| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
By a copy and paste error, the global autorid_db was used.
This was not currently a problem in behaviour, because this
autorid_db is passed as the argument.
This change fixes the callback function for consistency.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 3 08:36:55 CEST 2014 on sn-devel-104
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, there were several writing operations:
- store the range HWM
- store the alloc uid HWM
- store the alloc gid HWM
- store the config
- create mappings for a whole list of wellknown sids
Each of these consisted of its own transaction,
the wellknown preallocation even of one transaction per sid.
This change wrapps all of these in one big transaction.
Thereby making the whole initialization atomic, and
with respect to the creation of the wellknown mappings
also more deterministic.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 3 02:41:25 CEST 2014 on sn-devel-104
|
| |
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
| |
|
|
|
|
|
|
|
| |
db_init
This way, we can later put all of the storing functions inside one transaction.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
| |
|
|
|
|
|
| |
But make sure to link the db context to commonconfig afterwards.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
| |
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
| |
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
| |
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some modules use samba_init_module as the name for the init functions,
others use a name based on the module name.
Rename the init functions from samba_init_module, to be consistent
across all modules. This change also allows to build idmap_tdb2 and
perfcount_test statically.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 2 08:50:04 CEST 2014 on sn-devel-104
|
| |
|
|
|
|
|
|
|
| |
Domain range index #0 is not included in the database record.
So in this special case we only have the SID, not SID#IDX...
Signed-off-by: Abhidnya Joshi <achirmul@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
global config is not part of range config.
By removing this, autorid_range_config becomes more suitable
for using it elsewhere.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
| |
|
|
|
|
|
|
|
|
| |
idmap_autorid_saveconfig()
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
| |
|
|
|
|
|
|
|
|
| |
for better error propagation.
Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
| |
|
|
|
|
|
|
|
|
| |
This is in preparation of adding "net idmap autorid" functionality.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The ignore_builtin flag is used only to change the bahaviour of the
daemon code, not in the database.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
| |
|
|
|
|
|
|
|
|
| |
In preparation of calling this from net for different dbs.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
| |
|
|
|
|
|
|
| |
Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
| |
|
|
|
|
|
|
| |
Pair-Programmed-with: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
| |
|
|
|
|
|
|
| |
Pair-Programmed-with: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
| |
|
|
|
|
|
|
| |
Pair-Programmed-with: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
| |
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
| |
|
|
|
|
|
| |
We initialize everything later anyway
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
| |
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
| |
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
To make it more intutive.
rid = reduced_rid + domain_range_index * range_size
where
reduced_rid = (id - id_low) % range_size
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
| |
|
|
|
|
|
|
|
|
| |
idmap_autorid_get_domainrange()
This way, the calculation needs to be don only in one central place and
the formulas get simpler.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is my attempt to make the sid->unix-id calculation much more obvious.
Especially with the introduction of the multi-range support an the originally
named "multiplier", the calculation
id = low_id + range_size * domain_number + rid - range_size * multiplier
was rather opaque to me.
What really happens here is this:
The rid is split into a reduced_rid part that is < rangesize and
a multiple of rangesize. This is given by the formula
rid = rid % range_size + (rid / range_size) * range_size
We define
reduced_rid := rid % range_size
and
domain_range_index := rid / range_size ( == the original multiplier)
and the original formula is equivalent to:
id = reduced_rid + low_id + range_number * range_size;
and reads
id = reduced_rid + range_minvalue
if we set range_minvalue := low_id + range_number * range_size.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
| |
|
|
|
|
|
|
|
| |
The name multiplier is very confusing (at least for me).
This is an index that is used to reference the various
per-domain ranges.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
| |
|
|
|
|
|
| |
instances
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
| |
|
|
|
|
|
|
|
| |
instances to "range"
This describes it better with the new support for multiple ranges for domains.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
| |
|
|
|
|
|
|
|
| |
Now ranges don't correspond to domains any more, but
multiple ranges are associated to a domain. So the name
is misleading.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when a mapping request for a RID comes in that is larger
than the rangesize, allocate an extension range to be able
to map this one
This is especially important for large installations which
might have large RIDs being used in a trusted domain that
the administrator was not aware of when planning for autorid
usage and so those objects could not be mapped up to now.
As it is not possible to change the rangesize after the first
start of autorid, this would lead to big trouble.
Signed-off-by: Abhidnya Joshi <achirmul@in.ibm.com>
Reviewed-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
| |
|
|
|
|
|
|
|
|
| |
(bug #9653)
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 13 09:51:53 CET 2013 on sn-devel-104
|
| |
|
|
|
|
|
|
| |
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is to remove problems with the same unix-id being used both
as a uid and a gid.
The autorid backend will map a given number to the same SID, no matter whether this
is a uid or a gid. This will prime the idmap cache with mappings.
The sid-to-u/gid mapping, when not going through the cache, instead checks for
the type of the sid and only allows unix ids of the corresponding type.
Hence the rid backend will give different results, depending on whether the
cache is filled or not.
This patch lets the autorid backend always create sid->id mappings of type both.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
|
| |
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
|
| |
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
|
| |
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
|
| |
|
|
|
|
|
| |
this fixes Coverity #700172 CHECKED_RETURN
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Wed May 9 00:27:08 CEST 2012 on sn-devel-104
|
| |
|
|
|
|
|
| |
BUILTIN should be handled by passdb, however if passdb does not know
about a SID, autorid creates a range for BUILTIN and does deterministic mapping
make it possible to turn off this behavior
|
| |
|
|
|
|
|
| |
make it possible to set read-only = yes for the backend
so users can replicate an autorid.tdb to another server
to use the same mappings without risking that updates
are done on both sides
|
| |
|
|
|
|
|
|
| |
preallocate the list of well-known SIDs that Win2008R2 reports
to be groups and that are on the list in KB243330
This will allow for deterministic mapping of these SIDs, even if they
are stored in the allocation pool as this is the first thing that autorid
will allocate from the pool during module initialization
|
| |
|
|
|
|
| |
- use common logic for the allocation pool
- add a idmap_tdb style 1on1 mapping for non-domain SIDs
like Everyone (S-1-1-0)
|
| |
|
|
|
|
|
| |
This will be used to enforce a lock hierarchy between the databases. We have
seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb.
These should be fixed by refusing a dbwrap_fetch_locked that does not follow a
defined lock hierarchy.
|
| |
|
|
|
|
|
|
| |
reduce the amount of transactions that are mostly unnecessary because no
updates were done, only reads
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Fri Dec 16 20:18:37 CET 2011 on sn-devel-104
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This library was tiny - containing just two public functions than were
themselves trivial. The amount of overhead this causes isn't really worth the
benefits of sharing the code with other projects like OpenChange. In addition, this code
isn't really generically useful anyway, as it can only load from the module path
set for Samba at configure time.
Adding a new library was breaking the API/ABI anyway, so OpenChange had to be
updated to cope with the new situation one way or another. I've added a simpler
(compatible) routine for loading modules to OpenChange, which is less than 100 lines of code.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
|
| |
|
|
|
|
|
| |
This is to provide a cleaner namespace in the public samba plugin
functions.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
| |
this is needed to allocate gids for BUILTIN\Users and
BUILTIN\Administrators and for local users/group that
admins might want to create
autorid will now allocate one range for this purpose
and can so give out as many uids and gids as the
configured rangesize allows
|
| |
|
|
|
| |
we will need some more HWM soon, so move out initialization and
optimize the logic using the new interface of dbwrap_fetch_uint32
|
