summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-08-13 00:08:28 +0000
committerGerald Carter <jerry@samba.org>2003-08-13 00:08:28 +0000
commit5faf3ba9af1bc00db78f8743374acaff93879ff7 (patch)
tree4af4d7c326b1f19dba702e8af300025ec82afc65
parent83faad0d0e0006d695af25c04c4526e02c39ad46 (diff)
downloadsamba-5faf3ba9af1bc00db78f8743374acaff93879ff7.tar.gz
samba-5faf3ba9af1bc00db78f8743374acaff93879ff7.tar.bz2
samba-5faf3ba9af1bc00db78f8743374acaff93879ff7.zip
2 fixes
* bug #280 (my fault) - initialize sambaNextUserRid and sambaNextGroupRid * Unix users shared vis LDAP or NIS between a samba domain member of a Samba domain are not seen as domain users on the member servers. not as local users. (This used to be commit a030fa373aefde8628def54ca8152f237a0467dc)
-rw-r--r--source3/lib/smbldap.c27
-rw-r--r--source3/nsswitch/winbindd_sid.c18
-rw-r--r--source3/passdb/passdb.c48
-rw-r--r--source3/sam/idmap_ldap.c287
-rw-r--r--source3/sam/idmap_tdb.c2
-rw-r--r--source3/sam/idmap_util.c47
6 files changed, 257 insertions, 172 deletions
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 3f56d066ec..1ce03491da 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -1172,6 +1172,9 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state,
LDAPMessage *result = NULL;
int num_result;
char **attr_list;
+ uid_t u_low, u_high;
+ gid_t g_low, g_high;
+ uint32 rid_low, rid_high;
slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))",
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
@@ -1217,6 +1220,30 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state,
smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE),
algorithmic_rid_base_string);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO);
+
+ /* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set.
+ TODO: fix all the places where the line between idmap and normal operations
+ needed by smbd gets fuzzy --jerry 2003-08-11 */
+
+ if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high)
+ && get_free_rid_range(&rid_low, &rid_high) )
+ {
+ fstring rid_str;
+
+ fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE );
+ DEBUG(10,("setting next available user rid [%s]\n", rid_str));
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID),
+ rid_str);
+
+ fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE );
+ DEBUG(10,("setting next available group rid [%s]\n", rid_str));
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID),
+ rid_str);
+
+ }
+
switch(ldap_op)
{
diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c
index 98a6fce24b..ac1ee11555 100644
--- a/source3/nsswitch/winbindd_sid.c
+++ b/source3/nsswitch/winbindd_sid.c
@@ -185,12 +185,17 @@ enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state)
{
DOM_SID sid;
- /* Bug out if the uid isn't in the winbind range */
-
+#if 0 /* JERRY */
+ /* we cannot do this check this anymore since a domain member of
+ a Samba domain may share unix accounts via NIS or LDAP. In this
+ case the uid/gid will be out of winbindd's range but still might
+ be resolved to a SID via an ldap idmap backend */
+
if ((state->request.data.uid < server_state.uid_low ) ||
(state->request.data.uid > server_state.uid_high)) {
return WINBINDD_ERROR;
}
+#endif
DEBUG(3, ("[%5lu]: uid to sid %lu\n", (unsigned long)state->pid,
(unsigned long)state->request.data.uid));
@@ -214,12 +219,17 @@ enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state)
{
DOM_SID sid;
- /* Bug out if the gid isn't in the winbind range */
-
+#if 0 /* JERRY */
+ /* we cannot do this check this anymore since a domain member of
+ a Samba domain may share unix accounts via NIS or LDAP. In this
+ case the uid/gid will be out of winbindd's range but still might
+ be resolved to a SID via an ldap idmap backend */
+
if ((state->request.data.gid < server_state.gid_low) ||
(state->request.data.gid > server_state.gid_high)) {
return WINBINDD_ERROR;
}
+#endif
