diff options
-rw-r--r-- | source3/nsswitch/winbindd_util.c | 54 | ||||
-rw-r--r-- | source3/param/loadparm.c | 70 | ||||
-rw-r--r-- | source3/smbd/uid.c | 44 |
3 files changed, 97 insertions, 71 deletions
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index c603bac054..033e5c38aa 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -764,60 +764,20 @@ void free_getent_state(struct getent_state *state) } } -/* Parse list of arguments to winbind uid or winbind gid parameters */ - -static BOOL parse_id_list(char *paramstr, BOOL is_user) -{ - uid_t id_low, id_high = 0; - - /* Give a nicer error message if no parameters specified */ - - if (strequal(paramstr, "")) { - DEBUG(0, ("winbind %s parameter missing\n", is_user ? "uid" : "gid")); - return False; - } - - /* Parse entry */ - - if (sscanf(paramstr, "%u-%u", &id_low, &id_high) != 2) { - DEBUG(0, ("winbind %s parameter invalid\n", - is_user ? "uid" : "gid")); - return False; - } - - /* Store id info */ - - if (is_user) { - server_state.uid_low = id_low; - server_state.uid_high = id_high; - } else { - server_state.gid_low = id_low; - server_state.gid_high = id_high; - } - - return True; -} - /* Initialise trusted domain info */ BOOL winbindd_param_init(void) { /* Parse winbind uid and winbind_gid parameters */ - if (!(parse_id_list(lp_winbind_uid(), True) && - parse_id_list(lp_winbind_gid(), False))) - return False; - - /* Check for reversed uid and gid ranges */ - - if (server_state.uid_low > server_state.uid_high) { - DEBUG(0, ("uid range invalid\n")); - return False; + if (!lp_winbind_uid(&server_state.uid_low, &server_state.uid_high)) { + DEBUG(0, ("winbind uid range missing or invalid\n")); + return False; } - - if (server_state.gid_low > server_state.gid_high) { - DEBUG(0, ("gid range invalid\n")); - return False; + + if (!lp_winbind_gid(&server_state.gid_low, &server_state.gid_high)) { + DEBUG(0, ("winbind gid range missing or invalid\n")); + return False; } return True; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index b967c5b63f..e4e3cfce81 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -525,7 +525,8 @@ static BOOL handle_copy(char *pszParmValue, char **ptr); static BOOL handle_vfs_object(char *pszParmValue, char **ptr); static BOOL handle_source_env(char *pszParmValue, char **ptr); static BOOL handle_netbios_name(char *pszParmValue, char **ptr); -static BOOL handle_winbind_id(char *pszParmValue, char **ptr); +static BOOL handle_winbind_uid(char *pszParmValue, char **ptr); +static BOOL handle_winbind_gid(char *pszParmValue, char **ptr); static BOOL handle_wins_server_list(char *pszParmValue, char **ptr); static BOOL handle_debug_list( char *pszParmValue, char **ptr ); @@ -1027,8 +1028,8 @@ static struct parm_struct parm_table[] = { {"Winbind options", P_SEP, P_SEPARATOR}, - {"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_id, NULL, 0}, - {"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_id, NULL, 0}, + {"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_uid, NULL, 0}, + {"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_gid, NULL, 0}, {"template homedir", P_STRING, P_GLOBAL, &Globals.szTemplateHomedir, NULL, NULL, 0}, {"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, 0}, {"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, 0}, @@ -1497,8 +1498,6 @@ FN_GLOBAL_STRING(lp_abort_shutdown_script, &Globals.szAbortShutdownScript) FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook) FN_GLOBAL_LIST(lp_domain_admin_group, &Globals.szDomainAdminGroup) FN_GLOBAL_LIST(lp_domain_guest_group, &Globals.szDomainGuestGroup) -FN_GLOBAL_STRING(lp_winbind_uid, &Globals.szWinbindUID) -FN_GLOBAL_STRING(lp_winbind_gid, &Globals.szWinbindGID) FN_GLOBAL_STRING(lp_template_homedir, &Globals.szTemplateHomedir) FN_GLOBAL_STRING(lp_template_shell, &Globals.szTemplateShell) FN_GLOBAL_STRING(lp_winbind_separator, &Globals.szWinbindSeparator) @@ -2447,21 +2446,72 @@ static BOOL handle_copy(char *pszParmValue, char **ptr) ***************************************************************************/ -/* Do some simple checks on "winbind [ug]id" parameter value */ +/* Some lp_ routines to return winbind [ug]id information */ -static BOOL handle_winbind_id(char *pszParmValue, char **ptr) +static uid_t winbind_uid_low, winbind_uid_high; +static gid_t winbind_gid_low, winbind_gid_high; + +BOOL lp_winbind_uid(uid_t *low, uid_t *high) +{ + if (winbind_uid_low == 0 || winbind_uid_high == 0) + return False; + + if (low) + *low = winbind_uid_low; + + if (high) + *high = winbind_uid_high; + + return True; +} + +BOOL lp_winbind_gid(gid_t *low, gid_t *high) +{ + if (winbind_gid_low == 0 || winbind_gid_high == 0) + return False; + + if (low) + *low = winbind_gid_low; + + if (high) + *high = winbind_gid_high; + + return True; +} + +/* Do some simple checks on "winbind [ug]id" parameter values */ + +static BOOL handle_winbind_uid(char *pszParmValue, char **ptr) { int low, high; - if (sscanf(pszParmValue, "%d-%d", &low, &high) != 2) - { + if (sscanf(pszParmValue, "%d-%d", &low, &high) != 2 || high < low) return False; - } /* Parse OK */ string_set(ptr, pszParmValue); + winbind_uid_low = low; + winbind_uid_high = high; + + return True; +} + +static BOOL handle_winbind_gid(char *pszParmValue, char **ptr) +{ + gid_t low, high; + + if (sscanf(pszParmValue, "%d-%d", &low, &high) != 2 || high < low) + return False; + + /* Parse OK */ + + string_set(ptr, pszParmValue); + + winbind_gid_low = low; + winbind_gid_high = high; + return True; } diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 4329e3fb76..14b0290e33 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -551,16 +551,24 @@ BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid) { + uid_t low, high; fstring sid; - if (!winbind_uid_to_sid(psid, uid)) { - DEBUG(10,("uid_to_sid: winbind lookup for uid %u failed - trying local.\n", (unsigned int)uid )); + if (lp_winbind_uid(&low, &high) && uid >= low && uid <= high) { + if (winbind_uid_to_sid(psid, uid)) { - return local_uid_to_sid(psid, uid); - } + DEBUG(10,("uid_to_sid: winbindd %u -> %s\n", + (unsigned int)uid, + sid_to_string(sid, psid))); + + return psid; + } + } - DEBUG(10,("uid_to_sid: winbindd %u -> %s\n", - (unsigned int)uid, sid_to_string(sid, psid) )); + local_uid_to_sid(psid, uid); + + DEBUG(10,("uid_to_sid: local %u -> %s\n", + (unsigned int)uid, sid_to_string(sid, psid))); return psid; } @@ -573,16 +581,24 @@ DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid) DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid) { + gid_t low, high; fstring sid; - if (!winbind_gid_to_sid(psid, gid)) { - DEBUG(10,("gid_to_sid: winbind lookup for gid %u failed - trying local.\n", (unsigned int)gid )); - - return local_gid_to_sid(psid, gid); - } - - DEBUG(10,("gid_to_sid: winbindd %u -> %s\n", - (unsigned int)gid, sid_to_string(sid,psid) )); + if (lp_winbind_gid(&low, &high) && gid >= low && gid <= high) { + if (winbind_gid_to_sid(psid, gid)) { + + DEBUG(10,("gid_to_sid: winbindd %u -> %s\n", + (unsigned int)gid, + sid_to_string(sid, psid))); + + return psid; + } + } + + local_gid_to_sid(psid, gid); + + DEBUG(10,("gid_to_sid: local %u -> %s\n", + (unsigned int)gid, sid_to_string(sid, psid))); return psid; } |