From 5dc379c4ee0ad3b7ee2dffbce9b88f068630e634 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 7 Jun 2011 18:00:36 +0200 Subject: [PATCH 01/10] s3:idmap_tdb2: deprecate the idmap:script parameter and use "idmap config * : script" instead With this patch, "idmap config * : script" will override "idmap : script". If "idmap : script" is present, a deprecation warning will be printed in any case. If "idmap config * : script" is not set, then the value of "idmap :script" will be used for backwards compatibility. (cherry picked from commit b6c82f18f17cdded771d285930566c1d104686aa) --- source3/winbindd/idmap_tdb2.c | 39 +++++++++++++++++++++------------------ 1 files changed, 21 insertions(+), 18 deletions(-) diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c index 2a15244..5612d57 100644 --- a/source3/winbindd/idmap_tdb2.c +++ b/source3/winbindd/idmap_tdb2.c @@ -279,6 +279,8 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom) { NTSTATUS ret; struct idmap_tdb2_context *ctx; + char *config_option = NULL; + const char * idmap_script = NULL; ctx = talloc_zero(dom, struct idmap_tdb2_context); if ( ! ctx) { @@ -286,27 +288,28 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom) return NT_STATUS_NO_MEMORY; } - if (strequal(dom->name, "*")) { - ctx->script = lp_parm_const_string(-1, "idmap", "script", NULL); - if (ctx->script) { - DEBUG(1, ("using idmap script '%s'\n", ctx->script)); - } - } else { - char *config_option = NULL; + config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); + if (config_option == NULL) { + DEBUG(0, ("Out of memory!\n")); + ret = NT_STATUS_NO_MEMORY; + goto failed; + } + ctx->script = lp_parm_const_string(-1, config_option, "script", "NULL"); + talloc_free(config_option); - config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); - if ( ! config_option) { - DEBUG(0, ("Out of memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto failed; - } + idmap_script = lp_parm_const_string(-1, "idmap", "script", NULL); + if (idmap_script != NULL) { + DEBUG(0, ("Warning: 'idmap:script' is deprecated. " + " Please use 'idmap config * : script' instead!\n")); + } - ctx->script = lp_parm_const_string(-1, config_option, "script", NULL); - if (ctx->script) { - DEBUG(1, ("using idmap script '%s'\n", ctx->script)); - } + if (strequal(dom->name, "*") && ctx->script == NULL) { + /* fall back to idmap:script for backwards compatibility */ + ctx->script = idmap_script; + } - talloc_free(config_option); + if (ctx->script) { + DEBUG(1, ("using idmap script '%s'\n", ctx->script)); } ctx->rw_ops = talloc_zero(ctx, struct idmap_rw_ops); -- 1.7.1 From 4859645fcdf31390b898b66270b6bf111a288201 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 24 Jun 2011 10:59:04 +0200 Subject: [PATCH 02/10] s3:docs:idmap_tdb2: update the documentation of idmap script to reflect the new variant "idmap config * : script" of configuring the idmap script (cherry picked from commit 2aa19b4aeb9de43a0e2b94ad1202f2068b29c710) --- docs-xml/manpages-3/idmap_tdb2.8.xml | 18 ++++++++++++++++-- 1 files changed, 16 insertions(+), 2 deletions(-) diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml index 980ffe6..18cfe0d 100644 --- a/docs-xml/manpages-3/idmap_tdb2.8.xml +++ b/docs-xml/manpages-3/idmap_tdb2.8.xml @@ -43,6 +43,16 @@ backend is authoritative. + + + script + + This option can be used to configure an external program + for performing id mappings instead of using the tdb + counter. The mappings are then stored int tdb2 idmap + database. For details see the section on IDMAP SCRIPT below. + + @@ -50,8 +60,12 @@ IDMAP SCRIPT - The tdb2 idmap backend supports a script for performing id mappings - through the smb.conf option idmap : script. + The tdb2 idmap backend supports an external program for performing id mappings + through the smb.conf option idmap config * : script or + its deprecated legacy form idmap : script. + + + The script should accept