[PATCH] idmap autorid extension to support rid greater than rangesize

Abhidnya S Joshi achirmul at in.ibm.com
Fri Apr 12 02:52:44 MDT 2013 

Hi Christian,

Please find below attached update patch. This takes care of 
1. changing multipler from uint_16 to uint_32 to allow large values.
2. correction in sscanf



Thanks and Regards
Abhidnya Joshi



From:   Christian Ambach <ambi at samba.org>
To:     Abhidnya S Joshi/India/IBM at IBMIN, 
Cc:     samba-technical at samba.org
Date:   04/10/2013 01:18 AM
Subject:        Re: [PATCH] idmap autorid extension to support rid greater 
than rangesize



Hi Abhidnya,

On 04/02/2013 12:38 PM, Abhidnya S Joshi wrote:
> Hi,
>
> Please find attached patch for multiple range support in autorid idmap
> module. This patch applies to master branch.
> The autorid man page says:
> "SIDs with RIDs larger than rangesize cannot be mapped, are ignored and
> the corresponding map is discarded. Choose this value carefully, as this
> should not be changed after the first ranges for domains have been
> defined, otherwise mappings between domains will get intermixed leading 
to
> unpredictable results. As the parameter cannot be changed later, please
> plan accordingly for your expected number of users in a domain with 
safety
> margins."

Would be good if you would also provide an update for the manpage that
removes the limitation as another patch to keep the docs up2date with
the code.

> In production environment, it sometimes becomes difficult to plan max 
rid
> in advance and thus rangesize. With this patch, autorid module will be
> able to support rids larger than rangesize.(Provided range is available)
>
> e.g. The existing method is ID = IDMAP UID LOW VALUE + DOMAINRANGENUMBER 
*
> RANGESIZE + RID
>
> This patch will use ID = IDMAP UID LOW VALUE + DOMAINRANGENUMBER *
> RANGESIZE + RID – ( MULTIPLIER * RANGESIZE)

This can probably also expressed as
ID = LOW VALUE + (DOMAINRANGENUMBER-MULTIPLIER) * RANGESIZE + RID
Correct?

Which formula is used for the opposite direction (xid -> SID)?

> where Multiplier is an unsigned integer  which defines the number of
> ranges to skip while allocating a range. It is calculated by dividing
> incoming RID with RangeSize.
>
> Note: This is just extension to autorid and will not hanmper existing
> functionality

About the patch itself:
+                if (q != NULL)
+                                sscanf(q+1, "%"PRIu16, &multiplier);

This hunk doesn't look correct:
1. you should use SCNu16, PRI is used for printf purposes.
2. you should not ignore the return code of sscanf. A return value other
than 1 indicates an error and then multiplier might have an undefined 
value.

I'll do some functional testing of the patch in the next days, but I am
afraid that one comment that I shared with you earlier is still valid:
There is a potential that this code returns uid/gid values that are
outside of the allowed range.
I'll retest this and let you know about my observations.

Cheers,
Christian




-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-winbindd-autorid-multiple-range-support.patch
Type: application/octet-stream
Size: 5385 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130412/48fc24c6/attachment.obj>

More information about the samba-technical mailing list