Idmap changes in 3.6
Michael Adam
obnox at samba.org
Thu Mar 10 16:40:42 MST 2011
OK,
this has taken much too long (sorry!!!) but here we go:
I have pushed a couple of patches to my repo
git://git.samba.org/obnox/samba/samba-obnox.git
branch master3-idmap-radical
Also find the patchset attached to this mail.
So you can test it.
This patchset deprecates idmap uid/gid/backend
and introduces "idmap config * : range/backend"
The code that sets the new options when the old
options are found is not quite clean yet, I'm
afraid, but it is a start, so you can start
testing it and check how it really "feels" :-}
Cheers - Michael
Karolin Seeger wrote:
> Hi Micha,
>
> On Fri, Feb 04, 2011 at 03:22:19PM +0100, Michael Adam wrote:
> > Opinions?
>
> usually, I don't like changes that are not backward compatible, but maybe
> it's the right thing in this case. Crystal clear hints in the release
> notes and perfect documentation are mandatory to avoid further idmapping
> psychoses! :-)
>
> Also, I would love to see Simo commenting on this one.
>
> Are there any setups that would not be supported any longer in Samba 3.6?
>
> Michael, please do provide a schedule for your changes.
> My problem is that 3.6.0pre2 depends on this decision. That's why I do
> need authoritative information asap.
>
> In my opinion, it does not make sense to ship 3.6 with the current
> idmapping and to touch it again in 3.7. That's why I would prefer to wait
> for the patches before going on with the 3.6 release cycle.
>
> Cheers,
> Karo
>
> --
> Samba http://www.samba.org
> SerNet http://www.sernet.de
> sambaXP http://www.sambaxp.org
>
-------------- next part --------------
From a568f29ac31bc8938f4c96de20310892149d585d Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Wed, 2 Mar 2011 15:41:06 +0100
Subject: [PATCH 01/12] s3:idmap: remove the special treatment of the default domain "*" from idmap_init_domain
---
source3/winbindd/idmap.c | 88 ++++++++++++----------------------------------
1 files changed, 23 insertions(+), 65 deletions(-)
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index a2a727c..94e164e 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -208,6 +208,8 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx,
{
struct idmap_domain *result;
NTSTATUS status;
+ char *config_option = NULL;
+ const char *range;
result = talloc_zero(mem_ctx, struct idmap_domain);
if (result == NULL) {
@@ -224,78 +226,34 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx,
/*
* load ranges and read only information from the config
*/
- if (strequal(result->name, "*")) {
- /*
- * The default domain "*" is configured differently
- * from named domains.
- */
- uid_t low_uid = 0;
- uid_t high_uid = 0;
- gid_t low_gid = 0;
- gid_t high_gid = 0;
-
- result->low_id = 0;
- result->high_id = 0;
-
- if (!lp_idmap_uid(&low_uid, &high_uid)) {
- DEBUG(1, ("'idmap uid' not set!\n"));
- if (check_range) {
- goto fail;
- }
- }
- result->low_id = low_uid;
- result->high_id = high_uid;
-
- if (!lp_idmap_gid(&low_gid, &high_gid)) {
- DEBUG(1, ("'idmap gid' not set!\n"));
- if (check_range) {
- goto fail;
- }
- }
-
- if ((low_gid != low_uid) || (high_gid != high_uid)) {
- DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'"
