[PATCH] Simplify idmap initialization for xid2sid
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Aug 21 12:25:14 UTC 2015
On Thu, Aug 20, 2015 at 09:59:53PM +0200, Volker Lendecke wrote:
> The last patch in this patchset changes idmap
> initialization. The goal is to remove the domain name
> dependency in finding an idmap domain.
>
> I've looked at this code while working on a bulk xids2sids
> call, which would be greatl simplified when it is able to
> just send xids down to the idmap child instead of requiring
> names for everything.
>
> A second effect is that we remove one dependency on the
> unreliable domain list in the winbind parent.
Attached find a patchset that explains why I'm doing this:
The last patch removes the "have_idmap_config" from struct
winbindd_domain.
Review appreciated!
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 6ccb07156eb761c9e6a1e5f07c0bc799e686aed0 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 18 Aug 2015 13:18:33 +0200
Subject: [PATCH 01/12] loadparm3: Add scan_global_parametrics()
This routine takes a regex and goes through all parametric parameters
in [global], matching the regex. It can easily be extended to also
look at shares, but right now it will only be used to list all idmap
config domain names.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/include/proto.h | 9 ++++++
source3/param/loadparm.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 82 insertions(+)
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 0858289..11bd2b2 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -23,6 +23,9 @@
#ifndef _PROTO_H_
#define _PROTO_H_
+#include <sys/types.h>
+#include <regex.h>
+
/* The following definitions come from lib/access.c */
bool client_match(const char *tok, const void *item);
@@ -986,6 +989,12 @@ int lp_smb2_max_credits(void);
int lp_cups_encrypt(void);
bool lp_widelinks(int );
+int wi_scan_global_parametrics(
+ const char *regex, size_t max_matches,
+ bool (*cb)(const char *string, regmatch_t matches[],
+ void *private_data),
+ void *private_data);
+
char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *type, const char *option, const char *def);
const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def);
struct loadparm_service;
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 87e63e2..30ff77d 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -1066,6 +1066,79 @@ static struct parmlist_entry *get_parametrics(int snum, const char *type,
}
}
+static void discard_whitespace(char *str)
+{
+ size_t len = strlen(str);
+ size_t i = 0;
+
+ while (i < len) {
+ if (isspace(str[i])) {
+ memmove(&str[i], &str[i+1], len-i);
+ len -= 1;
+ continue;
+ }
+ i += 1;
+ }
+}
+
+/**
+ * @brief Go through all global parametric parameters
+ *
+ * @param regex_str A regular expression to scan param for
+ * @param max_matches Max number of submatches the regexp expects
+ * @param cb Function to call on match. Should return true
+ * when it wants wi_scan_global_parametrics to stop
+ * scanning
+ * @param private_data Anonymous pointer passed to cb
+ *
+ * @return 0: success, regcomp/regexec return value on error.
+ * See "man regexec" for possible errors
+ */
+
+int wi_scan_global_parametrics(
+ const char *regex_str, size_t max_matches,
+ bool (*cb)(const char *string, regmatch_t matches[],
+ void *private_data),
+ void *private_data)
+{
+ struct parmlist_entry *data;
+ regex_t regex;
+ int ret;
+
+ ret = regcomp(®ex, regex_str, REG_ICASE);
+ if (ret != 0) {
+ return ret;
+ }
+
+ for (data = Globals.param_opt; data != NULL; data = data->next) {
+ size_t keylen = strlen(data->key);
+ char key[keylen+1];
+ regmatch_t matches[max_matches];
+ bool stop;
+
+ memcpy(key, data->key, sizeof(key));
+ discard_whitespace(key);
+
+ ret = regexec(®ex, key, max_matches, matches, 0);
+ if (ret == REG_NOMATCH) {
+ continue;
+ }
+ if (ret != 0) {
+ goto fail;
+ }
+
+ stop = cb(key, matches, private_data);
+ if (stop) {
+ break;
+ }
+ }
+
+ ret = 0;
+fail:
+ regfree(®ex);
+ return ret;
+}
+
#define MISSING_PARAMETER(name) \
DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
--
1.9.1
From 1e4602e82c5abf4db0e64d9a61811921ee2d52b9 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 18 Aug 2015 16:58:02 +0200
Subject: [PATCH 02/12] idmap: Move idmap_init() under the static vars
Just moving code, idmap_init will need to reference the variables
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/idmap.c | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 1e2feb9..0ba8fda 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -32,21 +32,6 @@
static_decl_idmap;
-static void idmap_init(void)
-{
- static bool initialized;
-
- if (initialized) {
- return;
- }
-
- DEBUG(10, ("idmap_init(): calling static_init_idmap\n"));
-
- static_init_idmap;
-
- initialized = true;
-}
-
/**
* Pointer to the backend methods. Modules register themselves here via
* smb_register_idmap.
