mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
idmap_hash: split out a idmap_hash_sid_to_id() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
parent
57150b463f
commit
c158b075b0
@ -253,9 +253,78 @@ static NTSTATUS unixids_to_sids(struct idmap_domain *dom,
|
|||||||
/*********************************************************************
|
/*********************************************************************
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
|
static NTSTATUS idmap_hash_sid_to_id(struct sid_hash_table *hashed_domains,
|
||||||
|
struct idmap_domain *dom,
|
||||||
|
struct id_map *id)
|
||||||
|
{
|
||||||
|
struct dom_sid sid;
|
||||||
|
uint32_t rid;
|
||||||
|
uint32_t h_domain, h_rid;
|
||||||
|
|
||||||
|
if (id->xid.type == ID_TYPE_NOT_SPECIFIED) {
|
||||||
|
/*
|
||||||
|
* idmap_hash used to bounce back the requested type,
|
||||||
|
* which was ID_TYPE_UID, ID_TYPE_GID or
|
||||||
|
* ID_TYPE_NOT_SPECIFIED before as the winbindd parent
|
||||||
|
* always used a lookupsids. When the lookupsids
|
||||||
|
* failed because of an unknown domain, the idmap child
|
||||||
|
* weren't requested at all and the caller sees
|
||||||
|
* ID_TYPE_NOT_SPECIFIED.
|
||||||
|
*
|
||||||
|
* Now that the winbindd parent will pass ID_TYPE_BOTH
|
||||||
|
* in order to indicate that the domain exists.
|
||||||
|
* We should ask the parent to fallback to lookupsids
|
||||||
|
* if the domain is not known yet.
|
||||||
|
*/
|
||||||
|
id->status = ID_REQUIRE_TYPE;
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
id->status = ID_UNMAPPED;
|
||||||
|
|
||||||
|
sid_copy(&sid, id->sid);
|
||||||
|
sid_split_rid(&sid, &rid);
|
||||||
|
|
||||||
|
h_domain = hash_domain_sid(&sid);
|
||||||
|
h_rid = hash_rid(rid);
|
||||||
|
|
||||||
|
/* Check that both hashes are non-zero*/
|
||||||
|
if (h_domain == 0) {
|
||||||
|
/* keep ID_UNMAPPED */
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
if (h_rid == 0) {
|
||||||
|
/* keep ID_UNMAPPED */
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* idmap_hash used to bounce back the requested type,
|
||||||
|
* which was ID_TYPE_UID, ID_TYPE_GID or
|
||||||
|
* ID_TYPE_NOT_SPECIFIED before as the winbindd parent
|
||||||
|
* always used a lookupsids.
|
||||||
|
*
|
||||||
|
* This module should have supported ID_TYPE_BOTH since
|
||||||
|
* samba-4.1.0, similar to idmap_rid and idmap_autorid.
|
||||||
|
*
|
||||||
|
* Now that the winbindd parent will pass ID_TYPE_BOTH
|
||||||
|
* in order to indicate that the domain exists, it's
|
||||||
|
* better to always return ID_TYPE_BOTH instead of a
|
||||||
|
* random mix of ID_TYPE_UID, ID_TYPE_GID or
|
||||||
|
* ID_TYPE_BOTH.