- " ranges do not agree -- building "
- "intersection\n"));
- result->low_id = MAX(result->low_id, low_gid);
- result->high_id = MIN(result->high_id, high_gid);
- }
-
- result->read_only = lp_idmap_read_only();
- } else {
- char *config_option = NULL;
- const char *range;
+ config_option = talloc_asprintf(result, "idmap config %s",
+ result->name);
+ if (config_option == NULL) {
+ DEBUG(0, ("Out of memory!\n"));
+ goto fail;
+ }
- config_option = talloc_asprintf(result, "idmap config %s",
- result->name);
- if (config_option == NULL) {
- DEBUG(0, ("Out of memory!\n"));
+ range = lp_parm_const_string(-1, config_option, "range", NULL);
+ if (range == NULL) {
+ DEBUG(1, ("idmap range not specified for domain %s\n",
+ result->name));
+ if (check_range) {
goto fail;
}
-
- range = lp_parm_const_string(-1, config_option, "range", NULL);
- if (range == NULL) {
- DEBUG(1, ("idmap range not specified for domain %s\n",
- result ->name));
- if (check_range) {
- goto fail;
- }
- } else if (sscanf(range, "%u - %u", &result->low_id,
- &result->high_id) != 2)
- {
- DEBUG(1, ("invalid range '%s' specified for domain "
- "'%s'\n", range, result->name));
- if (check_range) {
- goto fail;
- }
+ } else if (sscanf(range, "%u - %u", &result->low_id,
+ &result->high_id) != 2)
+ {
+ DEBUG(1, ("invalid range '%s' specified for domain "
+ "'%s'\n", range, result->name));
+ if (check_range) {
+ goto fail;
}
+ }
- result->read_only = lp_parm_bool(-1, config_option, "read only",
- false);
+ result->read_only = lp_parm_bool(-1, config_option, "read only", false);
- talloc_free(config_option);
- }
+ talloc_free(config_option);
if (result->low_id > result->high_id) {
DEBUG(1, ("Error: invalid idmap range detected: %lu - %lu\n",
--
1.7.1
From 02d69536d83b69328d8027baa7faf854e5c794f8 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Wed, 2 Mar 2011 17:04:59 +0100
Subject: [PATCH 02/12] s3:idmap: remove use of params from idmap_ldap_init - it is not used any more
---
source3/winbindd/idmap_ldap.c | 20 +++++++-------------
1 files changed, 7 insertions(+), 13 deletions(-)
diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index aaac75f..eb3e67d 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -461,21 +461,15 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom,
}
}
- if (params != NULL) {
- /* assume location is the only parameter */
- ctx->url = talloc_strdup(ctx, params);
- } else {
- tmp = lp_parm_const_string(-1, config_option, "ldap_url", NULL);
+ tmp = lp_parm_const_string(-1, config_option, "ldap_url", NULL);
- if ( ! tmp) {
- DEBUG(1, ("ERROR: missing idmap ldap url\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- ctx->url = talloc_strdup(ctx, tmp);
+ if ( ! tmp) {
+ DEBUG(1, ("ERROR: missing idmap ldap url\n"));
+ ret = NT_STATUS_UNSUCCESSFUL;
+ goto done;
}
- CHECK_ALLOC_DONE(ctx->url);
+
+ ctx->url = talloc_strdup(ctx, tmp);
trim_char(ctx->url, '\"', '\"');
--
1.7.1
From 4ba82984be764aea9952e11879aeb9929738c427 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Wed, 2 Mar 2011 17:08:01 +0100
Subject: [PATCH 03/12] s3:idmap: remove special treatment of domain "*" from idmap_ldap_init.
The default config via domain "*" is now treated just as the explicit
domain configs.
