summaryrefslogtreecommitdiff
path: root/source3/winbindd/idmap_autorid.c
AgeCommit message (Collapse)AuthorFilesLines
2013-10-02idmap_autorid: remove autorid_global_config member from autorid_range_configAtul Kulkarni1-11/+0
global config is not part of range config. By removing this, autorid_range_config becomes more suitable for using it elsewhere. Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02idmap_autorid: move the checks from idmap_autorid_initialize to ↵Atul Kulkarni1-54/+0
idmap_autorid_saveconfig() Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: change idmap_autorid_loadconfig() to return NTSTATUSMichael Adam1-1/+8
for better error propagation. Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: extract common code to separate fileAtul Kulkarni1-277/+1
This is in preparation of adding "net idmap autorid" functionality. Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: remove the ignore_builtin bool from the global_config structMichael Adam1-4/+5
The ignore_builtin flag is used only to change the bahaviour of the daemon code, not in the database. Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: add path, and db parameters to idmap_autorid_db_init()Atul Kulkarni1-12/+14
In preparation of calling this from net for different dbs. Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: add a db_context argument to idmap_autorid_init_hwm()Michael Adam1-7/+7
Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: add a db_context argument to idmap_autorid_saveconfig()Michael Adam1-4/+4
Pair-Programmed-with: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: add a db_context argument to idmap_autorid_loadconfig()Michael Adam1-3/+4
Pair-Programmed-with: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: add a db_context argument to idmap_autorid_get_domainrange()Michael Adam1-5/+7
Pair-Programmed-with: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-07-08s3:idmap_autorid: Add a NULL check in idmap_autorid_preallocate_wellknownVolker Lendecke1-0/+4
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-07-08s3:idmap_autorid: Don't zero in idmap_autorid_preallocate_wellknownVolker Lendecke1-1/+1
We initialize everything later anyway Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-07-08s3:idmap_autorid: Use ARRAY_SIZE where appropriateVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: add a comment block explaining the calculationsMichael Adam1-0/+51
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: simplify the id->sid calculationMichael Adam1-7/+13
To make it more intutive. rid = reduced_rid + domain_range_index * range_size where reduced_rid = (id - id_low) % range_size Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: calculate the range's low_id in ↵Michael Adam1-8/+9
idmap_autorid_get_domainrange() This way, the calculation needs to be don only in one central place and the formulas get simpler. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: make calculation in idmap_autorid_sid_to_id much more obviousMichael Adam1-3/+6
This is my attempt to make the sid->unix-id calculation much more obvious. Especially with the introduction of the multi-range support an the originally named "multiplier", the calculation id = low_id + range_size * domain_number + rid - range_size * multiplier was rather opaque to me. What really happens here is this: The rid is split into a reduced_rid part that is < rangesize and a multiple of rangesize. This is given by the formula rid = rid % range_size + (rid / range_size) * range_size We define reduced_rid := rid % range_size and domain_range_index := rid / range_size ( == the original multiplier) and the original formula is equivalent to: id = reduced_rid + low_id + range_number * range_size; and reads id = reduced_rid + range_minvalue if we set range_minvalue := low_id + range_number * range_size. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: rename range.multiplier to domain_range_indexMichael Adam1-15/+17
The name multiplier is very confusing (at least for me). This is an index that is used to reference the various per-domain ranges. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: rename autorid_range_config.sid to domsid, along with ↵Michael Adam1-12/+12
instances Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: rename autorid_domain_config --> autorid_range_config and ↵Michael Adam1-37/+37
instances to "range" This describes it better with the new support for multiple ranges for domains. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: rename domainnum to rangenumMichael Adam1-12/+13
Now ranges don't correspond to domains any more, but multiple ranges are associated to a domain. So the name is misleading. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:winbindd/autorid multiple range supportAbhidnya Joshi1-19/+36
when a mapping request for a RID comes in that is larger than the rangesize, allocate an extension range to be able to map this one This is especially important for large installations which might have large RIDs being used in a trusted domain that the administrator was not aware of when planning for autorid usage and so those objects could not be mapped up to now. As it is not possible to change the rangesize after the first start of autorid, this would lead to big trouble. Signed-off-by: Abhidnya Joshi <achirmul@in.ibm.com> Reviewed-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-02-13s3:idmap_autorid: fix freeing of non-talloced memory (uninitialized pointer) ↵Michael Adam1-1/+1
(bug #9653) Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Feb 13 09:51:53 CET 2013 on sn-devel-104
2013-01-02s3-idmap: Check return value of string_to_sid().Andreas Schneider1-1/+6
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2012-12-03s3:idmap_autorid: force mapping type to ID_TYPE_BOTH for sid->unixid mappingMichael Adam1-0/+3