@@ -79,6 +64,21 @@ static struct idmap_domain *passdb_idmap_domain;
static struct idmap_domain **idmap_domains = NULL;
static int num_domains = 0;
+static void idmap_init(void)
+{
+ static bool initialized;
+
+ if (initialized) {
+ return;
+ }
+
+ DEBUG(10, ("idmap_init(): calling static_init_idmap\n"));
+
+ static_init_idmap;
+
+ initialized = true;
+}
+
static struct idmap_methods *get_methods(const char *name)
{
struct idmap_backend *b;
--
1.9.1
From 51406901d7181c2be1963f75393c62995c1150ce Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 19 Aug 2015 17:00:46 +0200
Subject: [PATCH 03/12] idmap: Initialize all idmap domains at startup
So far we have initialized idmap domains on demand indexed by name.
For sid2xid this works okay, because we could do lookupsids before
and thus get the name. For xid2sid this is more problematic. We
have to rely on enumtrustdoms to work completely, and we have to
look at the list of winbind domains in the parent to get the domain
name. Relying on domain->have_idmap_config is not particularly nice.
This patch re-works initialization of idmap domains by scanning all
parametric parameters, scanning for :backend configuration settings.
This way we get a complete list of :range definitions. This means
we can rely on the idmap domain array to be complete. This in turn
means we can live without the domain name to find a domain, we can
do a range search by uid or gid.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/idmap.c | 198 ++++++++++++++++++++++++++---------------------
1 file changed, 108 insertions(+), 90 deletions(-)
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 0ba8fda..100774a 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -64,12 +64,22 @@ static struct idmap_domain *passdb_idmap_domain;
static struct idmap_domain **idmap_domains = NULL;
static int num_domains = 0;
-static void idmap_init(void)
+static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx,
+ const char *domname);
+static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx,
+ const char *domainname,
+ const char *modulename,
+ bool check_range);
+static bool idmap_found_domain_backend(
+ const char *string, regmatch_t matches[], void *private_data);
+
+static bool idmap_init(void)
{
static bool initialized;
+ int ret;
if (initialized) {
- return;
+ return true;
}
DEBUG(10, ("idmap_init(): calling static_init_idmap\n"));
@@ -77,6 +87,79 @@ static void idmap_init(void)
static_init_idmap;
initialized = true;
+
+ if (!pdb_is_responsible_for_everything_else()) {
+ default_idmap_domain = idmap_init_named_domain(NULL, "*");
+ if (default_idmap_domain == NULL) {
+ return false;
+ }
+ }
+
+ passdb_idmap_domain = idmap_init_domain(
+ NULL, get_global_sam_name(), "passdb", false);
+ if (passdb_idmap_domain == NULL) {
+ TALLOC_FREE(default_idmap_domain);
+ return false;
+ }
+
+ idmap_domains = talloc_array(NULL, struct idmap_domain *, 0);
+ if (idmap_domains == NULL) {
+ TALLOC_FREE(passdb_idmap_domain);
+ TALLOC_FREE(default_idmap_domain);
+ return false;
+ }
+
+ ret = wi_scan_global_parametrics(
+ "idmapconfig\\(.*\\):backend", 2,
+ idmap_found_domain_backend, NULL);
+ if (ret != 0) {
+ DBG_WARNING("wi_scan_global_parametrics returned %d\n", ret);
+ }
+
+ return true;
+}
+
+static bool idmap_found_domain_backend(