---
source3/winbindd/idmap_ldap.c | 14 +++++---------
1 files changed, 5 insertions(+), 9 deletions(-)
diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index eb3e67d..7edc725 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -450,15 +450,11 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom,
return NT_STATUS_NO_MEMORY;
}
- if (strequal(dom->name, "*")) {
- /* more specific configuration can go here */
- } else {
- config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
- if ( ! config_option) {
- DEBUG(0, ("Out of memory!\n"));
- ret = NT_STATUS_NO_MEMORY;
- goto done;
- }
+ config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
+ if (!config_option) {
+ DEBUG(0, ("Out of memory!\n"));
+ ret = NT_STATUS_NO_MEMORY;
+ goto done;
}
tmp = lp_parm_const_string(-1, config_option, "ldap_url", NULL);
--
1.7.1
From a84b596b32b56dc11d8a3978a338fc8619fc6218 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Wed, 2 Mar 2011 23:00:58 +0100
Subject: [PATCH 04/12] s3:idmap: remove the params argument from the init function
---
source3/include/idmap.h | 2 +-
source3/winbindd/idmap.c | 2 +-
source3/winbindd/idmap_ad.c | 3 +--
source3/winbindd/idmap_adex/idmap_adex.c | 15 +++++++--------
source3/winbindd/idmap_autorid.c | 3 +--
source3/winbindd/idmap_hash/idmap_hash.c | 9 ++++-----
source3/winbindd/idmap_ldap.c | 3 +--
source3/winbindd/idmap_nss.c | 3 +--
source3/winbindd/idmap_passdb.c | 2 +-
source3/winbindd/idmap_rid.c | 3 +--
source3/winbindd/idmap_tdb.c | 2 +-
source3/winbindd/idmap_tdb2.c | 3 +--
12 files changed, 21 insertions(+), 29 deletions(-)
diff --git a/source3/include/idmap.h b/source3/include/idmap.h
index 7b3d6de..800e694 100644
--- a/source3/include/idmap.h
+++ b/source3/include/idmap.h
@@ -45,7 +45,7 @@ struct idmap_domain {
struct idmap_methods {
/* Called when backend is first loaded */
- NTSTATUS (*init)(struct idmap_domain *dom, const char *params);
+ NTSTATUS (*init)(struct idmap_domain *dom);
/* Map an array of uids/gids to SIDs. The caller specifies
the uid/gid and type. Gets back the SID. */
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 94e164e..a48f2e4 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -282,7 +282,7 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx,
goto fail;
}
- status = result->methods->init(result, params);
+ status = result->methods->init(result);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("idmap initialization returned %s\n",
nt_errstr(status)));
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 1984844..cf15f03 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -210,8 +210,7 @@ static int idmap_ad_context_destructor(struct idmap_ad_context *ctx)
/************************************************************************
***********************************************************************/
-static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom,
- const char *params)
+static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom)
{
struct idmap_ad_context *ctx;
char *config_option;
diff --git a/source3/winbindd/idmap_adex/idmap_adex.c b/source3/winbindd/idmap_adex/idmap_adex.c
index c8d616b..c13642e 100644
--- a/source3/winbindd/idmap_adex/idmap_adex.c
+++ b/source3/winbindd/idmap_adex/idmap_adex.c
@@ -42,8 +42,7 @@ NTSTATUS init_module(void);
it will be dropped from the idmap backend list.
*******************************************************************/
-static NTSTATUS _idmap_adex_init(struct idmap_domain *dom,
- const char *params)
+static NTSTATUS _idmap_adex_init(struct idmap_domain *dom)
{
ADS_STRUCT *ads = NULL;
ADS_STATUS status;
@@ -168,7 +167,7 @@ static NTSTATUS _idmap_adex_get_sid_from_id(struct
ids[i]->status = ID_UNKNOWN;
}
- nt_status = _idmap_adex_init(dom, NULL);
+ nt_status = _idmap_adex_init(dom);
if (!NT_STATUS_IS_OK(nt_status))
return nt_status;
@@ -221,7 +220,7 @@ static NTSTATUS _idmap_adex_get_id_from_sid(struct
ids[i]->status = ID_UNKNOWN;
}
- nt_status = _idmap_adex_init(dom, NULL);
+ nt_status = _idmap_adex_init(dom);
if (!NT_STATUS_IS_OK(nt_status))
return nt_status;
