[PATCHSET] - fixes for idmap autorid and manpage update
Michael Adam
obnox at samba.org
Tue Nov 5 06:42:27 MST 2013
Hi,
attached find a set of patches by Abhidnya Joshi, Atul Kulkarni
and me that fix a few issues found in the new (and not so new)
idmap autorid code and also updates the net manpage to document
the new commands (which was forgotten in the code addition..)
The top patch removes the command "net idmap secret", which
has been made available as "net idmap set secret" for
consistency of the CLI.
I did not remove it in the initial patchset to not break
users of the functionality. But then this should be used
rarely enough that we might consider cleaning the CLI.
Opinions?
Review and push appreciated
Thanks - Michael
-------------- next part --------------
From bbf56252d1f4d3df7e9580f3b239698717afd7a0 Mon Sep 17 00:00:00 2001
From: Atul Kulkarni <atul.kulkarni at in.ibm.com>
Date: Wed, 2 Oct 2013 20:14:04 +0530
Subject: [PATCH 1/6] idmap_autorid: add space between two words in a debug
message
Signed-off-by: Atul Kulkarni <atul.kulkarni at in.ibm.com>
Reviewed-by: Michael Adam <obnox at samba.org>
---
source3/winbindd/idmap_autorid_tdb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source3/winbindd/idmap_autorid_tdb.c b/source3/winbindd/idmap_autorid_tdb.c
index 7d3275e..6896268 100644
--- a/source3/winbindd/idmap_autorid_tdb.c
+++ b/source3/winbindd/idmap_autorid_tdb.c
@@ -743,8 +743,8 @@ bool idmap_autorid_parse_configstr(const char *configstr,
"minvalue:%lu rangesize:%lu maxranges:%lu",
&minvalue, &rangesize, &maxranges) != 3) {
DEBUG(1,
- ("Found invalid configuration data"
- "creating new config\n"));
+ ("Found invalid configuration data. "
+ "Creating new config\n"));
return false;
}
--
1.7.9.5
From f53471f0cd9eaf805fc29bd82fa736762c7ecdf1 Mon Sep 17 00:00:00 2001
From: Atul Kulkarni <atul.kulkarni at in.ibm.com>
Date: Fri, 4 Oct 2013 00:15:19 +0530
Subject: [PATCH 2/6] net: correct typos in net idmap delete ranges help
message
Signed-off-by: Atul Kulkarni <atul.kulkarni at in.ibm.com>
Reviewed-by: Michael Adam <obnox at samba.org>
---
source3/utils/net_idmap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source3/utils/net_idmap.c b/source3/utils/net_idmap.c
index de2d509..15e78c6 100644
--- a/source3/utils/net_idmap.c
+++ b/source3/utils/net_idmap.c
@@ -737,7 +737,7 @@ static void net_idmap_autorid_delete_ranges_usage(void)
{
d_printf("%s\n%s",
_("Usage:"),
- _("net idmap delete ranges [-f] [--db=<TDB>] <SID>)\n"
+ _("net idmap delete ranges [-f] [--db=<TDB>] <SID>\n"
" Delete all domain range mappings for a given domain.\n"
" -f\tforce\n"
" TDB\tidmap database\n"
@@ -814,7 +814,7 @@ static int net_idmap_delete(struct net_context *c, int argc, const char **argv)
"ranges",
net_idmap_autorid_delete_ranges,
NET_TRANSPORT_LOCAL,
- N_("Delete all domain range mapping for a given "
+ N_("Delete all domain range mappings for a given "
"domain"),
N_("net idmap delete ranges <SID>\n"
" Delete a domain range mapping")
--
1.7.9.5
From f5f056db57350b6c94c8159e3e7eba8ef56e5937 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Tue, 5 Nov 2013 13:46:15 +0100
Subject: [PATCH 3/6] idmap_autorid: fix status code when trying to load range
for an invalid input
The "sid" input needs to be verified (it can currently be a SID or "ALLOC").
When handing in string that is valid for other kinds of records,
but not for the SID[#IDX]-->RANGE direction of mappings, like for instance
a range number, then we get "NT_STATUS_INTERNAL_DB_CORRUPTION" because
parse records finds the record, but it does not have the expected size...
This patch fixes this problem by pre-validating the input before fetching
the record from the database.
Signed-off-by: Michael Adam <obnox at samba.org>
---
source3/winbindd/idmap_autorid_tdb.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/source3/winbindd/idmap_autorid_tdb.c b/source3/winbindd/idmap_autorid_tdb.c
index 6896268..e06cb21 100644
--- a/source3/winbindd/idmap_autorid_tdb.c
+++ b/source3/winbindd/idmap_autorid_tdb.c
@@ -304,6 +304,12 @@ static NTSTATUS idmap_autorid_getrange_int(struct db_context *db,
goto done;
}
+ if (!idmap_autorid_validate_sid(range->domsid)) {
+ DEBUG(3, ("Invalid SID: '%s'\n", range->domsid));
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
+
idmap_autorid_build_keystr(range->domsid, range->domain_range_index,
keystr);
--
1.7.9.5
From c9778bbc64bf7ccb3bce7e6f2877ad11583a3b90 Mon Sep 17 00:00:00 2001
From: Abhidnya Joshi <achirmul at in.ibm.com>
Date: Fri, 25 Oct 2013 07:06:01 +0200
Subject: [PATCH 4/6] idmap_autorid: fix failure in reverse lookup if ID is
from domain range index #0
Domain range index #0 is not included in the database record.