the following command line options. -- 1.7.1 From 08426ceece636e27b8e4c17425e33d0c2f24227f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 24 Jun 2011 11:35:51 +0200 Subject: [PATCH 03/10] s3:doc: clarify the idmap script section in the idmap_tdb2 manpage (cherry picked from commit 4daab85ae60f2821a1d9d98f1edff6a318e8e3c1) --- docs-xml/manpages-3/idmap_tdb2.8.xml | 16 +++++++++------- 1 files changed, 9 insertions(+), 7 deletions(-) diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml index 18cfe0d..d979739 100644 --- a/docs-xml/manpages-3/idmap_tdb2.8.xml +++ b/docs-xml/manpages-3/idmap_tdb2.8.xml @@ -66,6 +66,15 @@ + The mappings obtained by the script are then stored in the idmap tdb2 + database instead of mappings created by the incrementing id counters. + It is therefore important that the script covers the complete range of + SIDs that can be passed in for SID to Unix ID mapping, since otherwise + SIDs unmapped by the script might get mapped to IDs that had + previously been mapped by the script. + + + The script should accept the following command line options. @@ -86,13 +95,6 @@ SID:yyyy ERR:yyyy - - - Note that the script should cover the complete range of SIDs - that can be passed in for SID to Unix ID mapping, since otherwise - SIDs unmapped by the script might get mapped to IDs that had - previously been mapped by the script. - -- 1.7.1 From 6c3eeac785b02f94ae0b11155ca5f157c32f54f8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 24 Jun 2011 11:36:33 +0200 Subject: [PATCH 04/10] s3:docs: remove legacy text from the example in the idmap_tdb2 manpage (cherry picked from commit 2f253c2791ccb2421f26f563e3983ee950da1d05) --- docs-xml/manpages-3/idmap_tdb2.8.xml | 2 -- 1 files changed, 0 insertions(+), 2 deletions(-) diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml index d979739..98c5eae 100644 --- a/docs-xml/manpages-3/idmap_tdb2.8.xml +++ b/docs-xml/manpages-3/idmap_tdb2.8.xml @@ -102,8 +102,6 @@ This example shows how tdb2 is used as a the default idmap backend. - It configures the idmap range through the global options for all - domains encountered. -- 1.7.1 From 4511a833419b4c2ab50d12b4ed261ecad88ab5a8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 24 Jun 2011 11:38:05 +0200 Subject: [PATCH 05/10] s3:doc: add an example with idmap script to the idmap_tdb2 manpage (cherry picked from commit 86973eee43605a3680fb51470a81ea9ca7f1b515) --- docs-xml/manpages-3/idmap_tdb2.8.xml | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-) diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml index 98c5eae..1faf590 100644 --- a/docs-xml/manpages-3/idmap_tdb2.8.xml +++ b/docs-xml/manpages-3/idmap_tdb2.8.xml @@ -109,6 +109,18 @@ idmap config * : backend = tdb2 idmap config * : range = 1000000-2000000 + + + This example shows how tdb2 is used as a the default idmap backend + using an external program via the script parameter: + + + + [global] + idmap config * : backend = tdb2 + idmap config * : range = 1000000-2000000 + idmap config * : script = /usr/local/samba/bin/idmap_script.sh + -- 1.7.1 From 1aa5ee6cc0244f4c054d2f19d0ea65d8cb8331f0 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 9 Jun 2011 13:07:54 +0200 Subject: [PATCH 06/10] s3:idmap_tdb2: fix a legacy comment that does not apply any more (cherry picked from commit 7d3dc2164b3929c642127659593e69fc865a6184) --- source3/winbindd/idmap_tdb2.c | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c index 5612d57..174213c 100644 --- a/source3/winbindd/idmap_tdb2.c +++ b/source3/winbindd/idmap_tdb2.c @@ -110,8 +110,7 @@ static NTSTATUS idmap_tdb2_open_db(struct idmap_domain *dom) db_path = lp_parm_talloc_string(-1, "tdb", "idmap2.tdb", NULL); if (db_path == NULL) { - /* fall back to the private directory, which, despite - its name, is usually on shared storage */ + /* fall back to the private directory */ db_path = talloc_asprintf(NULL, "%s/idmap2.tdb", lp_private_dir()); } NT_STATUS_HAVE_NO_MEMORY(db_path); -- 1.7.1 From dbcdab854564e4a9b4973ffe2d2f287e48d09367 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 9 Jun 2011 13:34:04 +0200 Subject: [PATCH 07/10] s3:idmap_tdb2: remove superfluous initialization with bogus comment (cherry picked from commit 551185573899b6e608863f833633d40ae04458d8) --- source3/winbindd/idmap_tdb2.c | 3 --- 1 files changed, 0 insertions(+), 3 deletions(-) diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c index 174213c..a0252f8 100644 --- a/source3/winbindd/idmap_tdb2.c +++ b/source3/winbindd/idmap_tdb2.c @@ -579,9 +579,6 @@ static NTSTATUS idmap_tdb2_id_to_sid(struct idmap_domain *dom, struct id_map *ma return NT_STATUS_INVALID_PARAMETER; } - /* final SAFE_FREE safe */ - data.dptr = NULL; - if (keystr == NULL) { DEBUG(0, ("Out of memory!\n")); ret = NT_STATUS_NO_MEMORY; -- 1.7.1 From 1b5813071c70b16d01def079866f2b7f76cf42d7 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 9 Jun 2011 13:35:21 +0200 Subject: [PATCH 08/10] s3:idmap_tdb2: remove legacy comment (cherry picked from commit 4b5ada3d27198b49771acb70ae979087235be783) --- source3/winbindd/idmap_tdb2.c | 2 -- 1 files changed, 0 insertions(+), 2 deletions(-) diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c index a0252f8..f0c6fc0 100644 --- a/source3/winbindd/idmap_tdb2.c +++ b/source3/winbindd/idmap_tdb2.c @@ -601,8 +601,6 @@ static NTSTATUS idmap_tdb2_id_to_sid(struct idmap_domain *dom, struct id_map *ma } ret = idmap_tdb2_script(ctx, map, "IDTOSID %s", keystr); - - /* store it on shared storage */ if (!NT_STATUS_IS_OK(ret)) { goto done; } -- 1.7.1 From c4b20c7173fd5ebc0f24440d70bb146d4354b473 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 9 Jun 2011 13:36:54 +0200 Subject: [PATCH 09/10] s3:idmap_tdb2: remove a legacy comment (cherry picked from commit 67cd2f9d867fad1f7df2d6a6a5cdb723336ac495) --- source3/winbindd/idmap_tdb2.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c index f0c6fc0..723afbc 100644 --- a/source3/winbindd/idmap_tdb2.c +++ b/source3/winbindd/idmap_tdb2.c @@ -675,7 +675,6 @@ static NTSTATUS idmap_tdb2_sid_to_id(struct idmap_domain *dom, struct id_map *ma } ret = idmap_tdb2_script(ctx, map, "SIDTOID %s", keystr); - /* store it on shared storage */ if (!NT_STATUS_IS_OK(ret)) { goto done; } -- 1.7.1 From 78ea26cc99c1df7beb1cef21de88d8b043049f25 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 24 Jun 2011 10:15:02 +0200 Subject: [PATCH 10/10] s3:idmap_tdb2: remove the undocumented option of the silly name "tdb:idmap2.tdb" In ancient times, when ctdb had not support for persistent databases and tdb2 was introduced as a two-layer solution and it was more important than today to be able to change the location of the permanent database file because it had to reside on shared storage. But these were times when idmap_tdb2 was not even officially released. Nowadays, with ctdb handling the persistent idmap2.tdb database, the path is stripped anyways, so this undocumented option has become unnecessary and is hence removed. Autobuild-User: Michael Adam Autobuild-Date: Wed Jul 27 05:37:57 CEST 2011 on sn-devel-104 (cherry picked from commit 3276060da4e7d495bd5cf5cbf7237e64d948ee77) --- source3/winbindd/idmap_tdb2.c | 6 +----- 1 files changed, 1 insertions(+), 5 deletions(-) diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c index 723afbc..112978b 100644 --- a/source3/winbindd/idmap_tdb2.c +++ b/source3/winbindd/idmap_tdb2.c @@ -108,11 +108,7 @@ static NTSTATUS idmap_tdb2_open_db(struct idmap_domain *dom) return NT_STATUS_OK; } - db_path = lp_parm_talloc_string(-1, "tdb", "idmap2.tdb", NULL); - if (db_path == NULL) { - /* fall back to the private directory */ - db_path = talloc_asprintf(NULL, "%s/idmap2.tdb", lp_private_dir()); - } + db_path = talloc_asprintf(NULL, "%s/idmap2.tdb", lp_private_dir()); NT_STATUS_HAVE_NO_MEMORY(db_path); /* Open idmap repository */ -- 1.7.1