@@ -264,7 +263,7 @@ static NTSTATUS _idmap_adex_get_id_from_sid(struct
static NTSTATUS _nss_adex_init(struct nss_domain_entry
*e)
{
- return _idmap_adex_init(NULL, NULL);
+ return _idmap_adex_init(NULL);
}
/**********************************************************************
@@ -281,7 +280,7 @@ static NTSTATUS _nss_adex_get_info(struct
NTSTATUS nt_status;
struct likewise_cell *cell;
- nt_status = _idmap_adex_init(NULL, NULL);
+ nt_status = _idmap_adex_init(NULL);
if (!NT_STATUS_IS_OK(nt_status))
return nt_status;
@@ -303,7 +302,7 @@ static NTSTATUS _nss_adex_map_to_alias(TALLOC_CTX * mem_ctx,
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct likewise_cell *cell = NULL;
- nt_status = _idmap_adex_init(NULL, NULL);
+ nt_status = _idmap_adex_init(NULL);
BAIL_ON_NTSTATUS_ERROR(nt_status);
if ((cell = cell_list_head()) == NULL) {
@@ -334,7 +333,7 @@ static NTSTATUS _nss_adex_map_from_alias(TALLOC_CTX * mem_ctx,
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct likewise_cell *cell = NULL;
- nt_status = _idmap_adex_init(NULL, NULL);
+ nt_status = _idmap_adex_init(NULL);
BAIL_ON_NTSTATUS_ERROR(nt_status);
if ((cell = cell_list_head()) == NULL) {
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index f720a46..c11cb7e 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -456,8 +456,7 @@ static NTSTATUS idmap_autorid_saveconfig(struct autorid_global_config *cfg)
return status;
}
-static NTSTATUS idmap_autorid_initialize(struct idmap_domain *dom,
- const char *params)
+static NTSTATUS idmap_autorid_initialize(struct idmap_domain *dom)
{
struct autorid_global_config *config;
struct autorid_global_config *storedconfig = NULL;
diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c
index 61ae13a..4743879 100644
--- a/source3/winbindd/idmap_hash/idmap_hash.c
+++ b/source3/winbindd/idmap_hash/idmap_hash.c
@@ -104,8 +104,7 @@ static void separate_hashes(uint32_t id,
/*********************************************************************
********************************************************************/
-static NTSTATUS be_init(struct idmap_domain *dom,
- const char *params)
+static NTSTATUS be_init(struct idmap_domain *dom)
{
struct sid_hash_table *hashed_domains;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
@@ -172,7 +171,7 @@ static NTSTATUS unixids_to_sids(struct idmap_domain *dom,
ids[i]->status = ID_UNKNOWN;
}
- nt_status = be_init(dom, NULL);
+ nt_status = be_init(dom);
BAIL_ON_NTSTATUS_ERROR(nt_status);
if (!ids) {
@@ -222,7 +221,7 @@ static NTSTATUS sids_to_unixids(struct idmap_domain *dom,
ids[i]->status = ID_UNKNOWN;
}
- nt_status = be_init(dom, NULL);
+ nt_status = be_init(dom);
BAIL_ON_NTSTATUS_ERROR(nt_status);
if (!ids) {
@@ -260,7 +259,7 @@ done:
static NTSTATUS nss_hash_init(struct nss_domain_entry *e )
{
- return be_init(NULL, NULL);
+ return be_init(NULL);
}
/**********************************************************************
diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 7edc725..7195912 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -431,8 +431,7 @@ static int idmap_ldap_close_destructor(struct idmap_ldap_context *ctx)
static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom,
const struct id_map *map);
-static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom,
- const char *params)
+static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom)
{
NTSTATUS ret;
struct idmap_ldap_context *ctx = NULL;
diff --git a/source3/winbindd/idmap_nss.c b/source3/winbindd/idmap_nss.c
index bfef7bb..1c49e76 100644
--- a/source3/winbindd/idmap_nss.c
+++ b/source3/winbindd/idmap_nss.c
@@ -31,8 +31,7 @@
Initialise idmap database.
*****************************/
-static NTSTATUS idmap_nss_int_init(struct idmap_domain *dom,
- const char *params)
+static NTSTATUS idmap_nss_int_init(struct idmap_domain *dom)
{
return NT_STATUS_OK;
}
diff --git a/source3/winbindd/idmap_passdb.c b/source3/winbindd/idmap_passdb.c
index ba179c3..276ae2c 100644
--- a/source3/winbindd/idmap_passdb.c
+++ b/source3/winbindd/idmap_passdb.c
@@ -29,7 +29,7 @@
Initialise idmap database.