DEBUG(3, ("[%5lu]: gid to sid %lu\n", (unsigned long)state->pid,
(unsigned long)state->request.data.gid));
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 05c452f33d..8e775ed87f 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1701,3 +1701,51 @@ uint32 init_buffer_from_sam (uint8 **buf, const SAM_ACCOUNT *sampass, BOOL size_
return (buflen);
}
+
+
+/**********************************************************************
+**********************************************************************/
+
+static BOOL get_free_ugid_range(uint32 *low, uint32 *high)
+{
+ uid_t u_low, u_high;
+ gid_t g_low, g_high;
+
+ if (!lp_idmap_uid(&u_low, &u_high) || !lp_idmap_gid(&g_low, &g_high)) {
+ return False;
+ }
+
+ *low = (u_low < g_low) ? u_low : g_low;
+ *high = (u_high < g_high) ? u_high : g_high;
+
+ return True;
+}
+
+/******************************************************************
+ Get the the non-algorithmic RID range if idmap range are defined
+******************************************************************/
+
+BOOL get_free_rid_range(uint32 *low, uint32 *high)
+{
+ uint32 id_low, id_high;
+
+ if (!lp_enable_rid_algorithm()) {
+ *low = BASE_RID;
+ *high = (uint32)-1;
+ }
+
+ if (!get_free_ugid_range(&id_low, &id_high)) {
+ return False;
+ }
+
+ *low = fallback_pdb_uid_to_user_rid(id_low);
+ if (fallback_pdb_user_rid_to_uid((uint32)-1) < id_high) {
+ *high = (uint32)-1;
+ } else {
+ *high = fallback_pdb_uid_to_user_rid(id_high);
+ }
+
+ return True;
+}
+
+
diff --git a/source3/sam/idmap_ldap.c b/source3/sam/idmap_ldap.c
index 4d75feca2c..6122641718 100644
--- a/source3/sam/idmap_ldap.c
+++ b/source3/sam/idmap_ldap.c
@@ -41,12 +41,6 @@
struct ldap_idmap_state {
struct smbldap_state *smbldap_state;
TALLOC_CTX *mem_ctx;
-
- uint32 low_allocated_user_rid;
- uint32 high_allocated_user_rid;
- uint32 low_allocated_group_rid;
- uint32 high_allocated_group_rid;
-
};
#define LDAP_MAX_ALLOC_ID 128 /* number tries while allocating
@@ -203,11 +197,7 @@ static NTSTATUS ldap_next_rid(struct ldap_idmap_state *state, uint32 *rid,
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID),
old_rid_string))
{
-
- *rid = (uint32)atol(old_rid_string);
-
- } else {
- *rid = state->low_allocated_user_rid;
+ *rid = (uint32)atol(old_rid_string);
}
break;
case GROUP_RID_TYPE:
@@ -216,8 +206,6 @@ static NTSTATUS ldap_next_rid(struct ldap_idmap_state *state, uint32 *rid,
old_rid_string))
{
*rid = (uint32)atol(old_rid_string);
- } else {
- *rid = state->low_allocated_group_rid;
}
break;
}
@@ -231,10 +219,6 @@ static NTSTATUS ldap_next_rid(struct ldap_idmap_state *state, uint32 *rid,
switch (rid_type) {
case USER_RID_TYPE:
- if (next_rid > state->high_allocated_user_rid) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
/* Try to make the modification atomically by enforcing the
old value in the delete mod. */
smbldap_make_mod(state->smbldap_state->ldap_struct, entry, &mods,
@@ -243,10 +227,6 @@ static NTSTATUS ldap_next_rid(struct ldap_idmap_state *state, uint32 *rid,
break;
case GROUP_RID_TYPE:
- if (next_rid > state->high_allocated_group_rid) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
/* Try to make the modification atomically by enforcing the
old value in the delete mod. */
smbldap_make_mod(state->smbldap_state->ldap_struct, entry, &mods,
@@ -470,6 +450,8 @@ static NTSTATUS ldap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
fstr_sprintf(id_str, "%lu", (unsigned long)id.gid );
pstrcpy( suffix, lp_ldap_group_suffix() );
}
+
+ DEBUG(5,("ldap_get_sid_from_id: Searching \"%s\"\n", filter ));
attr_list = get_attr_list( sidmap_attr_list );
pstr_sprintf(filter, "(&(|(objectClass=%s)(objectClass=%s))(%s=%s))",
@@ -478,10 +460,19 @@ static NTSTATUS ldap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
rc = smbldap_search(ldap_state.smbldap_state, suffix, LDAP_SCOPE_SUBTREE,
filter, attr_list, 0, &result);
- if (rc != LDAP_SUCCESS)
