summaryrefslogtreecommitdiff
path: root/source3/winbindd/idmap_autorid.c
AgeCommit message (Collapse)AuthorFilesLines
2012-12-03s3:idmap_autorid: force mapping type to ID_TYPE_BOTH for sid->unixid mappingMichael Adam1-0/+3
This is to remove problems with the same unix-id being used both as a uid and a gid. The autorid backend will map a given number to the same SID, no matter whether this is a uid or a gid. This will prime the idmap cache with mappings. The sid-to-u/gid mapping, when not going through the cache, instead checks for the type of the sid and only allows unix ids of the corresponding type. Hence the rid backend will give different results, depending on whether the cache is filled or not. This patch lets the autorid backend always create sid->id mappings of type both. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-06-15dbwrap: dbwrap_trans_store_int32->dbwrap_trans_store_int32_bystringVolker Lendecke1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_change_uint32_atomic->dbwrap_change_uint32_atomic_bystringVolker Lendecke1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_store_uint32->dbwrap_store_uint32_bystringVolker Lendecke1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_fetch_uint32->dbwrap_fetch_uint32_bystringVolker Lendecke1-5/+6
Signed-off-by: Michael Adam <obnox@samba.org>
2012-05-09s3:winbindd:autorid check that transaction start did workChristian Ambach1-1/+5
this fixes Coverity #700172 CHECKED_RETURN Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Wed May 9 00:27:08 CEST 2012 on sn-devel-104
2012-05-08s3:winbindd/autorid add ignore builtin parameterChristian Ambach1-0/+13
BUILTIN should be handled by passdb, however if passdb does not know about a SID, autorid creates a range for BUILTIN and does deterministic mapping make it possible to turn off this behavior
2012-05-08s3:winbindd/autorid add support for read-only modeChristian Ambach1-6/+38
make it possible to set read-only = yes for the backend so users can replicate an autorid.tdb to another server to use the same mappings without risking that updates are done on both sides
2012-05-08s3:winbindd/autorid preallocate well-known SIDsChristian Ambach1-0/+42
preallocate the list of well-known SIDs that Win2008R2 reports to be groups and that are on the list in KB243330 This will allow for deterministic mapping of these SIDs, even if they are stored in the allocation pool as this is the first thing that autorid will allocate from the pool during module initialization
2012-05-01s3:winbindd/autorid use idmap_tdb_common code in autoridChristian Ambach1-86/+227
- use common logic for the allocation pool - add a idmap_tdb style 1on1 mapping for non-domain SIDs like Everyone (S-1-1-0)
2012-01-18s3: Add a "lock_order" argument to db_openVolker Lendecke1-1/+2
This will be used to enforce a lock hierarchy between the databases. We have seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb. These should be fixed by refusing a dbwrap_fetch_locked that does not follow a defined lock hierarchy.
2011-12-16s3:idmap_autorid: use less transactionsChristian Ambach1-55/+76
reduce the amount of transactions that are mostly unnecessary because no updates were done, only reads Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Fri Dec 16 20:18:37 CET 2011 on sn-devel-104
2011-12-03Revert making public of the samba-module library.Jelmer Vernooij1-1/+1
This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
2011-10-28lib/util Rename samba_init_module -> samba_module_initAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-21s3:idmap_autorid: add an allocation range to autoridChristian Ambach1-1/+96
this is needed to allocate gids for BUILTIN\Users and BUILTIN\Administrators and for local users/group that admins might want to create autorid will now allocate one range for this purpose and can so give out as many uids and gids as the configured rangesize allows
2011-10-21s3:idmap_autorid: move HWM initialization into a functionChristian Ambach1-17/+27
we will need some more HWM soon, so move out initialization and optimize the logic using the new interface of dbwrap_fetch_uint32
2011-10-21s3:idmap_autorid: use strings as parameter for range allocatorChristian Ambach1-14/+14
this prepares for allocation of non-domain ranges that cannot be expressed by a SID (e.g. an allocation pool)
2011-10-21s3:winbindd/idmap make idmap modules loadable againChristian Ambach1-1/+1
commit 355b5e3a831415d9bef97 changed the module system to expect 'samba_init_module' as fixed initializer function
2011-10-21Revert "s3:idmap/autorid add a small alloc pool to autorid"Christian Ambach1-61/+0
This reverts commit 0aa558718ad7427ee8b02046da73eea1838a5a32. just having 500 uid/gids values is not good enough for users using local users and groups in the order of thousands better solution which will use a complete range for allocated uids/gids will come next.
2011-10-11s3:dbwrap: change dbwrap_fetch_uint32() to NTSTATUS return type (instead of ↵Michael Adam1-7/+12
bool) for consistency and better error propagation
2011-10-11s3:dbwrap: convert dbwrap_fetch_int32() to NTSTATUS return codeMichael Adam1-4/+17
Return the int32 value retrieved from the db by reference. Before this, return value "-1" was used as a error indication, but it could also be a valid value from the database.