+ const char *string, regmatch_t matches[], void *private_data)
+{
+ if (matches[1].rm_so == -1) {
+ DBG_WARNING("Found match, but no name??\n");
+ return false;
+ }
+
+ {
+ struct idmap_domain *dom, **tmp;
+ regoff_t len = matches[1].rm_eo - matches[1].rm_so;
+ char domname[len+1];
+
+ memcpy(domname, string + matches[1].rm_so, len);
+ domname[len] = '\0';
+
+ DBG_DEBUG("Found idmap domain \"%s\"\n", domname);
+
+ if (strcmp(domname, "*") == 0) {
+ return false;
+ }
+
+ dom = idmap_init_named_domain(idmap_domains, domname);
+ if (dom == NULL) {
+ DBG_NOTICE("Could not init idmap domain %s\n",
+ domname);
+ }
+
+ tmp = talloc_realloc(idmap_domains, idmap_domains,
+ struct idmap_domain *, num_domains + 1);
+ if (tmp == NULL) {
+ DBG_WARNING("talloc_realloc failed\n");
+ TALLOC_FREE(dom);
+ return false;
+ }
+ idmap_domains = tmp;
+ idmap_domains[num_domains] = dom;
+ num_domains += 1;
+ }
+
+ return false;
}
static struct idmap_methods *get_methods(const char *name)
@@ -280,8 +363,12 @@ static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx,
struct idmap_domain *result = NULL;
char *config_option;
const char *backend;
+ bool ok;
- idmap_init();
+ ok = idmap_init();
+ if (!ok) {
+ return NULL;
+ }
config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
domname);
@@ -312,57 +399,6 @@ fail:
}
/**
- * Initialize the default domain structure
- * @param[in] mem_ctx memory context for the result
- * @result The default domain structure
- *
- * This routine takes the module name from the "idmap backend" parameter,
- * passing a possible parameter like ldap:ldap://ldap-url/ to the module.
- */
-
-static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx)
-{
- return idmap_init_named_domain(mem_ctx, "*");
-}
-
-/**
- * Initialize the passdb domain structure
- * @param[in] mem_ctx memory context for the result
- * @result The default domain structure
- *
- * No config, passdb has its own configuration.
- */
-
-static struct idmap_domain *idmap_passdb_domain(TALLOC_CTX *mem_ctx)
-{
- idmap_init();
-
- if (!pdb_is_responsible_for_everything_else()) {
- /*
- * Always init the default domain, we can't go without one
- */
- if (default_idmap_domain == NULL) {
- default_idmap_domain = idmap_init_default_domain(NULL);
- }
- if (default_idmap_domain == NULL) {
- return NULL;
- }
- }
-
- if (passdb_idmap_domain != NULL) {
- return passdb_idmap_domain;
- }
-
- passdb_idmap_domain = idmap_init_domain(mem_ctx, get_global_sam_name(),
- "passdb", false);
- if (passdb_idmap_domain == NULL) {
- DEBUG(1, ("Could not init passdb idmap domain\n"));
- }
-
- return passdb_idmap_domain;
-}
-
-/**
* Find a domain struct according to a domain name
* @param[in] domname Domain name to get the config for
* @result The default domain structure that fits
@@ -379,21 +415,14 @@ static struct idmap_domain *idmap_passdb_domain(TALLOC_CTX *mem_ctx)
static struct idmap_domain *idmap_find_domain(const char *domname)
{
- struct idmap_domain *result;
+ bool ok;
int i;
DEBUG(10, ("idmap_find_domain called for domain '%s'\n",
domname?domname:"NULL"));
- idmap_init();
-
- /*
- * Always init the default domain, we can't go without one
- */
- if (default_idmap_domain == NULL) {
- default_idmap_domain = idmap_init_default_domain(NULL);
- }
- if (default_idmap_domain == NULL) {
+ ok = idmap_init();
+ if (!ok) {
return NULL;
}
