[PATCH] Doc fixes for idmap_script

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Mar 31 18:12:46 UTC 2016 

Hi!

Review appreciated!

Thanks, Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 6f524e126d397a8d1b18d76c4ae97ad65ef8b552 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 31 Mar 2016 16:57:58 +0200
Subject: [PATCH 1/2] docs: build idmap_script.8 by default

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 docs-xml/wscript_build |    1 +
 1 file changed, 1 insertion(+)

diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 11b826b..2b3a180 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -15,6 +15,7 @@ manpages='''
          manpages/idmap_nss.8
          manpages/idmap_rfc2307.8
          manpages/idmap_rid.8
+         manpages/idmap_script.8
          manpages/idmap_tdb.8
          manpages/idmap_tdb2.8
          manpages/net.8
-- 
1.7.9.5


From 05db10444f4cd6bc776239c064ddfc15d498b8dc Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 31 Mar 2016 17:10:39 +0200
Subject: [PATCH 2/2] docs: Mention _NO_WINBINDD in idmap_script.8

Thanks to Joachim Achtzehnter <joachima at netacquire.com> for pointing out this
flaw!

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 docs-xml/manpages/idmap_script.8.xml |   18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/docs-xml/manpages/idmap_script.8.xml b/docs-xml/manpages/idmap_script.8.xml
index a378e7b..328a16b 100644
--- a/docs-xml/manpages/idmap_script.8.xml
+++ b/docs-xml/manpages/idmap_script.8.xml
@@ -148,6 +148,24 @@
 	look up the mapping in a table or use some other mechanism for
 	mapping SIDs to UIDs and etc.
 	</para>
+
+	<para>
+	  Please be aware that the script is called with the
+	  _NO_WINBINDD environment variable set to 1. This prevents
+	  recursive calls into winbind from the script both via
+	  explicit calls to wbinfo and via implicit calls via
+	  nss_winbind. For example a call to <command>ls -l</command>
+	  could trigger such an infinite recursion.
+	</para>
+
+	<para>
+	  It is safe to call <command>wbinfo -n</command> and
+	  <command>wbinfo -s</command> from within an idmap script. To
+	  do so, the script must unset the _NO_WINBINDD environment
+	  variable right before the call to <command>wbinfo</command>
+	  and set it to 1 again right after <command>wbinfo</command>
+	  has returned to protect against the recursion.
+	</para>
 </refsect1>
 
 <refsect1>
-- 
1.7.9.5

More information about the samba-technical mailing list