sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-05 21:57:51 +03:00
Code

add idmap only parameter

Browse Source 
make idmap not map SIDs outside the uid/gid range defined by default
this is to keep backward compatibility
This commit is contained in:
Simo Sorce -
parent 1c0ae10301
commit bec45093c3
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source/param/loadparm.c
View File

@ -164,6 +164,7 @@ typedef struct
char *szSourceEnv;
char *szIdmapUID;
char *szIdmapGID;
BOOL *bIdmapOnly;
char *szNonUnixAccountRange;
int AlgorithmicRidBase;
char *szTemplateHomedir;
@ -756,7 +757,6 @@ static struct parm_struct parm_table[] = {
{"server schannel", P_ENUM, P_GLOBAL, &Globals.serverSchannel, NULL, enum_bool_auto, FLAG_BASIC},
{"allow trusted domains", P_BOOL, P_GLOBAL, &Globals.bAllowTrustedDomains, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"idmap backend", P_STRING, P_GLOBAL, &Globals.szIdmapBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"min passwd length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"min password length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, FLAG_ADVANCED | FLAG_DEVELOPER},
@ -1120,6 +1120,8 @@ static struct parm_struct parm_table[] = {
{"Winbind options", P_SEP, P_SEPARATOR},
{"idmap only", P_BOOL, P_GLOBAL, &Globals.bIdmapOnly, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"idmap backend", P_STRING, P_GLOBAL, &Globals.szIdmapBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"idmap uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER | FLAG_HIDE},
{"idmap gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
@ -1478,6 +1480,7 @@ static void init_globals(void)
Globals.bWinbindEnumGroups = True;
Globals.bWinbindUseDefaultDomain = False;
Globals.bIdmapOnly = False;
string_set(&Globals.szWinbindBackend, "tdb");
Globals.name_cache_timeout = 660; /* In seconds */
@ -1657,6 +1660,7 @@ FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain)
FN_GLOBAL_STRING(lp_winbind_backend, &Globals.szWinbindBackend)
FN_GLOBAL_STRING(lp_idmap_backend, &Globals.szIdmapBackend)
FN_GLOBAL_BOOL(lp_idmap_only, &Globals.bIdmapOnly)
#ifdef WITH_LDAP_SAMCONFIG
FN_GLOBAL_STRING(lp_ldap_server, &Globals.szLdapServer)

29
source/sam/idmap.c
View File

@ -91,6 +91,35 @@ NTSTATUS idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
{
NTSTATUS ret;
if (!lp_idmap_only()) {
if (id_type & ID_USERID) {
uid_t low, high;
if (!lp_idmap_uid(&low, &high)) {
DEBUG(0, ("idmap uid range missing or invalid\n"));
DEBUGADD(0, ("idmap will be unable to map SIDs\n"));
return NT_STATUS_UNSUCCESSFUL;
}
if (low > id.uid || high < id.uid) {
DEBUG(0, ("uid not in range and idmap only is flase - not storing the mapping\n"));
return NT_STATUS_UNSUCCESSFUL;
}
} else if (id_type & ID_GROUPID) {
gid_t low, high;
if (!lp_idmap_gid(&low, &high)) {
DEBUG(0, ("idmap gid range missing or invalid\n"));
DEBUGADD(0, ("idmap will be unable to map SIDs\n"));
return NT_STATUS_UNSUCCESSFUL;
}
if (low > id.gid || high < id.gid) {
DEBUG(0, ("uid not in range and idmap only is flase - not storing the mapping\n"));
return NT_STATUS_UNSUCCESSFUL;
}
} else {
DEBUG(0, ("Wrong ID Type, mapping failed!"));
return NT_STATUS_UNSUCCESSFUL;
}
}
ret = local_map->set_mapping(sid, id, id_type);
if (NT_STATUS_IS_ERR(ret)) {
DEBUG (0, ("idmap_set_mapping: Error, unable to modify local cache!\n"));