@@ -407,38 +436,21 @@ static struct idmap_domain *idmap_find_domain(const char *domname)
}
}
- if (idmap_domains == NULL) {
- /*
- * talloc context for all idmap domains
- */
- idmap_domains = talloc_array(NULL, struct idmap_domain *, 1);
- }
-
- if (idmap_domains == NULL) {
- DEBUG(0, ("talloc failed\n"));
- return NULL;
- }
-
- result = idmap_init_named_domain(idmap_domains, domname);
- if (result == NULL) {
- /*
- * Could not init that domain -- try the default one
- */
- return default_idmap_domain;
- }
-
- ADD_TO_ARRAY(idmap_domains, struct idmap_domain *, result,
- &idmap_domains, &num_domains);
- return result;
+ return default_idmap_domain;
}
struct idmap_domain *idmap_find_domain_with_sid(const char *domname,
const struct dom_sid *sid)
{
- idmap_init();
+ bool ok;
+
+ ok = idmap_init();
+ if (!ok) {
+ return NULL;
+ }
if (sid_check_is_for_passdb(sid)) {
- return idmap_passdb_domain(NULL);
+ return passdb_idmap_domain;
}
return idmap_find_domain(domname);
@@ -493,6 +505,12 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id)
{
struct idmap_domain *dom;
struct id_map *maps[2];
+ bool ok;
+
+ ok = idmap_init();
+ if (!ok) {
+ return NT_STATUS_NONE_MAPPED;
+ }
DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d "
"(type %d)\n",
@@ -505,7 +523,7 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id)
* Always give passdb a chance first
*/
- dom = idmap_passdb_domain(NULL);
+ dom = passdb_idmap_domain;
if ((dom != NULL)
&& NT_STATUS_IS_OK(dom->methods->unixids_to_sids(dom, maps))
&& id->status == ID_MAPPED) {
--
1.9.1
From b63a163b42e6af610fe0c6d0ff3f30795a6f7a99 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 18 Aug 2015 17:30:27 +0200
Subject: [PATCH 04/12] idmap: Use a range search in
idmap_backends_unixid_to_sid
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/idmap.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 100774a..0b086bf 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -506,6 +506,7 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id)
struct idmap_domain *dom;
struct id_map *maps[2];
bool ok;
+ int i;
ok = idmap_init();
if (!ok) {
@@ -530,7 +531,16 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id)
return NT_STATUS_OK;
}
- dom = idmap_find_domain(domname);
+ dom = NULL;
+
+ for (i=0; i<num_domains; i++) {
+ if ((id->xid.id >= idmap_domains[i]->low_id) &&
+ (id->xid.id <= idmap_domains[i]->high_id)) {
+ dom = idmap_domains[i];
+ break;
+ }
+ }
+
if (dom == NULL) {
return NT_STATUS_NONE_MAPPED;
}
--
1.9.1
From 96354c96c0889c98ee4043d359045c328744267e Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 18 Aug 2015 17:34:29 +0200
Subject: [PATCH 05/12] idmap: Remove "domname" from
idmap_backends_unixid_to_sid
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/torture/test_idmap_tdb_common.c | 2 +-
source3/winbindd/idmap.c | 7 +++----
source3/winbindd/idmap_proto.h | 3 +--
source3/winbindd/idmap_util.c | 4 ++--
4 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/source3/torture/test_idmap_tdb_common.c b/source3/torture/test_idmap_tdb_common.c
index f7262a2..dd736ad 100644
--- a/source3/torture/test_idmap_tdb_common.c
+++ b/source3/torture/test_idmap_tdb_common.c
@@ -62,7 +62,7 @@ bool idmap_is_online(void)
return true;
}
-NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id)
+NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id)