*****************************/
-static NTSTATUS idmap_pdb_init(struct idmap_domain *dom, const char *params)
+static NTSTATUS idmap_pdb_init(struct idmap_domain *dom)
{
return NT_STATUS_OK;
}
diff --git a/source3/winbindd/idmap_rid.c b/source3/winbindd/idmap_rid.c
index 935d753..8bb63fd 100644
--- a/source3/winbindd/idmap_rid.c
+++ b/source3/winbindd/idmap_rid.c
@@ -35,8 +35,7 @@ struct idmap_rid_context {
we support multiple domains in the new idmap
*****************************************************************************/
-static NTSTATUS idmap_rid_initialize(struct idmap_domain *dom,
- const char *params)
+static NTSTATUS idmap_rid_initialize(struct idmap_domain *dom)
{
NTSTATUS ret;
struct idmap_rid_context *ctx;
diff --git a/source3/winbindd/idmap_tdb.c b/source3/winbindd/idmap_tdb.c
index 537f6cf..c83ebc5 100644
--- a/source3/winbindd/idmap_tdb.c
+++ b/source3/winbindd/idmap_tdb.c
@@ -486,7 +486,7 @@ static NTSTATUS idmap_tdb_get_new_id(struct idmap_domain *dom,
static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom,
const struct id_map *map);
-static NTSTATUS idmap_tdb_db_init(struct idmap_domain *dom, const char *params)
+static NTSTATUS idmap_tdb_db_init(struct idmap_domain *dom)
{
NTSTATUS ret;
struct idmap_tdb_context *ctx;
diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c
index ebb186b..698caac 100644
--- a/source3/winbindd/idmap_tdb2.c
+++ b/source3/winbindd/idmap_tdb2.c
@@ -272,8 +272,7 @@ static NTSTATUS idmap_tdb2_set_mapping(struct idmap_domain *dom,
/*
Initialise idmap database.
*/
-static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom,
- const char *params)
+static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom)
{
NTSTATUS ret;
struct idmap_tdb2_context *ctx;
--
1.7.1
From 7fdf0338ef503b138528bb35420b4f9b93a1607b Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 3 Mar 2011 17:40:36 +0100
Subject: [PATCH 05/12] s3:idmap: remove passdb argument from idmap_init_domain()
---
source3/winbindd/idmap.c | 8 +++-----
1 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index a48f2e4..00ba7da 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -196,14 +196,12 @@ static bool parse_idmap_module(TALLOC_CTX *mem_ctx, const char *param,
* @param[in] mem_ctx memory context for the result
* @param[in] domainname which domain is this for
* @param[in] modulename which backend module
- * @param[in] params parameter to pass to the init function
* @param[in] check_range whether range checking should be done
* @result The initialized structure
*/
static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx,
const char *domainname,
const char *modulename,
- const char *params,
bool check_range)
{
struct idmap_domain *result;
@@ -321,7 +319,7 @@ static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx)
DEBUG(3, ("idmap_init: using '%s' as remote backend\n", modulename));
- result = idmap_init_domain(mem_ctx, "*", modulename, params, true);
+ result = idmap_init_domain(mem_ctx, "*", modulename, true);
if (result == NULL) {
goto fail;
}
@@ -367,7 +365,7 @@ static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx,
goto fail;
}
- result = idmap_init_domain(mem_ctx, domname, backend, NULL, true);
+ result = idmap_init_domain(mem_ctx, domname, backend, true);
if (result == NULL) {
goto fail;
}
@@ -408,7 +406,7 @@ static struct idmap_domain *idmap_init_passdb_domain(TALLOC_CTX *mem_ctx)
}
passdb_idmap_domain = idmap_init_domain(NULL, get_global_sam_name(),
- "passdb", NULL, false);
+ "passdb", false);
if (passdb_idmap_domain == NULL) {
DEBUG(1, ("Could not init passdb idmap domain\n"));
}
--
1.7.1
From e54e5112a667eb5c3407ead6d543300c7e20f243 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 3 Mar 2011 17:48:43 +0100
Subject: [PATCH 06/12] s3:idmap: simply call idmap_init_named_domain for "*" in idmap_init_default_domain
The default domain "*" is now treated exactly the same as other explicitly
configured domains.
