Another merge from appliance-head: in [ug]id_to_sid don't call the

winbind function if the id is obviously going to be local.  Cleanup
of winbind [ug]id parameter handling.

source/nsswitch/winbindd_util.c

@@ -764,60 +764,20 @@ void free_getent_state(struct getent_state *state)
 	}
 }
 
-/* Parse list of arguments to winbind uid or winbind gid parameters */
-
-static BOOL parse_id_list(char *paramstr, BOOL is_user)
-{
-    uid_t id_low, id_high = 0;
-
-    /* Give a nicer error message if no parameters specified */
-
-    if (strequal(paramstr, "")) {
-        DEBUG(0, ("winbind %s parameter missing\n", is_user ? "uid" : "gid"));
-        return False;
-    }
-    
-    /* Parse entry */
-
-    if (sscanf(paramstr, "%u-%u", &id_low, &id_high) != 2) {
-        DEBUG(0, ("winbind %s parameter invalid\n", 
-                  is_user ? "uid" : "gid"));
-        return False;
-    }
-    
-    /* Store id info */
-    
-    if (is_user) {
-        server_state.uid_low = id_low;
-        server_state.uid_high = id_high;
-    } else {
-        server_state.gid_low = id_low;
-        server_state.gid_high = id_high;
-    }
-
-    return True;
-}
-
 /* Initialise trusted domain info */
 
 BOOL winbindd_param_init(void)
 {
     /* Parse winbind uid and winbind_gid parameters */
 
-    if (!(parse_id_list(lp_winbind_uid(), True) &&
-          parse_id_list(lp_winbind_gid(), False)))
-        return False;
-
-    /* Check for reversed uid and gid ranges */
-        
-    if (server_state.uid_low > server_state.uid_high) {
-        DEBUG(0, ("uid range invalid\n"));
-        return False;
+    if (!lp_winbind_uid(&server_state.uid_low, &server_state.uid_high)) {
+            DEBUG(0, ("winbind uid range missing or invalid\n"));
+            return False;
     }
-    
-    if (server_state.gid_low > server_state.gid_high) {
-        DEBUG(0, ("gid range invalid\n"));
-        return False;
+
+    if (!lp_winbind_gid(&server_state.gid_low, &server_state.gid_high)) {
+            DEBUG(0, ("winbind gid range missing or invalid\n"));
+            return False;
     }
     
     return True;

source/param/loadparm.c

@@ -525,7 +525,8 @@ static BOOL handle_copy(char *pszParmValue, char **ptr);
 static BOOL handle_vfs_object(char *pszParmValue, char **ptr);
 static BOOL handle_source_env(char *pszParmValue, char **ptr);
 static BOOL handle_netbios_name(char *pszParmValue, char **ptr);
-static BOOL handle_winbind_id(char *pszParmValue, char **ptr);
+static BOOL handle_winbind_uid(char *pszParmValue, char **ptr);
+static BOOL handle_winbind_gid(char *pszParmValue, char **ptr);
 static BOOL handle_wins_server_list(char *pszParmValue, char **ptr);
 static BOOL handle_debug_list( char *pszParmValue, char **ptr );
 
@@ -1027,8 +1028,8 @@ static struct parm_struct parm_table[] = {
 
 	{"Winbind options", P_SEP, P_SEPARATOR},
 
-	{"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_id, NULL, 0},
-	{"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_id, NULL, 0},
+	{"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_uid, NULL, 0},
+	{"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_gid, NULL, 0},
 	{"template homedir", P_STRING, P_GLOBAL, &Globals.szTemplateHomedir, NULL, NULL, 0},
 	{"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, 0},
 	{"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, 0},
@@ -1497,8 +1498,6 @@ FN_GLOBAL_STRING(lp_abort_shutdown_script, &Globals.szAbortShutdownScript)
 FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook)
 FN_GLOBAL_LIST(lp_domain_admin_group, &Globals.szDomainAdminGroup)
 FN_GLOBAL_LIST(lp_domain_guest_group, &Globals.szDomainGuestGroup)
-FN_GLOBAL_STRING(lp_winbind_uid, &Globals.szWinbindUID)
-FN_GLOBAL_STRING(lp_winbind_gid, &Globals.szWinbindGID)
 FN_GLOBAL_STRING(lp_template_homedir, &Globals.szTemplateHomedir)
 FN_GLOBAL_STRING(lp_template_shell, &Globals.szTemplateShell)
 FN_GLOBAL_STRING(lp_winbind_separator, &Globals.szWinbindSeparator)
@@ -2447,21 +2446,72 @@ static BOOL handle_copy(char *pszParmValue, char **ptr)
 