{
return NT_STATUS_OK;
}
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 0b086bf..6756e8c 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -501,7 +501,7 @@ NTSTATUS idmap_allocate_gid(struct unixid *id)
return idmap_allocate_unixid(id);
}
-NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id)
+NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id)
{
struct idmap_domain *dom;
struct id_map *maps[2];
@@ -513,9 +513,8 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id)
return NT_STATUS_NONE_MAPPED;
}
- DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d "
- "(type %d)\n",
- domname?domname:"NULL", id->xid.id, id->xid.type));
+ DEBUG(10, ("idmap_backend_unixid_to_sid: xid = %d (type %d)\n",
+ id->xid.id, id->xid.type));
maps[0] = id;
maps[1] = NULL;
diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h
index f7af8ed..159aac6 100644
--- a/source3/winbindd/idmap_proto.h
+++ b/source3/winbindd/idmap_proto.h
@@ -34,8 +34,7 @@ NTSTATUS smb_register_idmap(int version, const char *name,
void idmap_close(void);
NTSTATUS idmap_allocate_uid(struct unixid *id);
NTSTATUS idmap_allocate_gid(struct unixid *id);
-NTSTATUS idmap_backends_unixid_to_sid(const char *domname,
- struct id_map *id);
+NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id);
/* The following definitions come from winbindd/idmap_nss.c */
diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c
index e671acf..08857ab 100644
--- a/source3/winbindd/idmap_util.c
+++ b/source3/winbindd/idmap_util.c
@@ -66,7 +66,7 @@ backend:
map.xid.type = ID_TYPE_UID;
map.xid.id = uid;
- ret = idmap_backends_unixid_to_sid(domname, &map);
+ ret = idmap_backends_unixid_to_sid(&map);
if ( ! NT_STATUS_IS_OK(ret)) {
DEBUG(10, ("error mapping uid [%lu]: %s\n", (unsigned long)uid,
nt_errstr(ret)));
@@ -130,7 +130,7 @@ backend:
map.xid.type = ID_TYPE_GID;
map.xid.id = gid;
- ret = idmap_backends_unixid_to_sid(domname, &map);
+ ret = idmap_backends_unixid_to_sid(&map);
if ( ! NT_STATUS_IS_OK(ret)) {
DEBUG(10, ("error mapping gid [%lu]: %s\n", (unsigned long)gid,
nt_errstr(ret)));
--
1.9.1
From 8d74f7cef5e157f05bd73f9bea32182c227b5e27 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 19 Aug 2015 13:34:58 +0200
Subject: [PATCH 06/12] idmap: Remove "domname" from idmap_uid_to_sid
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/idmap_proto.h | 2 +-
source3/winbindd/idmap_util.c | 5 ++---
source3/winbindd/winbindd_dual_srv.c | 3 +--
3 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h
index 159aac6..73161bb 100644
--- a/source3/winbindd/idmap_proto.h
+++ b/source3/winbindd/idmap_proto.h
@@ -50,7 +50,7 @@ NTSTATUS idmap_tdb_init(void);
/* The following definitions come from winbindd/idmap_util.c */
-NTSTATUS idmap_uid_to_sid(const char *domname, struct dom_sid *sid, uid_t uid);
+NTSTATUS idmap_uid_to_sid(struct dom_sid *sid, uid_t uid);
NTSTATUS idmap_gid_to_sid(const char *domname, struct dom_sid *sid, gid_t gid);
bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom);
struct id_map *idmap_find_map_by_id(struct id_map **maps, enum id_type type,
diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c
index 08857ab..fd7e6ed 100644
--- a/source3/winbindd/idmap_util.c
+++ b/source3/winbindd/idmap_util.c
@@ -34,14 +34,13 @@
If mapping is not possible returns an error.
