summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/winbindd_util.c54
-rw-r--r--source3/param/loadparm.c70
-rw-r--r--source3/smbd/uid.c44
3 files changed, 97 insertions, 71 deletions
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index c603bac054..033e5c38aa 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -764,60 +764,20 @@ void free_getent_state(struct getent_state *state)
}
}
-/* Parse list of arguments to winbind uid or winbind gid parameters */
-
-static BOOL parse_id_list(char *paramstr, BOOL is_user)
-{
- uid_t id_low, id_high = 0;
-
- /* Give a nicer error message if no parameters specified */
-
- if (strequal(paramstr, "")) {
- DEBUG(0, ("winbind %s parameter missing\n", is_user ? "uid" : "gid"));
- return False;
- }
-
- /* Parse entry */
-
- if (sscanf(paramstr, "%u-%u", &id_low, &id_high) != 2) {
- DEBUG(0, ("winbind %s parameter invalid\n",
- is_user ? "uid" : "gid"));
- return False;
- }
-
- /* Store id info */
-
- if (is_user) {
- server_state.uid_low = id_low;
- server_state.uid_high = id_high;
- } else {
- server_state.gid_low = id_low;
- server_state.gid_high = id_high;
- }
-
- return True;
-}
-
/* Initialise trusted domain info */
BOOL winbindd_param_init(void)
{
/* Parse winbind uid and winbind_gid parameters */
- if (!(parse_id_list(lp_winbind_uid(), True) &&
- parse_id_list(lp_winbind_gid(), False)))
- return False;
-
- /* Check for reversed uid and gid ranges */
-
- if (server_state.uid_low > server_state.uid_high) {
- DEBUG(0, ("uid range invalid\n"));
- return False;
+ if (!lp_winbind_uid(&server_state.uid_low, &server_state.uid_high)) {
+ DEBUG(0, ("winbind uid range missing or invalid\n"));
+ return False;
}
-
- if (server_state.gid_low > server_state.gid_high) {
- DEBUG(0, ("gid range invalid\n"));
- return False;
+
+ if (!lp_winbind_gid(&server_state.gid_low, &server_state.gid_high)) {
+ DEBUG(0, ("winbind gid range missing or invalid\n"));
+ return False;
}
return True;
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index b967c5b63f..e4e3cfce81 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -525,7 +525,8 @@ static BOOL handle_copy(char *pszParmValue, char **ptr);
static BOOL handle_vfs_object(char *pszParmValue, char **ptr);
static BOOL handle_source_env(char *pszParmValue, char **ptr);
static BOOL handle_netbios_name(char *pszParmValue, char **ptr);
-static BOOL handle_winbind_id(char *pszParmValue, char **ptr);
+static BOOL handle_winbind_uid(char *pszParmValue, char **ptr);
+static BOOL handle_winbind_gid(char *pszParmValue, char **ptr);
static BOOL handle_wins_server_list(char *pszParmValue, char **ptr);
static BOOL handle_debug_list( char *pszParmValue, char **ptr );
@@ -1027,8 +1028,8 @@ static struct parm_struct parm_table[] = {
{"Winbind options", P_SEP, P_SEPARATOR},
- {"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_id, NULL, 0},
- {"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_id, NULL, 0},
+ {"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_uid, NULL, 0},
+ {"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_gid, NULL, 0},
{"template homedir", P_STRING, P_GLOBAL, &Globals.szTemplateHomedir, NULL, NULL, 0},
{"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, 0},
{"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, 0},
@@ -1497,8 +1498,6 @@ FN_GLOBAL_STRING(lp_abort_shutdown_script, &Globals.szAbortShutdownScript)
FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook)
FN_GLOBAL_LIST(lp_domain_admin_group, &Globals.szDomainAdminGroup)
FN_GLOBAL_LIST(lp_domain_guest_group, &Globals.szDomainGuestGroup)
-FN_GLOBAL_STRING(lp_winbind_uid, &Globals.szWinbindUID)
