char *url;
char *suffix;
char *user_dn;
- uint32_t filter_low_id, filter_high_id; /* Filter range */
bool anon;
};
Verify the sambaUnixIdPool entry in the directory.
**********************************************************************/
-static NTSTATUS verify_idpool(void)
+static NTSTATUS verify_idpool(struct idmap_domain *dom)
{
NTSTATUS ret;
TALLOC_CTX *ctx;
char *uid_str, *gid_str;
uid_str = talloc_asprintf(ctx, "%lu",
- (unsigned long)idmap_alloc_ldap->low_uid);
+ (unsigned long)dom->low_id);
gid_str = talloc_asprintf(ctx, "%lu",
- (unsigned long)idmap_alloc_ldap->low_gid);
+ (unsigned long)dom->low_id);
smbldap_set_mod(&mods, LDAP_MOD_ADD,
"objectClass", LDAP_OBJ_IDPOOL);
Initialise idmap database.
*****************************************************************************/
-static NTSTATUS idmap_ldap_alloc_init(const char *params)
+static NTSTATUS idmap_ldap_alloc_init(struct idmap_domain *dom,
+ const char *params)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
const char *tmp;
- uid_t low_uid = 0;
- uid_t high_uid = 0;
- gid_t low_gid = 0;
- gid_t high_gid = 0;
/* Only do init if we are online */
if (idmap_is_offline()) {
idmap_alloc_ldap = TALLOC_ZERO_P(NULL, struct idmap_ldap_alloc_context);
CHECK_ALLOC_DONE( idmap_alloc_ldap );
- /* load ranges */
-
- if (!lp_idmap_uid(&low_uid, &high_uid)
- || !lp_idmap_gid(&low_gid, &high_gid)) {
- DEBUG(1, ("idmap uid or idmap gid missing\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- idmap_alloc_ldap->low_uid = low_uid;
- idmap_alloc_ldap->high_uid = high_uid;
- idmap_alloc_ldap->low_gid = low_gid;
- idmap_alloc_ldap->high_gid= high_gid;
-
- if (idmap_alloc_ldap->high_uid <= idmap_alloc_ldap->low_uid) {
- DEBUG(1, ("idmap uid range invalid\n"));
- DEBUGADD(1, ("idmap will be unable to map foreign SIDs\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- if (idmap_alloc_ldap->high_gid <= idmap_alloc_ldap->low_gid) {
- DEBUG(1, ("idmap gid range invalid\n"));
- DEBUGADD(1, ("idmap will be unable to map foreign SIDs\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
if (params && *params) {
/* assume location is the only parameter */
idmap_alloc_ldap->url = talloc_strdup(idmap_alloc_ldap, params);
/* see if the idmap suffix and sub entries exists */
- ret = verify_idpool();
+ ret = verify_idpool(dom);
done:
if ( !NT_STATUS_IS_OK( ret ) )
}
if (strequal(dom->name, "*")) {
- uid_t low_uid = 0;
- uid_t high_uid = 0;
- gid_t low_gid = 0;
- gid_t high_gid = 0;
-
- ctx->filter_low_id = 0;
- ctx->filter_high_id = 0;
-
- if (lp_idmap_uid(&low_uid, &high_uid)) {
- ctx->filter_low_id = low_uid;
- ctx->filter_high_id = high_uid;
- } else {
- DEBUG(3, ("Warning: 'idmap uid' not set!\n"));
- }
-
- if (lp_idmap_gid(&low_gid, &high_gid)) {
- if ((low_gid != low_uid) || (high_gid != high_uid)) {
- DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'"
- " ranges do not agree -- building "
- "intersection\n"));
- ctx->filter_low_id = MAX(ctx->filter_low_id,
- low_gid);
- ctx->filter_high_id = MIN(ctx->filter_high_id,
- high_gid);
- }
- } else {
- DEBUG(3, ("Warning: 'idmap gid' not set!\n"));
- }
+ /* more specific configuration can go here */
} else {
- const char *range = NULL;
-
config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
if ( ! config_option) {
DEBUG(0, ("Out of memory!\n"));
ret = NT_STATUS_NO_MEMORY;
goto done;
}
-
- /* load ranges */
- range = lp_parm_const_string(-1, config_option, "range", NULL);
- if (range && range[0]) {
- if ((sscanf(range, "%u - %u", &ctx->filter_low_id,
- &ctx->filter_high_id) != 2))
- {
- DEBUG(1, ("ERROR: invalid filter range [%s]", range));
- ctx->filter_low_id = 0;
- ctx->filter_high_id = 0;
- }
- }
- }
-
- if (ctx->filter_low_id > ctx->filter_high_id) {
- DEBUG(1, ("ERROR: invalid filter range [%u-%u]",
- ctx->filter_low_id, ctx->filter_high_id));
- ctx->filter_low_id = 0;
- ctx->filter_high_id = 0;
}
if (params != NULL) {
}
id = strtoul(tmp, NULL, 10);
- if ((id == 0) ||
- (ctx->filter_low_id && (id < ctx->filter_low_id)) ||
- (ctx->filter_high_id && (id > ctx->filter_high_id))) {
+ if (!idmap_unix_id_is_in_range(id, dom)) {
DEBUG(5, ("Requested id (%u) out of range (%u - %u). "
"Filtered!\n", id,
- ctx->filter_low_id, ctx->filter_high_id));
+ dom->low_id, dom->high_id));
TALLOC_FREE(sidstr);
TALLOC_FREE(tmp);
continue;
}
id = strtoul(tmp, NULL, 10);
- if ((id == 0) ||
- (ctx->filter_low_id && (id < ctx->filter_low_id)) ||
- (ctx->filter_high_id && (id > ctx->filter_high_id))) {
+ if (!idmap_unix_id_is_in_range(id, dom)) {
DEBUG(5, ("Requested id (%u) out of range (%u - %u). "
"Filtered!\n", id,
- ctx->filter_low_id, ctx->filter_high_id));
+ dom->low_id, dom->high_id));
TALLOC_FREE(sidstr);
TALLOC_FREE(tmp);
continue;
.init = idmap_ldap_db_init,
.unixids_to_sids = idmap_ldap_unixids_to_sids,
.sids_to_unixids = idmap_ldap_sids_to_unixids,
+ .allocate_id = idmap_ldap_get_new_id,
.close_fn = idmap_ldap_close
};
-static struct idmap_alloc_methods idmap_ldap_alloc_methods = {
-
- .init = idmap_ldap_alloc_init,
- .allocate_id = idmap_ldap_allocate_id,
- .close_fn = idmap_ldap_alloc_close,
-};
-
-static NTSTATUS idmap_alloc_ldap_init(void)
-{
- return smb_register_idmap_alloc(SMB_IDMAP_INTERFACE_VERSION, "ldap",
- &idmap_ldap_alloc_methods);
-}
-
NTSTATUS idmap_ldap_init(void);
NTSTATUS idmap_ldap_init(void)
{
- NTSTATUS ret;
-
- /* FIXME: bad hack to actually register also the alloc_ldap module
- * without changining configure.in */
- ret = idmap_alloc_ldap_init();
- if (! NT_STATUS_IS_OK(ret)) {
- return ret;
- }
return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "ldap",
&idmap_ldap_methods);
}