s3:idmap_ldap: filter out of range mappings in default idmap config

author Michael Adam <obnox@samba.org>

Wed, 27 May 2009 17:25:44 +0000 (19:25 +0200)

committer Michael Adam <obnox@samba.org>

Wed, 27 May 2009 23:31:51 +0000 (01:31 +0200)
author Michael Adam <obnox@samba.org>
Wed, 27 May 2009 17:25:44 +0000 (19:25 +0200)
committer Michael Adam <obnox@samba.org>
Wed, 27 May 2009 23:31:51 +0000 (01:31 +0200)
diff --git a/source/winbindd/idmap_ldap.c b/source/winbindd/idmap_ldap.c

index 7224589076e1157b5901c5dcea834f3d16e7c198..7a0e32b769ade86aee5425c49acbb7e4b2621e9d 100644 (file)
--- a/source/winbindd/idmap_ldap.c
+++ b/source/winbindd/idmap_ldap.c
@@ -765,7 +765,6 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom,
         NTSTATUS ret;
         struct idmap_ldap_context *ctx = NULL;
         char *config_option = NULL;
-       const char *range = NULL;
         const char *tmp = NULL;
  
         /* Only do init if we are online */
@@ -779,23 +778,63 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom,
                 return NT_STATUS_NO_MEMORY;
         }
  
-       config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
-       if ( ! config_option) {
-               DEBUG(0, ("Out of memory!\n"));
-               ret = NT_STATUS_NO_MEMORY;
-               goto done;
-       }
+       if (strequal(dom->name, "*")) {
+               uid_t low_uid = 0;
+               uid_t high_uid = 0;
+               gid_t low_gid = 0;
+               gid_t high_gid = 0;
  
-       /* load ranges */
-       range = lp_parm_const_string(-1, config_option, "range", NULL);
-       if (range && range[0]) {
-               if ((sscanf(range, "%u - %u", &ctx->filter_low_id,
-                                               &ctx->filter_high_id) != 2) ||
-                   (ctx->filter_low_id > ctx->filter_high_id)) {
-                       DEBUG(1, ("ERROR: invalid filter range [%s]", range));
-                       ctx->filter_low_id = 0;
-                       ctx->filter_high_id = 0;
+               ctx->filter_low_id = 0;
+               ctx->filter_high_id = 0;
+
+               if (lp_idmap_uid(&low_uid, &high_uid)) {
+                       ctx->filter_low_id = low_uid;
+                       ctx->filter_high_id = high_uid;
+               } else {
+                       DEBUG(3, ("Warning: 'idmap uid' not set!\n"));
+               }
+
+               if (lp_idmap_gid(&low_gid, &high_gid)) {
+                       if ((low_gid != low_uid) || (high_gid != high_uid)) {
+                               DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'"
+                                     " ranges do not agree -- building "
+                                     "intersection\n"));
+                               ctx->filter_low_id = MAX(ctx->filter_low_id,
+                                                        low_gid);
+                               ctx->filter_high_id = MIN(ctx->filter_high_id,
+                                                         high_gid);
+                       }
+               } else {
+                       DEBUG(3, ("Warning: 'idmap gid' not set!\n"));
+               }
+       } else {
+               const char *range = NULL;
+
+               config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
+               if ( ! config_option) {
+                       DEBUG(0, ("Out of memory!\n"));
+                       ret = NT_STATUS_NO_MEMORY;
+                       goto done;
                 }
+
+               /* load ranges */
+               range = lp_parm_const_string(-1, config_option, "range", NULL);
+               if (range && range[0]) {
+                       if ((sscanf(range, "%u - %u", &ctx->filter_low_id,
+                                                       &ctx->filter_high_id) != 2))
+                       {
+                               DEBUG(1, ("ERROR: invalid filter range [%s]", range));
+                               ctx->filter_low_id = 0;
+                               ctx->filter_high_id = 0;
+                       }
+               }
+       }
+
+       if (ctx->filter_low_id > ctx->filter_high_id) {
+               DEBUG(1, ("ERROR: invalid filter range [%u-%u]",
+                     ctx->filter_low_id, ctx->filter_high_id));
+               ctx->filter_low_id = 0;
+               ctx->filter_high_id = 0;
         }
  
         if (params != NULL) {
author	Michael Adam <obnox@samba.org>
	Wed, 27 May 2009 17:25:44 +0000 (19:25 +0200)
committer	Michael Adam <obnox@samba.org>
	Wed, 27 May 2009 23:31:51 +0000 (01:31 +0200)