---
source3/winbindd/idmap.c | 55 +++++++++++----------------------------------
1 files changed, 14 insertions(+), 41 deletions(-)
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 00ba7da..1c4e25a 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -295,47 +295,6 @@ fail:
}
/**
- * Initialize the default domain structure
- * @param[in] mem_ctx memory context for the result
- * @result The default domain structure
- *
- * This routine takes the module name from the "idmap backend" parameter,
- * passing a possible parameter like ldap:ldap://ldap-url/ to the module.
- */
-
-static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx)
-{
- struct idmap_domain *result;
- char *modulename;
- char *params;
-
- idmap_init();
-
- if (!parse_idmap_module(talloc_tos(), lp_idmap_backend(), &modulename,
- ¶ms)) {
- DEBUG(1, ("parse_idmap_module failed\n"));
- return NULL;
- }
-
- DEBUG(3, ("idmap_init: using '%s' as remote backend\n", modulename));
-
- result = idmap_init_domain(mem_ctx, "*", modulename, true);
- if (result == NULL) {
- goto fail;
- }
-
- TALLOC_FREE(modulename);
- TALLOC_FREE(params);
- return result;
-
-fail:
- TALLOC_FREE(modulename);
- TALLOC_FREE(params);
- TALLOC_FREE(result);
- return NULL;
-}
-
-/**
* Initialize a named domain structure
* @param[in] mem_ctx memory context for the result
* @param[in] domname the domain name
@@ -380,6 +339,20 @@ fail:
}
/**
+ * Initialize the default domain structure
+ * @param[in] mem_ctx memory context for the result
+ * @result The default domain structure
+ *
+ * This routine takes the module name from the "idmap backend" parameter,
+ * passing a possible parameter like ldap:ldap://ldap-url/ to the module.
+ */
+
+static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx)
+{
+ return idmap_init_named_domain(mem_ctx, "*");
+}
+
+/**
* Initialize the passdb domain structure
* @param[in] mem_ctx memory context for the result
* @result The default domain structure
--
1.7.1
From bc4f191dd0fe801954041512643290a8643939c9 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 3 Mar 2011 17:50:28 +0100
Subject: [PATCH 07/12] s3:idmap: remove (now) unneeded function parse_idmap_module()
---
source3/winbindd/idmap.c | 38 --------------------------------------
1 files changed, 0 insertions(+), 38 deletions(-)
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 1c4e25a..0fd987c 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -153,44 +153,6 @@ NTSTATUS smb_register_idmap(int version, const char *name,
return NT_STATUS_OK;
}
-static bool parse_idmap_module(TALLOC_CTX *mem_ctx, const char *param,
- char **pmodulename, char **pargs)
-{
- char *modulename;
- char *args;
-
- if (strncmp(param, "idmap_", 6) == 0) {
- param += 6;
- DEBUG(1, ("idmap_init: idmap backend uses deprecated "
- "'idmap_' prefix. Please replace 'idmap_%s' by "
- "'%s'\n", param, param));
- }
-
- modulename = talloc_strdup(mem_ctx, param);
- if (modulename == NULL) {
- return false;
- }
-
- args = strchr(modulename, ':');
- if (args == NULL) {
- *pmodulename = modulename;
- *pargs = NULL;
- return true;
- }
-
- *args = '\0';
-
- args = talloc_strdup(mem_ctx, args+1);
- if (args == NULL) {
- TALLOC_FREE(modulename);
- return false;
- }
-
- *pmodulename = modulename;
- *pargs = args;
- return true;
-}
-
/**
* Initialize a domain structure
* @param[in] mem_ctx memory context for the result
--
1.7.1
From c62f50e484608be185792d0db4e4218648e264dd Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Fri, 4 Mar 2011 14:25:58 +0100
Subject: [PATCH 08/12] s3:loadparm: remove unused parameter "idmap read only".
