Age | Commit message (Collapse) | Author | Files | Lines |
|
This is to remove problems with the same unix-id being used both
as a uid and a gid.
The autorid backend will map a given number to the same SID, no matter whether this
is a uid or a gid. This will prime the idmap cache with mappings.
The sid-to-u/gid mapping, when not going through the cache, instead checks for
the type of the sid and only allows unix ids of the corresponding type.
Hence the rid backend will give different results, depending on whether the
cache is filled or not.
This patch lets the autorid backend always create sid->id mappings of type both.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
this fixes Coverity #700172 CHECKED_RETURN
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Wed May 9 00:27:08 CEST 2012 on sn-devel-104
|
|
BUILTIN should be handled by passdb, however if passdb does not know
about a SID, autorid creates a range for BUILTIN and does deterministic mapping
make it possible to turn off this behavior
|
|
make it possible to set read-only = yes for the backend
so users can replicate an autorid.tdb to another server
to use the same mappings without risking that updates
are done on both sides
|
|
preallocate the list of well-known SIDs that Win2008R2 reports
to be groups and that are on the list in KB243330
This will allow for deterministic mapping of these SIDs, even if they
are stored in the allocation pool as this is the first thing that autorid
will allocate from the pool during module initialization
|
|
- use common logic for the allocation pool
- add a idmap_tdb style 1on1 mapping for non-domain SIDs
like Everyone (S-1-1-0)
|
|
This will be used to enforce a lock hierarchy between the databases. We have
seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb.
These should be fixed by refusing a dbwrap_fetch_locked that does not follow a
defined lock hierarchy.
|
|
reduce the amount of transactions that are mostly unnecessary because no
updates were done, only reads
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Fri Dec 16 20:18:37 CET 2011 on sn-devel-104
|
|
This library was tiny - containing just two public functions than were
themselves trivial. The amount of overhead this causes isn't really worth the
benefits of sharing the code with other projects like OpenChange. In addition, this code
isn't really generically useful anyway, as it can only load from the module path
set for Samba at configure time.
Adding a new library was breaking the API/ABI anyway, so OpenChange had to be
updated to cope with the new situation one way or another. I've added a simpler
(compatible) routine for loading modules to OpenChange, which is less than 100 lines of code.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
|
|
This is to provide a cleaner namespace in the public samba plugin
functions.
Andrew Bartlett
|
|
this is needed to allocate gids for BUILTIN\Users and
BUILTIN\Administrators and for local users/group that
admins might want to create
autorid will now allocate one range for this purpose
and can so give out as many uids and gids as the
configured rangesize allows
|
|
we will need some more HWM soon, so move out initialization and
optimize the logic using the new interface of dbwrap_fetch_uint32
|
|
this prepares for allocation of non-domain ranges that cannot be
expressed by a SID (e.g. an allocation pool)
|
|
commit 355b5e3a831415d9bef97 changed the module system to
expect 'samba_init_module' as fixed initializer function
|
|
This reverts commit 0aa558718ad7427ee8b02046da73eea1838a5a32.
just having 500 uid/gids values is not good enough for
users using local users and groups in the order of thousands
better solution which will use a complete range for allocated
uids/gids will come next.
|
|
bool)
for consistency and better error propagation
|
|
Return the int32 value retrieved from the db by reference.
Before this, return value "-1" was used as a error indication,
but it could also be a valid value from the database.
|
|
|
|
idmap_autorid_db_init()
|
|
dbwrap_fetch_bystring_upper() to NTSTATUS
|
|
this is needed to allocate gids for BUILTIN\Users and
BUILTIN\Administrators
gids are stored at the start of the first domain
as RIDs start with values over 500, we have some room there
so we do not need to allocate a range
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Wed Sep 7 15:15:09 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Fri Jul 29 13:34:22 CEST 2011 on sn-devel-104
|
|
Also start new folder lib/dbwrap/ where dbwrap_open.c is stored and
make the fallbacke implementation functoins non-static and create a
dbwrap_private.h header file that contains their prototypes.
|
|
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon Jun 20 14:56:29 CEST 2011 on sn-devel-104
|
|
the success case
|
|
rangesize"
|
|
autorid can only be used as a backend for the default idmap configuration.
|
|
idmap_autorid_initialize()"
This reverts commit 65490ea4e67bf82cf8fb0b8e4e74047c3f63c509.
This sequence of patches needs to be done differently.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Sat Jun 11 12:55:11 CEST 2011 on sn-devel-104
|
|
"autorid:rangesize""
This reverts commit b0b0b625b588057c8c97371934bf21eb1fd985d8.
This sequence of patches needs to be done differently.
|
|
This reverts commit cd8dc47bf17d2cdb1558dc6ab49320ba12af8f34.
This sequence of patches needs to be done differently.
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
|
|
autorid can only be used as a backend for the default idmap configuration.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue Jun 7 19:13:18 CEST 2011 on sn-devel-104
|
|
"autorid:rangesize"
|
|
|
|
Guenther
|
|
Guenther
|
|
|
|
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Mar 18 16:30:36 CET 2011 on sn-devel-104
|
|
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
|
|
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
|
|
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
|
|
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
|
|
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
|
|
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
|
|
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
|
|
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
|