This is to remove problems with the same unix-id being used both as a uid and a gid. The autorid backend will map a given number to the same SID, no matter whether this is a uid or a gid. This will prime the idmap cache with mappings. The sid-to-u/gid mapping, when not going through the cache, instead checks for the type of the sid and only allows unix ids of the corresponding type. Hence the rid backend will give different results, depending on whether the cache is filled or not. This patch lets the autorid backend always create sid->id mappings of type both. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-06-15dbwrap: dbwrap_trans_store_int32->dbwrap_trans_store_int32_bystringVolker Lendecke1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_change_uint32_atomic->dbwrap_change_uint32_atomic_bystringVolker Lendecke1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_store_uint32->dbwrap_store_uint32_bystringVolker Lendecke1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_fetch_uint32->dbwrap_fetch_uint32_bystringVolker Lendecke1-5/+6
Signed-off-by: Michael Adam <obnox@samba.org>
2012-05-09s3:winbindd:autorid check that transaction start did workChristian Ambach1-1/+5
this fixes Coverity #700172 CHECKED_RETURN Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Wed May 9 00:27:08 CEST 2012 on sn-devel-104
2012-05-08s3:winbindd/autorid add ignore builtin parameterChristian Ambach1-0/+13
BUILTIN should be handled by passdb, however if passdb does not know about a SID, autorid creates a range for BUILTIN and does deterministic mapping make it possible to turn off this behavior
2012-05-08s3:winbindd/autorid add support for read-only modeChristian Ambach1-6/+38
make it possible to set read-only = yes for the backend so users can replicate an autorid.tdb to another server to use the same mappings without risking that updates are done on both sides
2012-05-08s3:winbindd/autorid preallocate well-known SIDsChristian Ambach1-0/+42
preallocate the list of well-known SIDs that Win2008R2 reports to be groups and that are on the list in KB243330 This will allow for deterministic mapping of these SIDs, even if they are stored in the allocation pool as this is the first thing that autorid will allocate from the pool during module initialization
2012-05-01s3:winbindd/autorid use idmap_tdb_common code in autoridChristian Ambach1-86/+227
- use common logic for the allocation pool - add a idmap_tdb style 1on1 mapping for non-domain SIDs like Everyone (S-1-1-0)
2012-01-18s3: Add a "lock_order" argument to db_openVolker Lendecke1-1/+2
This will be used to enforce a lock hierarchy between the databases. We have seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb. These should be fixed by refusing a dbwrap_fetch_locked that does not follow a defined lock hierarchy.
2011-12-16s3:idmap_autorid: use less transactionsChristian Ambach1-55/+76
reduce the amount of transactions that are mostly unnecessary because no updates were done, only reads Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Fri Dec 16 20:18:37 CET 2011 on sn-devel-104
2011-12-03Revert making public of the samba-module library.Jelmer Vernooij1-1/+1
This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
2011-10-28lib/util Rename samba_init_module -> samba_module_initAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-21s3:idmap_autorid: add an allocation range to autoridChristian Ambach1-1/+96
this is needed to allocate gids for BUILTIN\Users and BUILTIN\Administrators and for local users/group that admins might want to create autorid will now allocate one range for this purpose and can so give out as many uids and gids as the configured rangesize allows
2011-10-21s3:idmap_autorid: move HWM initialization into a functionChristian Ambach1-17/+27
we will need some more HWM soon, so move out initialization and optimize the logic using the new interface of dbwrap_fetch_uint32
2011-10-21s3:idmap_autorid: use strings as parameter for range allocatorChristian Ambach1-14/+14
this prepares for allocation of non-domain ranges that cannot be expressed by a SID (e.g. an allocation pool)
2011-10-21s3:winbindd/idmap make idmap modules loadable againChristian Ambach1-1/+1
commit 355b5e3a831415d9bef97 changed the module system to expect 'samba_init_module' as fixed initializer function
2011-10-21Revert "s3:idmap/autorid add a small alloc pool to autorid"Christian Ambach1-61/+0
This reverts commit 0aa558718ad7427ee8b02046da73eea1838a5a32. just having 500 uid/gids values is not good enough for users using local users and groups in the order of thousands better solution which will use a complete range for allocated uids/gids will come next.
2011-10-11s3:dbwrap: change dbwrap_fetch_uint32() to NTSTATUS return type (instead of ↵Michael Adam1-7/+12
bool) for consistency and better error propagation
2011-10-11s3:dbwrap: convert dbwrap_fetch_int32() to NTSTATUS return codeMichael Adam1-4/+17
Return the int32 value retrieved from the db by reference. Before this, return value "-1" was used as a error indication, but it could also be a valid value from the database.
2011-10-11s3:idmap_autorid: make a debug message more preciseMichael Adam1-1/+1
2011-10-11s3:idmap_autorid: untangle function from check and log status in ↵Michael Adam1-6/+7
idmap_autorid_db_init()
2011-10-11s3:dbwrap: convert dbwrap_fetch(), dbwrap_fetch_bystring() and ↵Michael Adam1-4/+6
dbwrap_fetch_bystring_upper() to NTSTATUS
2011-09-07s3:idmap/autorid add a small alloc pool to autoridChristian Ambach1-0/+52
this is needed to allocate gids for BUILTIN\Users and BUILTIN\Administrators gids are stored at the start of the first domain as RIDs start with values over 500, we have some room there so we do not need to allocate a range Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Wed Sep 7 15:15:09 CEST 2011 on sn-devel-104
2011-07-29s3:dbwrap: move all .c and .h files of dbwrap to lib/dbwrap/Michael Adam1-1/+1
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Fri Jul 29 13:34:22 CEST 2011 on sn-devel-104