*****************************************************************/
-NTSTATUS idmap_uid_to_sid(const char *domname, struct dom_sid *sid, uid_t uid)
+NTSTATUS idmap_uid_to_sid(struct dom_sid *sid, uid_t uid)
{
NTSTATUS ret;
struct id_map map;
bool expired;
- DEBUG(10,("idmap_uid_to_sid: uid = [%lu], domain = '%s'\n",
- (unsigned long)uid, domname?domname:"NULL"));
+ DEBUG(10, ("idmap_uid_to_sid: uid = [%lu]\n", (unsigned long)uid));
if (winbindd_use_idmap_cache()
&& idmap_cache_find_uid2sid(uid, sid, &expired)) {
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index 1fe66e1..47d9885 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -223,8 +223,7 @@ nomem:
NTSTATUS _wbint_Uid2Sid(struct pipes_struct *p, struct wbint_Uid2Sid *r)
{
- return idmap_uid_to_sid(r->in.dom_name ? r->in.dom_name : "",
- r->out.sid, r->in.uid);
+ return idmap_uid_to_sid(r->out.sid, r->in.uid);
}
NTSTATUS _wbint_Gid2Sid(struct pipes_struct *p, struct wbint_Gid2Sid *r)
--
1.9.1
From 4c81975667215d19a1dcd8e3cf2b8c791e983cb6 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 19 Aug 2015 13:34:58 +0200
Subject: [PATCH 07/12] idmap: Remove "domname" from idmap_gid_to_sid
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/idmap_proto.h | 2 +-
source3/winbindd/idmap_util.c | 5 ++---
source3/winbindd/winbindd_dual_srv.c | 3 +--
3 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h
index 73161bb..a12e5b4 100644
--- a/source3/winbindd/idmap_proto.h
+++ b/source3/winbindd/idmap_proto.h
@@ -51,7 +51,7 @@ NTSTATUS idmap_tdb_init(void);
/* The following definitions come from winbindd/idmap_util.c */
NTSTATUS idmap_uid_to_sid(struct dom_sid *sid, uid_t uid);
-NTSTATUS idmap_gid_to_sid(const char *domname, struct dom_sid *sid, gid_t gid);
+NTSTATUS idmap_gid_to_sid(struct dom_sid *sid, gid_t gid);
bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom);
struct id_map *idmap_find_map_by_id(struct id_map **maps, enum id_type type,
uint32_t id);
diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c
index fd7e6ed..dc7d37c 100644
--- a/source3/winbindd/idmap_util.c
+++ b/source3/winbindd/idmap_util.c
@@ -97,14 +97,13 @@ backend:
If mapping is not possible returns an error.
*****************************************************************/
-NTSTATUS idmap_gid_to_sid(const char *domname, struct dom_sid *sid, gid_t gid)
+NTSTATUS idmap_gid_to_sid(struct dom_sid *sid, gid_t gid)
{
NTSTATUS ret;
struct id_map map;
bool expired;
- DEBUG(10,("idmap_gid_to_sid: gid = [%lu], domain = '%s'\n",
- (unsigned long)gid, domname?domname:"NULL"));
+ DEBUG(10, ("idmap_gid_to_sid: gid = [%lu]\n", (unsigned long)gid));
if (winbindd_use_idmap_cache()
&& idmap_cache_find_gid2sid(gid, sid, &expired)) {
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index 47d9885..44e4842 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -228,8 +228,7 @@ NTSTATUS _wbint_Uid2Sid(struct pipes_struct *p, struct wbint_Uid2Sid *r)
NTSTATUS _wbint_Gid2Sid(struct pipes_struct *p, struct wbint_Gid2Sid *r)
{
- return idmap_gid_to_sid(r->in.dom_name ? r->in.dom_name : "",
- r->out.sid, r->in.gid);
+ return idmap_gid_to_sid(r->out.sid, r->in.gid);
}
NTSTATUS _wbint_AllocateUid(struct pipes_struct *p, struct wbint_AllocateUid *r)
--
1.9.1
From 0e09a45b202cc0047cc92e5bf86e85143bf2fd0b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 19 Aug 2015 13:44:02 +0200
