sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-04 17:47:26 +03:00
Code

s3:idmap_ldap: filter out of range mappings in default idmap config

Browse Source 
This fixes bug #6417

Michael
This commit is contained in:
Michael Adam 2009-05-27 19:25:44 +02:00
parent c299833bf8
commit e381c13b02
1 changed files with 55 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
source3/winbindd/idmap_ldap.c
View File

@ -765,7 +765,6 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom,
NTSTATUS ret;
struct idmap_ldap_context *ctx = NULL;
char *config_option = NULL;
const char *range = NULL;
const char *tmp = NULL;
/* Only do init if we are online */
@ -779,6 +778,38 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom,
return NT_STATUS_NO_MEMORY;
}
if (strequal(dom->name, "*")) {
uid_t low_uid = 0;
uid_t high_uid = 0;
gid_t low_gid = 0;
gid_t high_gid = 0;
ctx->filter_low_id = 0;
ctx->filter_high_id = 0;
if (lp_idmap_uid(&low_uid, &high_uid)) {
ctx->filter_low_id = low_uid;
ctx->filter_high_id = high_uid;
} else {
DEBUG(3, ("Warning: 'idmap uid' not set!\n"));
}
if (lp_idmap_gid(&low_gid, &high_gid)) {
if ((low_gid != low_uid) || (high_gid != high_uid)) {
DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'"
" ranges do not agree -- building "
"intersection\n"));
ctx->filter_low_id = MAX(ctx->filter_low_id,
low_gid);
ctx->filter_high_id = MIN(ctx->filter_high_id,
high_gid);
}
} else {
DEBUG(3, ("Warning: 'idmap gid' not set!\n"));
}
} else {
const char *range = NULL;
config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
if ( ! config_option) {
DEBUG(0, ("Out of memory!\n"));
@ -790,13 +821,21 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom,
range = lp_parm_const_string(-1, config_option, "range", NULL);
if (range && range[0]) {
if ((sscanf(range, "%u - %u", &ctx->filter_low_id,
&ctx->filter_high_id) != 2) ||
(ctx->filter_low_id > ctx->filter_high_id)) {
&ctx->filter_high_id) != 2))
{
DEBUG(1, ("ERROR: invalid filter range [%s]", range));
ctx->filter_low_id = 0;
ctx->filter_high_id = 0;
}
}
}
if (ctx->filter_low_id > ctx->filter_high_id) {
DEBUG(1, ("ERROR: invalid filter range [%u-%u]",
ctx->filter_low_id, ctx->filter_high_id));
ctx->filter_low_id = 0;
ctx->filter_high_id = 0;
}
if (params != NULL) {
/* assume location is the only parameter */