 ***************************************************************************/
 
-/* Do some simple checks on "winbind [ug]id" parameter value */
+/* Some lp_ routines to return winbind [ug]id information */
 
-static BOOL handle_winbind_id(char *pszParmValue, char **ptr)
+static uid_t winbind_uid_low, winbind_uid_high;
+static gid_t winbind_gid_low, winbind_gid_high;
+
+BOOL lp_winbind_uid(uid_t *low, uid_t *high)
+{
+        if (winbind_uid_low == 0 || winbind_uid_high == 0)
+                return False;
+
+        if (low)
+                *low = winbind_uid_low;
+
+        if (high)
+                *high = winbind_uid_high;
+
+        return True;
+}
+
+BOOL lp_winbind_gid(gid_t *low, gid_t *high)
+{
+        if (winbind_gid_low == 0 || winbind_gid_high == 0)
+                return False;
+
+        if (low)
+                *low = winbind_gid_low;
+
+        if (high)
+                *high = winbind_gid_high;
+
+        return True;
+}
+
+/* Do some simple checks on "winbind [ug]id" parameter values */
+
+static BOOL handle_winbind_uid(char *pszParmValue, char **ptr)
 {
 	int low, high;
 
-	if (sscanf(pszParmValue, "%d-%d", &low, &high) != 2)
-	{
+	if (sscanf(pszParmValue, "%d-%d", &low, &high) != 2 || high < low)
 		return False;
-	}
 
 	/* Parse OK */
 
 	string_set(ptr, pszParmValue);
 
+        winbind_uid_low = low;
+        winbind_uid_high = high;
+
+	return True;
+}
+
+static BOOL handle_winbind_gid(char *pszParmValue, char **ptr)
+{
+	gid_t low, high;
+
+	if (sscanf(pszParmValue, "%d-%d", &low, &high) != 2 || high < low)
+		return False;
+
+	/* Parse OK */
+
+	string_set(ptr, pszParmValue);
+
+        winbind_gid_low = low;
+        winbind_gid_high = high;
+
 	return True;
 }
 

source/smbd/uid.c

@@ -551,16 +551,24 @@ BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE
 
 DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
 {
+        uid_t low, high;
 	fstring sid;
 
-	if (!winbind_uid_to_sid(psid, uid)) {
-		DEBUG(10,("uid_to_sid: winbind lookup for uid %u failed - trying local.\n", (unsigned int)uid ));
+        if (lp_winbind_uid(&low, &high) && uid >= low && uid <= high) {
+                if (winbind_uid_to_sid(psid, uid)) {
 
-		return local_uid_to_sid(psid, uid);
-	}
+                        DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
+                                  (unsigned int)uid, 
+                                  sid_to_string(sid, psid)));
 
-	DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
-		(unsigned int)uid, sid_to_string(sid, psid) ));
+                        return psid;
+                }
+        }
+
+        local_uid_to_sid(psid, uid);
+        
+	DEBUG(10,("uid_to_sid: local %u -> %s\n",
+                  (unsigned int)uid, sid_to_string(sid, psid)));
 
 	return psid;
 }
@@ -573,16 +581,24 @@ DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
 
 DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
 {
+        gid_t low, high;
 	fstring sid;
 
-	if (!winbind_gid_to_sid(psid, gid)) {
-		DEBUG(10,("gid_to_sid: winbind lookup for gid %u failed - trying local.\n", (unsigned int)gid ));
+        if (lp_winbind_gid(&low, &high) && gid >= low && gid <= high) {
+                if (winbind_gid_to_sid(psid, gid)) {
 
-		return local_gid_to_sid(psid, gid);
-	}
+                        DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
+                                  (unsigned int)gid, 
+                                  sid_to_string(sid, psid)));
+                        
+                        return psid;
+                }
+        }
 
-	DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
-		(unsigned int)gid, sid_to_string(sid,psid) ));
+        local_gid_to_sid(psid, gid);
+        
+	DEBUG(10,("gid_to_sid: local %u -> %s\n",
+                  (unsigned int)gid, sid_to_string(sid, psid)));
 
 	return psid;
 }