Subject: [PATCH 08/12] idmap: Remove dom_name from wbint_Uid2Sid
Signed-off-by: Volker Lendecke <vl at samba.org>
---
librpc/idl/winbind.idl | 1 -
source3/winbindd/wb_uid2sid.c | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl
index 5b61950..71f3aa6 100644
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -57,7 +57,6 @@ interface winbind
);
NTSTATUS wbint_Uid2Sid(
- [in,unique,string,charset(UTF8)] char *dom_name,
[in] hyper uid,
[out] dom_sid *sid
);
diff --git a/source3/winbindd/wb_uid2sid.c b/source3/winbindd/wb_uid2sid.c
index f4138f6..315cc4a 100644
--- a/source3/winbindd/wb_uid2sid.c
+++ b/source3/winbindd/wb_uid2sid.c
@@ -78,7 +78,7 @@ struct tevent_req *wb_uid2sid_send(TALLOC_CTX *mem_ctx,
child = idmap_child();
subreq = dcerpc_wbint_Uid2Sid_send(
- state, ev, child->binding_handle, state->dom_name,
+ state, ev, child->binding_handle,
uid, &state->sid);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
--
1.9.1
From e79d364dc7429c40032d961dfe38691290fa3bc2 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 19 Aug 2015 13:44:02 +0200
Subject: [PATCH 09/12] idmap: Remove dom_name from wbint_Gid2Sid
Signed-off-by: Volker Lendecke <vl at samba.org>
---
librpc/idl/winbind.idl | 1 -
source3/winbindd/wb_gid2sid.c | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl
index 71f3aa6..07deb80 100644
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -62,7 +62,6 @@ interface winbind
);
NTSTATUS wbint_Gid2Sid(
- [in,unique,string,charset(UTF8)] char *dom_name,
[in] hyper gid,
[out] dom_sid *sid
);
diff --git a/source3/winbindd/wb_gid2sid.c b/source3/winbindd/wb_gid2sid.c
index d784212..323437b 100644
--- a/source3/winbindd/wb_gid2sid.c
+++ b/source3/winbindd/wb_gid2sid.c
@@ -78,7 +78,7 @@ struct tevent_req *wb_gid2sid_send(TALLOC_CTX *mem_ctx,
child = idmap_child();
subreq = dcerpc_wbint_Gid2Sid_send(
- state, ev, child->binding_handle, state->dom_name,
+ state, ev, child->binding_handle,
gid, &state->sid);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
--
1.9.1
From f1c2821f85127563f91ceb9fa90efb0918d5a613 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 19 Aug 2015 13:48:17 +0200
Subject: [PATCH 10/12] winbind: Do not look for the domain in wb_uid2sid
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/wb_uid2sid.c | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/source3/winbindd/wb_uid2sid.c b/source3/winbindd/wb_uid2sid.c
index 315cc4a..c95bcd9 100644
--- a/source3/winbindd/wb_uid2sid.c
+++ b/source3/winbindd/wb_uid2sid.c
@@ -26,7 +26,6 @@
struct wb_uid2sid_state {
struct tevent_context *ev;
- char *dom_name;
struct dom_sid sid;
};
@@ -38,7 +37,6 @@ struct tevent_req *wb_uid2sid_send(TALLOC_CTX *mem_ctx,
{
struct tevent_req *req, *subreq;
struct wb_uid2sid_state *state;
- struct winbindd_domain *domain;
struct winbindd_child *child;
bool expired;
@@ -64,17 +62,6 @@ struct tevent_req *wb_uid2sid_send(TALLOC_CTX *mem_ctx,
}
}
- state->dom_name = NULL;
-
- for (domain = domain_list(); domain != NULL; domain = domain->next) {
- if (domain->have_idmap_config
- && (uid >= domain->id_range_low)
- && (uid <= domain->id_range_high)) {
- state->dom_name = domain->name;
- break;
- }
- }
-
child = idmap_child();
subreq = dcerpc_wbint_Uid2Sid_send(
--
1.9.1
From 9b00362dfb9d78e810d253affd664b191a8a85b9 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 19 Aug 2015 13:48:17 +0200
