mirror of
https://github.com/samba-team/samba.git
synced 2025-02-26 21:57:41 +03:00
s3:utils: Add a testparm check for idmap autorid
What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This commit is contained in:
Andreas Schneider
Andreas Schneider
parent
fe84ae5547
commit
db6d4da341
@ -128,6 +128,21 @@ static bool lp_scan_idmap_found_domain(const char *string,
|
||||
return false; /* Keep scanning */
|
||||
}
|
||||
|
||||
static int idmap_config_int(const char *domname, const char *option, int def)
|
||||
{
|
||||
int len = snprintf(NULL, 0, "idmap config %s", domname);
|
||||
|
||||
if (len == -1) {
|
||||
return def;
|
||||
}
|
||||
{
|
||||
char config_option[len+1];
|
||||
snprintf(config_option, sizeof(config_option),
|
||||
"idmap config %s", domname);
|
||||
return lp_parm_int(-1, config_option, option, def);
|
||||
}
|
||||
}
|
||||
|
||||
static bool do_idmap_check(void)
|
||||
{
|
||||
struct idmap_domains *d;
|
||||
@ -157,6 +172,42 @@ static bool do_idmap_check(void)
|
||||
rc);
|
||||
}
|
||||
|
||||
/* Check autorid backend */
|
||||
if (strequal(lp_idmap_default_backend(), "autorid")) {
|
||||
struct idmap_config *c = NULL;
|
||||
bool found = false;
|
||||
|
||||
for (i = 0; i < d->count; i++) {
|
||||
c = &d->c[i];
|
||||
|
||||
if (strequal(c->backend, "autorid")) {
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (found) {
|
||||
uint32_t rangesize =
|
||||
idmap_config_int("*", "rangesize", 100000);
|
||||
uint32_t maxranges =
|
||||
(c->high - c->low + 1) / rangesize;
|
||||
|
||||
if (maxranges < 2) {
|
||||
fprintf(stderr,
|
||||
"ERROR: The idmap autorid range "
|
||||
"[%u-%u] needs to be at least twice as"
|
||||
"big as the rangesize [%u]!"
|
||||
"\n\n",
|
||||
c->low,
|
||||
c->high,
|
||||
rangesize);
|
||||
ok = false;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Check for overlapping idmap ranges */
|
||||
for (i = 0; i < d->count; i++) {
|
||||
struct idmap_config *c = &d->c[i];
|
||||
uint32_t j;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user