|
||||||
|
*/
|
||||||
|
id->xid.type = ID_TYPE_BOTH;
|
||||||
|
id->xid.id = combine_hashes(h_domain, h_rid);
|
||||||
|
id->status = ID_MAPPED;
|
||||||
|
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
static NTSTATUS sids_to_unixids(struct idmap_domain *dom,
|
static NTSTATUS sids_to_unixids(struct idmap_domain *dom,
|
||||||
struct id_map **ids)
|
struct id_map **ids)
|
||||||
{
|
{
|
||||||
|
struct sid_hash_table *hashed_domains = talloc_get_type_abort(
|
||||||
|
dom->private_data, struct sid_hash_table);
|
||||||
size_t i;
|
size_t i;
|
||||||
size_t num_tomap = 0;
|
size_t num_tomap = 0;
|
||||||
size_t num_mapped = 0;
|
size_t num_mapped = 0;
|
||||||
@ -268,61 +337,25 @@ static NTSTATUS sids_to_unixids(struct idmap_domain *dom,
|
|||||||
}
|
}
|
||||||
|
|
||||||
for (i=0; ids[i]; i++) {
|
for (i=0; ids[i]; i++) {
|
||||||
struct dom_sid sid;
|
NTSTATUS ret;
|
||||||
uint32_t rid;
|
|
||||||
uint32_t h_domain, h_rid;
|
|
||||||
|
|
||||||
ids[i]->status = ID_UNMAPPED;
|
ret = idmap_hash_sid_to_id(hashed_domains, dom, ids[i]);
|
||||||
|
if (!NT_STATUS_IS_OK(ret)) {
|
||||||
if (ids[i]->xid.type == ID_TYPE_NOT_SPECIFIED) {
|
struct dom_sid_buf buf;
|
||||||
/*
|
/* some fatal error occurred, log it */
|
||||||
* idmap_hash used to bounce back the requested type,
|
DBG_NOTICE("Unexpected error resolving a SID "
|
||||||
* which was ID_TYPE_UID, ID_TYPE_GID or
|
"(%s): %s\n",
|
||||||
* ID_TYPE_NOT_SPECIFIED before as the winbindd parent
|
dom_sid_str_buf(ids[i]->sid, &buf),
|
||||||
* always used a lookupsids. When the lookupsids
|
nt_errstr(ret));
|
||||||
* failed because of an unknown domain, the idmap child
|
return ret;
|
||||||
* weren't requested at all and the caller sees
|
|
||||||
* ID_TYPE_NOT_SPECIFIED.
|
|
||||||
*
|
|
||||||
* Now that the winbindd parent will pass ID_TYPE_BOTH
|
|
||||||
* in order to indicate that the domain exists.
|
|
||||||
* We should ask the parent to fallback to lookupsids
|
|
||||||
* if the domain is not known yet.
|
|
||||||
*/
|
|
||||||
ids[i]->status = ID_REQUIRE_TYPE;
|
|
||||||
num_required++;
|
|
||||||
continue;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sid_copy(&sid, ids[i]->sid);
|
if (ids[i]->status == ID_MAPPED) {
|
||||||
sid_split_rid(&sid, &rid);
|
|
||||||
|
|
||||||
h_domain = hash_domain_sid(&sid);
|
|
||||||
h_rid = hash_rid(rid);
|
|
||||||
|
|
||||||
/* Check that both hashes are non-zero*/
|
|
||||||
|
|
||||||
if (h_domain && h_rid) {
|
|
||||||
/*
|
|
||||||
* idmap_hash used to bounce back the requested type,
|
|
||||||
* which was ID_TYPE_UID, ID_TYPE_GID or
|
|
||||||
* ID_TYPE_NOT_SPECIFIED before as the winbindd parent
|
|
||||||
* always used a lookupsids.
|
|
||||||
*
|
|
||||||
* This module should have supported ID_TYPE_BOTH since
|
|
||||||
* samba-4.1.0, similar to idmap_rid and idmap_autorid.
|
|
||||||
*
|
|
||||||
* Now that the winbindd parent will pass ID_TYPE_BOTH
|
|
||||||
* in order to indicate that the domain exists, it's
|
|
||||||
* better to always return ID_TYPE_BOTH instead of a
|
|
||||||
* random mix of ID_TYPE_UID, ID_TYPE_GID or
|
|
||||||
* ID_TYPE_BOTH.
|
|
||||||
*/
|
|
||||||
ids[i]->xid.type = ID_TYPE_BOTH;
|
|
||||||
ids[i]->xid.id = combine_hashes(h_domain, h_rid);
|
|
||||||
ids[i]->status = ID_MAPPED;
|
|
||||||
num_mapped++;
|
num_mapped++;
|
||||||
}
|
}
|
||||||
|
if (ids[i]->status == ID_REQUIRE_TYPE) {
|
||||||
|
num_required++;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (num_tomap == num_mapped) {
|
if (num_tomap == num_mapped) {
|
||||||
|
Loading…
Reference in New Issue
Block a user