sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
Code

s3:winbindd/autorid add support for read-only mode

Browse Source 
make it possible to set read-only = yes for the backend
so users can replicate an autorid.tdb to another server
to use the same mappings without risking that updates
are done on both sides
This commit is contained in:
Christian Ambach 2012-05-07 14:19:26 +02:00
parent 6bda0f6f88
commit 2997f2fe80
1 changed files with 38 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
source3/winbindd/idmap_autorid.c
View File

@ -135,17 +135,22 @@ error:
}
static NTSTATUS idmap_autorid_get_domainrange(struct autorid_domain_config *dom)
static NTSTATUS idmap_autorid_get_domainrange(struct autorid_domain_config *dom,
bool read_only)
{
NTSTATUS ret;
/*
* try to find mapping without locking the database,
* if it is not found create a mapping in a transaction
* if it is not found create a mapping in a transaction unless
* read-only mode has been set
*/
ret = dbwrap_fetch_uint32(autorid_db, dom->sid, &(dom->domainnum));
if (!NT_STATUS_IS_OK(ret)) {;
if (!NT_STATUS_IS_OK(ret)) {
if (read_only) {
return NT_STATUS_NOT_FOUND;
}
ret = dbwrap_trans_do(autorid_db,
idmap_autorid_get_domainrange_action, dom);
}
@ -171,6 +176,12 @@ static NTSTATUS idmap_autorid_allocate_id(struct idmap_domain *dom,
globalcfg = talloc_get_type(commoncfg->private_data,
struct autorid_global_config);
if (dom->read_only) {
DEBUG(3, ("Backend is read-only, refusing "
"new allocation request\n"));
return NT_STATUS_UNSUCCESSFUL;
}
/* fetch the range for the allocation pool */
ZERO_STRUCT(domaincfg);
@ -178,7 +189,7 @@ static NTSTATUS idmap_autorid_allocate_id(struct idmap_domain *dom,
domaincfg.globalcfg = globalcfg;
fstrcpy(domaincfg.sid, ALLOC_RANGE);
ret = idmap_autorid_get_domainrange(&domaincfg);
ret = idmap_autorid_get_domainrange(&domaincfg, dom->read_only);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(3, ("Could not determine range for allocation pool, "
@ -413,6 +424,12 @@ static NTSTATUS idmap_autorid_map_sid_to_id(struct idmap_domain *dom,
return ret;
}
if (dom->read_only) {
DEBUG(3, ("Not allocating new mapping for %s, because backend "
"is read-only\n", sid_string_dbg(map->sid)));
return NT_STATUS_NONE_MAPPED;
}
DEBUG(10, ("Creating new mapping in pool for %s\n",
sid_string_dbg(map->sid)));
@ -501,7 +518,9 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom,
goto failure;
}
num_mapped++;
if (ids[i]->status == ID_MAPPED) {
num_mapped++;
}
continue;
}
@ -521,7 +540,16 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom,
domaincfg.globalcfg = global;
sid_to_fstring(domaincfg.sid, &domainsid);
ret = idmap_autorid_get_domainrange(&domaincfg);
ret = idmap_autorid_get_domainrange(&domaincfg, dom->read_only);
/* read-only mode and a new domain range would be required? */
if (NT_STATUS_EQUAL(ret, NT_STATUS_NOT_FOUND) &&
dom->read_only) {
DEBUG(10, ("read-only is enabled, did not allocate "
"new range for domain %s\n",
sid_string_dbg(&domainsid)));
continue;
}
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(3, ("Could not determine range for domain, "
@ -698,6 +726,10 @@ static NTSTATUS idmap_autorid_preallocate_wellknown(struct idmap_domain *dom)
int i, num;
NTSTATUS status;
if (dom->read_only) {
return NT_STATUS_OK;
}
num = sizeof(groups)/sizeof(char*);
maps = talloc_zero_array(talloc_tos(), struct id_map*, num+1);