diff options
author | Michael Adam <obnox@samba.org> | 2009-05-27 19:25:44 +0200 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2009-05-28 00:41:33 +0200 |
commit | e381c13b023f2b512b3f6aec133db9f323bc8132 (patch) | |
tree | 29497094e458815c3f4bf46f0a9a9f286ae75d5e /source3 | |
parent | c299833bf8e6506c793d6e8283743949aaac9ef4 (diff) | |
download | samba-e381c13b023f2b512b3f6aec133db9f323bc8132.tar.gz samba-e381c13b023f2b512b3f6aec133db9f323bc8132.tar.bz2 samba-e381c13b023f2b512b3f6aec133db9f323bc8132.zip |
s3:idmap_ldap: filter out of range mappings in default idmap config
This fixes bug #6417
Michael
Diffstat (limited to 'source3')
-rw-r--r-- | source3/winbindd/idmap_ldap.c | 71 |
1 files changed, 55 insertions, 16 deletions
diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c index 88ece8c7de..3d1dd488d6 100644 --- a/source3/winbindd/idmap_ldap.c +++ b/source3/winbindd/idmap_ldap.c @@ -765,7 +765,6 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom, NTSTATUS ret; struct idmap_ldap_context *ctx = NULL; char *config_option = NULL; - const char *range = NULL; const char *tmp = NULL; /* Only do init if we are online */ @@ -779,23 +778,63 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom, return NT_STATUS_NO_MEMORY; } - config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); - if ( ! config_option) { - DEBUG(0, ("Out of memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto done; - } + if (strequal(dom->name, "*")) { + uid_t low_uid = 0; + uid_t high_uid = 0; + gid_t low_gid = 0; + gid_t high_gid = 0; - /* load ranges */ - range = lp_parm_const_string(-1, config_option, "range", NULL); - if (range && range[0]) { - if ((sscanf(range, "%u - %u", &ctx->filter_low_id, - &ctx->filter_high_id) != 2) || - (ctx->filter_low_id > ctx->filter_high_id)) { - DEBUG(1, ("ERROR: invalid filter range [%s]", range)); - ctx->filter_low_id = 0; - ctx->filter_high_id = 0; + ctx->filter_low_id = 0; + ctx->filter_high_id = 0; + + if (lp_idmap_uid(&low_uid, &high_uid)) { + ctx->filter_low_id = low_uid; + ctx->filter_high_id = high_uid; + } else { + DEBUG(3, ("Warning: 'idmap uid' not set!\n")); + } + + if (lp_idmap_gid(&low_gid, &high_gid)) { + if ((low_gid != low_uid) || (high_gid != high_uid)) { + DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'" + " ranges do not agree -- building " + "intersection\n")); + ctx->filter_low_id = MAX(ctx->filter_low_id, + low_gid); + ctx->filter_high_id = MIN(ctx->filter_high_id, + high_gid); + } + } else { + DEBUG(3, ("Warning: 'idmap gid' not set!\n")); + } + } else { + const char *range = NULL; + + config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); + if ( ! config_option) { + DEBUG(0, ("Out of memory!\n")); + ret = NT_STATUS_NO_MEMORY; + goto done; } + + /* load ranges */ + range = lp_parm_const_string(-1, config_option, "range", NULL); + if (range && range[0]) { + if ((sscanf(range, "%u - %u", &ctx->filter_low_id, + &ctx->filter_high_id) != 2)) + { + DEBUG(1, ("ERROR: invalid filter range [%s]", range)); + ctx->filter_low_id = 0; + ctx->filter_high_id = 0; + } + } + } + + if (ctx->filter_low_id > ctx->filter_high_id) { + DEBUG(1, ("ERROR: invalid filter range [%u-%u]", + ctx->filter_low_id, ctx->filter_high_id)); + ctx->filter_low_id = 0; + ctx->filter_high_id = 0; } if (params != NULL) { |