So in this special case we only have the SID, not SID#IDX...
Signed-off-by: Abhidnya Joshi <achirmul at in.ibm.com>
Reviewed-by: Michael Adam <obnox at samba.org>
---
source3/winbindd/idmap_autorid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index fa16c13..4669b8d 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -223,7 +223,7 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg,
map->status = ID_UNKNOWN;
return NT_STATUS_OK;
}
- if (q != NULL)
+ if ((q != NULL) && (*q != '\0'))
if (sscanf(q+1, "%"SCNu32, &domain_range_index) != 1) {
DEBUG(10, ("Domain range index not found, "
"ignoring mapping request\n"));
--
1.7.9.5
From 9aa6130c877a99e81cf093c09a51a3abc66ff30f Mon Sep 17 00:00:00 2001
From: Atul Kulkarni <atul.kulkarni at in.ibm.com>
Date: Thu, 3 Oct 2013 22:14:53 +0530
Subject: [PATCH 5/6] doc: update the net manpage for net idmap set, get and
delete
Signed-off-by: Atul Kulkarni <atul.kulkarni at in.ibm.com>
Reviewed-by: Michael Adam <obnox at samba.org>
---
docs-xml/manpages/net.8.xml | 69 +++++++++++++++++++++++++++++++++++++++++--
1 file changed, 67 insertions(+), 2 deletions(-)
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 4d0c6a0..2f04deb 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -1392,7 +1392,7 @@ Restore the mappings from the specified file or stdin.
</refsect2>
<refsect2>
-<title>IDMAP SECRET <DOMAIN> <secret></title>
+<title>IDMAP SET SECRET <DOMAIN> <secret></title>
<para>
Store a secret for the specified domain, used primarily for domains
@@ -1403,8 +1403,53 @@ as the password for the user DN used to bind to the ldap server.
</refsect2>
<refsect2>
+<title>IDMAP SET RANGE <RANGE> <SID> [index] [--db=<DB>]</title>
-<title>IDMAP DELETE [-f] [--db=<DB>] <ID></title>
+<para>
+Store a domain-range mapping for a given domain (and index) in autorid database.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP SET CONFIG <config> [--db=<DB>]</title>
+
+<para>
+Update CONFIG entry in autorid database.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP GET RANGE <SID> [index] [--db=<DB>]</title>
+
+<para>
+Get the range for a given domain and index from autorid database.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP GET RANGES [<SID>] [--db=<DB>]</title>
+
+<para>
+Get ranges for all domains or for one identified by given SID.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP GET CONFIG [--db=<DB>]</title>
+
+<para>
+Get CONFIG entry from autorid database.
+</para>
+
+</refsect2>
+
+<refsect2>
+
+<title>IDMAP DELETE MAPPING [-f] [--db=<DB>] <ID></title>
<para>
Delete a mapping sid <-> gid or sid <-> uid from the IDMAP database.
@@ -1419,6 +1464,26 @@ Use -f to delete an invalid partial mapping <ID> -> xx
</refsect2>
<refsect2>
+<title>IDMAP DELETE RANGE [-f] [--db=<TDB>] <RANGE>|(<SID> [<INDEX>])</title>
+
+<para>
+Delete a domain range mapping identified by 'RANGE' or "domain SID and INDEX" from autorid database.
+Use -f to delete invalid mappings.
+</para>
+
+</refsect2>
+
+<refsect2>
+<title>IDMAP DELETE RANGES [-f] [--db=<TDB>] <SID></title>
+
+<para>
+Delete all domain range mappings for a domain identified by SID.
+Use -f to delete invalid mappings.
+</para>
+
+</refsect2>
+
+<refsect2>
<title>IDMAP CHECK [-v] [-r] [-a] [-T] [-f] [-l] [--db=<DB>]</title>
--
1.7.9.5
From 2c615d4c9086fd54c2080c1374ee8d7db06a11a3 Mon Sep 17 00:00:00 2001
From: Atul Kulkarni <atul.kulkarni at in.ibm.com>
Date: Thu, 3 Oct 2013 16:17:47 +0530
Subject: [PATCH 6/6] net: remove net idmap secret
This is moved to net idmap set secret for consistency.
Signed-off-by: Atul Kulkarni <atul.kulkarni at in.ibm.com>
Reviewed-by: Michael Adam <obnox at samba.org>
---
source3/utils/net_idmap.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/source3/utils/net_idmap.c b/source3/utils/net_idmap.c
index 15e78c6..a26f2b9 100644
--- a/source3/utils/net_idmap.c
+++ b/source3/utils/net_idmap.c
@@ -1395,14 +1395,6 @@ int net_idmap(struct net_context *c, int argc, const char **argv)
" Delete entries from the ID mapping database")
},
{
- "secret",
- net_idmap_secret,
- NET_TRANSPORT_LOCAL,
- N_("Set secret for specified domain"),
- N_("net idmap secret <DOMAIN> <secret>\n"
- " Set secret for specified domain")
- },
- {
"check",
net_idmap_check,
NET_TRANSPORT_LOCAL,
--
1.7.9.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 215 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20131105/c54d3ae1/attachment.pgp>
More information about the samba-technical
mailing list