid_db, &range, dom->read_only);
+ if (NT_STATUS_EQUAL(ret, NT_STATUS_NOT_FOUND) && dom->read_only) {
+ DEBUG(10, ("read-only is enabled, did not allocate "
+ "new range for domain %s\n",
+ sid_string_dbg(&domainsid)));
+ map->status = ID_UNMAPPED;
+ return NT_STATUS_NONE_MAPPED;
+ }
+ if (!NT_STATUS_IS_OK(ret)) {
+ DEBUG(3, ("Could not determine range for domain, "
+ "check previous messages for reason\n"));
+ return ret;
+ }
+ return idmap_autorid_sid_to_id_rid(global, &range, map);
}
/**********************************
@@ -401,7 +589,6 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom,
struct id_map **ids)
{
struct idmap_tdb_common_context *commoncfg;
- struct autorid_global_config *global;
NTSTATUS ret;
int i;
int num_tomap = 0;
@@ -417,105 +604,17 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom,
talloc_get_type_abort(dom->private_data,
struct idmap_tdb_common_context);
- global = talloc_get_type(commoncfg->private_data,
- struct autorid_global_config);
-
for (i = 0; ids[i]; i++) {
- struct winbindd_tdc_domain *domain;
- struct autorid_range_config range;
- uint32_t rid;
- struct dom_sid domainsid;
-
- ZERO_STRUCT(range);
-
- DEBUG(10, ("Trying to map %s\n", sid_string_dbg(ids[i]->sid)));
-
- sid_copy(&domainsid, ids[i]->sid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(4, ("Could not determine domain SID from %s, "
- "ignoring mapping request\n",
- sid_string_dbg(ids[i]->sid)));
- continue;
- }
-
- /* is this a well-known SID? */
-
- if (sid_check_is_wellknown_domain(&domainsid, NULL)) {
-
- DEBUG(10, ("SID %s is well-known, using pool\n",
- sid_string_dbg(ids[i]->sid)));
-
- ret = idmap_autorid_map_sid_to_id(dom, ids[i],
- commoncfg);
-
- if (!NT_STATUS_IS_OK(ret) &&
- !NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) {
- DEBUG(3, ("Unexpected error resolving "
- "SID (%s)\n",
- sid_string_dbg(ids[i]->sid)));
- goto failure;
- }
-
- if (ids[i]->status == ID_MAPPED) {
- num_mapped++;
- }
-
- continue;
- }
-
- /* BUILTIN is passdb's job */
- if (dom_sid_equal(&domainsid, &global_sid_Builtin) &&
- ignore_builtin) {
- DEBUG(10, ("Ignoring request for BUILTIN domain\n"));
- continue;
- }
-
- /*
- * Check if the domain is around
- */
- domain = wcache_tdc_fetch_domainbysid(talloc_tos(),
- &domainsid);
- if (domain == NULL) {
- DEBUG(10, ("Ignoring unknown domain sid %s\n",
- sid_string_dbg(&domainsid)));
- continue;
- }
- TALLOC_FREE(domain);
-
- sid_to_fstring(range.domsid, &domainsid);
-
- /* Calculate domain_range_index for multi-range support */
- range.domain_range_index = rid / (global->rangesize);
-
- ret = idmap_autorid_get_domainrange(autorid_db, &range,
- dom->read_only);
-
- /* read-only mode and a new domain range would be required? */
- if (NT_STATUS_EQUAL(ret, NT_STATUS_NOT_FOUND) &&
- dom->read_only) {
- DEBUG(10, ("read-only is enabled, did not allocate "
- "new range for domain %s\n",
- sid_string_dbg(&domainsid)));
- continue;
- }
-
- if (!NT_STATUS_IS_OK(ret)) {
- DEBUG(3, ("Could not determine range for domain, "
- "check previous messages for reason\n"));
- goto failure;
- }
-
- ret = idmap_autorid_sid_to_id(global, &range, ids[i]);
-
+ ret = idmap_autorid_sid_to_id(commoncfg, dom, ids[i]);
if ((!NT_STATUS_IS_OK(ret)) &&
(!NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED))) {
/* some fatal error occurred, log it */
DEBUG(3, ("Unexpected error resolving a SID (%s)\n",
sid_string_dbg(ids[i]->sid)));
- goto failure;
+ return ret;
}
- if (NT_STATUS_IS_OK(ret)) {
+ if (NT_STATUS_IS_OK(ret) && ids[i]->status == ID_MAPPED) {
num_mapped++;
}
}
@@ -527,10 +626,6 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom,
}
return STATUS_SOME_UNMAPPED;
-
- failure:
- return ret;
-
}
static NTSTATUS idmap_autorid_preallocate_wellknown(struct idmap_domain *dom)
@@ -677,7 +772,8 @@ static NTSTATUS idmap_autorid_initialize(struct idmap_domain *dom)
/* fill the TDB common configuration */
- commonconfig->max_id = config->rangesize -1;
+ commonconfig->max_id = config->rangesize - 1
--
Samba Shared Repository
More information about the samba-cvs
mailing list