Subject: [PATCH 11/12] winbind: Do not look for the domain in wb_gid2sid
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/wb_gid2sid.c | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/source3/winbindd/wb_gid2sid.c b/source3/winbindd/wb_gid2sid.c
index 323437b..97cc754 100644
--- a/source3/winbindd/wb_gid2sid.c
+++ b/source3/winbindd/wb_gid2sid.c
@@ -26,7 +26,6 @@
struct wb_gid2sid_state {
struct tevent_context *ev;
- char *dom_name;
struct dom_sid sid;
};
@@ -38,7 +37,6 @@ struct tevent_req *wb_gid2sid_send(TALLOC_CTX *mem_ctx,
{
struct tevent_req *req, *subreq;
struct wb_gid2sid_state *state;
- struct winbindd_domain *domain;
struct winbindd_child *child;
bool expired;
@@ -64,17 +62,6 @@ struct tevent_req *wb_gid2sid_send(TALLOC_CTX *mem_ctx,
}
}
- state->dom_name = NULL;
-
- for (domain = domain_list(); domain != NULL; domain = domain->next) {
- if (domain->have_idmap_config
- && (gid >= domain->id_range_low)
- && (gid <= domain->id_range_high)) {
- state->dom_name = domain->name;
- break;
- }
- }
-
child = idmap_child();
subreq = dcerpc_wbint_Gid2Sid_send(
--
1.9.1
From c1d875bc609509590f779479a59266bf6b3ff20c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 21 Aug 2015 11:25:33 +0200
Subject: [PATCH 12/12] winbind: Remove "have_idmap_config" from
winbindd_domain
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd.h | 7 -------
source3/winbindd/winbindd_util.c | 33 ---------------------------------
2 files changed, 40 deletions(-)
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index b2105e3..441b57f 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -179,13 +179,6 @@ struct winbindd_domain {
void *private_data;
- /*
- * idmap config settings, used to tell the idmap child which
- * special domain config to use for a mapping
- */
- bool have_idmap_config;
- uint32_t id_range_low, id_range_high;
-
/* A working DC */
pid_t dc_probe_pid; /* Child we're using to detect the DC. */
char *dcname;
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 233b5c9..57ee40c 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -125,8 +125,6 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
{
struct winbindd_domain *domain;
const char *alternative_name = NULL;
- char *idmap_config_option;
- const char *param;
const char **ignored_domains, **dom;
int role = lp_server_role();
@@ -252,37 +250,6 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
wcache_tdc_add_domain( domain );
- idmap_config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
- domain->name);
- if (idmap_config_option == NULL) {
- DEBUG(0, ("talloc failed, not looking for idmap config\n"));
- goto done;
- }
-
- param = lp_parm_const_string(-1, idmap_config_option, "range", NULL);
-
- DEBUG(10, ("%s : range = %s\n", idmap_config_option,
- param ? param : "not defined"));
-
- if (param != NULL) {
- unsigned low_id, high_id;
- if (sscanf(param, "%u - %u", &low_id, &high_id) != 2) {
- DEBUG(1, ("invalid range syntax in %s: %s\n",
- idmap_config_option, param));
- goto done;
- }
- if (low_id > high_id) {
- DEBUG(1, ("invalid range in %s: %s\n",
- idmap_config_option, param));
- goto done;
- }
- domain->have_idmap_config = true;
- domain->id_range_low = low_id;
- domain->id_range_high = high_id;
- }
-
-done:
-
setup_domain_child(domain);
DEBUG(2,("Added domain %s %s %s\n",
--
1.9.1
More information about the samba-technical
mailing list