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(3,("ldap_get_isd_from_id: Failure looking up entry (%s)\n",
+ ldap_err2string(rc) ));
goto out;
-
+ }
+
count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result);
+
+ if (count > 1) {
+ DEBUG(0,("ldap_get_sid_from_id: mapping returned [%d] entries!\n",
+ count));
+ goto out;
+ }
/* fall back to looking up an idmap entry if we didn't find and
actual user or group */
@@ -500,17 +491,20 @@ static NTSTATUS ldap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
rc = smbldap_search(ldap_state.smbldap_state, suffix, LDAP_SCOPE_SUBTREE,
filter, attr_list, 0, &result);
- if (rc != LDAP_SUCCESS)
- goto out;
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(3,("ldap_get_isd_from_id: Failure looking up entry (%s)\n",
+ ldap_err2string(rc) ));
+ goto out;
+ }
count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result);
- }
-
- if (count != 1) {
- DEBUG(0,("ldap_get_sid_from_id: mapping not found for %s: %lu\n",
- type, ((id_type & ID_USERID) ? (unsigned long)id.uid :
- (unsigned long)id.gid)));
- goto out;
+
+ if (count != 1) {
+ DEBUG(0,("ldap_get_sid_from_id: mapping not found for %s: %lu\n",
+ type, ((id_type & ID_USERID) ? (unsigned long)id.uid :
+ (unsigned long)id.gid)));
+ goto out;
+ }
}
entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result);
@@ -544,115 +538,146 @@ static NTSTATUS ldap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *si
pstring id_str;
const char *suffix;
const char *type;
- const char *obj_class;
- const char *posix_obj_class;
int rc;
int count;
char **attr_list;
char *dn = NULL;
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- /* first try getting the mapping from a samba user or group */
-
sid_to_string(sid_str, sid);
- if ( *id_type & ID_USERID ) {
- type = get_attr_key2string( sidmap_attr_list, LDAP_ATTR_UIDNUMBER );
- obj_class = LDAP_OBJ_SAMBASAMACCOUNT;
- posix_obj_class = LDAP_OBJ_POSIXACCOUNT;
- suffix = lp_ldap_suffix();
- pstr_sprintf(filter, "(&(|(&(objectClass=%s)(objectClass=%s))(objectClass=%s))(%s=%s))",
- obj_class, posix_obj_class, LDAP_OBJ_IDMAP_ENTRY,
- get_attr_key2string( sidmap_attr_list, LDAP_ATTR_SID ),
- sid_str);
- }
- else {
+
+ DEBUG(8,("ldap_get_id_from_sid: %s (%s)\n", sid_str,
+ (*id_type & ID_GROUPID ? "group" : "user") ));
+
+ /* ahhh.... ok. We have to check users and groups in places other
+ than idmap (hint: we're a domain member of a Samba domain) */
+
+ if ( *id_type & ID_GROUPID ) {
+
type = get_attr_key2string( sidmap_attr_list, LDAP_ATTR_GIDNUMBER );
- obj_class = LDAP_OBJ_GROUPMAP;
- posix_obj_class = LDAP_OBJ_POSIXGROUP;
suffix = lp_ldap_group_suffix();
pstr_sprintf(filter, "(&(|(objectClass=%s)(objectClass=%s))(%s=%s))",
- obj_class, LDAP_OBJ_IDMAP_ENTRY,
+ LDAP_OBJ_GROUPMAP, LDAP_OBJ_IDMAP_ENTRY,
+ get_attr_key2string( sidmap_attr_list, LDAP_ATTR_SID ),
+ sid_str);
+
+ }
+ else {
+
+ type = get_attr_key2string( sidmap_attr_list, LDAP_ATTR_UIDNUMBER );
+ suffix = lp_ldap_suffix();
+ pstr_sprintf(filter, "(&(|(&(objectClass=%s)(objectClass=%s))(objectClass=%s))(%s=%s))",
+ LDAP_OBJ_SAMBASAMACCOUNT, LDAP_OBJ_POSIXACCOUNT, LDAP_OBJ_IDMAP_ENTRY,
get_attr_key2string( sidmap_attr_list, LDAP_ATTR_SID ),
sid_str);
+
}
-
+
+ DEBUG(10,("ldap_get_id_from_sid: Searching for \"%s\"\n", filter));
+
+ /* do the search and check for errors */
+
attr_list = get_attr_list( sidmap_attr_list );
rc = smbldap_search(ldap_state.smbldap_state, suffix, LDAP_SCOPE_SUBTREE,
- filter, attr_list, 0, &result);
-
- if (rc != LDAP_SUCCESS)
+ filter, attr_list, 0, &result);
+
+ if ( rc != LDAP_SUCCESS ) {
+ DEBUG(3,("ldap_get_id_from_sid: Failure looking up group mapping (%s)\n",
+ ldap_err2string(rc) ));
goto out;
+ }
count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result);
-
- /* fall back to looking up an idmap entry if we didn't find anything under the idmap
- user or group suffix */
- if (count == 0) {
- ldap_msgfree(result);
