IDMAP_BOTH support in smbd
abartlet at samba.org
Wed Mar 21 04:27:24 MDT 2012
On Wed, 2012-03-21 at 10:47 +0100, Michael Adam wrote:
> Hi Andrew,
> Andrew Bartlett wrote:
> > I've been working to slowly move to supporting IDMAP_BOTH in smbd, so as
> > to allow s3fs to function in all circumstances.
> Can you explain under what circumstances s3fs is working and
> under which it is not? (Maybe we can discuss this later on irc...)
No, sadly I do not have a failure case. I'm working on the basis of
Metze's comments that IDMAP_BOTH needs to be supported, and just trying
to methodically work over the stack to allow that, without breaking
> > Attached are my first two (untested at this time) patches, reworking the
> > in-memory cache and sids_to_unix_ids routine.
> I will look at those patches more closely and test..
They currently fail some tests, and I'm continuing to try and sort
> > From here, I plan to:
> > - change the passdb pdb_sid_to_id() call to return a struct unixid
> > (from idmap.idl)
> > - change struct wbcUnixId users (including those I've just added) to
> > struct unixid, avoiding the union in the libwbclient structure
> > - consolidate legacy_sid_to_uid and legacy_sid_to_gid into a single
> > legacy_sid_to_id() call
> > - consolidate sid_to_uid() and sid_to_gid() into a sid_to_id(), which
> > will be a wrapper around sids_to_unix_ids()
> sid_to_uid() and sid_to_gid() are already wrappers around the backend
> sids_to_unixids() calls, so that should be fairly easy!
> Please have a look at idmap_backends_sid_to_unixid() which is
> called by idmap_sid_to_uid() and idmap_sid_to_gid().
OK, so where I was caught out is on the smbd side of the winbindd pipe,
they call down to different wbc calls, and I wasn't able to yet prove
that the type of ID asked for is always disregarded (particularly in
terms of not staining the cache with a UID or GID, if the underlying
backend stored a IDMAP_BOTH). If this is already handled, then great!
> > - consolidate the caching layer in such a way that IDMAP_BOTH can be
> > supported.
> > To do this, I will need to determine if the winbindd idmap code is
> > dependent on the type of ID asked for: That is, if we move from
> > wbcSidToUid() to wbcSidsToUnixIds(), will the returned values change at
> > all?
> See the comment above.
> Also see that we are exposing the plural sids_to_unixids to the
> winbindd api already and using it in some (not all) places.
> The server implementation is in
Indeed, the fact that this is only used for the logon token processing
> I am happy to work with you on the idmap topic as time permits.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical