1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

55 Commits

Author SHA1 Message Date
Andreas Schneider
460fd441d7 s3:winbind: Improve warning message if we are out of autorid ranges
The message should help our users to understand what's the problem. The
message was rather cryptic before.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Feb 28 14:18:32 UTC 2023 on atb-devel-224
2023-02-28 14:18:32 +00:00
Matthew DeVore
c2ac923c6a s3: safe_string: do not include string_wrappers.h
Rather than have safe_string.h #include string_wrappers.h, make users of
string_wrappers.h include it explicitly.

includes.h now no longer includes string_wrappers.h transitively. Still
allow includes.h to #include safe_string.h for now so that as many
modules as possible get the safety checks in it.

Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-28 00:56:34 +00:00
Volker Lendecke
122706550c idmap_autorid: Simplify idmap_autorid_loadconfig
autorid_global_config is a fixed small structure that can be stack-allocated.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Dec 16 21:30:28 CET 2016 on sn-devel-144
2016-12-16 21:30:28 +01:00
Volker Lendecke
4cef6d29ff idmap_autorid: Fix a small memleak
Not long-term, all callers free our "mem_ctx" immediately

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-16 17:38:20 +01:00
Volker Lendecke
9c6c2ad26d idmap_autorid: Fix a race condition when acquiring ranges
Here we are in a transaction to create a range, but we already found
one to exist. We need to return the information about this range to the
caller, just as we do when actually allocating the range. This does not
hit us with current code, as we just have one idmap child. However, if
we parallelize that, two children might have found a domain to not exist
and call idmap_autorid_acquire_range simultaneously. One will create
the range, the other one will find it to already exist. The second child
will also have to pass the info up.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-16 17:38:20 +01:00
Volker Lendecke
ba02936032 idmap_autorid: Make idmap_autorid_acquire_range public
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-16 17:38:20 +01:00
Christian Ambach
feac8bfd37 s3:winbindd/idmap_autorid_tdb fix a compiler warning
about a potentially uninitialized variable

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Feb 12 12:07:07 CET 2016 on sn-devel-144
2016-02-12 12:07:07 +01:00
Michael Adam
0df8988c08 autorid: add high_id to range config and fill it where we also fill range->low_id.
This corresponds to low_id for convenience and allows
for computations without going back to the global config.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-25 15:35:09 +02:00
Michael Adam
3c706e9f01 autorid: fix discard-const warning in idmap_autorid_init_hwm()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-25 15:35:09 +02:00
Michael Adam
1da7b5b50c autorid: fix uninitialized return code for successful autorid.tdb creation/opening
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-25 15:35:09 +02:00
Michael Adam
b1cb75a972 autorid: add debug messages to idmap_autorid_get_domainrange()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-25 15:35:09 +02:00
Michael Adam
b2ddea94cc autorid: improve wording in a debug message
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-25 15:35:09 +02:00
Michael Adam
9e519d97c3 autorid: split idmap_autorid_db_open and idmap_autorid_init_hwms out of idmap_autorid_db_init
These will be used separately in the full initialization function.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
801556fbfd autorid: in idmap_autorid_saveconfig, add a debug msg when loading gives error
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
d9c216343b autorid: improve the precision of the DEBUG at the end of add_range
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
fd56a63a87 autorid: add a DEBUG upon talloc fail in the add_range function.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
38157a093b autorid: when storing a new range, always check it does not exist.
Also check for existence when the range is >= the HWM,
typically the "acquire" case where we bump the HWM.
In case of external modification, we would previously
simply overwrite an an existing range mapping. Now we
check and throw INTERNAL_DB_CORRUPTION in this case.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
0bfb078719 autorid: fix a potential for data corruption.
The initialization of the HWM values in autorid.tdb was racy:

It did:

1. fetch the HWM value
2. if it did not exist, store 0 in a transaction.

This can be racy if two processes at the same time try to
run the initialization code, especially in a cluster, when
winbindd and smbd are started simultaneously on all nodes.
The race is that the HWM is not re-fetched inside the transaction.

Assume both processes see that the HWM does not exist.
Both try to start a transaction. Process 1 gets the lock
and process 2 blocks. After Process 1 has stored the
HWM, it proceeds and manages to start subsequent transactions
which also bump the HWM value (e.g. a range allocation,
which is also triggered from allocation code). When
process 2 finally manages to start the transaction, the
HWM value is aready > 0. But process 2 does not look again
and simply overwrites the HWM with 0.

So the next allocation will overwrite an existing mapping,
at least partially.

This patch changes the mechanism to:

1. fetch the hwm value
2. if it does not exist start a transaction
3.   fetch the hwm value
4.   if it does not exist, store 0
5. commit the transaction.

Note: this is not theoretical. Corruptions have been
seen in cluster environments.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
758308c25a autorid: print debug message when a HWM key has been created
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
6ec437ccb5 autorid: reverse logic flow in idmap_autorid_init_hwm(), decreasing indentation.
I.e. move writing case to the end.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
70cfe221b0 autorid: store hwm as uint32_t in idmap_autorid_init_hwm()
The HWM is treated as uint32_t all the times.
This was just a leftover from old code.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:27 +02:00
Michael Adam
cf0cb0add9 dbwrap: add a dbwrap_flags argument to db_open()
This is in preparation to support handing flags to backends,
in particular activating read only record support for ctdb
databases. For a start, this does nothing but adding the
parameter, and all databases use DBWRAP_FLAG_NONE.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-02-07 16:06:06 +01:00
Michael Adam
1524dc6006 idmap_autorid: fix status code when trying to load range for an invalid input
The "sid" input needs to be verified (it can currently be a SID or "ALLOC").
When handing in string that is valid for other kinds of records,
but not for the SID[#IDX]-->RANGE direction of mappings, like for instance
a range number, then we get "NT_STATUS_INTERNAL_DB_CORRUPTION" because
parse records finds the record, but it does not have the expected size...

This patch fixes this problem by pre-validating the input before fetching
the record from the database.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-11-07 14:01:36 -08:00
Atul Kulkarni
a0e217713f idmap_autorid: add space between two words in a debug message
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-11-07 14:01:35 -08:00
Michael Adam
d286b17d46 idmap_autorid: fix traversal of ranges to correctly exclude mapping records.
When listing all ranges with "net idmap get ranges", the database records
of the form "S-1-5-10" --> "GID 100016" were treated here as rangee mapings,
resulting in an faulty printout like this: "RANGE 541346119: S-1-5-10".

This patch fixes this by adding a filter that checks the size of the
value datablob.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct 21 19:48:40 CEST 2013 on sn-devel-104
2013-10-21 19:48:40 +02:00
Michael Adam
b2ed2d814b idmap_autorid: allow iterate functions to operate on all domain ranges
by allowing handed in domsid to be NULL

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 10:31:19 +02:00
Michael Adam
a6f6ad8d22 idmap_autorid: add idmap_autorid_delete_domain_ranges()
This uses the new idmap_autorid_iterate_domain_ranges() function.
Based on earlier patch by Atul Kulkarni <atul.kulkarni@in.ibm.com>.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:50:14 +02:00
Michael Adam
97dfa06151 idmap_autorid: add idmap_autorid_iterate_domain_ranges[_read]()
Functions to perform an action on all domain range mappings for
a given domain, specified by the domain sid.

