diff options
| author | Michael Adam <obnox@samba.org> | 2009-05-27 19:12:28 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2009-05-29 09:34:45 +0200 |
| commit | a93117ed5016d93f5dabcd780d5882642c57c748 (patch) | |
| tree | a0b4d4b8a22daec672501be59df37ac5ba75273b | |
| parent | 1f937c6a766d35b1d1f9fa52bbc4601eeeb9ebca (diff) | |
| download | samba-a93117ed5016d93f5dabcd780d5882642c57c748.tar.gz samba-a93117ed5016d93f5dabcd780d5882642c57c748.tar.xz samba-a93117ed5016d93f5dabcd780d5882642c57c748.zip | |
s3:idmap_tdb: filter out of range mappings in default idmap config
This fixes bug #6415
Michael
(cherry picked from commit 3d3f39838261ddc401053dadcc5bd8e6317a3a8e)
(cherry picked from commit 34500d59b6f35de2c3d273d3523708ec22df59ce)
| -rw-r--r-- | source3/winbindd/idmap_tdb.c | 73 |
1 files changed, 57 insertions, 16 deletions
diff --git a/source3/winbindd/idmap_tdb.c b/source3/winbindd/idmap_tdb.c index 22c17578e6b..90327434f06 100644 --- a/source3/winbindd/idmap_tdb.c +++ b/source3/winbindd/idmap_tdb.c @@ -593,8 +593,6 @@ static NTSTATUS idmap_tdb_db_init(struct idmap_domain *dom, const char *params) { NTSTATUS ret; struct idmap_tdb_context *ctx; - char *config_option = NULL; - const char *range; ctx = talloc(dom, struct idmap_tdb_context); if ( ! ctx) { @@ -602,29 +600,72 @@ static NTSTATUS idmap_tdb_db_init(struct idmap_domain *dom, const char *params) return NT_STATUS_NO_MEMORY; } - config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); - if ( ! config_option) { - DEBUG(0, ("Out of memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto failed; - } + if (strequal(dom->name, "*")) { + uid_t low_uid = 0; + uid_t high_uid = 0; + gid_t low_gid = 0; + gid_t high_gid = 0; - ret = idmap_tdb_open_db(ctx, false, &ctx->db); - if ( ! NT_STATUS_IS_OK(ret)) { - goto failed; + ctx->filter_low_id = 0; + ctx->filter_high_id = 0; + + if (lp_idmap_uid(&low_uid, &high_uid)) { + ctx->filter_low_id = low_uid; + ctx->filter_high_id = high_uid; + } else { + DEBUG(3, ("Warning: 'idmap uid' not set!\n")); + } + + if (lp_idmap_gid(&low_gid, &high_gid)) { + if ((low_gid != low_uid) || (high_gid != high_uid)) { + DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'" + " ranges do not agree -- building " + "intersection\n")); + ctx->filter_low_id = MAX(ctx->filter_low_id, + low_gid); + ctx->filter_high_id = MIN(ctx->filter_high_id, + high_gid); + } + } else { + DEBUG(3, ("Warning: 'idmap gid' not set!\n")); + } + } else { + char *config_option = NULL; + const char *range; + + config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); + if ( ! config_option) { + DEBUG(0, ("Out of memory!\n")); + ret = NT_STATUS_NO_MEMORY; + goto failed; + } + + range = lp_parm_const_string(-1, config_option, "range", NULL); + if (( ! range) || + (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2)) + { + ctx->filter_low_id = 0; + ctx->filter_high_id = 0; + } + + talloc_free(config_option); } - range = lp_parm_const_string(-1, config_option, "range", NULL); - if (( ! range) || - (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2) || - (ctx->filter_low_id > ctx->filter_high_id)) { + if (ctx->filter_low_id > ctx->filter_high_id) { ctx->filter_low_id = 0; ctx->filter_high_id = 0; } + DEBUG(10, ("idmap_tdb_db_init: filter range %u-%u loaded for domain " + "'%s'\n", ctx->filter_low_id, ctx->filter_high_id, dom->name)); + + ret = idmap_tdb_open_db(ctx, false, &ctx->db); + if ( ! NT_STATUS_IS_OK(ret)) { + goto failed; + } + dom->private_data = ctx; - talloc_free(config_option); return NT_STATUS_OK; failed: |