This has not been released yet and is now useless since we
use the "idmap config * : read only = ..." syntax.
---
source3/include/proto.h | 1 -
source3/param/loadparm.c | 10 ----------
2 files changed, 0 insertions(+), 11 deletions(-)
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 199ee48..4086a10 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3186,7 +3186,6 @@ bool lp_winbind_rpc_only(void);
bool lp_create_krb5_conf(void);
int lp_winbind_max_domain_connections(void);
const char *lp_idmap_backend(void);
-bool lp_idmap_read_only(void);
int lp_idmap_cache_time(void);
int lp_idmap_negative_cache_time(void);
int lp_keepalive(void);
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 245c60a..a6b5719 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -4541,15 +4541,6 @@ static struct parm_struct parm_table[] = {
.flags = FLAG_ADVANCED,
},
{
- .label = "idmap read only",
- .type = P_BOOL,
- .p_class = P_GLOBAL,
- .ptr = &Globals.bIdmapReadOnly,
- .special = NULL,
- .enum_list = NULL,
- .flags = FLAG_ADVANCED,
- },
- {
.label = "idmap cache time",
.type = P_INTEGER,
.p_class = P_GLOBAL,
@@ -5677,7 +5668,6 @@ int lp_winbind_max_domain_connections(void)
}
FN_GLOBAL_CONST_STRING(lp_idmap_backend, &Globals.szIdmapBackend)
-FN_GLOBAL_BOOL(lp_idmap_read_only, &Globals.bIdmapReadOnly)
FN_GLOBAL_INTEGER(lp_idmap_cache_time, &Globals.iIdmapCacheTime)
FN_GLOBAL_INTEGER(lp_idmap_negative_cache_time, &Globals.iIdmapNegativeCacheTime)
FN_GLOBAL_INTEGER(lp_keepalive, &Globals.iKeepalive)
--
1.7.1
From 9fc15de06c385baa3a2b72377491540f2c6d3d60 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Tue, 8 Mar 2011 07:15:36 +0100
Subject: [PATCH 09/12] s3:loadparm: deprecate "idmap uid/gid/backend" and have them set "idmap config * : range/backend"
---
source3/param/loadparm.c | 40 ++++++++++++++--------------------------
1 files changed, 14 insertions(+), 26 deletions(-)
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index a6b5719..7fef854 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -697,6 +697,7 @@ static int default_server_announce;
static bool handle_include( int snum, const char *pszParmValue, char **ptr);
static bool handle_copy( int snum, const char *pszParmValue, char **ptr);
static bool handle_netbios_name( int snum, const char *pszParmValue, char **ptr);
+static bool handle_idmap_backend(int snum, const char *pszParmValue, char **ptr);
static bool handle_idmap_uid( int snum, const char *pszParmValue, char **ptr);
static bool handle_idmap_gid( int snum, const char *pszParmValue, char **ptr);
static bool handle_debug_list( int snum, const char *pszParmValue, char **ptr );
@@ -4536,9 +4537,9 @@ static struct parm_struct parm_table[] = {
.type = P_STRING,
.p_class = P_GLOBAL,
.ptr = &Globals.szIdmapBackend,
- .special = NULL,
+ .special = handle_idmap_backend,
.enum_list = NULL,
- .flags = FLAG_ADVANCED,
+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED,
},
{
.label = "idmap cache time",
@@ -4565,7 +4566,7 @@ static struct parm_struct parm_table[] = {
.ptr = &Globals.szIdmapUID,
.special = handle_idmap_uid,
.enum_list = NULL,
- .flags = FLAG_ADVANCED,
+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED,
},
{
.label = "winbind uid",
@@ -4583,7 +4584,7 @@ static struct parm_struct parm_table[] = {
.ptr = &Globals.szIdmapGID,
.special = handle_idmap_gid,
.enum_list = NULL,
- .flags = FLAG_ADVANCED,
+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED,
},
{
.label = "winbind gid",
@@ -7642,38 +7643,25 @@ bool lp_idmap_gid(gid_t *low, gid_t *high)