Inspired by a previous patch by Atul Kulkarni <atul.kulkarni@in.ibm.com>.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:50:12 +02:00
Michael Adam
1dd9218de9 idmap_autorid: add idmap_autorid_delete_range_by_num()
query and delete a mapping specified by the range number.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:50:11 +02:00
Michael Adam
6cdae0dd30 idmap_autorid: add idmap_autorid_delete_range_by_sid()
Delete a range mapping as specified by domain SID and range index.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:50:10 +02:00
Michael Adam
9b7f9f90d2 idmap_autorid: add idmap_autorid_build_keystr_talloc()
talloc version of idmap_autorid_build_keystr()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:50:10 +02:00
Michael Adam
6d8cc47039 idmap_autorid: extend idmap_autorid_addrange to allow to set mappings below the HWM
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:50:09 +02:00
Michael Adam
8371f5981d idmap_autorid: improve clarity of idmap_autorid_addrange_action() by adding mem_ctx.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:50:07 +02:00
Michael Adam
375168a16e idmap_autorid: add idmap_autorid_saveconfigstr()
Store a configuration as provided by a config string
after parsing and validating the string.

Based on similar patch by Atul Kulkarni <atul.kulkarni@in.ibm.com>.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:32 +02:00
Michael Adam
e8c9161a95 idmap_autorid: Don't use db as a temporary talloc context.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:25 +02:00
Michael Adam
11ea83e9ae idmap_autorid: improve two debug messages by printing NT error codes
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:24 +02:00
Michael Adam
85a15cac44 idmap_autorid: fix a debug message in idmap_autorid_addrange()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:24 +02:00
Michael Adam
266fddfe6a idmap_autorid: for clarity, add a wrapper idmap_autorid_acquire_range() to idmap_autorid_addrange()
This one calls into the HWM bumping acquire code path.

Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:23 +02:00
Michael Adam
4350bfba46 idmap_autorid: add new function idmap_autorid_setrange()
This allows to directly set a range for a domsid#index pair.
It fails if a stored range is found which is different from
the requested one.

Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:23 +02:00
Michael Adam
6e08f5a792 idmap_autorid: factor out domain range adding code into a separate function
This also adds a new mode to the new idmap_autorid_addrange() function
that allows to set a provided range if the range is available, instead
of the original only mode of automatically allocating a new range
by incrementing the HWM counter.

Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:22 +02:00
Michael Adam
69dbc1577b idmap_autorid: add idmap_autorid_getrange()
Wrapper to idmap_autorid_getrange_int().

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:22 +02:00
Michael Adam
e598ed1698 idmap_autorid: improve a debug message in idmap_autorid_getrange_int()
Add output of status code.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:21 +02:00
Atul Kulkarni
7d2fdaac6e idmap_autorid: factor out domain range fetching part from idmap_autorid_get_domainrange()
Fatored out read-only function idmap_autorid_getrange() will be used elsewhere.

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:21 +02:00
Volker Lendecke
94ca5dc0bd idmap_autorid: Use fstr_sprintf in idmap_autorid_build_keystr()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-10-02 00:06:20 +02:00
Michael Adam
2d8cc3ed9e idmap_autorid: factor building of the keystr into a function
to avoid code duplication.

Pair-Programmed-with: Atul Kulkarni <atul.kulkarni@in.ibm.com>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:19 +02:00
Atul Kulkarni
f8767cd9d8 idmap_autorid: remove fstring keystr from autorid_range_config
This is just used to change the behaviour of the function.
Making it more suitable to be used at other places.

Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:19 +02:00
Atul Kulkarni
7cacc48563 idmap_autorid: remove autorid_global_config member from autorid_range_config
global config is not part of range config.
By removing this, autorid_range_config becomes more suitable
for using it elsewhere.

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:18 +02:00
Michael Adam
65d7df1055 idmap_autorid: improve idmap_autorid_saveconfig() by adding a talloc stackframe
Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:18 +02:00
Atul Kulkarni
65881c3118 idmap_autorid: move the checks from idmap_autorid_initialize to idmap_autorid_saveconfig()
Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02 00:06:17 +02:00
Michael Adam
802b9d7ec6 idmap_autorid: change idmap_autorid_loadconfig() to return NTSTATUS
for better error propagation.

Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01 12:04:44 +00:00