-
- pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))",
- LDAP_OBJ_IDMAP_ENTRY, LDAP_ATTRIBUTE_SID, sid_str);
+ if ( count > 1 ) {
+ DEBUG(3,("ldap_get_id_from_sid: search \"%s\" returned [%d] entries. Bailing...\n",
+ filter, count));
+ goto out;
+ }
+
+ /* see if we need to do a search here */
+
+ if ( count == 0 ) {
+
+ if ( result ) {
+ ldap_msgfree(result);
+ result = NULL;
+ }
+
+ /* look in idmap suffix */
suffix = lp_ldap_idmap_suffix();
+ pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))",
+ LDAP_OBJ_IDMAP_ENTRY, LDAP_ATTRIBUTE_SID, sid_str);
rc = smbldap_search(ldap_state.smbldap_state, suffix, LDAP_SCOPE_SUBTREE,
filter, attr_list, 0, &result);
- if (rc != LDAP_SUCCESS)
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(3,("ldap_get_id_from_sid: Failure looking up idmap entry (%s)\n",
+ ldap_err2string(rc) ));
goto out;
+ }
+ /* check for the number of entries returned */
+
count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result);
- }
- if ( count > 1 ) {
- DEBUG(0, ("ldap_get_id_from_sid: search %s returned more than on entry!\n",
- filter));
- goto out;
- }
-
- /* we might have an existing entry to work with so pull out the requested information */
-
- if ( count ) {
- entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result);
-
- dn = ldap_get_dn(ldap_state.smbldap_state->ldap_struct, result);
- DEBUG(10, ("Found mapping entry at dn=%s, looking for %s\n", dn, type));
-
- if ( smbldap_get_single_attribute(ldap_state.smbldap_state->ldap_struct, entry, type, id_str) )
- {
- if ( (*id_type & ID_USERID) )
- id->uid = strtoul(id_str, NULL, 10);
- else
- id->gid = strtoul(id_str, NULL, 10);
-
- ret = NT_STATUS_OK;
+ if ( count > 1 ) {
+ DEBUG(0, ("ldap_get_id_from_sid: (2nd) search %s returned [%d] entries!\n",
+ filter, count));
goto out;
}
- }
- if (!(*id_type & ID_QUERY_ONLY)) {
- /* if entry == NULL, and we are asked to - allocate a new id */
- int i;
+
+ /* try to allocate a new id if we still haven't found one */
+
+ if ( (count==0) && !(*id_type & ID_QUERY_ONLY) ) {
+ int i;
+
+ DEBUG(8,("ldap_get_id_from_sid: Allocating new id\n"));
- for (i = 0; i < LDAP_MAX_ALLOC_ID; i++)
- {
- ret = ldap_allocate_id(id, *id_type);
- if ( NT_STATUS_IS_OK(ret) )
- break;
- }
+ for (i = 0; i < LDAP_MAX_ALLOC_ID; i++) {
+ ret = ldap_allocate_id(id, *id_type);
+ if ( NT_STATUS_IS_OK(ret) )
+ break;
+ }
- if ( !NT_STATUS_IS_OK(ret) ) {
- DEBUG(0,("ldap_allocate_id: cannot acquire id lock!\n"));
+ if ( !NT_STATUS_IS_OK(ret) ) {
+ DEBUG(0,("ldap_allocate_id: cannot acquire id lock!\n"));
+ goto out;
+ }
+
+ DEBUG(10,("ldap_get_id_from_sid: Allocated new %cid [%ul]\n",
+ (*id_type & ID_GROUPID ? 'g' : 'u'), (uint32)id->uid ));
+
+ ret = ldap_set_mapping(sid, *id, *id_type);
+
+ /* all done */
+
goto out;
}
-
- ret = ldap_set_mapping(sid, *id, *id_type);
- } else {
- /* no match, and not adding one */
- ret = NT_STATUS_UNSUCCESSFUL;
}
+ DEBUG(10,("ldap_get_id_from_sid: success\n"));
+
+ entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result);
+
+ dn = ldap_get_dn(ldap_state.smbldap_state->ldap_struct, result);
+
+ DEBUG(10, ("Found mapping entry at dn=%s, looking for %s\n", dn, type));
+
+ if ( smbldap_get_single_attribute(ldap_state.smbldap_state->ldap_struct, entry, type, id_str) )
+ {
+ if ( (*id_type & ID_USERID) )
+ id->uid = strtoul(id_str, NULL, 10);
+ else
+ id->gid = strtoul(id_str, NULL, 10);
+
+ ret = NT_STATUS_OK;
+ goto out;
+ }
+
out:
free_attr_list( attr_list );
if (result)
@@ -860,10 +885,13 @@ out:
return ret;
}
-/*****************************************************************************
- Initialise idmap database.
-*****************************************************************************/
-static NTSTATUS ldap_idmap_init( char *params )
+
+
+/**********************************************************************
+ Verify the sambaUnixIdPool entry in the directiry.
