[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Tue Aug 16 23:22:08 UTC 2016
The branch, master has been updated
via b2bf613 idmap: centrally check that unix IDs returned by the idmap backends are in range
via c21976d idmap: don't generally forbid id==0 from idmap_unix_id_is_in_range()
from 5066a6d s3:lib/pthreadpool: fix the build on older systems
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b2bf61307cffd8ff7b6fb9852c107ab763653119
Author: Michael Adam <obnox at samba.org>
Date: Tue Aug 9 18:25:12 2016 +0200
idmap: centrally check that unix IDs returned by the idmap backends are in range
Note: in the long run, it might be good to move this kind of
exit check (before handing the result back to the client)
to the parent winbindd code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Wed Aug 17 01:21:39 CEST 2016 on sn-devel-144
commit c21976d4b1c604699299f2c0f768c1add93b349d
Author: Michael Adam <obnox at samba.org>
Date: Mon Aug 15 23:07:33 2016 +0200
idmap: don't generally forbid id==0 from idmap_unix_id_is_in_range()
If the range allows it, then id==0 should not be forbidden.
This seems to have been taken in from idmap_ldap when the
function was originally created.
See 634cd2e0451d4388c3e3f78239495cf595368b15 .
The other backends don't seem to have had that
extra check for id == 0.
The reasoning for this change is that the range check should
apply to all cases. If the range includes the 0, then it
should be possible to get it as result. In particular,
this way, the function becomes applicable also to the
passdb backend case, e.g. in a samba4-ad-dc setup where
the Admin gets uid == 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/idmap_util.c | 5 -----
source3/winbindd/winbindd_dual_srv.c | 4 ++++
2 files changed, 4 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c
index 3da39e8..196b4ad 100644
--- a/source3/winbindd/idmap_util.c
+++ b/source3/winbindd/idmap_util.c
@@ -34,11 +34,6 @@
*/
bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom)
{
- if (id == 0) {
- /* 0 is not an allowed unix id for id mapping */
- return false;
- }
-
if ((dom->low_id && (id < dom->low_id)) ||
(dom->high_id && (id > dom->high_id)))
{
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index fb65e9d..0484e19 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -189,6 +189,10 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p,
for (i=0; i<num_ids; i++) {
struct id_map *m = id_map_ptrs[i];
+ if (!idmap_unix_id_is_in_range(m->xid.id, dom)) {
+ m->status = ID_UNMAPPED;
+ }
+
if (m->status == ID_MAPPED) {
ids[i].xid = m->xid;
} else {
--
Samba Shared Repository
More information about the samba-cvs
mailing list