2011-10-11s3:idmap_autorid: make a debug message more preciseMichael Adam1-1/+1
2011-10-11s3:idmap_autorid: untangle function from check and log status in ↵Michael Adam1-6/+7
idmap_autorid_db_init()
2011-10-11s3:dbwrap: convert dbwrap_fetch(), dbwrap_fetch_bystring() and ↵Michael Adam1-4/+6
dbwrap_fetch_bystring_upper() to NTSTATUS
2011-09-07s3:idmap/autorid add a small alloc pool to autoridChristian Ambach1-0/+52
this is needed to allocate gids for BUILTIN\Users and BUILTIN\Administrators gids are stored at the start of the first domain as RIDs start with values over 500, we have some room there so we do not need to allocate a range Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Wed Sep 7 15:15:09 CEST 2011 on sn-devel-104
2011-07-29s3:dbwrap: move all .c and .h files of dbwrap to lib/dbwrap/Michael Adam1-1/+1
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Fri Jul 29 13:34:22 CEST 2011 on sn-devel-104
2011-07-29s3:dbwrap: move db_open() to a file dbwrap_open.c of its own.Michael Adam1-0/+1
Also start new folder lib/dbwrap/ where dbwrap_open.c is stored and make the fallbacke implementation functoins non-static and create a dbwrap_private.h header file that contains their prototypes.
2011-06-20s3:idmap_autorid: remove redundant codeMichael Adam1-4/+0
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Mon Jun 20 14:56:29 CEST 2011 on sn-devel-104
2011-06-20s3:idmap_autorid: in initialize, don't leak storedconfig to talloc_tos() in ↵Michael Adam1-2/+4
the success case
2011-06-20s3:idmap_autorid: use "idmap config * : rangesize" instead of "autorid : ↵Michael Adam1-1/+1
rangesize"
2011-06-20s3:idmap_autorid: fail initialization if the domain is not "*"Michael Adam1-0/+7
autorid can only be used as a backend for the default idmap configuration.
2011-06-11Revert "s3:idmap_autorid: add a talloc_stackframe() to ↵Michael Adam1-6/+5
idmap_autorid_initialize()" This reverts commit 65490ea4e67bf82cf8fb0b8e4e74047c3f63c509. This sequence of patches needs to be done differently. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Sat Jun 11 12:55:11 CEST 2011 on sn-devel-104
2011-06-11Revert "s3:idmap_autorid: use "idmap config <DOMAIN> : rangesize" instead of ↵Michael Adam1-9/+1
"autorid:rangesize"" This reverts commit b0b0b625b588057c8c97371934bf21eb1fd985d8. This sequence of patches needs to be done differently.
2011-06-11Revert "s3:idmap_autorid: fail initialization if the domain is not "*""Michael Adam1-9/+1
This reverts commit cd8dc47bf17d2cdb1558dc6ab49320ba12af8f34. This sequence of patches needs to be done differently.
2011-06-09s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett1-2/+2
Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
2011-06-07s3:idmap_autorid: fail initialization if the domain is not "*"Michael Adam1-0/+8
autorid can only be used as a backend for the default idmap configuration. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Tue Jun 7 19:13:18 CEST 2011 on sn-devel-104
2011-06-07s3:idmap_autorid: use "idmap config <DOMAIN> : rangesize" instead of ↵Michael Adam1-1/+9
"autorid:rangesize"
2011-06-07s3:idmap_autorid: add a talloc_stackframe() to idmap_autorid_initialize()Michael Adam1-5/+6
2011-05-06s3: only include tdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-includes: only include system/filesys.h when needed.Günther Deschner1-0/+1
Guenther
2011-03-22s3:idmap: remove the params argument from the init functionMichael Adam1-2/+1
2011-03-18s3:autorid make sure we set the mapping status correct on early exitChristian Ambach1-0/+1
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com> Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Mar 18 16:30:36 CET 2011 on sn-devel-104
2011-03-18idmap-autorid: Slightly simplify idmap_autorid_get_domainrangeVolker Lendecke1-8/+3
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2011-03-18idmap-autorid: Slightly simplify idmap_autorid_get_domainrangeVolker Lendecke1-2/+1
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2011-03-18idmap-autorid: Remove an unused variableVolker Lendecke1-11/+0
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2011-03-18idmap-autorid: Use talloc_tos() in idmap_autorid_id_to_sidVolker Lendecke1-5/+6
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2011-03-18idmap-autorid: Remove an else branchVolker Lendecke1-10/+11
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2011-03-18idmap-autorid: Remove an unused variableVolker Lendecke1-11/+0
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2011-03-18idmap-autorid: Remove an unused parameterVolker Lendecke1-3/+2
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2011-03-18idmap-autorid: Use talloc_tos() in idmap_autorid_sids_to_unixidsVolker Lendecke1-8/+12
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>