+**********************************************************************/
+
+static NTSTATUS verify_idpool( void )
{
fstring filter;
int rc;
@@ -871,22 +899,6 @@ static NTSTATUS ldap_idmap_init( char *params )
LDAPMessage *result = NULL;
LDAPMod **mods = NULL;
int count;
- NTSTATUS nt_status;
-
- ldap_state.mem_ctx = talloc_init("idmap_ldap");
- if (!ldap_state.mem_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
-
- /* assume location is the only parameter */
- if (!NT_STATUS_IS_OK(nt_status =
- smbldap_init(ldap_state.mem_ctx, params,
- &ldap_state.smbldap_state))) {
- talloc_destroy(ldap_state.mem_ctx);
- return nt_status;
- }
-
- /* see if the idmap suffix and sub entries exists */
fstr_sprintf( filter, "(objectclass=%s)", LDAP_OBJ_IDPOOL );
@@ -926,7 +938,36 @@ static NTSTATUS ldap_idmap_init( char *params )
rc = smbldap_modify(ldap_state.smbldap_state, lp_ldap_idmap_suffix(), mods);
}
+
+ return ( rc==LDAP_SUCCESS ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL );
+}
+
+/*****************************************************************************
+ Initialise idmap database.
+*****************************************************************************/
+static NTSTATUS ldap_idmap_init( char *params )
+{
+ NTSTATUS nt_status;
+
+ ldap_state.mem_ctx = talloc_init("idmap_ldap");
+ if (!ldap_state.mem_ctx) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* assume location is the only parameter */
+ if (!NT_STATUS_IS_OK(nt_status =
+ smbldap_init(ldap_state.mem_ctx, params,
+ &ldap_state.smbldap_state))) {
+ talloc_destroy(ldap_state.mem_ctx);
+ return nt_status;
+ }
+
+ /* see if the idmap suffix and sub entries exists */
+ nt_status = verify_idpool();
+ if ( !NT_STATUS_IS_OK(nt_status) )
+ return nt_status;
+
return NT_STATUS_OK;
}
diff --git a/source3/sam/idmap_tdb.c b/source3/sam/idmap_tdb.c
index 3776949171..63d97b656f 100644
--- a/source3/sam/idmap_tdb.c
+++ b/source3/sam/idmap_tdb.c
@@ -61,7 +61,7 @@ static NTSTATUS db_allocate_rid(uint32 *rid, int rid_type)
/* cannot fail since idmap is only called winbindd */
- idmap_get_free_rid_range( &lowrid, &highrid );
+ get_free_rid_range( &lowrid, &highrid );
tmp_rid = lowrid;
diff --git a/source3/sam/idmap_util.c b/source3/sam/idmap_util.c
index f794ea5173..c0a3b65c92 100644
--- a/source3/sam/idmap_util.c
+++ b/source3/sam/idmap_util.c
@@ -22,50 +22,7 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_IDMAP
-/**********************************************************************
-**********************************************************************/
-
-BOOL idmap_get_free_ugid_range(uint32 *low, uint32 *high)
-{
- uid_t u_low, u_high;
- gid_t g_low, g_high;
-
- if (!lp_idmap_uid(&u_low, &u_high) || !lp_idmap_gid(&g_low, &g_high)) {
- return False;
- }
-
- *low = (u_low < g_low) ? u_low : g_low;
- *high = (u_high < g_high) ? u_high : g_high;
-
- return True;
-}
-
-/******************************************************************
- Get the the non-algorithmic RID range if idmap range are defined
-******************************************************************/
-
-BOOL idmap_get_free_rid_range(uint32 *low, uint32 *high)
-{
- uint32 id_low, id_high;
-
- if (!lp_enable_rid_algorithm()) {
- *low = BASE_RID;
- *high = (uint32)-1;
- }
-
- if (!idmap_get_free_ugid_range(&id_low, &id_high)) {
- return False;
- }
-
- *low = fallback_pdb_uid_to_user_rid(id_low);
- if (fallback_pdb_user_rid_to_uid((uint32)-1) < id_high) {
- *high = (uint32)-1;
- } else {
- *high = fallback_pdb_uid_to_user_rid(id_high);
- }
-
- return True;
-}
+#if 0 /* NOT USED */
/**********************************************************************
Get the free RID base if idmap is configured, otherwise return 0
@@ -137,6 +94,8 @@ BOOL idmap_check_sid_is_in_free_range(const DOM_SID *sid)
return True;
}
+#endif /* NOT USED */
+
/*****************************************************************
Returns SID pointer.
*****************************************************************/