[Patch] Add an idmap implementation to winbind
simo
idra at samba.org
Thu Feb 14 17:21:35 GMT 2008
On Thu, 2008-02-14 at 18:12 +0100, Kai Blin wrote:
> > Eventually as a separate partition?
>
> Sure, if someone tells me how to do this. Finding my way around ldb has been
> really cumbersome so far.
You can start with just using the default partition imo, we will se if
there is any reason to split it in a separate one.
sam.ldb will require schema though.
> > Reading the fourth patch it appears like you are using your functions in
> > a set of composite functions, this means that you are introducing
> > blocking synchronous calls (gendb_search) in an a supposedly async set
> > of calls, not good.
>
> My first go at getting id mapping into winbind was using sidmap, which uses
> the same calls. Also, in the beginning I was trying to stay close to the API
> Samba3 idmap provided. Fair enough, I'll change it once somebody points me at
> the calls to use instead.
Yes sidmap used the assumption that pure ldb with tdb backend never
blocks. But as soon as you consider using an ldap uri instead of a tdb
file (which is a very neat way to use a common shared server between
different member servers without changing a single line of code), then
this does not hold true anymore.
> > Reading the fifth patch I see no call to validate a SID before consuming
> > a uid/gid to make a mapping. This means someone can simply query for N
> > non existing SIDs and deplete the given range (DoS).
>
> Validate as in how? Last time I discussed this with Metze he told me I should
> map SIDs even if they're not from a trusted domain.
Well there should be at least a config option somewhere (even an
attribute in the ldb database), where you deny this by default.
At user option, user may decide to remove the safety constraint of being
able to resolve a SID before creating a mapping.
> > Also the high watermark is simply replaced, not deleted and added, this
> > means in theory 2 concurrent process can allocate the samba uid/gid to 2
> > different SIDs and never notice, as the high watermark update is not
> > atomic. Transactions are not used either so there is no way to detect it
> > later and rollback.
>
> Again, just tell me what calls I should use.
See code in samldb on how nextRid is updated.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>
More information about the samba-technical
mailing list