-FN_GLOBAL_STRING(lp_winbind_gid, &Globals.szWinbindGID)
FN_GLOBAL_STRING(lp_template_homedir, &Globals.szTemplateHomedir)
FN_GLOBAL_STRING(lp_template_shell, &Globals.szTemplateShell)
FN_GLOBAL_STRING(lp_winbind_separator, &Globals.szWinbindSeparator)
@@ -2447,21 +2446,72 @@ static BOOL handle_copy(char *pszParmValue, char **ptr)
***************************************************************************/
-/* Do some simple checks on "winbind [ug]id" parameter value */
+/* Some lp_ routines to return winbind [ug]id information */
-static BOOL handle_winbind_id(char *pszParmValue, char **ptr)
+static uid_t winbind_uid_low, winbind_uid_high;
+static gid_t winbind_gid_low, winbind_gid_high;
+
+BOOL lp_winbind_uid(uid_t *low, uid_t *high)
+{
+ if (winbind_uid_low == 0 || winbind_uid_high == 0)
+ return False;
+
+ if (low)
+ *low = winbind_uid_low;
+
+ if (high)
+ *high = winbind_uid_high;
+
+ return True;
+}
+
+BOOL lp_winbind_gid(gid_t *low, gid_t *high)
+{
+ if (winbind_gid_low == 0 || winbind_gid_high == 0)
+ return False;
+
+ if (low)
+ *low = winbind_gid_low;
+
+ if (high)
+ *high = winbind_gid_high;
+
+ return True;
+}
+
+/* Do some simple checks on "winbind [ug]id" parameter values */
+
+static BOOL handle_winbind_uid(char *pszParmValue, char **ptr)
{
int low, high;
- if (sscanf(pszParmValue, "%d-%d", &low, &high) != 2)
- {
+ if (sscanf(pszParmValue, "%d-%d", &low, &high) != 2 || high < low)
return False;
- }
/* Parse OK */
string_set(ptr, pszParmValue);
+ winbind_uid_low = low;
+ winbind_uid_high = high;
+
+ return True;
+}
+
+static BOOL handle_winbind_gid(char *pszParmValue, char **ptr)
+{
+ gid_t low, high;
+
+ if (sscanf(pszParmValue, "%d-%d", &low, &high) != 2 || high < low)
+ return False;
+
+ /* Parse OK */
+
+ string_set(ptr, pszParmValue);
+
+ winbind_gid_low = low;
+ winbind_gid_high = high;
+
return True;
}
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 4329e3fb76..14b0290e33 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -551,16 +551,24 @@ BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE
DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
{
+ uid_t low, high;
fstring sid;
- if (!winbind_uid_to_sid(psid, uid)) {
- DEBUG(10,("uid_to_sid: winbind lookup for uid %u failed - trying local.\n", (unsigned int)uid ));
+ if (lp_winbind_uid(&low, &high) && uid >= low && uid <= high) {
+ if (winbind_uid_to_sid(psid, uid)) {
- return local_uid_to_sid(psid, uid);
- }
+ DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
+ (unsigned int)uid,
+ sid_to_string(sid, psid)));
+
+ return psid;
+ }
+ }
- DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
- (unsigned int)uid, sid_to_string(sid, psid) ));
+ local_uid_to_sid(psid, uid);
+
+ DEBUG(10,("uid_to_sid: local %u -> %s\n",
+ (unsigned int)uid, sid_to_string(sid, psid)));
return psid;
}
@@ -573,16 +581,24 @@ DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
{
+ gid_t low, high;
fstring sid;
- if (!winbind_gid_to_sid(psid, gid)) {
- DEBUG(10,("gid_to_sid: winbind lookup for gid %u failed - trying local.\n", (unsigned int)gid ));
-
- return local_gid_to_sid(psid, gid);
- }
-
- DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
- (unsigned int)gid, sid_to_string(sid,psid) ));
+ if (lp_winbind_gid(&low, &high) && gid >= low && gid <= high) {
+ if (winbind_gid_to_sid(psid, gid)) {
+
+ DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
+ (unsigned int)gid,
+ sid_to_string(sid, psid)));
+
+ return psid;
+ }
+ }
+
+ local_gid_to_sid(psid, gid);
+
+ DEBUG(10,("gid_to_sid: local %u -> %s\n",
+ (unsigned int)gid, sid_to_string(sid, psid)));
return psid;
}