return True;
}
-/* Do some simple checks on "idmap [ug]id" parameter values */
-
-static bool handle_idmap_uid(int snum, const char *pszParmValue, char **ptr)
+static bool handle_idmap_backend(int snum, const char *pszParmValue, char **ptr)
{
- uint32 low, high;
-
- if (sscanf(pszParmValue, "%u - %u", &low, &high) != 2 || high < low)
- return False;
+ lp_do_parameter(snum, "idmap config * : backend", pszParmValue);
- /* Parse OK */
+ return true;
+}
- string_set(ptr, pszParmValue);
+/* Do some simple checks on "idmap [ug]id" parameter values */
- idmap_uid_low = low;
- idmap_uid_high = high;
+static bool handle_idmap_uid(int snum, const char *pszParmValue, char **ptr)
+{
+ lp_do_parameter(snum, "idmap config * : range", pszParmValue);
return True;
}
static bool handle_idmap_gid(int snum, const char *pszParmValue, char **ptr)
{
- uint32 low, high;
-
- if (sscanf(pszParmValue, "%u - %u", &low, &high) != 2 || high < low)
- return False;
-
- /* Parse OK */
-
- string_set(ptr, pszParmValue);
-
- idmap_gid_low = low;
- idmap_gid_high = high;
+ lp_do_parameter(snum, "idmap config * : range", pszParmValue);
return True;
}
--
1.7.1
From 025eeccbf5336783328fc966e3c37a05a92a60aa Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 10 Mar 2011 23:40:19 +0100
Subject: [PATCH 10/12] s3:loadparm: set the default "idmap config * : backend" in initialize_globals().
---
source3/param/loadparm.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 7fef854..d95b3c9 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -9446,6 +9446,8 @@ static bool lp_load_ex(const char *pszFname,
free_param_opts(&Globals.param_opt);
+ lp_do_parameter(-1, "idmap config * : backend", Globals.szIdmapBackend);
+
/* We get sections first, so have to start 'behind' to make up */
iServiceIndex = -1;
--
1.7.1
From 34b45c5a3f0c7ee08e67a2660f488e751a7de39a Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 10 Mar 2011 23:41:17 +0100
Subject: [PATCH 11/12] s3:idmap: make sure that the id mapping system is initialized for first access
---
source3/winbindd/idmap.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 0fd987c..49d7c3a 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -273,6 +273,8 @@ static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx,
char *config_option;
const char *backend;
+ idmap_init();
+
config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
domname);
if (config_option == NULL) {
@@ -372,6 +374,8 @@ static struct idmap_domain *idmap_find_domain(const char *domname)
DEBUG(10, ("idmap_find_domain called for domain '%s'\n",
domname?domname:"NULL"));
+ idmap_init();
+
/*
* Always init the default domain, we can't go without one
*/
--
1.7.1
From 3a93fc2414d80d48779abd613debe16bd23645ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= <bb at sernet.de>
Date: Thu, 10 Mar 2011 15:58:05 +0100
Subject: [PATCH 12/12] s3:selftest: fix Samba3.pm deprecated idmap config
Replace deprecated idmap uid and gid option with new
idmap config * : range
---
selftest/target/Samba3.pm | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index adba749..1f3b244 100644
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -564,8 +564,7 @@ sub provision($$$$$$)
winbindd:socket dir = $wbsockdir
nmbd:socket dir = $nmbdsockdir
- idmap uid = 100000-200000
- idmap gid = 100000-200000
+ idmap config * : range = 100000-200000
winbind enum users = yes
winbind enum groups = yes
--
1.7.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110311/d1a0349b/attachment.pgp>
More information about the samba-technical
mailing list